DataDome's commitment to accessibility extends to every facet of our business. Learn how we've updated our response pages to meet the WCAG 2.2 AA standards.
The post Designing a More Inclusive Web: DataDomeβs Response Page Accessibility Upgrades appeared first on Security Boulevard.
A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.
The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.
Or junk it if EOL: Two nasty vulnerabilities need an updateβpronto.
The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.
Threat Actors Use Obscure or Self-Made Link Shortener Services for Credential Harvesting Earlier this month our expert takedown team responded to a bad actor that used link shortener services to obfuscate a link to a phishing page that impersonated one of our financial institution customers. The destination was a sign-in webpage presenting malicious content including [β¦]
The post Threat Actors Use Obscure or Self-Made Link Shortener Services for Credential Harvesting first appeared on alluresecurity.
The post Threat Actors Use Obscure or Self-Made Link Shortener Services for Credential Harvesting appeared first on Security Boulevard.
The post Under Attack: How UHC and Kaiser Are Tackling Their Cybersecurity Ordeals appeared first on Votiro.
The post Under Attack: How UHC and Kaiser Are Tackling Their Cybersecurity Ordeals appeared first on Security Boulevard.
In the latest edition of The TIDE: Threat-Informed Defense Education, weβre announcing new threat intelligence highlights, new direction for our Community Edition users, as well as the biggest release weβve had yet of defensive technologies. Itβs an exciting time at Tidal.
First up, Iβm excited to share about Threat Object Stubs. In the past, if a user searched in Tidal Cyber Community Edition for an Enterprise Edition exclusive threat, they would have been left with the dreaded βno results.β Starting today, they will no longer see nothing, and instead see the threat object, its relationships to other objects, and references.
The post The TIDE: UNC5537, SCARLETEEL, new Threat Object Stubs, and now 303 defensive solution mappings (our biggest release yet!) appeared first on Security Boulevard.
You could have a solid pretext that slips right by your target secure email gateway (SEG); however, if your link looks too sketchy (or, you know, βsmells phishyβ), your phish could go belly-up before it even gets a bite. Thatβs why I tend to think of link filters as their own separate control. Letβs talk briefly about how these link filters work and then explore some ways we might be able to bypassΒ them.
Over the past few years, Iβve noticed a growing interest in detecting phishing based on the links themselvesβor, at least, there are several very popular SEGs that place a very high weight on the presence of a link in an email. Iβve seen so much of this that I have made this type of detection one of my first troubleshooting steps when a SEG blocks me. Iβll simply remove all links from an email and check if the message content getsΒ through.
In at least one case, I encountered a SEG that blocked ANY email that contained a link to ANY unrecognized domain, no matter what the wording or subject line said. In this case, I believe my client was curating a list of allowed domains and instructed the SEG to block everything else. Itβs an extreme measure, but I think it is a very valid concern. Emails with links are inherently riskier than emails that do not contain links; therefore, most modern SEGs will increase the SPAM score of any message that contains a link and often will apply additional scrutiny to the links themselves.
If a SEG filters links in an email, it will first need to detect/parse each link in the content. To do this, almost any experienced software engineer will directly go to using Regular Expressions (βregexβ forΒ short):
To which, any other experienced software engineer will be quick to remind us that while regex is extremely powerful, it is also easy to screwΒ up:
As an example, here are just a few of the top regex filters I found for parsing links on stackoverflow:
(http|ftp|https):\/\/([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])
(?:(?:https?|ftp|file):\/\/|www\.|ftp\.)(?:\([-A-Z0β9+&@#\/%=~_|$?!:,.]*\)|[-A-Z0β9+&@#\/%=~_|$?!:,.])*(?:\([-A-Z0β9+&@#\/%=~_|$?!:,.]*\)|[A-Z0β9+&@#\/%=~_|$])
(?:(?:https?|ftp):\/\/)?[\w/\-?=%.]+\.[\w/\-&?=%.]+
([\w+]+\:\/\/)?([\w\d-]+\.)*[\w-]+[\.\:]\w+([\/\?\=\&\#\.]?[\w-]+)*\/?
