Being Infected with Fileless Malware

malwareWhen administrators think about identifying cyber breaches, many become hyper focused on analyzing files for malware (IE scanning hard drives with signature based technologies). What has been a more current trend, which has been linked to large scale attacks such as the Angler Exploit Kit is using fileless malware meaning not hitting the hard drive by staying in memory. An example is kovter malware covered in a blogpost by airbuscybersecurity HERE. Sean Metcalf did a fantastic presentation at the recent Bsides Baltimore event covered HERE. In the post below, I’m taking a post on journeyintoir that covers investigating fileless malware. The original post can be found HERE. All of these are good reads. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

TeslaCrypt Shuts Down and Releases Master Decryption Key

ThatsAllFolksFor those have been following the various forms of Ransomware in the wild (more on exploit kits and ransomware HERE), TelsaCrypt was one that came out a while back. Cisco’s security team Talos created a decryption tool for a few variants of TelsaCrypt (found here) however later versions used a form of asymmetric encryption preventing decryption. Well it seems the people behind TelsaCrypt have moved on to bigger and worst things closing shop and posting the master decryption key. They even said SORRY! Bleepingcomputing posted about this. The original post can be found HERE. Funny thing is somebody asked for the master key and they said yes! Many of us found this shocking.

Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)

Facebook Open Sources its Capture the Flag (CTF) Platform

FacebookCTFThehackernews posted about Facebook’s capture the flag platform HERE.

Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Code-a-cola: how to hide secret messages using fizzy drinks

Coke2The Conversation.com wrote a interesting post on how you can use the chemical components of soft drinks to hide messages. The original post can be found HERE.

Next time you see someone spilling a drink in a bar, you could actually be witnessing a spy secretly decoding an encrypted message. This might sound like something from a Bond movie. But a team from Israel has used some rather niffy chemistry to come up with a way to use common chemicals such as cola as the encryption key to code and decode hidden messages. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Verizon Data Breach Investigations Report (DBIR) May Not Be Accurate Data

NOThe Verizon Data Breach Investigations Report (DBIR) is one of the most popular referenced security research documents. I feel like every other presentation I see contains quotes and references however have you ever wondered how accurate the data is? The people at Trail of bits took a look at the DBIR’s data quality and found a ton of areas that need improvement. They opened the post with the statement “If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less”. Their original post can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

FBI Warning – Incidents of Ransomware on the Rise

graphic-of-tablet-screen-with-lock-and-key-stock-imageThe FBI recently posted about increase in ransomware attacks seen on various organizations. You know its bad when the FBI has to officially call out that things are not good. The original post from the FBI website can be found HERE. They also provide some general recommendations such as patch management and limiting endpoint access rights.

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. Continue reading

VN:F [1.9.22_1171]
Rating: 2.0/5 (2 votes cast)

Nuclear Exploit Kit Goes International Hits 150+ Countries

city_view_nuclear_final copyCisco’s research group Talos posted about their research on the Nuclear Exploit Kit HERE. They compare it to their research on Angler as well as break down the attack. Its a good read.

Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit kit and reveal details of the activity that were previously unknown. Now we have focused our attention on the Nuclear exploit kit with similar results. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

The Vigilante Who Hacked Hacking Team Explains How He Did It

hacker1

Motherboard posted a very interesting article on the person behind the breach of Hacking Team. Many people heard about Hacking Team being hacked however until now, there wasn’t any explanation of who, how or why it was done. The original post can be found HERE.

Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it. Continue reading

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)