HackDig : Dig high-quality web security articles for hacker

10 Reasons Your Organization Is Potentially at Risk of a Ransomware Attack

Does ransomware respect the holiday season? With ransomware attacks attempted every 14 seconds, it’s not likely attackers take any days off. The threat of ransomware keeps growing, and in Q1 2019, researchers noted a 118 percent rise in malware strains in this category. Behind these rising numbers are cybercrime syndicates that continue to push ransomw
Publish At:2019-10-18 10:20 | Read:79 | Comments:0 | Tags:Identity & Access Incident Response Threat Intelligence Cybe

Identifying Cobalt Strike team servers in the wild

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the
Publish At:2019-09-19 23:30 | Read:53 | Comments:0 | Tags:Threat Intelligence Uncategorized

PsiXBot: The Evolution Of A Modular .NET Bot

PsiXBot: The Evolution Of A Modular .NET Bot Summary In this blog we will share our analysis of a modular piece of malware which is referred to by the author as PsiXBot. The malware first surfaced in 2017 but has recently undergone significant developments of its core and modules, which include the logging of keystrokes and stealing of Outlook and browser cr
Publish At:2019-09-19 23:30 | Read:59 | Comments:0 | Tags:Threat Intelligence

mkYARA – Writing YARA rules for the lazy analyst

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYAR
Publish At:2019-09-19 23:30 | Read:61 | Comments:0 | Tags:Threat Intelligence Uncategorized reverse-engineering YARA

BankBot Anubis Switches to Chinese and Adds Telegram for C2

<p>We've recently noticed&nbsp;two significant changes&nbsp;in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of&nbsp;Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is&nbsp;the use of&nbsp;Telegram Messenger&nbsp;in addition to&n
Publish At:2019-09-19 22:40 | Read:125 | Comments:0 | Tags:Threat Intelligence Banking Trojan BankBot Anubis

Phishing  Number One Cause of Data Breaches: Lessons from Verizon DBIR

<p><img src="https://info.phishlabs.com/hs-fs/hubfs/DBIR.png?width=300&amp;name=DBIR.png" alt="DBIR" width="300" style="width: 300px; float: right; margin: 0px 10px 10px 0px;">In the cyber security world, few research reports are more widely respected than Verizon’s annual Data Breach Investigations Report (DBIR).</p> <p>The DB
Publish At:2019-09-19 22:40 | Read:87 | Comments:0 | Tags:Phishing Threat Intelligence Phishing Trends and Intelligenc

Thoughtful Design in the Age of Cybersecurity AI

Reading Time: ~ 3 min. AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design of threat intelligence—design that accounts for the ultimate needs
Publish At:2019-09-19 15:40 | Read:126 | Comments:0 | Tags:Business + Partners Featured Posts Threat Intelligence artif

Diving Deeper to Understand, Investigate and Mitigate Cyberthreats

As recent attacks targeting sensitive, personal information at a number of high-profile institutions have demonstrated, it is not a matter of if, but when you will have to investigate a security breach. The law enforcement and intelligence communities are increasingly called upon to investigate and mitigate cyberthreats, often applying the same tools and met
Publish At:2017-11-02 13:10 | Read:2487 | Comments:0 | Tags:Incident Response Risk Management Forensics Incident Forensi

Injection Attacks: The Least Glamorous Attack Is One of the Most Threatening

Very little in life grabs our attention like a shiny new object. The gleam can be irresistible, the glitter mesmerizing. That’s how it is in cybersecurity, where the landscape is almost always dotted with alluringly novel hazards. Brand new threats, fresh twists on old threats — the shiny malicious objects just keep on coming, year in and year out. 201
Publish At:2017-11-02 13:10 | Read:4819 | Comments:0 | Tags:Threat Intelligence IBM Managed Security Services (MSS) IBM

Ursnif Campaign Waves Breaking on Japanese Shores

According to IBM X-Force data on the activity of financial malware operated by organized cybercrime groups, the Ursnif (aka Gozi) banking Trojan was the most active malware code in the financial sector in 2016 and has maintained its dominance through 2017 to date. Ursnif’s activity is marked by both frequent code modifications and campaign activity in
Publish At:2017-10-26 19:35 | Read:3957 | Comments:0 | Tags:Banking & Financial Services Malware Threat Intelligence Ban

Threat Intelligence: A Tear-Free Solution to Help SOC Analysts Prepare for the Next WannaCry

It’s been nearly six months since the WannaCry ransomware stole global headlines and thousands of security practitioners flocked to threat intelligence feeds to help streamline their investigations. While the security community has learned many valuable lessons from the attack, it’s impossible to say that a strike of this magnitude won’t ha
Publish At:2017-10-26 01:10 | Read:4127 | Comments:0 | Tags:Malware Security Intelligence & Analytics Threat Intelligenc

Bad Rabbit Ransomware Attacks Highlight Risk of Propagating Malware Outbreaks

On Tuesday morning, Oct. 24, 2017, organizations in Russia and Ukraine reported being hit with a ransomware outbreak that paralyzed their operations. Sporadic cases were also recorded in Turkey, Germany, Bulgaria and Japan, according to reports from different sources. The malware, self-titled Bad Rabbit, is a ransomware code designed to encrypt and lock file
Publish At:2017-10-26 01:10 | Read:3805 | Comments:0 | Tags:Advanced Threats Malware Threat Intelligence Cyberattack Cyb

Diving Into Zberp’s Unconventional Process Injection Technique

IBM X-Force Research recently discovered a small-scale malware campaign involving a Neutrino bot, aka Kasidet, dropping a payload that contains two Zeus malware breeds: Atmos and Zberp. Both of these codes are based on the leaked source code of the Zeus V2 banking Trojan that was exposed publicly in 2011. The Zberp Trojan, which is a subvariant of ZeusVM mix
Publish At:2017-10-22 05:01 | Read:4580 | Comments:0 | Tags:Malware X-Force Research Banking Trojan Carberp Carberp sour

Cybercrime’s Cryptocurrency Gold Rush: Going Strong!

What’s the connection between cybercrime and cryptocurrencies? Perhaps it would suffice to say that the reasons for criminals adopting the cryptocoin are quite obvious. But when did this all start, and what fuels it and gets fueled in return? This blog will go over some of the historical reasons that connect cybercrime and cryptocurrency as well as exa
Publish At:2017-10-04 21:35 | Read:3988 | Comments:0 | Tags:Fraud Protection Threat Intelligence Bitcoin Bitcoin Mining

POS Malware Breach Sees Payment Cards Hit Underground Shops

News about POS malware breaches affecting two retailers hit the headlines last week, this time featuring a fast-food restaurant chain in the U.S. that operates around 3,500 locations across the country, most of which are franchised, and a popular supermarket. Both entities, like others before them, were notified of suspicious activity by a third-party servic
Publish At:2017-10-04 03:05 | Read:5572 | Comments:0 | Tags:Data Protection Fraud Protection Malware Retail Threat Intel

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud