READ ARTICLE A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an “aggressive” campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a “former member of Chinese hacktivist…
By Jonathan Munshaw READ ARTICLE Whether you want to call them “catfishing,” “pig butchering” or just good ‘old-fashioned “social engineering,” romance scams have been around forever. I was first introduced to them through the MTV show “Catfish,” but recently they seem to be making headlines as the term “pig butchering” enters the public lexicon. John…
READ ARTICLE By: Kevin Poireault Reporter, Infosecurity Magazine A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intelligence. In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine. The malware rendered…
Source Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets. IBM X-Force has identified an ongoing phishing campaign conducted by ITG05, a Russia state-sponsored group also known as “Fancy Bear,” which involves the use of documents designed to impersonate government and…
Attending The Bug Hunters Methodology Live training by Jason Haddix was a great experience. I think my goal with writing this post is really to paint a picture of my overall personal experience being new to Bug Bounty Hunting, coming from the Blue Teaming side of things, and to just give this course an honest…
Quick Picture of Attacker Vs Defender With the relentless advancement of technology and continuous improvements in security measures, there remains a significant challenge in detecting and responding to security incidents. This difficulty arises partly due to the diverse tactics employed by hackers, nation-states, bad actors, hacktivists, and ransomware gangs, among others, who are constantly devising…
Feb 14, 2024 | 4 min read | Sandra Joyce | Shane Huntley READ ARTICLE Cybersecurity plays a critical role in geopolitics — particularly during times of conflict. While offensive cyber operations have become nearly universal, the tactics, timing and objectives of threat actors can differ greatly. With Russia’s invasion of Ukraine, for example, we observed…
READ ARTICLE DANA EPP’S BLOG API Hacking Fundamentals February 13, 2024 I recently had an interesting conversation on Twitter/X that got me thinking about API endpoints vs routes. It all started with this tweet: The conversation progressed into whether this was one vulnerability or two. It also started questioning my understanding and definition of what…
READ ARTICLE Marcus Hutchins Previously, I wrote an article detailing how system calls can be utilized to bypass user mode EDR hooks. Now, I want to introduce an alternative technique, “EDR-Preloading”, which involves running malicious code before the EDR’s DLL is loaded into the process, enabling us to prevent it from running at all. By neutralizing the…
Read Article DANA EPP’S BLOG Security (de)engineering for fun and profit Let’s be honest. Most APIs are naked without some sort of web app frontend calling it. These days, those apps are usually written in some sort of framework based on Javascript. With a bit of work, we can do deeper recon against our API targets if…
