The company plans to use Velociraptor’s technology and insights to build out its own incident response capabilities.
The post Rapid7 Acquires Velociraptor Open Source Project appeared first on Malware Devil.
David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved “fixme” flags in developer support groups.
Read More
The post 4 Innovative Ways Cyberattackers Hunt for Security Bugs appeared first on Malware Devil.
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
The post Justice Dept. Creates Task Force to Stop Ransomware Spread appeared first on Malware Devil.
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
The post Zero-Day Flaws in SonicWall Email Security Tool Under Attack appeared first on Malware Devil.
In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post-pandemic PC growth opportunities, lots of funding announcements, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
The post Darktrace & Knowbe4 IPOs, Dell Spins Off VMWare, & Zscaler Keeps Growing – ESW #224 appeared first on Malware Devil.
The long-awaited 2020 MITRE ATT&CK evaluations are out! With the MITRE ATT&CK framework now being the standard by which Defenders can measure the effectiveness of various solutions in tracking adversary behavior, cyber vendors are cherry-picking results from this latest testing round and spinning up clever interpretations of the data in their favor. At Cybereason, we are proud to let the test results speak for themselves.
The post MITRE ATT&CK: Cybereason Dominates the Competition appeared first on Security Boulevard.
The post MITRE ATT&CK: Cybereason Dominates the Competition appeared first on Malware Devil.
Fraudsters use cheat codes and gain an unfair advantage when they attack online gaming platforms. Here’s how to effectively fight against online gaming fraud and stop fraudsters without ruining the experience for good customers. Last year was unlike any other in recent memory. It ushered in a new way of life, as digital interaction for […]
The post How to Level Up in the Fight Against Online Gaming Fraud appeared first on Security Boulevard.
The post How to Level Up in the Fight Against Online Gaming Fraud appeared first on Malware Devil.
Trend Micro’s flagship threat detection and response platform proves its advantages in sophisticated simulations DALLAS, April 20, 2021 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, excelled in the latest ATT&CK Evaluation performed by MITRE Engenuity. The Trend Micro Vision OneTM platform quickly detected 96% of attack steps from the..
The post Exceptional Attack Protection Proven in Rigorous MITRE Engenuity ATT&CK® Evaluations appeared first on Security Boulevard.
The post Exceptional Attack Protection Proven in Rigorous MITRE Engenuity ATT&CK® Evaluations appeared first on Malware Devil.
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have what’s fast becoming a fairly standard tale of tracking people down via online imagery. Sometimes there’s cause for concern even without the latest tech providing some sort of flashpoint.
After the Capitol riots following the US election, those responsible were slowly arrested over a period of weeks of searching and identifying. The Verge story mentions that in this effort, law enforcement made use of “facial recognition tools” to track down people associated with the event. The tool apparently brought researchers to the Instagram feed of a suspect’s girlfriend. It was a short step from there to matching his clothes with images from the Capitol riot.
Everything unravelled for the suspect quickly. Facebook accounts revealed his name. This brought investigators (via his state driving licence records) to his identity, workplace, and home.
We’ve covered facial recognition on the blog many times. Most concerns tend to focus on the potential for abuse from repressive Governments and law enforcement overreach. It’s such a concern that tech giants regularly dip in, and then quickly dip out when public opinion turns.
I don’t think many people will complain if facial recognition is used to help identify the people at the Capitol riots. Organisations find new ways to secure their sites with facial recognition and biometrics on a daily basis. You may or may not object to your bank combining facial recognition with AI software. These are potentially useful applications of this technology. Even so, we need to know what we’re dealing with for this story.
Facial recognition is very much one of those technologies made a cliche for all time by film and television. The camera zooms in from orbit, it picks up the target in seconds, the operator is able to tell where the suspect bought his suit by enhancing the fibers on his jacket and so on.
The reality here is, “some people used a program to play mix and match with publicly available photographs”. The end result is still impressive, but CSI: Cyber this is not.
How does this work, then? Well, the article mentions “open source facial recognition tools”. The affidavit doesn’t say which tool, because law enforcement doesn’t want to give perpetrators clues for avoiding the long arm of the law. You can see some of the more popular tools available here, if you’re interested in learning more or giving them a go.
Otherwise, there are many other ways to match images with the raft of materials floating around online. TinEye is a dedicated online tool for matching images, and Google / Bing / Yandex search all offer their own versions of this functionality. A little bit of sleuthing and familiarity with OSINT practices can go a long way.
