Aggregator

第二次造访加那利群岛🇮🇨，总算实现之前立的 flag 去观星了。上一次在内蒙的沙漠和徒步团像模像样地拍夏季银河已经是 2019 年了，真就恍如隔世 [裂开] 特内里费岛是加那利群岛的第一大岛，岛上的泰德峰是西班牙第一高峰，还是座活火山。由于纬度、海拔和气候的多重因素，除了逃不掉一些人造卫星和山上来来往往的车外，泰德国家公园和绝大多数光污染隔绝，还不会有云干扰。这是最难得的。 这次付费找了向导开车上山，日落后拍了两个多小时，意犹未尽。可惜不是自驾露营，不然可以多呆一点。除了裸眼看到清晰的银河之外，还有不少流星。可惜我这技术糟蹋了自然环境，回看 raw 其实也不比其他光害条件略差的地方出的效果更好。还浪费了特内里费宛如外星球的地貌，选了很普通的地景——这口锅我很痛快地甩给向导了。 所以如果不是从欧洲大陆飞过来方便，并不推荐专门为了星空跑来打卡。还得熟悉地形找机位呢。国内也有不少不错的暗夜保护区。 关于后期处理，现在的生成式 AI 效果真是逆天，可以直接对星空照片降噪。除了会吃掉一部分星星，但是不放大数毛不会注意到。如果对结果要求不高是可以用的。 今天顺便玩了一下网上推荐的某个 macOS 下的星空堆栈降噪软件。试用版带有完整功能，除了输出会打上水印。拖进 IDA 一看水印的逻辑很简单，frida 直接拦截掉两个 selector 就完事了……不过人家是个人开发者，不是某些吃相难看的商业图像软件处理公司，所以还是支持正版吧。

组织的外部攻击面情况如何？组织自己能完全掌握自己资产的情况吗？

by Mike Saunders, Principal Security Consultant This blog is the fourth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series […]

紅隊演練是 DEVCORE 最核心的業務。我們擁有豐富的實戰經驗，並且集結了一群優秀的夥伴共同迎接挑戰。很多技術愛好者希望加入我們，想要了解我們錄取新人所看重的方向。趁著畢業季求職潮，我們特別準備了這份應徵指南，希望幫助有興趣的人了解準備方向，也希望幫助一些剛畢業、不擅長撰寫履歷、不擅長在面試中表達自己的人，補足必要技能以免錯失機會。無論您對紅隊演練專家或滲透測試工程師感興趣，期望可以循著這份指南，成為我們的夥伴。

順帶一提，有一個在學生可能感興趣的資訊：DEVCORE 有研發替代役名額，唯名額有限，推薦您在學期間盡早投遞履歷並詢問替代役狀況。

🚀 DEVCORE 應徵流程

應徵紅隊演練專家、滲透測試工程師都會經歷「書面審查」、「線上測驗」、「面試」三個階段。

📌 書面審查

履歷是這個階段主要評估依據，以下 4 點是我們認為應徵者需要注意的地方：

履歷內容符合職務需求嗎

這個階段最重要的是說服審核者你具備職務需求的能力，所以請盡量在履歷內容附上能幫助別人判斷的佐證資訊。過去有些技術底不錯的同學只單純放了學歷，這樣要讓審核者想找個可以進入下一階段的理由都難，相當可惜。

用一些實例說明吧

實例證明是讓你的履歷脫穎而出的關鍵，具體的數字和事實可以大大增加履歷的說服力，例如能具體說出打過多少場滲透測試，在過程中找了多少漏洞，或在任務中解決了什麼樣的問題，達到什麼效果。這些不僅能表示技術能力，還能顯示你的影響力。

提供有幫助的額外資訊

相關專業證照、參與技術社群、貢獻開源專案等額外資訊都有助於審核者評估。有些人好奇一些非技術等經驗應不應該放在履歷中，我們預設是不會特別參考，但如果你認為這些經驗對未來工作有正面影響，可附上讓審核者評估。