(?i)\b((?:[a-z][\w-]+:(?:/{1,3}|[a-z0β9%])|www\d{0,3}[.]|[a-z0β9.\-]+[.][a-z]{2,4}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:ββ.,<>?«»ββββ]))
Donβt worry if you donβt know what any of these mean. I consider myself to be well versed in regex and even I have no opinion on which of these options would be better than the others. However, there are a couple things I would like to note from these examples:
These are also some of the most popular (think βsmart peopleβ) answers to this problem of parsing links. I could also imagine that some software engineers would take a more naive approach of searching for all anchor (β<a>β) HTML tags or looking for βhref=β to indicate the start of a link. No matter which solution the software engineer chooses, there are likely going to be at least some valid URLs that their parser doesnβt catch and might leave room for a categorical bypass. We might also be able to evade parsers if we can avoid the common indicators like βhttpβ or break up our link into multiple sections.
Side Note: Did you see that some of these popular URL parsers account for FTP and some donβt? Did you know that most browsers can connect to FTP shares? Have you ever tried to deliver a phishing payload over an anonymous FTPΒ link?
Once a SEG has parsed out all the links in an email, how should it determine which ones look legitimate and which ones donβt? Most SEGs these days look at two major factors for eachΒ link:
Checking the domain reputation is pretty straightforward; you just split the link to see whatβs between the first two forward slashes (β//β) and the next forward slash (β/β) and look up the resulting domain or subdomain on Virustotal or similar. Many SEGs will share intelligence on known bad domains with other security products and vice versa. If your domain has been flagged as malicious, the SEG will either block the email or remove theΒ link.
As far as checking how the link βlooksβ, most SEGs these days use artificial intelligence or machine learning (i.e., AI/ML) to categorize links as malicious or benign. These AI models have been trained on a large volume of known-bad links and can detect themes and patterns commonly used by SPAM authors. As phishers, I think itβs important for us to focus on the βknown-badβ part of that statement.
Iβve seen one researcherβs talk who claimed their AI model was able to detect over 98% of malicious links from their training data. At first glance, this seems like a very impressive number; however, we need to keep in mind that in order to have a training set of malicious links in the first place, humans had to detect 100% of the training set as malicious. Therefore, the AI model was only 98% as good as a human at detecting phishing links solely on the βlookβ of the link. I would imagine that it would do much worse on a set of unknown-bad links, if there was a way to hypothetically attain such a set. To slip through the cracks, we should aim to put our links in that unknown-bad category.
Even though we are up against AI models, I like to remind myself that these models can only be trained on human-curated data and therefore can only theoretically approach the competence of a human, but not surpass humans at this task. If we can make our links look convincing enough for a human, the AI should not give us anyΒ trouble.
Given what we now know about how link filters work, we should have two main tactics available to us for bypassing theΒ filter:
If the parser doesnβt register our link as a link, then it canβt apply any additional scrutiny to the location. If we can make our link location look like some legitimate link, then even if we canβt bypass the parser, we might get the green light anyway. Please note that these approaches are not mutually exclusive and you might have greater success mixing techniques.
One of the most basic parser bypasses I have found for some SEGs is to simply leave the link URL in plaintext by removing the hyperlink in Outlook. Normally, link URLs are placed in the βhypertext referenceβ (href) attribute of an HTML anchor tag (<a>). As I mentioned earlier, one naive but surprisingly common solution for parsing links is to use an HTML parsing library like BeautifulSoup in Python. ForΒ example:
soup = BeautifulSoup(email.content, 'html.parser')
links = soup.find_all("a") # Find all elements with the tag <a>
for link in links:
print("Link:", link.get("href"), "Text:", link.string)
Any SEG that uses this approach to parse links wonβt see a URL outside of an anchor tag. While a URL that is not a clickable link might look a little odd to the end user, itβs generally worth the tradeoff when this bypass works. In many cases, mail clients will parse and display URLs as hyperlinks even if they are not in an anchor tag; therefore, there is usually little to no downside of using this technique.