One of the best examples of this happened just recently, with a lost hiker pinpointed via a photograph. To me, this is significantly more impressive than digging a fairly distinctive individual out from a never-ending pile of selfies and readily available data on popular image sharing websites. As a result, I’d say this one is interesting, but definitely nothing new. Crowdsourcing also has a history of going horribly wrong, and the infamous Reddit Boston Bombing debacle is as good a place to drop this warning as any.
We’ll definitely see more of these stories in the near future, but I wouldn’t necessarily start panicking about this branch of open sourcing just yet.
The post FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram appeared first on Malwarebytes Labs.
The post FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram appeared first on Malware Devil.
In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post-pandemic PC growth opportunities, lots of funding announcements, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
The post Darktrace & Knowbe4 IPOs, Dell Spins Off VMWare, & Zscaler Keeps Growing – ESW #224 appeared first on Malware Devil.
Dive deeper into one of the key pillars of Workforce Cyber Intelligence: privacy.
The post Workforce Cyber Intelligence 103: The Importance of User Privacy & Trust appeared first on Dtex Systems Inc.
The post Workforce Cyber Intelligence 103: The Importance of User Privacy & Trust appeared first on Security Boulevard.
The post Workforce Cyber Intelligence 103: The Importance of User Privacy & Trust appeared first on Malware Devil.
The post ZLoader Dominates Email Payloads in Q1 appeared first on Security Boulevard.
The post ZLoader Dominates Email Payloads in Q1 appeared first on Malware Devil.
Periodically, I receive requests from customers asking for explanations on why this particular technique or that one doesn’t generate a Malop
in the Cybereason Defense Platform. Such questions illustrate that there is still a great deal of education to be done on the nature of EDR across much of the security industry.
The post Inside Effective EDR Evaluation Testing appeared first on Security Boulevard.
The post Inside Effective EDR Evaluation Testing appeared first on Malware Devil.
Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have what’s fast becoming a fairly standard tale of tracking people down via online imagery. Sometimes there’s cause for concern even without the latest tech providing some sort of flashpoint.
After the Capitol riots following the US election, those responsible were slowly arrested over a period of weeks of searching and identifying. The Verge story mentions that in this effort, law enforcement made use of “facial recognition tools” to track down people associated with the event. The tool apparently brought researchers to the Instagram feed of a suspect’s girlfriend. It was a short step from there to matching his clothes with images from the Capitol riot.
Everything unravelled for the suspect quickly. Facebook accounts revealed his name. This brought investigators (via his state driving licence records) to his identity, workplace, and home.
We’ve covered facial recognition on the blog many times. Most concerns tend to focus on the potential for abuse from repressive Governments and law enforcement overreach. It’s such a concern that tech giants regularly dip in, and then quickly dip out when public opinion turns.
I don’t think many people will complain if facial recognition is used to help identify the people at the Capitol riots. Organisations find new ways to secure their sites with facial recognition and biometrics on a daily basis. You may or may not object to your bank combining facial recognition with AI software. These are potentially useful applications of this technology. Even so, we need to know what we’re dealing with for this story.
Facial recognition is very much one of those technologies made a cliche for all time by film and television. The camera zooms in from orbit, it picks up the target in seconds, the operator is able to tell where the suspect bought his suit by enhancing the fibers on his jacket and so on.
The reality here is, “some people used a program to play mix and match with publicly available photographs”. The end result is still impressive, but CSI: Cyber this is not.
How does this work, then? Well, the article mentions “open source facial recognition tools”. The affidavit doesn’t say which tool, because law enforcement doesn’t want to give perpetrators clues for avoiding the long arm of the law. You can see some of the more popular tools available here, if you’re interested in learning more or giving them a go.
Otherwise, there are many other ways to match images with the raft of materials floating around online. TinEye is a dedicated online tool for matching images, and Google / Bing / Yandex search all offer their own versions of this functionality. A little bit of sleuthing and familiarity with OSINT practices can go a long way.
One of the best examples of this happened just recently, with a lost hiker pinpointed via a photograph. To me, this is significantly more impressive than digging a fairly distinctive individual out from a never-ending pile of selfies and readily available data on popular image sharing websites. As a result, I’d say this one is interesting, but definitely nothing new. Crowdsourcing also has a history of going horribly wrong, and the infamous Reddit Boston Bombing debacle is as good a place to drop this warning as any.
We’ll definitely see more of these stories in the near future, but I wouldn’t necessarily start panicking about this branch of open sourcing just yet.
The post FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram appeared first on Malware Devil.
Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure (PCS) appliances. PCS provides Virtual Private Network (VPN) facilities to businesses, which use them to prevent unauthorized access to their networks and services.
