Daniel Stori’s Turnoff.US: ‘pid 1’
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s Turnoff.US: ‘pid 1’ appeared first on Security Boulevard.
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s Turnoff.US: ‘pid 1’ appeared first on Security Boulevard.
Regulation and Compliance Updates Every IT Professional Needs to Know Keeping up with IT compliance is a challenging task, especiallyRead More
The post Regulation and Compliance Updates Every IT Professional Needs to Know appeared first on Kaseya.
The post Regulation and Compliance Updates Every IT Professional Needs to Know appeared first on Security Boulevard.
Threat Intelligence Report
Date: September 4, 2024
Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS
The critically acclaimed film “The Hurt Locker” follows an elite U.S. Army task force as they dispose of explosives in the Iraq War. Bomb defusing makes for the most suspenseful moments, but several other scenes depict strategically controlled detonations.
When safely disarming a threat is too risky or impractical, bomb squads all over the world practice controlled detonation. There’s a significant advantage to this tactic: bomb technicians can analyze the device’s remnants to gather forensic evidence, understand its construction and maybe even identify its origin.
Although civilian cybersecurity experts don’t usually work with live explosives, they do detonate malware (malicious software such as viruses, ransomware and spyware). How? They execute a suspicious file or program on purpose. Like a bomb squad, they do this in a controlled and isolated environment, both for security and to observe and understand how it works.
Inside the Detonation: Tracking and MonitoringMalware detonation is a critical method cybersecurity teams (like the experts at HYAS) use to identify and analyze malicious software without risking the integrity of actual systems. We do this by isolating and monitoring the file(s) as they execute, typically on a virtual machine (VM), but sometimes on a bare metal server with no connection to existing network infrastructure (aka an “air-gapped” machine).
Usually, the HYAS team spins up a new VM for each malware sample and tracks all telemetry, including log data and network communication, such as connections to command-and-control (C2) servers. We monitor the malware’s actions, like file creation and process initiation. That information is mapped to the MITRE ATT&CK framework, and with the rest of the detonation data, is added to our dynamic data lake. This data powers the platform’s applications and provides the latest intelligence on domains, IP addresses and other details about the threat.
We also share the intelligence with industry peers through our free daily malware feed.
HYAS’ main challenge is sandbox evasion. This is the phenomenon in which malware tries to detect if it’s being analyzed and alters its behavior accordingly. It’s an ongoing battle between detection and evasion.
Recently, we used HYAS Insight, our leading advanced threat intelligence and investigation platform, to track four major malware “families.” Here’s a breakdown of the key characteristics of each.
UrelasUrelas is a Trojan primarily designed for data theft and espionage. Originally made to hack participants in online card games — poker players in particular — it targets Windows operating systems and is characterized by its advanced evasion techniques, making it difficult to detect and analyze.
Urelas malware infiltrates systems through phishing emails containing malicious attachments or links and deploys a range of tactics, including taking screenshots of users’ screens and monitoring their keystrokes. Once a hacker has gained access to a system with Urelas, it’s capable of downloading additional malware — which is where the big threats come in.
SalitySality is a sophisticated and persistent family of malware known primarily for its file-infecting capabilities. Originating in the early 2000s, Sality targets Windows operating systems and spreads rapidly by infecting executable files by attaching its malicious code to them, enabling it to execute whenever these files are run. This self-replication allows the malware to propagate across networks, removable drives, and shared folders.
The result: Sality effectively turns every infected file into a new vector for spreading malware. Peer-to-peer technology like BitTorrent functions in a similar manner but without harmful results.
One of Sality’s key features is its polymorphic engine, which alters its code with each malware sample, making it excellent at avoiding signature-based detection. Sality malware can also disable security software, modify system settings, and block access to security-related websites, further entrenching itself within the network it targets.
StealCStealC is a sophisticated malware primarily designed for data theft and credential harvesting. It infiltrates systems through phishing attacks or malicious downloads. Once inside, it stealthily collects sensitive information, such as login credentials, financial data and personal details, often targeting browsers and email clients.
StealC employs advanced evasion techniques to avoid detection by antivirus software, including encryption and anti-analysis methods. The stolen data is then transmitted to a remote server controlled by the attackers. Due to its effectiveness and stealth, StealC poses a significant threat to individuals and organizations alike.
LockBitLockBit is a notorious ransomware strain that targets organizations by encrypting their data and demanding a ransom for decryption. Known for its rapid encryption speed and advanced evasion techniques, LockBit spreads through phishing emails, exploiting vulnerabilities and remote desktop protocol (RDP) attacks. It employs a double extortion tactic, threatening to publish stolen data if the ransom is not paid.