特別希望列出的加分項

下面列出一些非必要但有會很不錯的加分項目，如果有這方面的經歷務必要寫上。同時也列出每個項目中我們看重的特質，如果有其他可以展現這些特質的經歷也歡迎列出來讓審核者知道。

📄 實戰經驗如：CVE、bug bounty

• 代表您擁有解決未知問題能力。
• 代表您能看到別人所沒有關注到的細節。

📄 CTF Writeups 或是 Blog

• 如果在 CTF 比賽有不錯的成績，通常意味著你擁有在短時間內分析歸納重點的能力、也能夠快速找到解決辦法，聯想力創造力可能也不差。
• 我們希望能了解您如何描述複雜的漏洞，因為在將來的工作中需要將漏洞過程清楚描述並給予建議。
• 寫 Blog 除了能展現表達和文字能力外，通常也具有持續學習的熱情和樂於分享的特質，符合 DEVCORE 核心價值觀。

📄 CTF 出題經驗

• 代表平常會持續關注流行的技術、研究語言或框架特性，能注意到一些鮮少人知道的小細節。
• 說明你除了攻擊，還具備一定程度的開發能力。
• 為了怕題目被 CTF 玩家惡意破壞，通常出題者也具備高水準的防禦能力。

📌 線上測驗

這個階段的進行方式與一般線上靶機環境如 OSCP、HTB 無異，會分配到一個題組，平均需要解五把 flag。應徵者會有相當足夠的時間進行解題（預設 10 天，視題目會微調），最後交付報告。我們期待從線上測驗中看到應徵者具備下述能力：

• 偵查：能否透過現有資訊合理推斷背後的架構或寫法。
• 漏洞挖掘：能否找到題目中設計的漏洞。
• 應變：碰到特殊的環境可否自行想辦法克服。例如在只有 command injection 且內網有防火牆限制的特殊環境下，怎麼用手邊可利用的資源達成你的目標。

📌 面試

最後的面試階段會全面評估你是否適合這個職位，下述 2 件事情特別想與應徵者分享：

被問倒是正常的

在面試過程中，面試官會從多個角度深入了解應徵者技術的廣度和深度，因此，會被問倒是正常的。請對自己的技術能力有信心，畢竟你已經通過了第二階段的線上測驗。被問到不熟悉的問題時，只要誠實地表達你的思考過程和解決問題的方法即可。我們想要知道思考脈絡，甚至期待你說：我看到 XX 特徵覺得這題可能是 OO 方向解，我會想用什麼關鍵字搜尋找答案。這樣的回答也凸顯了你的判斷力和解決問題的能力。

分享你的 Hack 故事

我們期待在面試中聽你分享過去特別的 Hack 經歷，並且與你討論細節。Hack 的內容不限，例如：

• 履歷中提到的 CVE、bug bounty
  • 希望是一些特別的情境，如果找到的是常見漏洞如 SQLi 或 XSS，那會希望了解這個漏洞特別在哪？或者是能說出你做了什麼，為什麼你能找到這個漏洞？
• 在 CTF 比賽中想到的精妙解法
• 生活中為了達成目標做的 Hack
  • 例如：為了自動化工作流程寫了個小工具；為了租房資訊串了個方便通知系統；想把遊戲每日領取任務自動化。

🚀 自我鍛鍊之路

這一段寫給現在還在準備階段，未來很想要加入資安檢測行業的同學。為了增加自己的實力，在應徵前有下面幾個精進事項可參考，這對在資安領域長遠發展也很有幫助。

📌 補足基礎知識 Web 常見漏洞種類

我們認為 PortSwigger Web Security Academy 整理的漏洞經典且完整，加上有 LAB 可以直接練習，適合初學者。這些漏洞是從事資安檢測最基礎的溝通語言，推薦要把教材頁面上所有漏洞練習完，可以從主題頁面看分類會比較清楚。若以紅隊為目標，我們會優先關注能拿 shell 的後端漏洞。 以下提供幾點自我驗證與精進項目：

