Crypto Scams: Hacking Campaigns Compromise Coinbase Accounts
Cryptocurrency scams in the form of phishing attacks are a widespread and significant threat to people who use digital wallets like Coinbase and Exodus. These attacks are designed to deceive users into divulging personal information through counterfeit login pages for cryptocurrency exchanges. The ultimate goal of these attacks is to steal sensitive user information, such as login credentials. Cryptocurrency accounts without two-factor or other forms of multifactor authentication are particularly susceptible to these attacks. Attackers can also use phishing tactics to trick users into downloading and installing harmful software or malware that can be used to drain cryptocurrency wallets. Therefore, it's crucial to be vigilant and take appropriate measures to safeguard personal information and digital assets from these types of attacks.
Footsteps of WMIGhost - Advanced Malware Continues to Abuse Windows Management Instrumentation (WMI)
While threat hunting a JavaScript file was discovered resembling components of WMIGhost, known as Wimmie/Syndicasec and frequently attributed to the Thrip APT group. This Malware, designed for Microsoft Windows, leverages the Microsoft Windows Management Instrumentation (WMI) to extract information about the infected host then sending WMI data to the attacker's command-and-control (C2) server.
Cybersecurity - Secure by Default vs. Secure by Design
In information security, the principles of secure by design and secure by default represent two paradigms that work together to enhance the security of networks and systems. These two paradigms represent essential elements in cybersecurity. The Secure-by-principle integrates security as a fundamental element during the development process and throughout its lifecycle. The principle of secure-by-default means that the product is as secure as possible out-of-the-box without any additional security configurations.
CISA & NSA - Identity & Access Management (IAM) Vendor Challenges
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), in partnership with the Enduring Security Framework (ESF), published new identity and access management guidance (IAM). CISA and the NSA address development and technology challenges that limit the organizational adoption of multifactor authentication (MFA) and single sign-on (SSO). CISA and the NSA also provide best practices that smaller organizations can implement as an IAM framework for identity access management (IAM). A broad IAM solution is critical in managing access to mission-critical resources.
Exploring Ransomware Samples Written As Windows Batch File / HTA Hybrids
A Ransomware attack is an attack deployed by malware that weaponizes encryption to encrypt a victim's files and other data to prevent the victim from accessing their data. At the same time, the ransomware operators demand, through a ransom note, something of value (often money or cryptocurrency, such as Bitcoin) for the key to decrypt the files. Ransomware attacks are a common problem for businesses and individuals worldwide as malicious actors use ransomware infections to profit by holding data hostage. In a recent study, 73% of organizations were hit by ransomware, with a third saying they were hit more than once. Ransomware variants and the threat actors who deploy them continue to affect the largest companies worldwide, such as the ransomware attack on MGM by the ALPHV/BlackCat ransomware group. The most sophisticated ransomware attacks involve complex attack chains with the following: social engineering attacks, phishing emails, malware/viruses, and zero-day and/or n-day exploits.
Rust vs. C/C++: Ensuring Memory Safety & Security
C/C++ is popular for system development due to its hardware control. However, manual memory management in these languages can be unsafe and lead to memory corruption and other security vulnerabilities. Rust is a modern programming language with guaranteed memory safety. This post compares Rust and C/C++ regarding memory safety and security and provides Rust programming examples.
Breaking Down CISA's Open Source Software Security Roadmap
Today, we're diving into a recent publication titled Open Source Software Security Roadmap by the Cybersecurity and Infrastructure Security Agency's (CISA). We’ll be breaking down this publication into bite-sized, easy-to-digest pieces. So strap-in and enjoy the ride as we learn how CISA is trying to impact chaotic world of open source software security.
How to Install the YARA Malware Analysis Tool On Windows
YARA is an indispensable tool designed to identify malware, malicious, and suspicious elements based on defined patterns. YARA rules are text-based patterns that describe characteristics of files, such as specific byte sequences, strings, regular expressions, and more. In this comprehensive guide, we will delve into the step-by-step process of installing YARA on the Windows operating system. By the end of this tutorial, you'll have a clear understanding of how to harness YARA's capabilities to create custom rules, scan files and directories, and fortify your system's defenses against potential cyber threats.
Exploring Defense Evasion through Reflective Code Loading (T1620)
Reflective Code Loading, identified as T1620 within the MITRE ATT&CK matrix continues to be a prevalent defense evasion technique frequently encountered during routine threat hunting activities. It notably attains popularity in the context of loading .NET assemblies within the Windows operating system. This technique can be employed by threat actors to load numerous amounts of malicious software including, malware, ransomware, and exploits against known software vulnerabilities.
Decrypt Traffic with Mitmproxy & Wireshark
In some situations during your career as a security researcher or another area under the cybersecurity umbrella one may need the capability of decrypting application layer traffic such as HTTPS and WebSockets.
To decrypt HTTPS or WebSockets traffic, we can utilize mitmproxy to decrypt SSL/TLS and Wireshark to analyze that traffic. From a security context, we are essentially creating a man-in-the-middle condition locally.