LockBit’s operators offer a Ransomware-as-a-Service (RaaS) model, allowing affiliates to use the malware for a share of the profits. Its effectiveness and aggressive tactics make LockBit a major threat in the cybersecurity landscape.
Real Threat Intelligence for Real LifeThe rapidly expanding threat landscape posed by sophisticated malware families like Urelas, Sality, LockBit and StealC underscores the importance of advanced detection and response capabilities.
Our HYAS Insight threat intelligence platform stands out as uniquely suited to targeting these threats due to its comprehensive approach. By leveraging advanced threat intelligence and real-time tracking, HYAS enables proactive identification and mitigation of malware attacks. Its integration with the MITRE ATT&CK framework facilitates precise mapping of malware behaviors, empowering organizations to strengthen their defenses and stay one step ahead in the ongoing battle against cyber threats.
Want more threat intel on a weekly basis?
Follow HYAS on LinkedIn
Follow HYAS on X
Read recent HYAS threat reports:
HYAS Investigates Threat Actors Hidden In Gaming Services
Caught in the Act: StealC, the Cyber Thief in C
HYAS Protects Against Polyfill.io Supply Chain Attack with DNS Safeguards
StealC & Vidar Malware Campaign Identified
Sign up for the (free!) HYAS Insight Intel Feed
Disclaimer: This Threat Intelligence Report is provided “as is” and for informational purposes only. HYAS disclaims all warranties, express or implied, regarding the report’s completeness, accuracy, or reliability. You are solely responsible for exercising your own due diligence when accessing and using this Report's information. The analyses expressed in this Report reflect our current understanding of available information based on our independent research using the HYAS Insight platform. The Report’s inclusion of any companies, organizations, or ASNs does not imply any wrongdoing on their part; it is simply an indication of where digital threat activities have been observed. HYAS reserves the right to update the Report as additional information is made known to us.
Learn More About HYAS InsightAn efficient and expedient investigation is the best way to protect your enterprise. HYAS Insight provides threat and fraud response teams with unparalleled visibility into everything you need to know about the attack.This includes the origin, current infrastructure being used and any infrastructure.
Read how the HYAS Threat Intelligence team uncovered and mitigated a Russian-based cyber attack targeting financial organizations worldwide.
More from HYAS LabsPolymorphic Malware Is No Longer Theoretical: BlackMamba PoC.
Polymporphic, Intelligent and Fully Autonomous Malware: EyeSpy PoC.
The post The Malware Chronicles: Urelas, Sality, LockBit and StealC Examined appeared first on Security Boulevard.
Authors/Presenters:Lesly-Ann Daniel, Marton Bognar, Job Noorman, Sébastien Bardin, Tamara Rezk, Sophia Antipolis; Frank Piessens
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – ProSpeCT: Provably Secure Speculation for the Constant-Time Policy appeared first on Security Boulevard.
USB MFA SCA😱: Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
The post Yikes, YubiKey Vulnerable — ‘EUCLEAK’ FIDO FAIL? appeared first on Security Boulevard.
CISA’s Secure by Demand guidance provides a list of questions that enterprise software buyers should ask software producers to evaluate their security practices prior to, during and after procurement. It’s a good idea in principle as every organization needs to be asking the questions presented in “Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem.”
The post Secure by Demand: Going Beyond Questionnaires and SBOMs appeared first on Security Boulevard.
This article was originally published in IT Business Net on 8/27/24 by Charlie Sander, CEO at ManagedMethods. The cybersecurity landscape has become more and more complex over the years, especially for schools because they are now relying on various types of digital platforms for teaching, learning, and administrative tasks. There is a mountain of different ...
The post In The News | Layered Cybersecurity Approaches: Why Schools Need to Prioritize Them appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post In The News | Layered Cybersecurity Approaches: Why Schools Need to Prioritize Them appeared first on Security Boulevard.
False positives are one of the most significant yet often overlooked challenges. When a security alert signals a potential threat that turns out to be benign, security teams are left scrambling to investigate a non-issue. While it may seem like a minor inconvenience, the cumulative effect of false positives can be overwhelming. Not only do […]
The post The True Cost of False Positives: Impact on Security Teams and Business Operations appeared first on VERITI.
The post The True Cost of False Positives: Impact on Security Teams and Business Operations appeared first on Security Boulevard.
