29 matches found
STRIKE: A Structured Taxonomy of Cybercrime for Risk, Impact, Knowledge, and Evolution
Cybercrime has grown exponentially in both scale and sophistication, posing significant threats. As attack methods evolve rapidly, traditional classification schemes often fail to capture the complexity and diversity of modern threats. To address this gap, we introduce STRIKE,a Structured Taxonom...
Hybrid IDS Using Signature-Based and Anomaly-Based Detection
Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...
Enhancing Security in LLM Applications: a Performance Evaluation of Early Detection Systems
Prompt injection threatens novel applications that emerge from adapting LLMs for various user tasks. The newly developed LLM-based software applications become more ubiquitous and diverse. However, the threat of prompt injection attacks undermines the security of these systems as the mitigation a...
How ToddyCat tried to hide behind AV software
To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. For example, to hide their activity in Windows systems, cybercriminals...
Exploit for Improper Input Validation in Microsoft
PoC exploit for CVE-2023-21554, a vulnerability in MSMQ. The tar...
Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromi...
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...
Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023
MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q1 2023. Malwarebytes Endpoint Protection EP achieved the highest possible score 100% and received certifications for Level 1, Exploit, Online Banking, and Ransomware. These result...
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
Indicators of compromise (IOCs): how we collect and use them
It would hardly be an exaggeration to say that the phrase "indicators of compromise" or IOCs can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes1, IP addresses and other technical data that should help information security specialists to counter...
Top 5 ransomware detection techniques: Pros and cons of each
In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example. Lets say youre a farmer taking care of a flock of...
BlackMatter Ransomware Analysis; The Dark Side Returns
ARCHIVED STORY BlackMatter Ransomware Analysis; The Dark Side Returns By Alexandre Mundo and Marc Elias · September 22, 2021 BlackMatter is a new ransomware threat discovered at the end of July 2021. This malware started with a strong group of attacks and some advertising from its developers that...
4 Techniques for Early Ransomware Detection
If you receive a ransom note, it’s already too late. Detect and stop ransomware attacks early in the kill chain with these 4 techniques...
What did DeathStalker hide between two ferns?
DeathStalker is a threat actor thats been active since at least 2012, and we exposed most of their past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor drew our attention in 2018 because of distinctive attack characteristics that didnt fit in...
MacOS Users Targeted By OceanLotus Backdoor
A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...
Oracle Solaris Zero-Day Attack Revealed
A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that the group was exploiting the bug when it wa...
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...
Joint NSA and FBI Cybersecurity Advisory Discloses Russian Malware Drovorub
The National Security Agency NSA and the Federal Bureau of Investigation FBI have released a cybersecurity advisory introducing previously undisclosed Russian malware. NSA and the FBI attributed the malware, dubbed Drovorub, to Russian advanced persistent threat APT actors. The Cybersecurity and...
Facebook Cracks Down on Deepfake Videos
Facebook is banning deepfake videos, which stem from a technique of human-image synthesis based on artificial intelligence AI to create fake content. Over the past year, security experts and lawmakers have voiced concerns about malicious deepfake applications, particularly as a vessel for...