• 抽一個漏洞是否可以說出這個漏洞常發生在什麼功能？背後的成因？通常可以怎麼進階利用這個漏洞？
• 有沒有辦法在黑箱狀態，透過測試辨識出這些漏洞？
• 在白箱狀態下，知道哪些漏洞要透過搜尋什麼函數找到？
• 我們在面試中喜歡問各種漏洞怎麼拿 shell 的問題，因為這就是紅隊演練目標的第一步。搜尋 “from XSS to RCE” 這類的關鍵字能找到相當多案例（XSS 可以取代成 SQLi 等漏洞）。

紅隊戰術與技巧

控制一台電腦後，仍需要在內網中擴散完成任務目標。ired.team 提供了一本紅隊技巧工具書，推薦閱讀以了解在不同階段有哪些招式可用。對 DEVCORE 而言，我們優先關注「Active Directory & Kerberos Abuse」、「Credential Access & Dumping」、「Lateral Movement」章節下的技能。此外，「Network pivoting & tunneling」的概念和技巧也是我們會關注的能力，ired.team 在這塊著墨較少，這篇文章涵蓋了必要知識和工具可參考。 以終為始學習，希望在練習這些技巧和工具後，能對下面的問題有自己的看法：

如果打下企業一台外網服務，而你的目標是該企業內網網域控制器（情境架構可自行假設）：

• 為了打 AD，你在打下的外網伺服器上會做哪些事情？為什麼？過程中你偏好使用什麼工具？偏好的原因是什麼？
• 同上，這台伺服器如果有網域帳號你之後會做哪些事情？如果沒有網域帳號呢？
• 想拿下網域控制器，心中能否馬上跳出五種以上的方法？你會優先嘗試什麼方法？為什麼？
• 過程中橫向移動偏好使用什麼工具？為什麼？

📌 練習 虛擬靶機練習

除了知識外，也要找一些模擬環境培養手感。知名的 Hack The Box 和 OffSec 都有推出學習路徑和豐富的靶機：

• Hack The Box Cybersecurity Paths (優先練習：Penetration Tester, Senior Web Penetration Tester, Active Directory Enumeration)
• OffSec Learning Paths (Filter: Red Teamer, Web App Tester)

選擇適合自己的平台練習即可。也可以單純打 HTB Labs 靶機，練到覺得每次解題目要做的事情都類似，開始覺得題目有套路感就可以了，一些特殊解法在現階段不需糾結。過去有玩 HTB 的實習生在錄取前附上的 Writeups 大概會寫 30~50 台靶機，這個數量級或許可以參考。另外若要練習打網域，最近 GitHub 上有一個 GOAD LAB 專案滿值得參考。

如果想考證照，我們有考過覺得對提昇檢測工作能力有幫助的有：

• OffSec PEN-200(OSCP)
  • 提昇識別和利用漏洞能力
• OffSec WEB-300(OSWE)
  • 提昇白箱挖掘漏洞能力
• Certified Red Team Professional (CRTP)
  • 提昇網域相關基本知識面與攻擊面
  • 新手友善，是少數可以系統性學習網域攻擊的場域。內容較簡單且與 DEVCORE 慣用作法有落差，但入職後上手會較快。

註：以上僅提供已知有幫助的證照，不代表其他證照沒有幫助

實戰練習

最推薦的還是到真實場域來看看。

• 白箱練習：可以嘗試找你熟悉或喜歡的 GitHub 專案，先看這個專案過去的漏洞，試試看如果自己白箱看有沒有辦法能追到。如果這些有正解的漏洞都能順利找到，接著就開始找一些 Open Source 專案來挖掘 0-day 吧。
• 黑箱練習：參與 bug bounty 計畫，挑戰真實世界的安全問題。台灣企業的計畫可以參考 HITCON ZeroDay ，國外則推薦 HackerOne 上面的目標。這些計畫會讓你面對更複雜和多樣的攻擊場景，提升你的實戰能力。

