Daniel Stori’s ‘The chroot Case’
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s ‘The chroot Case’ appeared first on Security Boulevard.
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s ‘The chroot Case’ appeared first on Security Boulevard.
In July, Guardio Labs reported they had detected “EchoSpoofing,” a critical in-the-wild exploit of Proofpoint’s email protection service. This sophisticated phishing campaign highlights the vulnerabilities of robust security systems and underscores the importance of comprehensive security measures of SSPM in alerting on misconfigurations in email systems that can be exploited in such attacks. Overview of […]
The post Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection appeared first on Adaptive Shield.
The post Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection appeared first on Security Boulevard.
Our new Keycloak integration is the latest in a range of 50+ integrations that ensure DataDome stops bad bots & fraud on any infrastructure.
The post DataDome Now Protects Keycloak IAM appeared first on Security Boulevard.
Threat Intelligence Report
Date: August 6, 2024
Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS
Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain. Unlike traditional static DNS, where the IP address associated with a domain remains constant, dynamic DNS allows for the association between a domain and an IP address to be updated frequently. This capability is particularly useful for devices or networks with frequently changing IP addresses, such as home networks, small businesses, or mobile devices.
Dynamic DNS services are widely used for legitimate purposes, including remote access to home networks, managing internet-connected devices, and enabling consistent access to websites or services hosted on networks with dynamic IP addresses. However, the same features that make dynamic DNS useful for legitimate users can also be exploited by threat actors for malicious purposes.
Using dynamic DNS for command and control (C2) infrastructure in cyberattacks offers several benefits for threat actors, including:
Dynamic DNS services have many benign users but they can also be used by threat actors in phishing attacks and within malware to communicate with command and control (C2) infrastructure.
Using HYAS Insight threat intelligence, the HYAS team was able to analyze some dynamic DNS registrations from Q1 and Q2 of 2024 that originated in Turkey. The registration data we analyzed contained the registered domain name, the A record IP, and the IP address used when opening an account with the provider. We then identified which domains were malicious by cross-referencing this data against our malware data to determine which have been used this year in command and control.
An interesting trend was found in the malware families identified: Most of the malware were identified to be remote access trojans (RATs), and DarkComet malware was represented in over 50% of the malicious domains we identified. DarkComet has been available for download for over a decade, and has been researched thoroughly over the years. It has the typical RAT capabilities including keylogging, microphone capture, webcam capture, and remote access control. It’s also been used in numerous high-profile incidents, such as the 2012 attack on Miss Teen USA.
In data analyzed in the 2020 paper Dark Matter: Uncovering the DarkComet RAT Ecosystem, Turkey is identified as the country with the highest number of DarkComet C2 deployments. From our perspective, the popularity of DarkComet in Turkey seems to continue to today.
Deploying DarkComet MalwareDarkComet malware deployment is typically conducted using several methods:
Risks to a Compromised System
DarkComet is a serious threat because it can download additional files to extend the impact and level of compromise. When a system has been compromised the threat actor could download additional malware to:
Using HYAS Insight threat intelligence, we collected a list of domains registered by actors in Turkey in 2024 that include details such as, A Records, emails, and Actor IPs involved with specific domains. Due to the sensitive nature of these IOCs, we have withheld them from this report. If you would like access to these IOCs, please contact HYAS directly for more information.
Want more threat intel on a weekly basis?
Follow HYAS on LinkedIn
Follow HYAS on X
Read recent HYAS threat reports:
Caught in the Act: StealC, the Cyber Thief in C
HYAS Protects Against Polyfill.io Supply Chain Attack with DNS Safeguards
StealC & Vidar Malware Campaign Identified
Sign up for the (free!) HYAS Insight Intel Feed
Disclaimer: This Threat Intelligence Report is provided “as is” and for informational purposes only. HYAS disclaims all warranties, express or implied, regarding the report’s completeness, accuracy, or reliability. You are solely responsible for exercising your own due diligence when accessing and using this Report's information. The analyses expressed in this Report reflect our current understanding of available information based on our independent research using the HYAS Insight platform. The Report’s inclusion of any companies, organizations, or ASNs does not imply any wrongdoing on their part; it is simply an indication of where digital threat activities have been observed. HYAS reserves the right to update the Report as additional information is made known to us.
Learn More About HYAS InsightAn efficient and expedient investigation is the best way to protect your enterprise. HYAS Insight provides threat and fraud response teams with unparalleled visibility into everything you need to know about the attack.This includes the origin, current infrastructure being used and any infrastructure.
Read how the HYAS Threat Intelligence team uncovered and mitigated a Russian-based cyber attack targeting financial organizations worldwide.
More from HYAS LabsPolymorphic Malware Is No Longer Theoretical: BlackMamba PoC.
