InfoSec Articles (12/02/20 – 12/16/20)
A week before Christmas, cryptocurrency mining botnet PGMiner is showing smarter ways to hack into a victim’s machine. At its core, PGMiner attempts to connect to the mining pool for Monero mining. Learn more on this and other malware in this batch of InfoSec...InfoSec Articles (11/17/20 – 12/01/20)
On to the start of the last month of the year and just around Thanksgiving, cyber crimes are still rampant. Even GoDaddy was also a victim of a scam using voice phishing or vishing. The scam shows how vishing can be more deceptive than email schemes. Learn more about...InfoSec Articles (11/02/20 – 11/16/20)
Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Learn more on this and other news in this batch of InfoSec...InfoSec Articles (10/18/20 – 11/01/20)
Upon entering the second to the last month of the year, there are a lot of botnets, banking malware, and malware making the news. But one that stands out is Kimsuky. Kimsuky uses various spearphishing and social engineering methods to obtain Initial Access to victim...InfoSec Articles (10/03/20 – 10/17/20)
There has been a lot of RATs as well as botnets lately, such as HEH. HEH Botnet is spreading through brute force of the Telnet service on ports 23/2323. The bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck...InfoSec Articles (09/18/20 – 10/02/20)
One of the common malware being reported nowadays is the Remote Access Trojan or RAT, such as the LodaRAT. Written in Autolt, LodaRAT not only have abandoned their usual obfuscation techniques, but several functions have also been rewritten and new functionality has...InfoSec Articles (09/03/20 – 09/17/20)
With almost everything being done online, cybercriminals were able to develop Baka skimmer to perform their goals. Baka skimmer has a sophisticated design intended to circumvent detection by security tools. Read more about it and the latest cybersecurity news in this...InfoSec Articles (08/19/20 – 09/02/20)
This batch of the most recent infosec articles from around the web, includes an evolution analysis of Transparent Tribe. In the last four years, Transparent Tribe has never taken time off. They continue to hit their targets, which typically are Indian military and...InfoSec Articles (08/04/20 – 08/18/20)
Lots of malware have been creating cybercrime, but the old Agent Tesla uses new tricks to be able to stay on top. The Agent Tesla RAT has become one of the most prevalent malware families, being seen in more attacks than even TrickBot or Emotet and only slightly fewer...InfoSec Articles (07/20/20 – 08/03/20)
We have now come into a new month, and this set of InfoSec articles discusses how some specific malware operates. One of these is the Evilnum malware which was previously seen in attacks against financial technology companies. Read on and learn more in this batch of...InfoSec Articles (07/05/20 – 07/19/20)
Onto the second half of 2020, and a lot of trojans are actively upping their game to spread banking malware. One of these is Trojan Cerberus which disguised itself as a genuine app in order to access the banking details of unsuspecting users. Protect yourself by...InfoSec Articles (06/20/20 – 07/04/20)
The latter half of the year has already begun, and cybercrimes show no signs of stopping. Just like how they’re using Cobalt Strike to deploy Anchor backdoor and RYUK ransomware. Be vigilant and learn more about these digital attacks in this batch of InfoSec...InfoSec Articles (06/05/20 – 06/19/20)
Ransomware and malware, such as GuLoader, have been very active in campaigns against security. GuLoader is used to deliver malware with the help of cloud services such as Google Drive. The delivery of malware through cloud drives is one of the fastest-growing trends...InfoSec Articles (05/21/20 – 06/04/20)
Half of 2020 is here and malware such as Mylobot, ComRAT, and the likes have also upgraded their game. Mylobot has the ability to download and execute any type of payload after it infects a host. Learn more in this batch of InfoSec articles. For more articles, check...InfoSec Articles (05/06/20 – 05/20/20)
Ransomware has topped this InfoSec articles. One of which is the Netwalker ransomware. This involves malware that is not compiled but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. Read more on...InfoSec Articles (04/21/20 – 05/05/20)
Among the cybercrime known to us, EventBot seems to be a real threat among many users. EventBot is targeting financial applications and steal SMS messages to allow malware to bypass two-factor authentication. Keep reading to find out more security news. For more...DoH! Not so great to the Enterprise