📌 找同伴一起

在資安這條路上，找到志同道合的夥伴一起學習、一起打 CTF、一起挖漏洞絕對比獨自升級來的有效率，下列活動可考慮參加：

• HITCON Community: 幾乎所有資安社群都會聚集在這個研討會，可以在研討會中找一個適合自己的社群參與。
• AIS3: 聚集台灣幾乎所有對資安有興趣的在學生。滿有機會在這邊認識志同道合的朋友。
• 台灣好厲駭 Deep Hacking 讀書會: 全台灣探討資安最深最扎實的讀書會之一，參加絕對可以提昇視野、也能認識各種高手。內容偏 Binary 但目前漸漸在轉型中，希望不分類以挖掘漏洞為主。
• DEVCORE 實習生計畫： 每年一月中和七月中會招生，如果目的是應徵 DEVCORE，參加計畫問導師應該是最快的。

如果你想知道更多資源，台灣資安 / CTF 學習資源整理 整理的資源值得參考。

🚀 小結

本篇指南分成兩部分：前半部主要在給應徵者一些小提醒，希望應徵者能把最好的一面呈現出來。後半部提供一個學習的脈絡，希望給還在學習階段的人一個比較清楚的方向。

最終，我們都希望台灣有越來越多熱愛技術的人進入資安產業。希望，未來能持續在資安領域看見正在閱讀的你。

Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties

As the CEO of Red Siege Information Security, I’ve had the privilege of building an outstanding team of ethical hackers to conduct numerous penetration tests for organizations across many industries. […]

For the latest discoveries in cyber research for the week of 8th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES FIA, the governing body for Formula 1, disclosed a data breach stemming from a phishing attack on their email accounts. The attack led to unauthorized access to personal data, and the incident […]

The post 8th July – Threat Intelligence Report appeared first on Check Point Research.

Written by: John Hultquist

 

As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable. In addition to military targets, NATO must consider the risks that hybrid threats like malicious cyber activity pose to hospitals, civil society, and other targets, which could impact resilience in a contingency. The war in Ukraine is undoubtedly linked to escalating cyber threat activity, but many of these threats will continue to grow separately and in parallel. 

NATO must contend with covert, aggressive malicious cyber actors that are seeking to gather intelligence, preparing to or currently attacking critical infrastructure, and working to undermine the Alliance with elaborate disinformation schemes. In order to protect its customers and clients, Google is closely tracking cyber threats, including those highlighted in this report; however, this is just a glimpse at a much larger and evolving landscape.

Cyber Espionage

NATO's adversaries have long sought to leverage cyber espionage to develop insight into the political, diplomatic, and military disposition of the Alliance and to steal its defense technologies and economic secrets. However, intelligence on the Alliance in the coming months will be of heightened importance. This year's summit is a transition period, with the appointment of Mark Rutte as the new Secretary General and a number of adaptations expected to be rolled out to shore up the Alliance's defense posture and its long-term support for Ukraine. Successful cyber espionage from threat actors could potentially undermine the Alliance's strategic advantage and inform adversary leadership on how to anticipate and counteract NATO's initiatives and investments.

NATO is targeted by cyber espionage activity from actors around the world with varying capabilities. Many still rely on technically simple but operationally effective methods, like social engineering. Others have evolved and elevated their tradecraft to levels that distinguish themselves as formidable adversaries for even the most experienced defenders.

APT29 (ICECAP)

Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states. APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and policy organizations.The actor is extremely adept in cloud environments and particularly focused on covering their tracks, making them hard to detect and track, and especially difficult to expel from compromised networks.

APT29 also has a long history of spear-phishing campaigns against NATO members with a focus on diplomatic entities. The actor has successfully breached executive agencies across Europe and the U.S. on several occasions. We have also seen them actively targeting political parties in Germany as well as in the U.S. with the likely objective of collecting intelligence on future government policy.