One interesting method of bypassing some link filters is to use a little-known HTML tag called βbaseβ. This tag allows you to set the base domain for any links that use relative references (i.e., links with hrefs that start with β/somethingβ instead of direct references like βhttps://example.com/somethingβ). In this case, the βhttps://example.comβ would be considered the βbaseβ of the URL. By defining the base using the HTML base tag in the header of the HTML content, you can then use just relative references in the body of the message. While HTML headers frequently contain URLs for things like CSS or XML schemas, the header is usually not expected to contain anything malicious and may be overlooked by a link parser. This technique is known as the βBaseStrikerβ attack and has been known to work against some very popularΒ SEGs:
The reason why this technique works is because you essentially break your link into two pieces: the domain is in the HTML headers, and the rest of the URL is in your anchor tags in the body. Because the hrefs for the anchor tags donβt start with βhttps://β they arenβt detected asΒ links.
The first part of a URL, before the colon and forward slashes, is whatβs known as the βschemeβ:
URI = scheme ":" ["//" authority] path ["?" query] ["#" fragment]
As mentioned earlier, some of the more robust ways to detect URLs is by looking for anything that looks like a scheme (e.g. βhttp://β, or βhttps://β), followed by a sequence of characters that would be allowed in a URL. If we simply leave off the scheme, many link parsers will not be able to detect our URL, but it will still look like a URL to aΒ human:
accounts.goooogle.com/login?id=34567
A human might easily be convinced to simply copy and paste this link into their browser for us. In addition, there are quite a few legitimate schemes that could open a program on our target userβs system and potentially slip through a URL parser that is only looking for webΒ links:
https://en.wikipedia.org/wiki/List_of_URI_schemes
There are at least a few that could be very useful as phishing linksΒ ;)
What if there isnβt a link in the email at all? What if itβs an image instead? You can use a tool like SquarePhish to automate phishing with QR codes instead of traditional links:
GitHub - secureworks/squarephish
I havenβt played with this yet, but have heard good things from friends that have used similar techniques. If you want to play with automating this attack yourself, NodeJS has a simple library for generating QRs:
(Hold on. I need to get on my soapboxβ¦) I canβt count how many times Iβve been blocked because of a masked link only to find that unmasking the link would get the same pretext through. I think this is because spammers have thoroughly abused this feature of anchor tags in the past and average email users seldom use masked links. Link filters tend to see masked links as far more dangerous than regular links; therefore, just use a regular link. It seems like everyone these days knows how to hover a link and check its real location anyway, so masked links are even bad at tricking humans now. Donβt be cliche. Donβt use maskedΒ links.
Many link filters block or remove links to domains that are either uncategorized, categorized as malicious, or were recently registered. Therefore, itβs generally a good idea to use domains that have been parked long enough to be categorized. Weβve already touched on this in βOne Phish Two Phish, Red Teams Spew Phishβ, so Iβll skip the process of getting a good domain; however, just know that the same rules applyΒ here.
If you donβt want to go through all the trouble of maintaining categorized domains for phishing links, there are some generally trustworthy domains you can leverage instead. One example I recently saw βin-the-wildβ was a spammer using a sites.google.com link. They just hosted their phishing page on Google! I thought this was brilliant because I would expect most link filters to allow Google, and even most end users would think anything on google.com must be legit. Some other similar examples would be hosting your phishing sites as static pages on GitHub, in an S3 bucket, other common content delivery networks (CDNs), or on SharePoint, etc. There are tons of seemingly βlegitimateβ sites that allow users to host pages of arbitrary HTMLΒ content.
Along the same lines as hosting your phishing site on a trusted domain is using trusted domains to redirect to your phishing site. One classic example of this would be link shorteners like TinyURL. While TinyURL has been abused for SPAM to the point that I would expect most SEGs to block TinyURL links, it does demonstrate the usefulness of arbitrary redirects.
A more useful form of arbitrary redirect for bypassing link filters are URLs with either cross-site scripting (XSS) vulnerabilities that allow us to specify a βwindow.locationβ change or URLs that take an HTTP GET parameter specifying where the page should redirect to. As part of my reconnaissance phase, I like to spend at least a few minutes on the main website of my target to look for these types of vulnerabilities. These vulnerabilities are surprisingly common and while an arbitrary redirect might be considered a low-risk finding on a web application penetration test report, they can be extremely useful when combined with phishing. Your links will point to a URL on your target organizationβs main website. It is extremely unlikely that a link filter or even a human will see the danger. In some cases, you may find that your target organization has configured an explicit allow list in the SEG for links that point to theirΒ domains.