DoH, or DNS over HTTPS (RFC 8484), is a relatively new protocol that provides increased privacy and security. It does this by encrypting DNS queries and responses, which prevents eavesdropping and man-in-the-middle attacks. Instead of using a regular DNS resolver,...InfoSec Articles (04/06/20 – 04/20/20)
xHelper, together with other malware and threat attacks, have added to the concerns of Android users. Read about this threat and more in the latest security industry news below. For more articles, check out our #onpatrol4malware blog. AZORult brings friends to the...InfoSec Articles (03/22/20 – 04/05/20)
Cyber attacks, phishing, stalkerware, and malware such as Emissary Panda, have been rampant. They’re taking advantage of the vulnerabilities in organizations and even governments. Keep reading to find out more security news. For more articles, check out our...InfoSec Articles (03/07/20 – 03/21/20)
A lot of info stealer, malware campaigns, and scams have taken advantage of the COVID-19 pandemic. Coronavirus has posts threat not only in the physical world, but also in the digital world. For more articles, check out our #onpatrol4malware blog. Multiple...Newly Registered Domains Related to COVID-19
The current outbreak of the COVID-19 created a perfect scenario for all sorts of scammers to monetize through fear, false promises and fraud. Since the beginning of March, tens of thousands of new domains have been registered using the terms “corona”,...InfoSec Articles (02/21/20 – 03/06/20)
Infodemic is happening now to our world. The leverage of the current physical threat, the CoronaVirus, is being used as a social engineering trick to infect the cyber world. Be informed and read on these interesting and useful articles we have gathered. For more...InfoSec Articles (02/06/20 – 02/20/20)
The industry saw lot of phishing and smishing in the second month of 2020. Most of this was related to the coronavirus epidemic. Read some of the most interesting and useful infosec articles from early February. For more articles, check out our #onpatrol4malware blog....InfoSec Articles (01/22/20 – 02/05/20)
Entering into the second month of the year, there’s more information about the various groups that are using the Golden Chicken Malware-as-a-Service. In addition, there’s a lot of malware now in action to get a hold of confidential details related to the...Why Commercial Threat Intelligence Beats OSINT
Picture this: you’re in need of a new suit. You see that your favorite store is giving away designer suits for free and the pictures look fantastic. But digging into the details reveals that they’re only available in sizes too large for you and with an awkward...InfoSec Articles (01/07/20 – 01/21/20)
Articles from the last couple of weeks reveal news about cyber threats targeting the electric utility industry and hackers boring into the gas company industry. And with the events in and around Iran, there were concerns on widespread cyber attacks that could happen....Threat Intelligence: Essential For Your Cyber Defenses
Cyber risk is growing while confidence in internal defense resilience declining. According to Microsoft’s 2019 Global Cyber Risk Perception Survey, cyber security is a top 5 business concern for 79% of companies globally (and the top risk for 22% surveyed). Threat...Palo Alto MineMeld Configuration Guide
Palo Alto MineMeld is an extensible Threat Intelligence processing framework and the multi-tool of threat indicator feeds. MineMeld can be used to collect, aggregate, and filter indicators from a variety of sources make them available for consumption to peers or the...Postpassword Security with FIDO2
Welcome to the dawn of the post-password world. Multifactor authentication orbits it and two-factor authentication is just a short ride away. A new adoption campaign has launched, and it’s bound for broad enablement of FIDO2. FIDO2 will be the first stop after...Synergistic Malware Threats
It’s easy to focus on the different kinds of malware threats. Data exfiltration, phishing, ransomware, Trojans, cryptomining and all the other threat vectors present sufficient challenges to cyber security teams. But the reality on the ground is more complicated,...Tips for Establishing Your Security Program
(And How the Cyber Insurance Industry May Help You for Free) I won’t keep you waiting. Before you get too excited about that free assist from the cyber insurance industry, let me be clear: it won’t, directly. But that’s no problem. Resourcefulness benefits any...Command and Control Servers: Fundamentals
Command and Control Servers (C2s) are the brains of the malware operation. Learn more about how they work in our blog.