Cyber Espionage from China

Cyber espionage activity from China has undergone significant evolution in recent years, transitioning away from loud, easily attributed operations to a greater focus on stealth. Technical investments have amplified the challenge to defenders and bolstered successful campaigns against government, military, and economic targets in NATO member states.

Chinese cyber espionage increasingly features techniques such as:

• Targeting of the network edge and exploiting zero-day vulnerabilities in security devices and other internet-facing network infrastructure to reduce opportunities for defender detection. By relying less on social engineering, these operators have reduced the likelihood of being identified by users or related controls. In 2023, these actors exploited 12 zero-days (software or hardware vulnerabilities that are unknown to the vendor, have no patch or fix available, and can be exploited before they can be addressed), many of which were in security products that reside on the network edge. These products often lack the ability for endpoint detection, making them an ideal beachhead in compromised networks.
• The use of operational relay box (ORB) networks to hide the origin of malicious traffic. Threat actors hide their malicious traffic through proxies, which act as intermediaries between them and the internet, but these proxies can be reliably tracked. Actors are now leveraging large ephemeral networks of shared and compromised proxies known as ORBs. These networks are very difficult to track and complicate the ability for defenders to share intelligence on infrastructure.
• Living off the land to reduce opportunities for defender detection. Some actors are forgoing the use of malware and leveraging other methods to conduct intrusions. Living-off-the-land techniques use legitimate tools, features, and functions available in the system to traverse networks and carry out malicious activity. Defenders are at a serious disadvantage without the ability to detect malware and are less able to share intelligence on related activity.

These techniques are not only leveraged by Chinese threat actors. Russian actors such as APT29, APT28, and APT44 have used them as well.

Disruptive and Destructive Cyberattacks

Disruptive and destructive cyberattacks are on the rise, posing direct and indirect consequences to the NATO alliance. In recent years, Iranian and Russian state actors have demonstrated a willingness to carry out these attacks on NATO members, though they have hidden their hands behind false fronts who publicly take credit for the operations. For example, Mandiant described a 2022 destructive attack against the government of Albania for which an alleged hacktivist group called "HomeLand Justice" claimed credit, though the U.S. Government ultimately attributed the attack to Iranian actors.

State actors are also compromising the critical infrastructure of NATO members in preparation for future disruptions, even as they demonstrate their ability to carry out complex attacks on highly sensitive operational technology systems in Ukraine. This activity proves these actors have the means and motive to disrupt NATO's critical infrastructure.

In addition to cyberattacks from state actors, disruptions by hacktivists and criminal actors are no longer a nuisance that can be easily ignored. A global resurgence of hacktivists has led to significant attacks against the public and private sector, and criminal activity has become so devastating it has risen to the level of a national security concern.

APT44 (Sandworm, FROZENBARENTS)

APT44 has been involved in many of the most high-profile disruptive cyberattacks in the world, including the global destructive attack NotPetya, attacks on the Pyeongchang Olympic games, and several blackouts in Ukraine. The actor, which is tied to Russian military intelligence, has carried out technically complex disruptions of sensitive operational technology as well as destructive attacks with broad effects. The majority of disruptive attacks in Ukraine have been attributed to APT44, and the actor has been connected to limited attacks in NATO countries since the war began.

In October 2022, an actor believed to be APT44 deployed PRESSTEA (aka Prestige) ransomware against logistics entities in Poland and Ukraine. The ransomware could not be unlocked and effectively acted as a destructive attack; activity may have been designed to signal the group's ability to threaten supply lines transiting lethal aid to Ukraine. By this operation, APT44 has shown a willingness to use a disruptive capability intentionally against a NATO member country, which reflects the group's penchant for risk taking.

Hacktivists

A global resurgence of politically motivated hacking, or hacktivism, is largely tied to geopolitical flashpoints like the Russian invasion of Ukraine. Despite a strong focus on NATO member states, these actors have had inconsistent effects. Many operations fail to cause lasting disruptions and are ultimately designed to garner attention and create a false impression of insecurity.

