HackDig : Dig high-quality web security articles

Nation State Threat Group Targets Airline with Aclip Backdoor

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious tra
Publish At:2021-12-15 10:06 | Read:561 | Comments:0 | Tags:Malware Security Services Threat Hunting Threat Intelligence

The Backup Paradigm Shift: Moving Toward Attack Response Systems

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot? Did a hard drive die? Firmware corruption? D
Publish At:2021-06-15 11:57 | Read:623 | Comments:0 | Tags:Attack Path Effectiveness Review Business Risk Assessment In

Inside the Lyceum/Hexane malware

The Lyceum/Hexane Cybercrime GroupLyceum and Hexane are two industry designations for an APT group that was discovered in August 2019 and was operating without detection for at least a year and possibly since April 2018. The Lyceum/Hexane APT focuses their attacks on companies within the oil, gas and telecommunications industries operating in the Middl
Publish At:2020-10-07 09:29 | Read:1678 | Comments:0 | Tags:Malware Analysis

Ransomware deletion methods and the canary in the coal mine

Introduction Ransomware is an emergent threat. Every week, there is a new and notable outbreak of this class of data encryption malware. From Ragnar Locker to Netwalker, the threats are increasing, and they are crippling and extorting an ever-widening group of organizations.This piece of malware is not new. Early on, ransomware encrypts everything as f
Publish At:2020-09-15 10:00 | Read:1781 | Comments:0 | Tags:Malware Analysis ransomware

Drovorub “Taking systems to the wood chipper” – What you need to know

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Servi
Publish At:2020-08-20 08:13 | Read:1615 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Drovorub M

ZLoader: What it is, how it works and how to prevent it | Malware spotlight

IntroductionIt was once said that the apple doesn’t fall far from the tree. In the case of the Zeus malware family, its fruit is known as ZLoader and it definitely has not rolled too far away. And what if I told you that sometimes the fruit starts growing into a new tree and begins using new approaches toward the goal of its attack? This article
Publish At:2020-08-19 09:07 | Read:4591 | Comments:0 | Tags:Malware Analysis

Zeus Sphinx: What it is, how it works and how to prevent it | Malware spotlight

IntroductionWhen something is described as “rising from the ashes,” the mythological creature known as the phoenix normally comes to mind. For those that research malware, they may soon want to swap “phoenix” for “Zeus Sphinx.” This malware used to be a persistent threat for banks and financial institutions in 2015 and seemingly died out. As of Decembe
Publish At:2020-08-12 09:53 | Read:1454 | Comments:0 | Tags:Malware Analysis

How to detect and prevent web shells: New guidance from the NSA and the Australian government

IntroductionIt’s not every day that governments of different countries draft guidance rules about any subject together. It is even rarer that they create joint guidance for cybersecurity reasons. It may come as a surprise to many that the United States government (NSA) and the Australian government (Australian Signals Directorate or ASD) have issued jo
Publish At:2020-08-11 10:31 | Read:1252 | Comments:0 | Tags:Malware Analysis

Tesla Model 3 vulnerability: What you need to know about the web browser bug

IntroductionIn 2020, Jacob Archuleta, a researcher nicknamed Nullze, discovered an important information security vulnerability on the web browser of the Tesla Model 3 automobile. If a user of the car’s boarding computer visits a specific website, the entire touchscreen becomes unusable.The vulnerability was quickly reported to Tesla in accordance with
Publish At:2020-08-05 10:20 | Read:1577 | Comments:0 | Tags:Malware Analysis Vulnerability

Analysis of ransomware used in recent cyberattacks on health care institutions

IntroductionIn recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced as a result of the COVID-19 crisis certainly exacerbated some of the reasons for the proliferation of such attacks. Fraudsters believe that the chaos created by the COVID-19 crisis will
Publish At:2020-07-21 14:11 | Read:1839 | Comments:0 | Tags:Malware Analysis

Spamdexing (SEO spam malware)

Introduction: About SEO spam — is my website a target?You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, search engine spam and mor
Publish At:2020-07-15 12:46 | Read:2098 | Comments:0 | Tags:Malware Analysis

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video
Publish At:2020-07-07 09:43 | Read:1569 | Comments:0 | Tags:Incident Response Incident Response & Forensics Malware Anal

Agent Tesla: What it is, how it works and why it’s targeting energy companies

Introduction to Agent TeslaAgent Tesla appeared for the first time in 2014, but it has been just recently used for attacks on energy companies operating in various fields. These fields include charcoal processing, manufacturing of raw materials, oil and gas and hydraulic plants. Such attacks are based on spearphishing messages impersonating reputable c
Publish At:2020-07-02 15:54 | Read:1643 | Comments:0 | Tags:Malware Analysis

SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT

Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disa
Publish At:2020-05-03 08:13 | Read:2235 | Comments:0 | Tags:Government Malware Threat Hunting Credentials Theft Email IB

TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam

IBM X-Force monitors billions of spam emails a year, mapping trending, malicious campaigns and their origins. Recent analysis from our spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA), w
Publish At:2020-05-03 08:13 | Read:1901 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Cybercrime Fraud


Share high-quality web security related articles with you:)
Tell me why you support me <3