Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management – post by LinkCyb
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement. “Those risks span everything from
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware – post by LinkCyb
Cybersecurity researchers have detailed the tactics of a “rising” cybercriminal gang called “Read The Manual” (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. “The ‘Read The Manual’ Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang’s […]
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks – post by LinkCyb
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user’s mobile device doesn’t impact their account. “Mobile device malware is one of the biggest threats to people’s privacy and security today because it can take advantage of your phone without your permission and use […]
New Python-Based “Legion” Hacking Tool Emerges on Telegram – post by LinkCyb
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force […]
Why Shadow APIs are More Dangerous than You Think – post by LinkCyb
Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren’t familiar with the term, shadow APIs are a type of application programming interface (API) that isn’t officially documented or supported. Contrary to popular belief, it’s unfortunately all too common […]
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours – post by LinkCyb
‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption […]
When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule – post by LinkCyb
In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]
Defining the Cobalt Strike Reflective Loader – post by LinkCyb
The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams […]
Why healthcare providers are focusing on cyber resilience – post by LinkCyb
Cyber Security Hub interviews Jojo Nufable, group IT infrastructure and cyber security head at Metro Pacific Health Solutions, to gain key insight on how those in the healthcare industry are guarding…
Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023 – post by LinkCyb
Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands […]