Author: nlqip

The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. The police discovered several instances of successful breaches of defense companies in South Korea involving the hacking groups Lazarus, Andariel, and Kimsuky, all part of the North Korean hacking…

Read More

With each entity, process or service that moves from the physical world into cyberspace, there is a corresponding transformation to the threat landscape. Digital transformation doesn’t just change the business model or the supply chain dynamic. It also introduces significant new threats that go beyond monitoring web traffic and securing networks.  Those threats take a variety…

Read More

Figure 2: Weblogic WLS-WSAT campaign attempting to download and execute the same Windows executable file   This attempt to download the same file immediately indicated to us that the same attacker was using different exploits in the operation. Unfortunately, these files weren’t available to download from the original server nor from other malware repositories, so…

Read More

“The statement that came back to me from Broadcom was, ‘We appreciate that with these changes VMware is not for everybody,’” says Tom Smyth, head of technical solutions as Misco, a U.K.-based solution provider. “Everyone else can use it. Broadcom is not going to gear its decisions towards them anymore. … I can appreciate that.…

Read More

It’s up to everyone — users, security pros, government — to be critical about the online information we encounter. In the weeks since indictments were handed down from the ongoing investigation into Russia’s influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to…

Read More

In part 1 of this blog series, we explored how to use delayed response and diversion as hack back tactics against attackers. Here, we up the game and explore some additional creative deception techniques. Potemkin Apps Back in 1787, the Empress Catherine II of Russia was touring the newly acquired Crimea via a barge trip…

Read More

Figure 14: Statistics of the Monero mining payment address belonging to the attacker   The attacker has earned 8.76 Monero coins by now,4 with a current price of 110.79 USD per a Monero coin,5 which totals to 970.52 USD. According to the information provided on the mining server website, this operation began around June 1.…

Read More

In July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…

Read More

If you think everything’s gone cyber now, just wait. “Digital transformation” is shifting all aspects of modern life — think automated grocery stores, driverless cars and trucks, even our social lives — and it all brings new forms of risk. Consequently, security is becoming one of the top fields in the world. But it’s not…

Read More

BackSwap is new banking malware recently discovered by Eset1 and later analyzed by CERT Polska.2 Unlike previous banking trojans, which typically either intercept requests and redirect users to fake banking websites or inject malicious code from command and control (C&C) servers to manipulate browser processes, BackSwap keeps its campaign locally. The JavaScript is hardcoded and…

Read More