Did you know that links in an email can also point to an email attachment? Instead of providing a URL in the href of your anchor tag, you can specify the content identifier (CID) of the attachment (e.g. href=βcid:mycontentidentifier@content.netβ). One way I have used this trick to bypass link filters is to link to an HTML attachment and use obfuscated JavaScript to redirect the user to the phishing site. Because our href does not look like a URL, most SEGs will think our link is benign. You could also link to a PDF, DOCX, or several other usually allowed file types that then contain the real phishing link. This might require a little more setup in your pretext to instruct the user, or just hope that they will click the link after opening the document. In this case, I think it makes the most sense to add any additional instructions inside the document where the contents are less likely to be scrutinized by the SEGβs contentΒ filter.
This blog rounds out our βmessage inboundβ controls that we have to bypass for social engineering pretexts. It would not be complete without mentioning one of the simplest bypasses of themΒ all:
Not usingΒ email!
If you pick up the phone and talk directly to your target, your pretext travels from your mouth, through the phone, then directly into their ear, and hits their brain without ever passing through a content or reputation filter.
Along the same lines, Zoom calls, Teams chats, LinkedIn messaging, and just about any other common business communication channel will likely be subject to far fewer controls than email. Iβve trained quite a few red teamers who prefer phone calls over emails because it greatly simplifies their workflow. Just a few awkward calls is usually all it takes to cede access to a target environment.
More interactive forms of communication, like phone calls, also allow you to gauge how the target is feeling about your pretext in real time. Itβs usually obvious within seconds whether someone believes you and wants to help or if they think youβre full of it and itβs time to cut your losses, hang up the phone, and try someone else. You can also use phone calls as a way to prime a target for a follow-up email to add perceived legitimacy. Getting our message to the user is half the battle, and social engineering phone calls can be a powerful shortcut.
If you need to bypass a link filter,Β either:
People still use links in emails all the time. You just need to blend in with the βrealβ ones and you can trick the filter. If you are really in a pinch, just call your targets instead. It feels more personal, but it gets the job doneΒ quickly.
Feeding the Phishes was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post Feeding the Phishes appeared first on Security Boulevard.
At Cequence Security, our journey has always been driven by a deep commitment to our team. We believe that a companyβs culture isnβt just about words on a website or slogans on a wallβitβs about how our people feel, especially when the weekend draws to a close. Itβs about trust, curiosity, drive, humor, and heart. [β¦]
The post Raising Our Glasses to Cequence: Weβve Built One of The Best Workplaces in The Nation! appeared first on Cequence Security.
The post Raising Our Glasses to Cequence: Weβve Built One of The Best Workplaces in The Nation! appeared first on Security Boulevard.
There is a lot written about technologyβs threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st century. They donβt align incentives well. And they are being hacked too effectively.
At the same time, the cost of these hacked systems has never been greater, across all human history. We have become too powerful as a species. And our systems cannot keep up with fast-changing disruptive technologies...
The post Rethinking Democracy for the Age of AI appeared first on Security Boulevard.
By centralizing, enriching and correlating identities to events, the suggestion is that security and platform teams can break silos and readily share findings to expedite investigations.
The post Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers appeared first on Security Boulevard.
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post Cyber Materiality Reporting for Smaller Companies | Kovrr appeared first on Security Boulevard.
Reading Time: 11 min Cybersecurity remains a top concern for most industries, including logistics. Learn five ways to protect your logistics company's cybersecurity.
The post Top 5 Ways To Protect Your Logistics Company From Fraud appeared first on Security Boulevard.
Reading Time: 6 min Is that Google security alert real? Learn how to identify scams & secure your account in 5 easy steps.
The post Google Critical Security Alert Email appeared first on Security Boulevard.
This blog delves into CMMC, the introduction of CMMC 2.0, what's changed, and what it means for your business.
The post CMMC 1.0 & CMMC 2.0 β Whatβs Changed? appeared first on Scytale.
The post CMMC 1.0 & CMMC 2.0 β Whatβs Changed? appeared first on Security Boulevard.
In March 2024, the European Parliament overwhelmingly approved the EU Cyber Resilience Act, or CRA, which will now be formally adopted with the goal of improving the cybersecurity of digital products. It sets out to do this by establishing essential requirements for manufacturers to ensure their products reach the market with fewer vulnerabilities.
The post Start building your CRA compliance strategy now appeared first on Security Boulevard.
As retailers compete in an increasingly competitive marketplace, they invest a great deal of resources in becoming household names. But brand recognition is a double-edged sword when it comes to cybersecurity. The bigger your name, the bigger the cyber target on your back. Data breaches in the retail sector cost an average of $3.28 million...
The post Navigating Retail: Overcoming the Top 3 Identity Security Challenges appeared first on Silverfort.
The post Navigating Retail: Overcoming the Top 3 Identity Security Challenges appeared first on Security Boulevard.
Cybercriminals are not about to give up β this is how they make their living. So itβs up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face.
The post Are We Turning the Corner in the Fight Against Cybercrime? Itβs Complicated. appeared first on Security Boulevard.
Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the best.
The post Runtime Enforcement: Software Security After the Supply Chain Ends appeared first on Security Boulevard.
As enterprises shift from on-premises to cloud systems, hybrid cloud solutions have become essential for optimizing performance, scalability, and user ease. However, risks arise when poorly configured environments connect to the cloud. A compromised Microsoft Active Directory can fully compromise a synchronized Microsoft Entra ID tenant, undermining the integrity and trust of connected services.
The post Key Takeaways From Horizon3.aiβs Analysis of an Entra ID Compromise appeared first on Security Boulevard.
TechSpective Podcast Episode 133 Β Nick Edwards, Vice President of Product Management at Menlo Security joins me for this insightful episode of the TechSpective Podcast. Nick brings decades of cybersecurity experience to the table, offering a deep dive into the [β¦]
The post Enhancing Enterprise Browser Security appeared first on TechSpective.
The post Enhancing Enterprise Browser Security appeared first on Security Boulevard.
In June 2023, a critical vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer software was exploited by adversaries, resulting in a series of high-profile data breaches. Despite the availability of patches, and the vulnerability being publicly known and actively exploited, many organizations failed to prioritize its remediation. This lapse allowed attackers to gain unauthorized access [β¦]
The post From Risk to Resolution: OX Securityβs Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization appeared first on OX Security.
The post From Risk to Resolution: OX Securityβs Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization appeared first on Security Boulevard.
Authors/Presenters:Leo Stone, Rishi Ranjan, Stefan Nagy, Matthew Hicks
Many thanks to USENIX for publishing their outstanding USENIX Security β23 Presenterβs content, and the organizations strong commitment to Open Access.
Originating from the conferenceβs events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security β23 β No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting appeared first on Security Boulevard.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroeβs XKCD βBroken Modelβ appeared first on Security Boulevard.
Authors/Presenters:Birk Blechschmidt, Ben Stock
Many thanks to USENIX for publishing their outstanding USENIX Security β23 Presenterβs content, and the organizations strong commitment to Open Access.
Originating from the conferenceβs events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security β23 β Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild appeared first on Security Boulevard.
Our engineering team has been hard at work, reworking our flagship platform to enhance the Chariot platform to remain the most comprehensive and powerful CTEM platform on the market. So whatβs new? Here are several new features recently added to Chariot: 1. Unmanaged Platform Chariot, Praetorianβs Continuous Threat Exposure Management (CTEM) solution, is now available [β¦]
The post Chariot Continuous Threat Exposure Management (CTEM) Updates appeared first on Praetorian.
The post Chariot Continuous Threat Exposure Management (CTEM) Updates appeared first on Security Boulevard.
In the intricate ecosystem of data center operations, managing and optimizing infrastructure is a complex, continuous task. Data Center Infrastructure Management (DCIM) software has emerged as a vital tool in this arena, providing real-time monitoring, management, and analytical capabilities. Yet, the true potential of DCIM software is unlocked when it can seamlessly integrate with ...
The post APIs: The Silent Heroes of Data Center Management appeared first on Hyperview.