Polymporphic, Intelligent and Fully Autonomous Malware: EyeSpy PoC.
The post The Prevalence of DarkComet in Dynamic DNS appeared first on Security Boulevard.
Authors/Presenters:Chong Fu, Xuhong Zhang, Shouling Ji, Ting Wang, Peng Lin, Yanghe Feng, Jianwei Yin
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases appeared first on Security Boulevard.
Understand the Dark Web's complex character. The practical implications for cybersecurity and the importance of using this intelligence.
The post Understanding the Dark Web: A Hidden Realm appeared first on Security Boulevard.
Active Directory (AD) lies at the heart of your organization’s Windows network, silently orchestrating user access, authentication, and security. But do you truly understand its workings? This blog peels back...
The post Securing from Active Directory Attacks appeared first on Strobes Security.
The post Securing from Active Directory Attacks appeared first on Security Boulevard.
It’s no secret that the financial sector is one of the most highly regulated industries in the United States. Given the wide range of regulatory agencies that exist, who makes the rules? The Federal Financial Institutions Examination Council (FFIEC), that’s who. The FFIEC plays a crucial role in the oversight and regulation of U.S. financial...
The post Everything You Need to Know About the FFIEC appeared first on Hyperproof.
The post Everything You Need to Know About the FFIEC appeared first on Security Boulevard.
Orca Security this week added an ability to classify cloud security threats in a way that enables security operations teams to better prioritize their remediation efforts.
The post Orca Security Extends Visibility Into the Cloud Security appeared first on Security Boulevard.
While eliminating ransomware is not possible, quick detection and automated recovery can minimize its impact on businesses.
The post Minimizing the Impact of Ransomware in the Cloud appeared first on Security Boulevard.
Organizations that operate on a global scale must adopt some special practices to ensure not just that they can manage endpoints effectively, but also that they do so in ways that ensure a smooth experience for end-users.
The post 5 Best Practices for Managing Endpoints On a Global Scale appeared first on Security Boulevard.
Attackers are increasingly targeting web applications and APIs, with a nearly 50% year-over-year growth in web attacks, driven by the increased adoption of these technologies, which significantly expanded organizational attack surfaces, according to an Akamai report.
The post APIs, Web Applications Under Siege as Attack Surface Expands appeared first on Security Boulevard.
“Shadow IT” isn’t just a catchy term; it goes beyond official procedures. It also shows unmet employee tech needs and perceived problems in company processes. What’s worse is that shadow IT can make your system more vulnerable to attacks, put compliance at risk, and lead to scattered and poor IT operations. The risk isn’t just […]
The post How to Secure Your Organization from Shadow IT? appeared first on Kratikal Blogs.
The post How to Secure Your Organization from Shadow IT? appeared first on Security Boulevard.
In 2022, it’s not enough for businesses to rely on antivirus products or malware protection alone. Cybercriminals have been spurred...
The post 7 Data Security Systems & Products Driving Value appeared first on Symmetry Systems.
The post 7 Data Security Systems & Products Driving Value appeared first on Security Boulevard.
Eight-year-old domain hijacking technique still claiming victims
The post MSN: Russia takes aim at Sitting Ducks domains, bags 30,000+ appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
The post MSN: Russia takes aim at Sitting Ducks domains, bags 30,000+ appeared first on Security Boulevard.
n the battle against cyber threats, should we trust human experts or AI agents to protect our valuable data? Explore how AI's tireless vigilance, pattern recognition, and rapid adaptation are reshaping cybersecurity.
The post Human vs AI Agents in Cybersecurity: Who Should Guard Your Data? appeared first on Security Boulevard.
Authors/Presenters:Kai Yue, Richeng Jin, Chau-Wai Wong, Dror Baron, Huaiyu Dai
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – Gradient Obfuscation Gives a False Sense of Security in Federated Learning appeared first on Security Boulevard.
In the title of this post, keep in mind the keyword is may; as a forewarning, this is not a post that definitively says you must use a VPN regardless of the circumstances… because that is simply not true.
From a privacy lens, VPNs are niche tools - once some criteria are met, they can prove useful in some circumstances.
TABLE OF CONTENTS
While a VPN can be a useful tool in improving your privacy - and security - it is important to realize that a VPN is far from a one-size fits all privacy tool. In most situations, a VPN should not be thought of as a security tool - except in the case where they are being used for their original purpose, which is to bridge two networks together.
You should determine whether a VPN is “for you” by carefully weighing whether your goals/wants/needs align with what a VPN can truly provide. Users should also keep in mind the limitations of a VPN may affect their privacy.