Cybersecurity sleuths Mandiant report that they are tracking “12 malware families associated with the exploitation of Pulse Secure VPN devices” operated by groups using a set of related techniques to bypass both single and multi-factor authentication. Most of the problems discovered by Pulse Secure and Mandiant involve three vulnerabilities that were patched in 2019 and 2020. But there is also a very serious new issue that it says impacts a very limited number of customers.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The patched vulnerabilities are listed as:
CVE-2019-11510 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. We wrote about the apparent reluctance to patch for this vulnerability in 2019.CVE-2020-8243 a vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload a custom template to perform an arbitrary code execution.CVE-2020-8260 a vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
The obvious advice here is to review the Pulse advisories for these vulnerabilities and follow the recommended guidance, which includes changing all passwords in the environments that are impacted.
The new vulnerability (CVE-2021-22893) is a Remote Code Execution (RCE) vulnerability with a CVSS score of 10–the maximum–and a Critical rating. According to the Pulse advisory:
[The vulnerability] includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment.
There is no patch for it yet (it is expected to be patched in early May), so system administrators will need to mitigate for the problem for now, rather than simply fixing it. Please don’t wait for the patch.
According to Pulse Secure, until the patch is available CVE-2021-22893 can be mitigated by importing a workaround file. More details can be found in the company’s Security Advisory 44784. Reportedly, the workaround disables Pulse Collaboration, a feature that allows users to schedule and hold online meetings between both Connect Secure users and non-Connect Secure users. The workaround also disables the Windows File Share Browser that allows users to browse network file shares.
The Pulse Connect Secure vulnerabilities including CVE-2021-22893 have been used to target government, defense and financial organizations around the world, but mainly in the US. According to some articles the threat-actors are linked to China. The identified threat actors were found to be harvesting account credentials. Very likely in order to perform lateral movement within compromised organizations’ environments. They have also observed threat actors deploying modified Pulse Connect Secure files and scripts in order to maintain persistence. These modified scripts on the Pulse Secure system are reported to have allowed the malware to survive software updates and factory resets.
FireEye’s Mandiant was involved in the research into these vulnerabilities. It has posted an elaborate analysis of the related malware, which they have dubbed SlowPulse. According to Mandiant, the malware and its variants are “applied as modifications to legitimate Pulse Secure files to bypass or log credentials in the authentication flows that exist within the legitimate Pulse Secure shared object libdsplibs.so”. In their blogpost they discuss 4 variants. Interested parties can also find technical details and detections there.
State sponsored cyber-attacks are often more about espionage than about monetary gain with the exception of sabotage against an enemy state. A big part of the espionage is getting hold of login credentials of those that have access to interesting secret information. Breaking into network devices in a way that can be used to extract login credential is an important strategy in this secret conflict. Keep in mind that attribution is always hard and tricky. You may end up reaching the conclusion they wanted you to reach. Given the targets and the methodology however, it makes sense in this case to look first at state sponsored threat actors.
The post Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild appeared first on Malware Devil.
Phishing links are getting past existing protections and clicked. How do you prevent these attacks? In this segment, Chris Cleveland, CEO at Pixm, will demonstrate how computer vision protection in the browser stops these attacks in real time and how you can know your own gaps.
Segment Resources:
Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf
This segment is sponsored by Pixm.
Visit https://securityweekly.com/pixm to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
The post Stopping Phishing Breaches at the Point of Click – Chris Cleveland – ESW #224 appeared first on Malware Devil.
In cybersecurity attackers have a structural advantage over defenders: they can succeed with a staggeringly high failure-rate (not caring that most attacks get blocked at the perimeter). Meanwhile, defenders lose when that single successful attack goes unnoticed regardless of how many attacks were successfully stopped. Disproportionate consequences similarly advantage attackers: typical times to detect and contain that one successful attack are still measured in weeks and months. Yet high-availability and resiliency characteristics built-in to “Well-Architected” microservices offer defenders an opportunity to turn the tables and rob attackers of their asymmetric advantages. The key missing ingredient is a sufficient early-warning system that can detect and respond to advanced threats.
In this presentation, Jeff Deininger, a Principal Cloud Security Engineer, will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish a foothold at the beginning of a campaign, leaving attackers feeling like they are inescapably ‘walking on ice’.
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
The post How Cloud Defenders Thwart Attacks Against Resilient Services – Jeff Deininger – ESW #224 appeared first on Malware Devil.
The post Vectorized Secure Evaluation of Decision Forests appeared first on Malware Devil.
The post GDPR-Compliant Use of Blockchain for Secure Usage Logs appeared first on Malware Devil.
Richard Porter — ISC Handler on Duty
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The post PluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th) appeared first on Malware Devil.
In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...