The post APIs: The Silent Heroes of Data Center Management appeared first on Security Boulevard.
This week, I spent a good deal of time going down some rabbit holes - all of which were fascinating. However, this is an example where some of the work we do we would like to share but aren't always able. In this instance, we found confidential information related to a hacked mail server within malware we detonated. The malware was configured to use a government mail server as a relay to email out keylogger data.
In each case of the malware, there were essentially two victims, the victim(s) of the malware, and the operators of the mail server being used in the attacks. We've notified the department that manages the mail server of the compromise, and of the credentials used to send mail with their server.
This brings me to the "how" of it all. Cyber threat intelligence (CTI) experts and investigators face the daunting challenge of identifying and mitigating complex malware campaigns. These campaigns, orchestrated by sophisticated threat actors, often leverage diverse infrastructure and techniques to evade detection and compromise targets.
In this blog, we'll explore in detail how CTI experts can harness the power of Autonomous System Numbers (ASNs) and employ pivoting techniques to uncover and analyze malware campaigns. By understanding the nuances of ASNs and mastering effective pivoting strategies, CTI professionals can enhance their capabilities in threat detection, attribution, and response.
Autonomous System Numbers (ASNs) serve as unique identifiers assigned to networks participating in the global routing system. Each ASN corresponds to an organization or entity that controls a portion of the internet's IP address space. By analyzing ASNs, CTI experts can gain valuable insights into the infrastructure utilized by threat actors to conduct malicious activities.
These insights include identifying the origins of malicious traffic, pinpointing hosting providers associated with malware distribution, and tracing connections between seemingly disparate cyber threats.
Pivoting is a fundamental investigative technique that involves using known information or indicators of compromise (IOCs) as a starting point to uncover additional related data and connections. When investigating malware campaigns, CTI experts can pivot using ASNs to expand their understanding of the threat landscape and uncover hidden relationships.
Here's a step-by-step breakdown of how pivoting with ASNs can be accomplished:
1. Initial Investigation: The process begins with collecting IOCs such as IP addresses, domain names, file hashes, and other artifacts associated with a suspected malware campaign. These IOCs serve as the starting point for the investigation.
2. ASN Enumeration: CTI experts utilize specialized tools, databases, and techniques to map the collected IP addresses to their corresponding ASNs. This mapping provides crucial insights into the ownership and affiliations of the networks involved in the malware campaign.
3. ASNs Analysis: Once the ASNs associated with the collected IOCs are identified, CTI professionals conduct a detailed analysis to uncover patterns, anomalies, and potential relationships between different malware campaigns. They look for commonalities such as shared infrastructure or hosting providers used by multiple threats.
4. Expand Investigation: Armed with insights from the ASNs analysis, CTI experts pivot further to gather additional IOCs associated with the same ASNs. This may involve exploring related IP ranges, domains hosted on the same infrastructure, or other ASNs controlled by the same organization.
5. Threat Attribution: The final step involves analyzing the gathered data to attribute the malware campaigns to specific threat actors or groups. By tracing connections between different ASNs and malware activities, CTI experts can uncover the broader infrastructure and operations of malicious actors.
To illustrate the effectiveness of this approach, let's consider a hypothetical scenario where a CTI team investigates a ransomware campaign targeting a financial institution. By analyzing the ransomware samples and associated IOCs, the team identifies several IP addresses used as command and control (C2) servers.
Through ASN enumeration and analysis, they discover that these IP addresses belong to a hosting provider known for harboring malicious activities. Pivoting with the identified ASN leads them to uncover additional C2 servers, domains, and IP ranges used by the same threat actor across multiple campaigns. This comprehensive view enables the CTI team to attribute the ransomware campaign to a sophisticated cybercriminal group and take proactive measures to disrupt their operations.
In conclusion, the strategic utilization of ASNs and pivoting techniques with HYAS Insight threat intelligence is indispensable for CTI experts and investigators in their efforts to combat malware campaigns. By leveraging ASNs to trace connections and employing pivoting to uncover hidden relationships, CTI professionals can gain deeper insights into the tactics, techniques, and procedures (TTPs) employed by threat actors.
