In a recent report dated May 2, Symantec researchers revealed a concerning trend: attackers are increasingly turning to the Microsoft Graph API, a tool commonly used by developers to access resources on Microsoft cloud services, as a means to fly under the radar of detection systems. The attractiveness of Graph API to malicious actors stems…
Tag: Security
Passkeys Now Safeguard Over 400 Million Accounts, Google Reports
It was announced that Google Account users used passkeys for authentication more than 1 billion times, but according to the report, it seems that passwords will remain in our lives for a while longer. What is Passkey and How Works? Passkeys comprise two cryptographic keys: a public key, registered with the online service or app,…
Malware Analysis: A Malicious Javascript Code
The “javascript-malware-collection” repository on GitHub serves as a repository for various forms of malicious code, each capable of compromising systems and stealing sensitive information. Within this repository, we can analyze characteristics of JavaScript-based malicious codes, revealing their intricate functionalities and potential impacts. In this brief static malware analysis, our focus is on examining a specific…
CISA Warns of Ongoing Exploitation of Serious GitLab Password Reset Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has elevated a critical flaw affecting GitLab to its Known Exploited Vulnerabilities (KEV) catalog due to its ongoing exploitation in live environments. Identified as CVE-2023-7028 (CVSS score: 10.0), this high-severity vulnerability could facilitate unauthorized account access through the manipulation of password reset emails, targeting unverified email addresses….
Red Teaming Methodology: Strategies & Approaches
Red teaming is a structured and systematic approach to testing systems, policies, and procedures by simulating real-world attacks or challenges from an adversary’s perspective. This article describes the strategic approach to effectively testing systems, focusing on the methodology behind red team simulations. Planning The initial phase of red teaming entails meticulous planning to delineate objectives,…
Ukrainian REvil Hacker Sentenced to 13 Years
An affiliate of the REvil ransomware group, Yaroslav Vasinskyi, known as Rabotnik, received a 13-year and seven-month prison sentence from a US court. This ruling followed his conviction for orchestrating over 2500 ransomware attacks, demanding a staggering $700 million in ransom payments, and inflicting significant damage on protected computers. Vasinskyi’s modus operandi involved hacking into…
Bash Fork Bomb: A Denial-of-Service Attack
The fork bomb is a potent form of denial-of-service (DoS) assault, specifically targeting Linux or Unix-based systems by leveraging the fork operation. The seemingly innocuous syntax :(){ :|:& };: conceals a devastating Bash function. Upon execution, this intricate code recursively spawns processes, rapidly overwhelming system resources and leading to system crashes. Simplified Fork Bomb Syntax…
Understanding Threat Intelligence, Information, and Data
In today’s digital landscape, distinguishing between threat intelligence, information, and data is crucial for effective cybersecurity. Threat intelligence provides vital context, while information offers actionable insights, and data serves as the raw material. This introduction delves into their distinct roles, highlights differences. Threat Data At the core lies threat data, the raw material mined from…
Docker Removed Millions of Malware-Infected Repositories on Docker Hub
In a recent investigation, researchers from JFrog uncovered a significant security threat on Docker Hub, prompting the removal of nearly 3 million public repositories. These repositories lacked actual content, containing only seemingly innocuous description pages that included links to malicious content, such as spam and malware. Intention of Attackers The threat, identified in April, involved…
Critical R Programming Vulnerability Enables Supply Chain Attacks
Exploitable R Programming Language Vulnerability (CVE-2024-27322) Enables Arbitrary Code Execution and Supply Chain Attacks. Vulnerability in R Programming Language A Critical R Programming Language Vulnerability (CVE-2024-27322) Allows Arbitrary Code Execution via Malicious RDS Files, Posing Supply Chain Threats, reported by AI Security Firm HiddenLayer. Discovered within R’s serialization and deserialization process for RDS (R Data…