Despite their limitations, these actors cannot be completely ignored. Their attacks regularly garner media attention in target countries, and their methods could create serious consequences under the right circumstances. Distributed denial-of-service (DDOS) attacks, one of their most preferred methods, are relatively superficial, but could be leveraged during events such as elections for greater impact. Furthermore, some hacktivists, such as the pro-Russian group Cyber Army Russia Reborn (CARR), are experimenting with more substantial attacks on critical infrastructure. CARR, which has murky ties to APT44, has disrupted water supplies at U.S., Polish, and French facilities in a series of simple but brash incidents.

Cyber Criminals

Financially motivated disruptions caused by ransomware are already causing severe consequences across critical infrastructure in NATO states, leading to patient care disruptions in hospitals, energy shortages, and government services outages. While some criminals have vowed to avoid targeting this critical infrastructure, many remain undeterred. Healthcare institutions in the U.S. and Europe have been repeatedly targeted by both Russian-speaking criminals seeking financial gain and North Korean state actors aiming to fund their espionage activities. The ability of these actors to operate from jurisdictions with lax cyber crime enforcement or extradition agreements, coupled with the lucrative nature of ransomware attacks, suggests that this threat will continue to escalate in the near future.

Disinformation and Information Operations

Information operations have become a consistent feature of cyber threat activity in the last decade, steadily growing as conflicts and geopolitical strain has intensified. These operations encompass a wide range of tactics, from "troll farm" social media manipulation to complex schemes involving network intrusions. Russian and Belarusian information operations have particularly targeted NATO member states, primarily aiming to undermine the Alliance's unity and objectives.

Some cyber espionage actors who are predominantly focused on covert intelligence collection also engage in information operations. Groups such as APT28 and COLDRIVER have publicly leveraged stolen information in hack-and-leak campaigns, while other actors, such as UNC1151, have employed their intrusion capabilities in other complex information operations. These efforts aim to manipulate public opinion, sow discord, and advance political agendas through the dissemination of false and misleading information.

At Google, we have worked aggressively across products, teams, and regions to counter these activities where they violate our policies and disrupt overt and covert information operations campaigns. Examples of this enforcement include disruption of YouTube channels, blogs, AdSense accounts, and domains removed from Google News surfaces, as we report on a quarterly basis in the TAG Bulletin. 

Prigozhin's Information Operations Survive

Despite the death of their sponsor, remnants of deceased Russian businessman Yevgeniy Prigozhin's disinformation empire are still functioning, albeit much less effectively. These surviving campaigns continue to promote disinformation and other pro-Russia narratives on multiple social media platforms, most recently with an emphasis on alternative platforms, across multiple regions.

The narratives propagated by these operations call for NATO's dismantlement and imply that the Alliance is a source of global instability. They also criticize the leaders of NATO member states. Major geopolitical developments, such as the launch of Russia's full-scale invasion of Ukraine in 2022 and other Russian strategic priorities, significantly influence the content promoted by these campaigns. The ongoing support of NATO and its member states for Ukraine has made the Alliance a prime target both directly and indirectly through its involvement in issues perceived as challenging to Russia's strategic interests.

Ghostwriter/UNC1151

The Ghostwriter information operations campaign, at least partially linked to Belarus, has been active since at least 2016, primarily targeting Belarus's neighbors: Lithuania, Latvia, Poland, and to a lesser extent, Ukraine. The campaign receives technical support from UNC1151, a cyber espionage group known for its malicious activities. Ghostwriter, notorious for its cyber-enabled influence operations, has consistently prioritized the promotion of anti-NATO narratives. In April 2020, for example, a Ghostwriter operation falsely claimed that NATO troops were responsible for bringing COVID-19 to Latvia. 