This enhanced understanding enables organizations to better protect their assets, mitigate risks, and respond effectively to evolving cyber threats. With a proactive and strategic approach to threat intelligence, CTI experts can stay ahead of adversaries and safeguard the digital ecosystem against malicious activities.
Is your security program prepared to defend against advanced malware and other sophisticated cyberthreats? Learn how HYAS can optimize your defenses.Β Request a HYAS demo today.
The post Leveraging ASNs and Pivoting to Uncover Malware Campaigns appeared first on Security Boulevard.
Traditional vulnerability scanning tools are enhanced with NodeZero's autonomous penetration testing, revolutionizing Vulnerability Management by providing comprehensive risk assessment, exploitability analysis, and cross-host vulnerability chaining, empowering organizations to prioritize and mitigate security weaknesses strategically.
The post Enhancing Vulnerability Management: Integrating Autonomous Penetration Testing appeared first on Horizon3.ai.
The post Enhancing Vulnerability Management: Integrating Autonomous Penetration Testing appeared first on Security Boulevard.
Itβs an exciting time here at Hyperproof! We are thrilled to announce that two new senior leaders have joined Hyperproof: Jay Hussein, Senior Vice President of Customer, and Mike Johnson, Senior Vice President of Sales. Both Mike and Jay have a wealth of experience serving larger enterprises and will support Hyperproof as we scale our...
The post Leadership Expansion: Introducing Our New SVP of Sales and SVP of Customer appeared first on Hyperproof.
The post Leadership Expansion: Introducing Our New SVP of Sales and SVP of Customer appeared first on Security Boulevard.
By Max Ammann Fuzzingβa testing technique that tries to find bugs by repeatedly executing test cases and mutating themβhas traditionally been used to detect segmentation faults, buffer overflows, and other memory corruption vulnerabilities that are detectable through crashes. But it has additional uses you may not know about: given the right invariants, we can use [β¦]
The post Finding mispriced opcodes with fuzzing appeared first on Security Boulevard.
In mobile penetration testing, third-party modules or libraries are often considered out of scope for several reasons, although itβs worth noting that the decision to include or exclude third-party components can vary depending on the specific requirements of the assessment [β¦]
The post Mobile SDK Security: Effective Testing Methodology appeared first on WeSecureApp :: Securing Offensively.
The post Mobile SDK Security: Effective Testing Methodology appeared first on Security Boulevard.
... ReadΒ moreΒ Β»
The post Optimizing SCA Use in CI Pipelines for Advanced DevSecOps appeared first on Deepfactor.
The post Optimizing SCA Use in CI Pipelines for Advanced DevSecOps appeared first on Security Boulevard.
With the right license, you can protect your open-source project and ensure proper usage. This article provides a clear overview of open-source licensing for developers and users.
The post Open Source Licensing 101: Everything You Need to Know appeared first on Security Boulevard.
Vulnerability scans evaluate systems, networks, and applications to uncover security vulnerabilities. Leveraging databases of known vulnerabilities, these scans detect your weakest spots. These are the points most likely to be exploited by cybercriminals. Scans also help prioritize the order of importance in remediating and patching vulnerabilities. Vulnerability assessment scans are critical for maintaining the security [β¦]
The post The Ultimate Guide to Troubleshooting Vulnerability Scan Failures appeared first on Centraleyes.
The post The Ultimate Guide to Troubleshooting Vulnerability Scan Failures appeared first on Security Boulevard.
Interesting research: βTeams of LLM Agents can Exploit Zero-Day Vulnerabilities.β
Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities).
In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5Γ...
The post Using LLMs to Exploit Vulnerabilities appeared first on Security Boulevard.
Ubuntu 23.10, codenamed βMantic Minotaur,β was released on October 12, 2023, nearly nine months ago. Since it is an interim release, its support period is now approaching with the end of life scheduled on July 11, 2024. After this date, Ubuntu 23.10 will no longer receive software and security updates from Canonical. As a result, [β¦]
The post Ubuntu 23.10 Reaches End of Life on July 11, 2024 appeared first on TuxCare.
The post Ubuntu 23.10 Reaches End of Life on July 11, 2024 appeared first on Security Boulevard.
