Category: Chatgpt
Cryptominers are frequently included in recent attack campaigns; if you would like to learn more about cryptominers, please check out some of our previous monthly attack campaign wrap-ups. Conclusion Campaigns aimed at mining cryptocurrency and targeting Oracle WebLogic continue to rise in popularity. This has been fueled in part by the zero-day vulnerability found in…
Read MoreIn-App Testing Since the HSTS and HPKP protocols allow for genuine interception of SSL by trusted certificates, nothing can be done to warn end users that their communications are being intercepted. For those that need to inform their users of interception, in-app testing could be considered. By performing an additional SSL/TLS handshake, using Javascript within…
Read MoreAPI Vulnerability Data The sensor network that our partner Lorkya maintains found only 0.1% of attack traffic was definitively looking for API vulnerabilities. However, this is probably better attributed to the limitations of the sensor network than any trends about API attacks. Loryka’s sensors primarily detect wide-ranging probes and reconnaissance campaigns where attackers are looking…
Read MoreThe US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) has cited ransomware as “the most visible cybersecurity risk” attacking American IT systems. I think that’s a valid statement, since “most visible” doesn’t necessarily mean largest or most devastating, but it does still qualify ransomware as a significant threat. Indeed, it seems…
Read MoreDuring June and July, F5 researchers first noticed Trickbot campaigns aimed at a smaller set of geographically oriented targets and did not use redirection attacks—a divergence from previous Trickbot characteristics. In this research, we compared two different target configurations, one older, more “traditional” configuration that uses redirection, and a new Trickbot configuration that does not…
Read MoreFurther analysis on this sample was not conducted. F5 Labs has reported extensively on the Mirai botnet, IoT landscape, and some of its variants. For a detailed breakdown on current Mirai botnets seen in the threat landscape, the Hunt for IoT Research Series publishes current threat data. Conclusion All of the vulnerabilities targeted this month…
Read MoreUse of Cyber Deception to Influence Voters Rather than directly manipulate votes, cyber attackers are now finding success in misleading the voters themselves. Once again, social engineering triumphs over technology. The key to this tactic is simple, and cyberwarfare researcher The Grugq said it best, “People will believe what their computers tell them is reality.”…
Read MoreA vulnerable FortiGate SSL VPN server responds to this request with contents of the sslpvpn_websession file, which contains the username and password of a user. This information can be used or sold to threat actors in order to compile brute force and credential stuffing lists. While reconnaissance campaigns do not actively exploit systems, they enable…
Read MoreIP Addresses Attacking the Middle East Compared to Other Regions We looked at the volume of attack traffic Middle Eastern systems received per IP address and compared that to other regions of the world. Attack traffic destined for Middle Eastern systems had little overlap with the rest of the world except for a handful of…
Read MoreThe script uses random function and variable names to avoid detection by antivirus engines. It also contains another Base64-encoded payload. The threat actor uses .Net APIs to call the Windows API. For example, the script uses the .NET API to find address of VirtualAlloc function exported by kernel32.dll. It then marshals the shellcode by using…
Read More