Ghostwriter activity has sought to undermine regional governments and their security cooperation. This includes operations that leveraged the compromised social media accounts of notable Polish individuals to promote content attempting to tarnish the reputation of Polish politicians, including through the dissemination of potentially compromising photographs. Since 2022, observed Ghostwriter operations have maintained these established campaign objectives while also expanding narratives to include the Russian invasion. In April 2023, for example, a Ghostwriter operation alleged that Poland and Lithuania were recruiting their residents to join a multinational brigade that would deploy to Ukraine. 

COLDRIVER

COLDRIVER is a Russian cyber espionage actor that has been publicly linked to Russia's domestic intelligence agency, the Federal Security Service (FSB). The actor regularly carries out credential phishing campaigns against high-profile individuals in non-governmental organizations (NGOs) as well as former intelligence and military officers. Notably, information COLDRIVER stole from victim mailboxes has been used in hack-and-leak operations. Information stolen by COLDRIVER was leaked in 2022 in an effort to exacerbate Brexit-related political divisions in UK politics. Prior to that incident, the actor leaked details of U.S.-UK trade agreements ahead of the 2019 UK election. COLDRIVER primarily targets NATO countries and shifted in 2022 to include the Ukrainian Government and organizations supporting the war in Ukraine. March 2022 also marked the first time COLDRIVER campaigns targeted the military of multiple European countries as well as a NATO Centre of Excellence. 

Outlook

Unlike many other domains of conflict, the cyber realm is characterized by aggressive activity that persists irrespective of a state of armed conflict. Nevertheless, geopolitics are an important driver of this activity. Significantly, the Russian invasion of Ukraine has coincided with bolder and reckless cyber activity against NATO allies. These threats are unlikely to abate in the near future.

The effects of malicious cyber activity are broad; cyber threats have the potential to affect NATO allies and partners from the political-military arena to the economic and societal underpinnings of the Alliance. Countering these threats, like everything NATO does, requires a collective commitment to defense. NATO must rely on collaboration with the private sector in the same way it draws on the strength of its constituent members. Furthermore, it must harness its greatest advantage against cyber threats—the technological capability of the private sector—to seize the initiative in cyberspace from NATO's adversaries.

你赛灵思被AMD收购了，就逃得过安全研究人员的魔爪了吗？

Red Canary prevented a hospital from being breached. See how we stopped ransomware from enabling a catastrophic event.

Author: Moshe Marelus Introduction In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, […]

The post Exploring Compiled V8 JavaScript Usage in Malware appeared first on Check Point Research.

Learn how Akamai Account Protector defends against account abuse by distinguishing between legitimate and malicious activities.

八大技术领域、七大城市开放投递

This will help forensic labs correctly determine whether a seized material is hemp, which is legal in all 50 states, or marijuana, which is a controlled substance under federal law.

近日，奇安信病毒响应中心在日常分析运营过程中捕获到“银狐”家族木马新家族，该家族木马会逐级分阶段下载执行恶意文件。在此我们提醒广大用户，提高安全意识，谨防钓鱼攻击，避免财产遭受损失。奇安信天擎用户无需太担心，目前天擎可以有效拦截该家族。

360安全大脑在日常威胁巡检中发现了一种混淆的门罗币挖矿木马，分析发现其为AppMiner新变种，这是该家族继2024年1月的又一次更新

6月，火绒安全产品拦截恶意攻击总数：185,052,903次，其中病毒拦截8905.8万次、系统高危动作拦截4374.5万次、网络高危风险拦截5225.0万次。

漏洞管理(Vulnerability Management)作为信息安全领域中最为人熟知的概念之一，一直是安全运营的核心活动。本文将探讨KEV目录、EPSS等新兴的漏洞评估方法，以及CTEM等前瞻性框架如何帮助组织更好地应对当前的威胁环境。

漏洞管理(Vulnerability Management)作为信息安全领域中最为人熟知的概念之一，一直是安全运营的核心活动。本文将探讨KEV目录、EPSS等新兴的漏洞评估方法，以及CTEM等前瞻性框架如何帮助组织更好地应对当前的威胁环境。