APT’s – advanced persistent threats – are among the most feared threats in the cyberspace. They are well known for their use of highly sophisticated techniques, long lasting intrusions, and their slow and stealthy movement through infiltrated infrastructures. Often backed by nation states, APT groups possess the Continue reading “Wanted: The Best Threat Intelligence Provider with APT Indicators”
The United States Government Accountability Office (GAO) recently released a report on the 2017 Equifax data breach. The GAO report documents a number of shortcomings in Equifax’s infrastructure and can be used to identify lessons that should be learned.
Recent news stories highlight the danger of unwanted data exfiltration by popular applications. The use of apps is increasingly important across working environments; recognizing the potential threat that they pose and implementing appropriate safeguards tailored to organizational needs is critical.
APT operators are humans, and humans are lazy and make mistakes. A common pattern seen in APT operations is “sleeping cycles” of domain names. Once an APT operator doesn’t need a C&C domain name, it gets pointed to a parking IP. This might be done to hide the real destination of the C&C Continue reading “Using “magic” DNS-resolutions to track suspicious domains”
The first publicly accessible indication of a new Spectre-NG vulnerability appeared on June 5, 2018, in a commit message on the OpenBSD project. The log message briefly provides some technical background and states three reasons for the code change, including, “post-Spectre rumors suggest that the %cr0 TS Continue reading “Spectre-NG: LazyFP State Restore Vulnerability (CVE-2018-3665)”
The rising prominence of cryptocurrencies worldwide incentivizes criminals to expand cryptocurrency mining operations, particularly when using compromised infrastructure forces others to bear any cost. In comparison with traditional targets of cybercrime, cryptocurrencies are also easily Continue reading “Cryptomining: A Growing Threat”