Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …
The post The Security Digest: #45 appeared first on Cyral.
The post The Security Digest: #45 appeared first on Security Boulevard.
The post The Security Digest: #45 appeared first on Malware Devil.
Annual Cisco privacy study also reports that 90% of organizations say their customers won’t buy from them if they are not clear about data policy practices.
The post Privacy Teams Helped Navigate the Pivot to Work-from-Home appeared first on Malware Devil.
Annual Cisco privacy study also reports that 90% of organizations say their customers won’t buy from them if they are not clear about data policy practices.
The post Privacy Teams Helped Navigate the Pivot to Work-from-Home appeared first on Malware Devil.
This week, Dr. Doug talks TikTok, Sonic Wall, Cisco, Fake Security Blogs, Joe Biden, and C-Suite Phishing, all this and the return of Jason Wood for Expert Commentary!
Timestamps:
1:28 – “Cisco DNA Center Bug – CVE-2021-1257”
3:35 – “SonicWall Breach based on likely Zero Days”
4:59 – “TikTok Flaw could have revealed phone numbers and profiles”
6:18 – “US President Joe Biden ups the Cyber game with 10 billion dollar “Down Payment””
8:02 – “Google’s TAG reveals APT campaign targeting security researchers”
9:20 – “Fake Office 365 Password Reset Campaign targetting C-Suite workers”
10:41 – “Selling Zero Days is not a good idea, selling access is flourishing”
25:51 – “8 Days in Space may get a little pricey, start saving now”
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn95
The post Cisco, SonicWall, Rich Guys in Space, TikTok, & Jason Wood – SWN #95 appeared first on Malware Devil.
This week, Dr. Doug talks TikTok, Sonic Wall, Cisco, Fake Security Blogs, Joe Biden, and C-Suite Phishing, all this and the return of Jason Wood for Expert Commentary!
Timestamps:
1:28 – “Cisco DNA Center Bug – CVE-2021-1257”
3:35 – “SonicWall Breach based on likely Zero Days”
4:59 – “TikTok Flaw could have revealed phone numbers and profiles”
6:18 – “US President Joe Biden ups the Cyber game with 10 billion dollar “Down Payment””
8:02 – “Google’s TAG reveals APT campaign targeting security researchers”
9:20 – “Fake Office 365 Password Reset Campaign targetting C-Suite workers”
10:41 – “Selling Zero Days is not a good idea, selling access is flourishing”
25:51 – “8 Days in Space may get a little pricey, start saving now”
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn95
The post Cisco, SonicWall, Rich Guys in Space, TikTok, & Jason Wood – SWN #95 appeared first on Malware Devil.
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
The post Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks appeared first on Malware Devil.
The conversation continues on mitigating insider threats and building an insider threat program!
This segment is sponsored by Ekran System.
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw59
The post How to Build an Insider Threat Program in 10 Steps – Part 2 – Anthony Palmeri – SCW #59 appeared first on Malware Devil.
The conversation continues on mitigating insider threats and building an insider threat program!
This segment is sponsored by Ekran System.
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw59
The post How to Build an Insider Threat Program in 10 Steps – Part 2 – Anthony Palmeri – SCW #59 appeared first on Malware Devil.
TetherView today launched DigitalBunker, a hosted IT environment through which IT services providers can manage and secure virtual desktops on organizations’ behalf. Michael Abboud, CEO, TetherView, says that while the concept of a digital workspace for consistently accessing multiple applications has been around for some time, TetherView manages both the individual desktops and the IT..
The post TetherView Unveils DigitalBunker Service for Virtual Desktops appeared first on Security Boulevard.
The post TetherView Unveils DigitalBunker Service for Virtual Desktops appeared first on Malware Devil.
DDoS attacks were observed recently, where Microsoft Remote Desktop Protocol (RDP) was abused in order to reflect and amplify the amount of bandwidth involved. This is not a vulnerability by itself, but an abuse of the RDP protocol design. Attacks using this technique were observed with sizes range from 20-750 Gbps.
Read More
The post Use of Remote Desktop Protocol in DDoS Attacks (CERT-EU Security Advisory 2021-005) appeared first on Malware Devil.
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
Read More
The post 23M Gamer Records Exposed in VIPGames Leak appeared first on Malware Devil.
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
The post BEC Scammers Find New Ways to Navigate Microsoft 365 appeared first on Malware Devil.
