Figure 2: Latest attack request targeting Windows servers As shown in Figure 2, the latest attack requests are targeting the same URL, keeping the same HTTP header values and the same exploit structure, however, they are now using Windows shell commands to download and execute a file. Using the Windows certutil Tool While Linux…
Read MoreIn the F5 and Ponemon report, The Evolving Role of CISOs and their Importance to the Business, security leaders were asked to rank their top threats to their security ecosystem. The number one answer was advanced persistent threats (ranked 8.8 out of 10). We’ve already talked about why CISOs should manage the most likely damaging…
Read MoreOnce upon a time I was a security consultant. I was assigned to review the firewall configuration for a sizeable Seattle startup of about 800 employees. They were in the business of hosting websites for thousands of small businesses across the world and therefore had a somewhat complex Internet connectivity setup. I sat down and…
Read MoreThere’s a lot of speculation in cryptocurrency right now. People are mining coins all over the place, and even though it’s getting harder and harder to make money mining coins, interest is still high. All it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power…
Read MoreThere’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be…
Read More
The role of deception technology in modern cybersecurity is to turn the tables on cybercriminals, transforming networks from passive targets into active traps. Deception gives security teams the chance to use hackers’ own methods against them, as well as gather intelligence on their tactics. But deception’s role is evolving. Read on to learn how deception…
Read MoreApplications are the lifeblood of our enterprises. Not many organizations can survive in a pencil and paper world. They are all dependent on IT with applications doing the heavy lifting of arranging, tracking, processing, communicating, and calculating daily business. But applications are no longer singular programs running on one computer, they are huge collections of…
Read More
Image: Midjourney The Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC also announced sanctions against two front companies—Mehrsam Andisheh Saz Nik (MASN), formerly Mahak Rayan Afzar, and Dadeh Afzar Arman (DAA)—for the Iranian Islamic Revolutionary…
Read MoreBecause of an international criminal act, you can get a cheap morning latte. Historically, the country of Yemen had a monopoly on coffee, forbidding the export of the plants and seeds—their intellectual property. However, in 1616, a Dutch merchant managed to smuggle out a few coffee plants from the city of Mocha in Yemen. Holland…
Read MoreF5 researchers recently noticed a new campaign exploiting a vulnerability in Microsoft Internet Information Services (IIS) 6.0 servers (CVE–2017–7269) in order to mine Electroneum crypto-currency. Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero, and install malware to launch targeted attacks against organizations by the notorious “Lazarus” group.…
Read More