A recent discovery has exposed critical vulnerabilities in the Dovecot mail server, potentially allowing attackers to exploit the IMAP implementation and disrupt service. These vulnerabilities, identified as CVE-2024-23184 and CVE-2024-23185, can lead to denial-of-service (DoS) attacks by overwhelming the server with excessive address headers or very large headers. Dovecot is a popular open-source IMAP and […]
The post Debian Patches Two Dovecot Vulnerabilities appeared first on TuxCare.
The post Debian Patches Two Dovecot Vulnerabilities appeared first on Security Boulevard.
Linux kernel updates often include performance improvements and hardware compatibility. Regular kernel updates are crucial for patching vulnerabilities and protecting your system from cyberattacks. Live patching eliminates the need to reboot the system, avoiding service interruptions. Freshen up with something new and improved – if it’s as simple as applying a software update…. well, why […]
The post Bad Reasons to Update Your Linux Kernel appeared first on TuxCare.
The post Bad Reasons to Update Your Linux Kernel appeared first on Security Boulevard.
As per recent reports, a new macOS malware, dubbed the Cthulhu stealer, has been discovered by cybersecurity researchers. The information stealer is designed to target macOS hosts and is capable of harvesting a wide range of information. In this article, we’ll dive into the details of the Cthulhu stealer and uncover protective measures implemented against […]
The post Cthulhu Stealer: New macOS Malware Targets Apple Users’ Data appeared first on TuxCare.
The post Cthulhu Stealer: New macOS Malware Targets Apple Users’ Data appeared first on Security Boulevard.
A frequently asked question in cybersecurity is “What affects me?”. Companies want to know not only what is affecting other companies but what is specifically affecting similar companies in their industry and is therefore likely to affect them.
The post Research Identifies Prevalence of Brand Impersonation in Three-Year Cross-Industry Analysis appeared first on Security Boulevard.
Rubrik and Cisco have allied to improve cyber resiliency by integrating their respective data protection and extended detection and response (XDR) platforms.
The post Rubrik Allies to Cisco to Improve Cyber Resiliency appeared first on Security Boulevard.
Singapore, Singapore, 4th September 2024, CyberNewsWire
The post Blackwired Launches ThirdWatch℠, A Paradigm Shift in Cybersecurity appeared first on Security Boulevard.
Less than a month after we at Contrast Security announced Application Detection and Response, it is already a finalist for a major cybersecurity award.
The post Award Finalist: Contrast Security Application Detection and Response appeared first on Security Boulevard.
Is Your Business Trusted? The Critical Importance of SOC 2 Readiness in Today’s Industry Is Your Business Trusted? The Critical Importance of SOC 2 Readiness in Today’s Industry In an era where data breaches and cyber threats are increasingly common, businesses are under immense pressure to ensure their security measures while staying compliant with regulations […]
The post Is Your Business Trusted? The Critical Importance of SOC 2 Readiness in Today’s Industry appeared first on Cyber security services provider, data privacy consultant | Secureflo.
The post Is Your Business Trusted? The Critical Importance of SOC 2 Readiness in Today’s Industry appeared first on Security Boulevard.
Airport security is a lot like cybersecurity. Each is a cumbersome process aimed at protecting valuable assets. Both involve detection and response. In both airport and cyber security, the approach is to find threats that have made it inside the exterior walls — e.g., detect threats via x-raying luggage at the airport or by uncovering zero-day vulnerabilities in application code in production. Then, respond by blocking the threat, be it by removing forbidden materials from luggage or blocking exploitation of a web application vulnerability bysurrounding dangerous functions with trust boundaries.
The post Application Detection and Response: Understanding ADR’s Detection and Response Layers | Contrast Security appeared first on Security Boulevard.
Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response (EDR or XDR), security information & event management (SIEM), and security orchestration, automation & response (SOAR); despite that, these tools often do [...]
The post API Attack Surface: How to secure it and why it matters appeared first on Wallarm.
The post API Attack Surface: How to secure it and why it matters appeared first on Security Boulevard.
City officials in Columbus, Ohio, filed a complaint against a cybersecurity expert who has been telling local media that the sensitive data stolen by the Rhysida group in a July ransomware attack poses a larger threat to residents and employees than the mayor and others have been saying.
The post Columbus Sues Expert, Fueling Debate About Ransomware Attack appeared first on Security Boulevard.
https://youtu.be/SG1Rd3SY40I Q: Welcome, Cecil. Thank you for joining us today. To start, could you share a bit about your journey...
The post Talking DSPM: Episode 2 – Cecil Pineda appeared first on Symmetry Systems.
The post Talking DSPM: Episode 2 – Cecil Pineda appeared first on Security Boulevard.