Magecart Groups Attack Simultaneous Sites in Card-Theft Frenzy

In an interesting development on the financial cybercrime scene, different Magecart groups have been spotting stepping over each other and attacking the same sites. Magecart is an umbrella term encompassing several different threat groups who all use the same modus operandi: They compromise...

Cisco Talos helps CISOs get back to basics with advisory series

At Cisco Talos, we try to build detections for every threat we see to provide customers with a portfolio capable of identifying and stopping threats at various stages of an attack's lifecycle. Deploying the best suite of layered security tools is an integral part of protecting an organization. Bu...

CB TAU Threat Intelligence Notification: Smominru Botnet Leverages New Attack Techniques

Carbon Black’s Threat Analysis Unit TAU and CB ThreatSight discovered the resurgence of a previously active crypytomining botnet campaign called Smominru. This campaign has evolved since its original discovery in the latter half of 2017, leveraging new techniques including LOLbins, polymorphic...

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack

LAS VEGAS – Researchers at Check Point have identified a new class of vulnerabilities targeting SQLite, outside the context of a browser for the first time. The new attack techniques exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code...

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional...

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine...

UPDATE: Infection Monkey 1.6.1

PenTestIT RSS Feed I'm sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this versi...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

Badgelife: A Defcon 26 retrospective

One more year gone, one more Defcon completed. Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is...

Prowli Malware Targeting Servers, Routers, and IoT Devices

After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli,...

Secrets of the Wiper: Inside the World's Most Destructive Malware

Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies. However, the threat actors behind thi...

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

Women in Tech and Career Spotlight: Luda Lazar

For National Cyber Security Awareness Month my colleague Joy Ma kicked off the first in of a series of articles where we’ll be spotlighting some of the women who work at Imperva. Continuing in the series, I spoke with Luda Lazar, security research engineer for the Imperva Defense Center, to get h...

Fileless Malware: A Hidden Threat

Malware is advancing at an unprecedented rate, with four new strains discovered every minute, Slate reported. This is already a lot for businesses to worry about and it doesn't even cover the other threats that haven't been detected. Many attackers have evolved their techniques to evade common...

Threat Analysis: Word Documents with Embedded Macros Leveraging Emotet Trojan

Many customers have recently asked how Carbon Black's solutions detect macros and droppers specifically referencing Emotet dropper files. Customers often say that macros and droppers are an ongoing problem in their environments. They are also seen day-to-day by most practitioners. The analysis...

The ASLR protection mechanism is a breakthrough attack technical analysis-vulnerability warning-the black bar safety net

Recently, hardware-based attacks have been started by Rowhammer memory leaks or bypass the address space layout randomization protection mechanisms to attack the system, these attacks are based on the processor's memory management unit MMU with a page table interactive interactive manner. These...

CVE-2 0 1 6-6 6 6 2-MySQL ‘malloc_lib’variable rewrite command to perform the analysis-vulnerability warning-the black bar safety net

Today there is one about the MySQL vulnerability is revealed, numbered CVE-2 0 1 6-6 6 6 2 in. The vulnerability is mainly related to the mysqldsafe script in acceleration/handling memory when using “malloclib”variable as identify the marker selective loadingpreload, such as tcmalloc or the like ...

Mailbox fishing those things: the Chrome address reverse vulnerability use cases-vulnerability warning-the black bar safety net

First talk about the recently seen one of the more interesting vulnerability, the Google browser chrome address inversion, later we'll said. One day, your mailbox has received an incredible message that may come from your boss or your best friend, do not feel strange, it is likely that you are...