MaliBot’s C2 IP has been used in other malware smishing campaigns since June 2020, which raises questions about how the authors of this malware are related to other campaigns (see Campaign Screenshots). How MaliBot Works Android ‘packers’ are becoming increasingly popular with malware developers since they allow native code to be encrypted within the mobile…
Read MoreIntroduction In part one of this two-part series, we explained what web APIs are and how they work. In this article, we look at how APIs can pose risks to your data and infrastructure—and what you can do to secure them. In part one, we learned that web APIs (application programming interfaces) provide a way…
Read More
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. APT28 designed this tool to target the CVE-2022-38028 vulnerability reported by the U.S. National Security Agency, which Redmond fixed during the Microsoft October 2022 Patch…
Read MoreDo All the Things IT folks face a grand challenge. They’re being pushed more than ever to secure more services faster, with fewer resources. Applications are now more critical than ever. And apps now need to be available 24×7 everywhere. On top of that, they need to be more responsive to changes, faster, and able…
Read MoreAs you can see in Figure 1, six out of the 29 identified CVEs constituted the vast majority (96.7%) of the traffic, so much of our analysis is focused on them. CVE-2017-9841 was the most frequently targeted for the entire six-month period, fluctuating slightly but never enough to fall from the top spot. Below that,…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-003 DATE(S) ISSUED: 01/11/2024 OVERVIEW: A vulnerability has been discovered in Cisco Unity Connection that could allow for arbitrary code execution on a targeted host. Cisco Unity Connection is a unified messaging and voicemail solution that allows users access and manage messages from an email inbox, web browser, Cisco Jabber, Cisco Unified…
Read MoreThe stubborn one-way passage of time means that it is time for another round of vulnerability targeting intelligence. Web attacks in May 2023 had a lot in common with those in April, with eight of the top ten vulnerabilities remaining consistent across the two months. In that vein of continuity, CVE-2020-8958, the Guangzhou GPON router…
Read MoreCan’t We Just Get Rid of Passwords Now? Shape Security and F5 Labs recently published the 2021 Credential Stuffing Report, which is the product of a multi-year collaborative research project that evolved from Shape’s original Credential Spill Report. This year’s report covers the lifecycle of credential theft in detail, from the original theft of usernames…
Read MoreOverview Blackguard Infostealer is a malware strain that was first discovered infecting Windows devices at the start of 2022. Other security researchers have already documented how the malware operates and its dissemination via underground Russian crimeware forums., This article aims to expand on existing research by exploring its data exfiltration capabilities in greater detail. Blackguard…
Read MoreIntroduction In part one of this two-part series, we define digital identity and explore the attack vectors cybercriminals use at each stage in the identity lifecycle. Everything that we do as individuals has found its way into the digital world. From communicating with friends to purchasing good or services—even getting an education and managing investments…
Read More