Infosec

We break down each stage of a ransomware attack and how to leverage intelligence to minimize risk for your organization and its assets.

I've discovered that I can only successfully connect to signal's server with my VPN on my phone if I turn off the kill switch in the network manager.

To my knowledge this is new in the last few weeks. I've tried every protocol and exit servers in random countries but everything breaks with the kill switch.

This is very worrying. I sent a bug report but this feels like an intentional thing and I'm curious if others are finding that signal is trying to talk to the server via an unobscured IP address.

Extremely concerning about motives...

A new ransomware strain emerged: Big Head uses fake Windows updates and Microsoft Word installers to spread.

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and

🚨 Beware, Android users! Two file management apps on Google Play Store revealed as spyware, sending users' data to servers in China.

This multi-step vishing attack combines hi-tech malware, voice traffic routing, and social engineering to deceive victims into micro-loans.

Can cover anything from network security to OSINT and from CTI to information security.

I'll kick off:

Darknet Dairies: https://darknetdiaries.com/
Beers with Talos: https://talosintelligence.com/podcasts/shows/beers_with_talos
Digital Shadows Shadowtalk: https://soundcloud.com/digitalshadows

Easy to listen to and useful up-to-date information within the cybersecurity field.

Mastodon, the decentralized social network, releases critical security update. Update your instance ASAP to prevent potential DoS and RCE attacks.

A new warning was issued by CISA and the FBI! Organizations across the United States and Canada have been targeted in attacks that use a new variant of the Truebot malware.

Google's latest Android security updates are here! Patching 46 vulnerabilities, including 3 actively exploited flaws.

As everyone looks about, sirens begin to sound, creating a sense of urgency; they only have a split second to determine what to do next. The announcer repeats himself over the loudspeaker in short bursts... This is not a drill; report to your individual formations and proceed to the allocated zone by following the numbers on your squad leader's red cap. I take a breather and contemplate whether this is an evacuation. What underlying danger is entering our daily activities? 1…2…

Microsoft uncovers the ruthless efficiency of ransomware attacks. In just 5 days, hackers complete the entire attack process, breaching systems.

We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.

Alarming statistics revealed in Cymulate's assessments as organizations continue to be at risk from MOVEit vulnerability.

fasdsdv

#infosec

Hackers targeted a flaw in the file transfer utility MOVEit; concerns about the safety of sensitive data once again come to the fore.

I am a newbie here. Is there aby manuał on how to use it? I am list.

#infosec

Fun fact about nuclei @pdnuclei is that the more specific the url the better the outcome.

Yes you can just use CNN.com or https[:]//CNN[.]com

But using the full https[:]//www[.]cnn[.]com/ brings you even more info. Very dope program.

#z0ds3c #infosec

Hello Friend

#infosec

Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.

Have you found that companies are starting to forego cyberinsurance if they don't have the money to hire a full time security staff?

.@blacktraffic Great question! Here are some reasons why #RainbowTables are obsolete for #password #cracking: In any given password database, 92-98% of the passwords are going to be created by highly predictable humans (as opposed to being randomly generated.) Because of this, modern password cracking is heavily optimized for exploiting the human element of password creation, concentrating on probabilistc methods that achieve the largest plaintext yield in the least amount of time. As such, modern password cracking tools and techniques have evolved to become highly dynamic, requiring agility, flexibility, and scalability. This is evident when looking at how #Hashcat has evolved over the last decade. Hashcat used to be heavily optimized for raw speed, but today it is optimized for maximum flexibilty (plus, lite, and cpu merged into a single code base, dropped the 15-character limit, introduced pure kernels, brain, and slow candidate mode, etc.) This need for dynamicity is also why we largely still use GPUs today, rather than having moved on to devices with potentially higher throughput, such as FPGAs or even ASICs. With this in mind, it's rather easy to see that rainbow tables are the antithesis of modern password cracking. Rainbow tables are static, rigid, and not at all scalable. They directly compete with unordered incremental brute force, which in the context of modern password cracking, is largely viewed a last resort and generally only useful for finding randonly-generated passwords (although, can also be useful in identifying new patterns that rules and hybrid attacks failed to crack.) They also do not scale. If you have a handful of hashes, rainbow tables will likely be faster than brute forcing on GPU. But if you are working with even a modestly large hash set, rainbow tables will be slower than just performing brute force on GPU, even if you are using GPU rainbow tables. Overall, rainbow tables are an optimization for an edge case: cracking a small amount of hashes of an algorithm for which we have tables, within the length and character sets for which we have tables, that fall within that 2-8% of hashes that we cannot crack with probabilistic methods. And even then, most people who are #security conscious enough to use use random passwords aren't going to make them only 8 or 9 characters long, so the percentage of those passwords that will actually be found in your tables will be much lower. The questions you have to ask yourself: is that worth the disk space and the bandwidth to download and store rainbow tables, and do you really care about that 2-8%, keeping in mind that only a small percentage of that is going to fall within the tables you have? If the answer is "yes", then continue to use rainbow tables. However, the for the vast majority of us, the answer for the past 11 years has been a resounding "no." And that's why rainbow tables are, by and large, a relic of a bygone era. With that said, rainbow tables do still have some utility outside of #passwords. For instance, cracking DES or A5/1 #encryption. There's also the cousin of rainbow tables, lossy hash tables (LHTs), which have some utility as well for things like old Microsoft Office and Adobe Acrobat encryption keys. #infosec #hacking