Challenges in Making and Enforcing Cybercrime Laws
Crafting and enforcing effective cybercrime laws pose a myriad of challenges, as transcends borders and often outstrips the capabilities of legal frameworks....
An Overview of Threat Intelligence and Threat Hunting
Learn what threat intelligence and threat hunting are, how they feed into each other, and why they're so important....
Threat Intelligence Bulletin – Linux Kernel Vulnerabilities, Bypassing MFA, and Obscuring Credential Stuffing
DirtyCred (CVE-2022-2588) Linux kernel vulnerability abuses heap memory to swap unprivileged kernel credentials with privileged ones Attackers utilizing PaloAlto PAN-OS URL filtering policy to carry...
Threat Intelligence Bulletin – Weaponized PLCs, Response-based Attacks, and APT41
Researchers describe attack technique that weaponizes programmable logic controllers to gain entry to workstations and subsequently invade networks https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html Open redirect flaws being used to...
Threat Intelligence Bulletin – Manjuska Attack Framework, Zeppelin Ransomware, and the Evolving Email Threat Landscape
CISA adds path traversal vulnerability in Unix versions unRAR utility to Known Exploited Vulnerabilities Catalog https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html Attackers exploiting open redirects to Snapchat and Amex websites...
Threat Intelligence Bulletin – Decentralized Phishing Infrastructure, Top Threat IOCs, and C2-as-a-Service
Most impersonated software according to VirusTotal includes Skype, Adobe Reader, 7-Zip and more https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html DrayTek routers affected by RCE vulnerability https://www.darkreading.com/endpoint/critical-rce-bug-draytek-routers-smbs-zero-click-attacks Phishing attacks increasingly using...
Threat Intelligence Bulletin – Container Files, Bots, and Industrial Espionage
In response to Microsoft plans to block macros by default, threat actors changing TTPs to container files (ISO, RAR) and Windows shortcut files (LNK) https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html...
Threat Intelligence Bulletin – Russian Threat Actors, Leveraging Public Cloud Storage, and Cross-platform Capabilities with Rust
Netwrix Auditor application contains security vulnerability leading to arbitrary code execution in Active Directory domain if successfully exploited https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html VoIP phones utilizing Digium software and...
Threat Intelligence Bulletin – Spectre Attacks, Impersonations, and Bypassing MFA
Phishing campaign leveraging Follina vulnerability to deploy backdoor on Windows systems https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html Details on modus operandi of current phishing campaign https://www.bleepingcomputer.com/news/security/new-luna-moth-hackers-breach-orgs-via-fake-subscription-renewals/ Microsoft temporarily removes automatic...
Threat Intelligence Bulletin – Server Backdoors, Worms, and State-sponsored Threats
Chinese cloud threat actor updates toolset to breach Linux servers to install crypto miners https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html SessionManager malware exploits a ProxyLogon flaw to backdoor Exchange servers...