Healthcare organizations worldwide are facing a surge in cyberattacks. The healthcare industry is grappling with increasingly sophisticated cyberattacks, often exploiting known vulnerabilities that should have been addressed much earlier. Automated Linux patching helps ensure that systems are continuously updated with the latest security patches. These days, healthcare organizations are increasingly relying on advanced technologies like [β¦]
The post How Automated Linux Patching Boosts Healthcare Security appeared first on TuxCare.
The post How Automated Linux Patching Boosts Healthcare Security appeared first on Security Boulevard.
In a significant move aimed at aiding victims of cyberattacks, the U.S. Federal Bureau of Investigation (FBI) has announced the distribution of more than 7,000 FBI decryption keys associated with the notorious LockBit ransomware decryption. This initiative comes as part of ongoing efforts to mitigate the devastating impact of ransomware attacks on businesses worldwide. Β [β¦]
The post 7000 LockBit Ransomware Decryption Keys Distributed By FBI appeared first on TuxCare.
The post 7000 LockBit Ransomware Decryption Keys Distributed By FBI appeared first on Security Boulevard.
Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management.
The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.
Authors/Presenters:Sven Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, JΓΆrg Schwenk
Many thanks to USENIX for publishing their outstanding USENIX Security β23 Presenterβs content, and the organizations strong commitment to Open Access.
Originating from the conferenceβs events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security β23 β We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets appeared first on Security Boulevard.
In this blog post we will be discussing how we differentiate ARMO Platform from Open Source Kubescape.
The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on ARMO.
The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on Security Boulevard.
Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organizationβs identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organizationβs environments. Some other known identity threat [β¦]
The post What is Identity Threat Detection And Response (ITDR) appeared first on Astrix Security.
The post What is Identity Threat Detection And Response (ITDR) appeared first on Security Boulevard.
Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies
The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.
Authors/Presenters:Nurullah Erinola, Marcel Maehren, Robert Merget, Juraj Somorovsky, JΓΆrg Schwenk
Many thanks to USENIX for publishing their outstanding USENIX Security β23 Presenterβs content, and the organizations strong commitment to Open Access.
Originating from the conferenceβs events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security β23 β Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet appeared first on Security Boulevard.
Contrast Security just won the highly competitive 2024 PwC Luxembourg Award for Cybersecurity & Privacy Solution of the Year with a simple premise:Β
The post Contrast Security | PwC Luxembourg Award | Runtime Security appeared first on Security Boulevard.
In the world of security, there are many different frameworks that may be relevant or important to your plans. Weβve talked a lot about FedRAMP, the federal governmentβs security framework, but itβs only one of many options. Others, from HIPAA to FISMA to SOC2, can all have their role. One of the biggest and most [β¦]
The post FedRAMP vs. ISO 27001: How They Compare and Which Do You Need? appeared first on Security Boulevard.
Episode 0x79 We have no idea whatβs going on eitherβ¦ But weβre going to keep doing this as long as we can manage to schedule the appointment in our calendars and also show upβ¦ Upcoming this weekβ¦ Lots of News Breaches SCADA / Cyber, cyberβ¦ etc. finishing it off with DERPs/Mailbag (or Deep Dive) And [β¦]
The post Liquidmatrix Security Digest Podcast β Episode 79 appeared first on Liquidmatrix Security Digest.
The post Liquidmatrix Security Digest Podcast β Episode 79 appeared first on Security Boulevard.
By Artem Dinaburg Earlier this week, at Appleβs WWDC, we finally witnessed Appleβs AI strategy. The videos and live demos were accompanied by two long-form releases: Appleβs Private Cloud Compute and Appleβs On-Device and Server Foundations Models. This blog post is about the latter. So, what is Apple releasing, and how does it compare to [β¦]
The post Understanding Appleβs On-Device and Server Foundation Models release appeared first on Security Boulevard.
By Adelin Travers Earlier this week, Apple announced Private Cloud Compute (or PCC for short). Without deep context on the state of the art of Artificial Intelligence (AI) and Machine Learning (ML) security, some sensible design choices may seem surprising. Conversely, some of the risks linked to this design are hidden in the fine print. [β¦]
The post PCC: Bold step forward, not without flaws appeared first on Security Boulevard.
Login