In an interesting twist to the use of ransomware, an attacker leveraged a vulnerability in a plug-in for a remote-monitoring tool, Kaseya VSA, to gain access to a small Managed Services Provider, and infect approximately 80 companies with the GandCrab ransomware. This is a notable shift in tactics for Continue reading “Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware”
Pegasus/Buhtrap analysis of the malware stage based on the leaked source code
In April of 2015, Kaspersky released a report on a Trojan / Remote Access Tool (RAT) targeting financial institutions in Russia and Ukraine, named BUHTRAP, also known as Pegasus and Carbanak. Kaspersky reported BUHTRAP has been active since 2014, but the first attacks were not detected until August 2015. Continue reading “Pegasus/Buhtrap analysis of the malware stage based on the leaked source code”
RSA Conference 2019: Trust (not Quantum), Blockchain, AI – and the advent of DevSecOps
A Trust Enabled World – that is the vision that guided the opening keynote speech of the RSA Conference 2019, held by Rohit Ghai (CEO of RSA) and Niloo Howe (tech investor and entrepreneur). In their narrative, which started with security nirvana, planned to be reached in 2049, they “looked back” to the trust crisis Continue reading “RSA Conference 2019: Trust (not Quantum), Blockchain, AI – and the advent of DevSecOps”
Innovation Sandbox Contest: What Cyber Security Trends can the world expect?
“Same procedure as last year, Miss Sophie?” – “Same procedure as every year, James!”
In line with this mantra, this year’s RSA Conference was kicked off again with the – by now pretty much established – ISBC startup contest. Same format (10 contestants pitch for 3 minutes, followed by 3 minutes of Q&A), same rules and conditions (pre-selected companies with maximum B round funding, Continue reading “Innovation Sandbox Contest: What Cyber Security Trends can the world expect?”
Part 2: Using MISP-dockerized
As demonstrated in Part 1 of this blog article, installing MISP with MISP-dockerized is quite simple. All you have to do is this: Continue reading “Part 2: Using MISP-dockerized”
Part 1: MISP in a box
MISP is a free open source platform developed by the MISP project team that primarily serves the purpose of sharing IOCs. It has been enjoying steady growth for some time now, as evidenced by the incredible active community around the main repository, the several side projects, Continue reading “Part 1: MISP in a box”