A VPN cannot make you anonymous, despite what many marketing gimmicks and claims insist. A VPN is not at all a viable substitute for using tools/services that respect user privacy (including using "basic" privacy practices) or basic personal cybersecurity hygiene.
Keep internet traffic private from ISP and other third partiesVPNs effectively remove the ability of third parties - such as your internet service provider (ISP) to sniff (see) your internet traffic. In most simple cases, your ISP would only see that you are 1) online and 2) connected to a VPN service.
If a user's main concern is keeping their internet traffic private from their ISP, then using a (trustworthy) VPN is a good choice. By connecting to the VPN provider’s servers, you are effectively routing your internet traffic through the VPN provider in place of your ISP. In essence, your internet traffic is kept between you and your VPN provider; assuming your VPN provider has an honored and verified "no logs" policy, this can prove a marked improvement for your privacy.
Additionally, assuming you are not connected to a "hostile" network, VPNs can be effective in preventing third parties from snooping on your traffic.
Though, it's worth nothing that a VPN is not a silver bullet against some entities - such as well-funded and well-resourced public and private organizations. Some "adversaries" may be capable of employing advanced techniques both online and offline to expose your internet activities and possibly connect your activities to your real world identity. This can range from your “adversary” taking advantage of VPN tunnel leaks or exploiting other operational weaknesses surrounding your VPN.
Of course, using a VPN isn't a replacement for basics such as forcing HTTPS within the browser; a VPN can't encrypt the connection from your device to a website and without the encryption provided by HTTPS, data transmitted between your device and that web server is unencrypted. This unencrypted traffic can be easily captured by any third parties listening in on the connection - which is trivial since the data is transmitted in plaintext.
Keep IP address private from visited sites and during P2P activitiesWhen configured and working properly - without leaks - a VPN effectively masks your IP address from the sites you visit and during peer-to-peer (P2P) activities. P2P activities frequently include torrenting and participating in video/audio calls in the browser (usually facilitated by WebRTC). In place of your IP address, the VPN provider’s server IP address is shared during P2P activities.
While this doesn’t provide anonymity, hiding your IP address can provide some privacy benefits, removing a piece of identifying information about your approximate location, ISP, and devices. This can be especially important during P2P activities, where these data points combined with other data about your activities can reveal more than you may have intended (or be aware of).
To ensure your IP isn’t accidentally revealed during P2P activities, you should make sure the VPN provider resists IPv6 leaks. You should also address the potential for WebRTC leaking your IP address, even while connected to the VPN server, from within your own browser.
Be aware that your VPN provider will have your IP address(es) since you are connecting to their servers.
Encrypt traffic data when on unfamiliar networks***This "benefit" comes with a huge caveat. In May 2024, researchers disclosed the TunnelVision vulnerability (which has existed since 2002), which can force VPN apps to send/receive some or all traffic outside of the encrypted tunnel.
Source: Leviathan SecurityIn summary, attackers can manipulate the DHCP server and enable option 121 to route VPN traffic through the DHCP server itself instead of the VPN tunnel, essentially exposing the sent/received traffic. In most cases, while this attack is carried out, the VPN app will report that the connection is "good." This attack is most effective if performed by someone with administrative control over a network - such as a network administrator... which could be any network outside of your direct control.
Therefore, using a VPN on an unfamiliar network can be prove useless on a truly "hostile" network. Additionally, researchers believe this attack has been 1) known to attackers prior to disclosure and 2) used in the wild. This attack is not effective on Linux or Android devices.
With that said, assuming the network is not hostile or exploiting something like TunnelVision (there is little a user can do to confirm this) this is a benefit primarily for those who frequently find themselves using Wi-Fi networks outside of their home. While security hasn’t been a modern-day concern on public or otherwise unfamiliar Wi-Fi networks, privacy does remain a concern.
Depending on the ISP for the unfamiliar network, your browsing data could be collected, analyzed, and then sold/shared with third parties. Users may want to abstain from conducting sensitive activities when on an unfamiliar network, regardless of using a VPN or not.
A good and “trustworthy” VPN can effectively eliminate common privacy risks that can arise from using unfamiliar and/or public Wi-Fi networks. Again, a VPN creates an encrypted tunnel between your device and the VPN servers; third parties on a public Wi-Fi network such as the network administrator and the ISP for the network would only be able to see your active connection to the VPN provider, assuming other advanced methods of monitoring traffic/undermining VPN connections...
The post How Using a VPN May Benefit Your Privacy appeared first on Security Boulevard.
via the comic & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Exam Numbers’ appeared first on Security Boulevard.
For You Plague: U.S. Justice Dept. and Federal Trade Commission file lawsuit, alleging TikTok broke the COPPA law, plus a previous injunction.
The post TikTok Abuses Kids, say DoJ and FTC appeared first on Security Boulevard.