What your SOC will be facing in 2023
Securelist
by Sergey Soldatov, Roman Nazarov
1w ago
As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threats any SOC is likely to face in 2023. Based on our extensive Managed Detection and Response (MDR) experience and the dynamics we have seen over the years, we provide insights into the trends set to shape the threat landscape for enterprises this ..read more
Visit website
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Securelist
by GReAT
1w ago
Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq (a.k.a Moqhao, XLoader), which was the main malware used in this ..read more
Visit website
What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks
Securelist
by Kaspersky Security Services
1w ago
Kaspersky detects an average of 400,000 malicious files every day. These add up to 144 million annually. The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of data that end up publicly accessible on the dark web. Hacker attacks constantly hurt individuals, corporations, and entire countries, and not just financially. In certain cases, cyberattacks may threaten human lives, for example if they target critical infrastructure. Last year, the cybersecurity of c ..read more
Visit website
How much security is enough?
Securelist
by Sergey Soldatov
3w ago
According to a prominent Soviet science fiction writer, beauty is a fine line, a razor’s edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching that compromise. As an information security professional, I like elegant designs — all the more so because trade-off is a prerequisite for an information security manager’s success: in particular, trade-off between the level of security and its cost in the most practical, literal sense. A common p ..read more
Visit website
BlueNoroff introduces new methods bypassing MoTW
Securelist
by Seongsu Park
1M ago
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion. However, it has recently started to adopt new methods of malware delivery. The first new method the group adopted is aimed at evading the Mark-of-the-Web (MOTW) flag, th ..read more
Visit website
Ransomware and wiper signed with stolen certificates
Securelist
by Mohamad Amin Hasbini
1M ago
Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the country’s computer systems. On September 10, 2022, Albanian local news reported a second wave of cyberattacks targeting Albania’s TIMS, ADAM and MEMEX systems – the latter two systems critical for law enforcement – reportedly using the same attack type and by the same actors. Around the same time, we identified ransomware and wiper malware sampl ..read more
Visit website
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
Securelist
by Vitaly Morgunov, Dmitry Kondratyev, Alexander Kolesnikov, Alexey Kulaev
1M ago
Summary At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082. The second vulnerability, in turn, allows remote code execution (RCE) when MS Exchange PowerShell is accessible to the attacker. As noted in the GTSC report, b ..read more
Visit website
Reassessing cyberwarfare. Lessons learned in 2022
Securelist
by GReAT, Kaspersky ICS CERT
1M ago
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed serious risks of spreading over the continent. While the broader geopolitical analysis of the war in Ukraine and its consequences are best left to experts, a number of cyberevents have taken place during the conflict, and our assessment is that they are very significant. In this report, we propose to go ..read more
Visit website
How to train your Ghidra
Securelist
by Igor Kuznetsov
1M ago
Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding even more to the cost and raising the barrier to entry into the RE field. Then, in 2019, Ghidra was published: a completely open-source and free tool, with a powerful disassembler and a built-in decompiler for each supported platform. However, the first release did not look even close to what us reve ..read more
Visit website
DeathStalker targets legal entities with new Janicab variant
Securelist
by GReAT
1M ago
Just to clarify, the subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020, possibly active during 2021 and potentially extending an extensive campaign that has been traced back to early 2015 and targeted legal, financial, and travel agencies in the Middle East and Europe. Janicab was first introduced in 2013 as ..read more
Visit website

Follow Securelist on Feedspot

Continue with Google
OR