In this blog post, we are talking about what we can do if we are presented with a Memory image for a suspected machine to investigate and how to leverage our tools to get as much information as we can from it. we will be dealing with two tools: Volatility 3 MemProcFS Experience Level required: Begin…
Category: Interesting Stuff
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of m…
This is an web about website security. It discusses different types of malware that can infect websites. The web article provides information on how to protect your website from these threats. Some of the important points from this web article are that attackers often target the .htaccess file to hi…
Summary Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security i…
Key Points ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks, relevant to all sectors and countries. We have developed an advanced detection approach for organizations to id…
This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetr…
Introduction In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 20…
Summary Trigona ransomware is a sophisticated and evolving threat that leverages vulnerabilities, legitimate tools, and double extortion tactics to target organizations, particularly in the technology and healthcare sectors. Collaboration with other threat actors like ALPHV enhances its capabilities…
💡 Akamai security researcher Tomer Peled discovered a spoofing vulnerability in Microsoft Themes, allowing an attacker to coerce NTLM credentials. 💻 The vulnerability affects all Windows versions and was fixed in January’s Patch Tuesday 2024. 🔒 Exploiting the vulnerability requires the victim to dow…
🕵️ Akamai researchers discovered a new privilege escalation technique in Active Directory environments using the DHCP administrators group. 🛡️ The technique leverages legitimate features and doesn’t rely on any vulnerability, making it challenging to fix. 🔄 It can be used not only for privilege esca…
Experience Level required: Intermediate In this report, we will analyze the CryptNet Ransomware, starting with deobfuscating the sample and proceeding through the ransomware’s techniques: Obfuscated strings encrypted strings AES & RSA Encryption algorithms CryptNet is a NET ransomware that has b…
Sextortion scam is defined as the crime of blackmailing victims using their sensitive information to inflict great psychological distress and extort them. Victims not only suffer from immediate financial losses but also immense shock and terror, some to the point of having their daily lives severely impacted. Contents DefinitionScamming is defined…
Methodology-based scams Target-Based Scams Platform-Based Scams Online The fraudulent activities take place across online platforms. Travel Fake vacation packages which offer hidden fees or non-existent accommodations. Utility Impersonating utility companies to demand immediate payment or threaten w…
For CISA, understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® framework is a globally accessible knowledge base of adversary tac…
OVERVIEW: REMOTE ACCESS SOFTWARE Remote access software and tools comprise a broad array of capabilities used to maintain and improve IT, operational technology (OT), and industrial control systems (ICS) services; they allow a proactive and flexible approach for organizations to remotely oversee net…