An Interactive Media Bias Chart is well worth taking a close look: This might as well be a graphic representation of someone trying to ride a bicycle. Zachery Tyler explained it succinctly like this: As usual, your best bet for legitimate sources of information is to read the wire services and actual newspapers, such as … Continue reading Bias is Anti-Balance: Consuming Media is Like Riding a Bicycle
The post Bias is Anti-Balance: Consuming Media is Like Riding a Bicycle appeared first on Security Boulevard.
The post Bias is Anti-Balance: Consuming Media is Like Riding a Bicycle appeared first on Malware Devil.
Many thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s BSidesSF 2020, and on the DEF CON YouTube channel. Additionally, the BSidesSF 2021 will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!
The post BSidesSF 2020 -Sam “Frenchie” Stewart’s & Maya Kaczorowski’s ‘Checking Your — Privileged Container’ appeared first on Security Boulevard.
The post BSidesSF 2020 -Sam “Frenchie” Stewart’s & Maya Kaczorowski’s ‘Checking Your — Privileged Container’ appeared first on Malware Devil.
The post Sharp Increase in Emotet, Ransomware Droppers appeared first on Security Boulevard.
The post Sharp Increase in Emotet, Ransomware Droppers appeared first on Malware Devil.
And the winner of The Edge’s January cartoon caption contest is …
The post Cartoon Caption Winner: Before I Go … appeared first on Malware Devil.
Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.
This segment is sponsored by Ekran System.
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw59
The post How to Build an Insider Threat Program in 10 Steps – Part 1 – Anthony Palmeri – SCW #59 appeared first on Malware Devil.
Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.
This segment is sponsored by Ekran System.
Visit https://securityweekly.com/ekran to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw59
The post How to Build an Insider Threat Program in 10 Steps – Part 1 – Anthony Palmeri – SCW #59 appeared first on Malware Devil.
I don’t think anyone has ever marketed James Bond movies properly for what they really are. Look at this awful release poster for “Diamonds are Forever” and tell me the whole narrative from the beginning has been anything more than misogynist garbage: Do my words sound harsh? If so, then here’s how the creator of … Continue reading James Bond Movies Are “Fascist Pig” Glorification
The post James Bond Movies Are “Fascist Pig” Glorification appeared first on Security Boulevard.
The post James Bond Movies Are “Fascist Pig” Glorification appeared first on Malware Devil.
Introduction
Late last week, we saw new samples of Word documents from TA551 (Shathak) pushing malware. This actor was active up through 2020-12-18 pushing IcedID malware before going on break for the holidays. Now that it’s returned, TA551 has been pushing Qakbot (Qbot) malware instead of IcedID.
Shown above: flow chart for recent TA551 (Shathak) activity so far in January 2021.
Images from the infection
See below for images associated with the infection in my lab environment.
Shown above: Screenshot of the TA551 (Shathak) Word document with macros for Qakbot (Qbot).
Shown above: Regsvr32 pop up message when the malware DLL to install Qakbot has successuflly run.
Shown above: Start of TCP stream showing the HTTP request and response for the initial DLL to install Qakbot (Qbot).
Shown above: Traffic from the infection filtered in Wireshark (part 1).
Shown above: Traffic from the infection filtered in Wireshark (part 2).
Shown above: Traffic from the infection filtered in Wireshark (part 3).
Shown above: One of the emails exported from the pcap (a copy is available here).
Notes
This month, the affiliate or campaign identification string for Qakbot malware distributed through TA551 has been krk01. When my krk01 Qakbot-infected host started spamming more Qakbot, the affiliate/campaign ID for Qakbot samples caused by this malspam was abc120.
Because of this and its previous history pushing different families of malware, I believe TA551 (Shathak) is a distributor for other criminals in our cyber threat landscape. The other criminals push malware (like the criminals behind Qakbot), while TA551 is specifically a distribution network.
Indicators of Compromise (IOCs)
SHA256 hash: 17cd3c11fba639c1fe987a79a1b998afe741636ac607254cc134eea02c63f658
SHA256 hash: 231b081480a80b05d69ed1d2e18ada8a1fd85ba6ce3e69cc8f630ede5ce5400e
Final words
A pcap of the infection traffic and and malware from the infected Windows host can be found here.
—
Brad Duncan
brad [at] malware-traffic-analysis.net
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The post TA551 (Shathak) Word docs push Qakbot (Qbot), (Tue, Jan 26th) appeared first on Malware Devil.
In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...
