Jobsuche aufgrund Umzug: Wo möchte Mensch denn im Raum Karlsruhe im Bereich IT Security oder IT Infrastruktur arbeiten? Nicht-offensichtliche Geheimtipps, dringendes Abraten…?
The NCC Group has created a series that I look forward to finishing, titled "Unveiling the Dark Side: A Deep Dive into Active Ransomware Families". The first installment covers the #BlackCat#ransomware (a.k.a. #ALPHV) and an incident that they observed that it was involved in that included new service and new accounts being created, and data being staged and believed to be exfiltrated. If you like technical reports like I do, this is one you don't want to miss! Enjoy and Happy Hunting!
📢 Excited for #BlackHatEurope? Don't miss my in-depth training session "Beyond IOCs: How to Effectively Threat Hunt using TTPs and Behaviors". Dive deep into cybersecurity models, tools, methodologies, and get hands-on with interactive threat hunting exercises. Master the art of operationalizing intel and presenting findings! 🔍🛡️
With people often copy-pasting command lines from the internet without thoroughly reading them, it's already possible to have them paste something they don't fully understand.
But what if the font you were using on the website that contains the command had some of its characters swapped in a clever way, so that it looked like a certain command, but when copied, contained a slightly different, malicious command?
Es scheint vollkommen egal, wie sehr man versucht, seine Daten selbst zu schützen, so lange Organisationen sammelwütig & unfähig deine Identität auf dem Präsentierteller anbieten. Vlt. gehören einige Daten einfach nicht in Systeme mit Verbindung ins Internet, gescheit verschlüsselt & maximal zugriffsbeschränkt.
Ich habe mich erstmals durch die "Empfehlungsecke" von @kuketzblog durch geklickt und finde, dass das eine gut kuratierte und übersichtliche Liste ist.
Gute Empfehlungen für Apps, Zahlungsverkehr im Internet und vieles mehr, schaut sie euch mal an, ist sicher auch gut zum Weiterleiten an Leute, die Tipps brauchen.
@benjaoming that's cool.
They could also inform about basic #itsecurity. Why strong passwords and MFA is important. And why you should not use the same password for all services.
With the recent activity reported by the CERT-UA researchers, we focus on the apt known as the #Sandworm Team, or (UAC-0165 as tracked by the Ukraine CERT). They recently targeted "at least 11 telecommunications providers" and conducted scans, installed backdoors, and cleared their tracks.
"The OWASP Top 10 for Large Language Model Applications project aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs)."
Normally I post something about a threat intel report but I have been reading the Microsoft Digital Defense Report for 2023 and there is just too much to post. That being said, I am going to share some of the numbers Microsoft presented and my thoughts on them. Let's start with ransomware:
📊 80-90% of all successful ransomware compromises originate from unmanaged devices.
📊 70% of organizations encountering human-operated ransomware had fewer than 500 employees.
📊 13% of human-operated ransomware attacks that moved into the ransom phase included some form of data exfiltration.
📈 Human-operated ransomware attacks are up more than 200%
The Kaspersky #Securelist researchers provide details on not one, not two, but THREE pieces of malware! They cover the #ASMCrypt (a crypto/loader), #Lumma (a stealer), and #Zanubis (an Android banking trojan) and provide insight on their TTPs and behaviors. Plus, you get the links to the reports they produced! Enjoy and Happy Hunting!
Signs for bad IT security in a company:
They require HTML in emails relevant to IT security.
They force users to change #passwords ever so often.
They claim to follow "best practices".
The ESET Research team discovered a sophisticated backdoor that contains multiple components and doesn't act like your normal malware with C2 communication. The backdoor consists of an Executor and Orchestrator. The Executor appears to act more like a middle man for the Orchestrator while the Orchestrator is responsible for actually running the commands from the C2 server. Enjoy this highly-technical article and Happy Hunting!
The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!
🎉 I am honored to be presenting at the #SwissCyberStorm conference on October 24, 2023! 🎉
🔍 Talk Title: "Unveiling Malicious Behavior in Unknown Binaries"
In this presentation, we will:
🔑 Dive deep into strategies for extracting malicious behaviors in unknown binaries.
🛡 Cover tactics from fundamental signature-based checks, string analysis, and packer detection to advanced heuristics.
🌐 Discuss identifying Command and Control (C2) communication and decryption routines in malware.
🚀 With the rise of sophisticated malware, traditional strategies often fall short. We will introduce advanced techniques and heuristics to navigate and analyze complex binary files.
The Intel 471 team provides their findings of the #BumbleBee loader as it makes its comeback after a two month break. Taking the place of the #BazarLoader (the source code was leaked when the #Conti leak occurred). The BumbleBee loader has been associated with distributing ransomware and is currently being used by multiple threat actors. My favorite part of this article though (and not surprising) is all the MITRE ATT&CK mappings that provide all the #ThreatHunters a place to start looking, so thank you for that team! I hope you all enjoy and Happy Hunting!
Follow the Check Point Software Technologies Ltd research team as they take a deep dive into the #phishing campaign they observed that targeted over 40 companies in Colombia. What started with a phishing email led to the #Remcos RAT which provides the adversaries with full control over the infected computer. Enjoy and Happy Hunting!
Researchers from Kaspersky's #SecureList team takes a deep-dive into an "Evil Telegram" doppelgänger that is targeting Chinese users. At first the app looks benign and non-malicious until they started digging into the code. They found some functions that were designed to gather information of the contacts and access to the phone of the victim but also contains a function to gather messages and upload them to a command and control server that the adversary runs! Enjoy and Happy Hunting!
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!