part
-
In our previous interview with Pryx, the threat actor briefly touched upon the concept of server-side stealers claiming it to be completely different from how traditional info-stealers work. We were interested in learning more about this new innovative approach so we decided to dive deeper in a follow-up chat-based interview. This time, Pryx not only explained…
-
Table of contents Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely from the sheer number of detection rules required to address a wide range of technologies.
-
Based on both Microsoft Threat Intelligence’s findings and those reported by governments and other security vendors, we assess that the Russian nation-state actor tracked as Secret Blizzard has used the tools and infrastructure of at least six other threat actors during the past seven years. They also have actively targeted infrastructure where other threat actors…
-
After co-opting the tools and infrastructure of another nation-state threat actor to facilitate espionage activities, as detailed in our last blog, Russian nation-state actor Secret Blizzard used those tools and infrastructure to compromise targets in Ukraine. Microsoft Threat Intelligence has observed that these campaigns consistently led to the download of Secret Blizzard’s custom malware, with…
-
MalBot December 10, 2024, 6:15pm 1 The surge in online shopping and travel bookings during the holiday season offers rich pickings for cybercriminals. Black Friday, Cyber Monday, Christmas shopping, and increased travel throughout December offer ample opportunities for cybercriminals to profit from the high volume of transactions and the growing reliance on digital platforms in…
-
This is the first of a two-part series. The holiday season is here. It’s a time for reuniting with family and friends, travel and gift-giving. It’s also a prime time for cybercrime as millions of consumers head to online checkouts on Black Friday, Cyber Monday, Giving Tuesday and throughout the holiday season. Cybercriminals capitalize on…
-
Not The Models You’re Looking For Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday!
-
“I have not failed. I’ve just found 10,000 ways that won’t work”
-
Anything is a Nail When Your Exploit’s a Hammer Previously… In previous blogs we’ve discussed HOW to exploit vulnerable configurations and develop basic exploits for vulnerable model protocols. Now it’s time to focus all of this information – protocols, models and Hugging Face itself – into a viable attack Proof-of-Concept against various libraries.
-
Data Integrity controls for a more secure cloud platform using the CIA Triad model (checklist) Published in · 20 min read · 1 day ago In the last article we covered Confidentiality, CIA Triad in Cloud Security (Part 1: Confidentiality) As a quick review, there are 3 aspects of the CIA Triad which is a…
-
MalBot November 28, 2024, 9:15am 1 The investigation revealed that the criminal network used the same modus operandi and, in part, also the same organisation and infrastructure as the perpetrators previously investigated under Operation Admiral. Announced in November 2022, the investigation is considered the largest VAT fraud ever uncovered in the EU, with damages now…
-
Six months after announcing (and modifying and delaying) Windows Recall, Microsoft has released a first-look preview of a reworked version for Windows Insiders via its Dev Channel.
-
TL;DR Take lessons learned from investigation, such as reviewing how emails evaded existing phishing controls to update anti-malware policies. Configure Defender for Office and Defender for Cloud Apps threat and alert policies to prevent and detect email-based attacks. Don’t rely on out-of-the-box (OOTB) configuration, use KQL to identify noisy polices and adjust rule scope or…
-
Telecommunications firms and government organizations across Southeast Asia have been targeted by Chinese state-backed threat operation Salt Typhoon, also known as UNC2286, GhostEmperor, and Earth Estries, with attacks involving the new modular GhostSpider backdoor and the Demodex rootkit as part of a long-term cyberespionage campaign, reports BleepingComputer.
-
Setting up the environment + Hello […] The post Extending Burp Suite for fun and profit – The Montoya way – Part 8 appeared first on hn security.
-
Enjoy Threat Modeling? Try Threats in Models! Previously… In part 1 of this 4-part blog, we discussed Hugging Face, the potentially dangerous trust relationship between Hugging Face users and the ReadMe file, exploiting users who trust ReadMe and provided a glimpse into methods of attacking users via malicious models. In part 2, we explore dangerous model protocols…
-
By Bryan House In the first part of my series, I wrote about the economics and business dynamics that got us to the point of market commoditization for SaaS businesses. I haven’t written this series to accelerate your downward panic spiral, so let’s focus on the positive.