Advanced Threats,Intelligence Technology,CyberSecurity
88.9K views | +21 today
Follow
 
Scooped by Constantin Ionel Milos / Milos Constantin
onto Advanced Threats,Intelligence Technology,CyberSecurity
Scoop.it!

Abusing X.509 Digital Certificates to establish a covert data exchange channel

Abusing X.509 Digital Certificates to establish a covert data exchange channel | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Researcher at Fidelis Cybersecurity devised a new technique that abuses X.509 Digital Certificates to establish a covert data exchange channel
more...
No comment yet.
Your new post is loading...
Your new post is loading...
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Corporate Surveillance in Everyday Life

Corporate Surveillance in Everyday Life | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
How Thousands of Companies Monitor, Analyze, and Influence the Lives of Billions. Report + Web Publication.
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Portable Executable File Corruption Preventing Malware From Running

Portable Executable File Corruption Preventing Malware From Running | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Important Disclaimer – YOU MUST READ FIRST! Portions of this article contain source code from the Windows Research Kernel. This code is the intellectual property of Microsoft Corporation. I am using this code under special license in this post under these grounds of the license agreement: You may distribute snippets of this software in research... Read More
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation - CyberScoop

Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation - CyberScoop | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
CyberScoop has learned that Kaspersky's 'Slingshot' is an active, U.S.-led counterterrorism cyber-espionage operation used to target ISIS and Al-Qaeda.
more...
Richard Platt's curator insight, August 14, 2:54 PM

The U.S. government and Russian cybersecurity giant Kaspersky Lab are currently in the throes of a nasty legal fight that comes on top of a long-running feud over how the company has conducted itself with regard to U.S. intelligence-gathering operations.

A recent Kaspersky discovery may keep the feud alive for years to come.

CyberScoop has learned that Kaspersky research recently exposed an active, U.S.-led counterterrorism cyber-espionage operation. According to current and former U.S. intelligence officials, the operation was used to target ISIS and al-Qaeda members.

On March 9, Kaspersky publicly announced a malware campaign dubbed “Slingshot.” According to the company’s researchers, the campaign compromised thousands of devices through breached routers in various African and Middle Eastern countries, including Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey and Yemen.

Kaspersky did not attribute Slingshot to any single country or government in its public report, describing it only as an advanced persistent threat (APT). But current and former U.S. intelligence officials tell CyberScoop that Slingshot represents a U.S. military program run out of Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM).

The complex campaign, which researchers say was active for at least six years, allowed for the spread of highly intrusive malware that could siphon large amounts of data from infected devices.

Slingshot helped the military and intelligence community collect information about terrorists by infecting computers they commonly used, sources told CyberScoop. Often times, these targeted computers would be located within internet cafés in developing countries. ISIS and al-Qaeda targets would use internet cafés to send and receive messages, the sources said.

These officials, all of whom spoke on condition of anonymity to discuss a classified program, fear the exposure may cause the U.S. to lose access to a valuable, long-running surveillance program and put soldiers’ lives at risk.

The disclosure comes at a difficult time for Kaspersky. The company is currently fighting the U.S. government in court after the government claimed that the Moscow-based company’s software poses a national security risk due to the company’s Russian government ties. Kaspersky has consistently denied any wrongdoing.

CyberScoop’s reporting of JSOC’s role in Slingshot provides the first known case of a SOCOM-led cyber-espionage operation. The command is better known for leading physical missions that place elite soldiers on the ground in hostile territories. Over the last decade, SOCOM has been instrumental in the Global War on Terror, having conducted many sensitive missions, including the one that killed former al-Qaeda leader Osama bin Laden.

Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains]

Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains] | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Hello again! Welcome to another post on Windows exploit development. Today we’re going to be discussing a technique called Return Oriented Programming (ROP)
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Tropic Trooper’s New Strategy - TrendLabs Security 

Tropic Trooper’s New Strategy - TrendLabs Security  | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Tropic Trooper is believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of them now feature new behaviors, including a change in the way they maintain a foothold in the targeted network.
more...
Richard Platt's curator insight, August 14, 2:53 PM

We also observed malicious documents that don’t need to download anything from the internet as the backdoor’s dropper is already embedded in the document. This, however, doesn’t influence the overall result for the victim.

The backdoor will load the encrypted configuration file and decrypt it, then use Secure Sockets Layer (SSL) protocol to connect to command-and-control (C&C) servers.

Tropic Trooper uses exploit-laden Microsoft Office documents to deliver malware to targets. These documents use job vacancies in organizations that may be deemed socio-politically sensitive to recipients. Below is a screenshot of the document used in their latest campaigns:

Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

 XBruteForcer - CRM Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)

 XBruteForcer - CRM Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento) | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Payload Generation using SharpShooter – MDSec

Payload Generation using SharpShooter – MDSec | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Payload Generation using SharpShooter
more...
No comment yet.
Rescooped by Constantin Ionel Milos / Milos Constantin from #CyberSecurity #CyberSécurité #Security #Sécurité #InfoSec #CyberDefence #GDPR #RGPD #DevOps #DevSecOps #SecDevOps
Scoop.it!

#CyberSecurity: #SGXPECTRE New Variant of #Spectre that Attackers to Extract Data

#CyberSecurity: #SGXPECTRE New Variant of #Spectre that Attackers to Extract Data | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
A new type of side channel attack(SGXPECTRE) against SGX enclaves revealed by security researchers that…

Via Frederic GOUTH
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Hacking with Netcat part 3: Advanced Techniques

Hacking with Netcat part 3: Advanced Techniques | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
In part 3 of the Hacking with Netcat tutorial series we will be learning some advanced techniques: networking pivoting with Netcat on Windows and Linux.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Phone-cracking firm advertises that it can unlock any iPhone

Phone-cracking firm advertises that it can unlock any iPhone | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Israeli security firm Cellebrite claims it can now even unlock iPhones running the very latest version of iOS.
more...
Richard Platt's curator insight, August 14, 3:01 PM

As Thomas Fox-Brewster reports at Forbes (danger! there’s an irritating anti-ad-blocker interstitial at the end of that link), Israeli security firm Cellebrite claims it can now even unlock iPhones running the very latest version of iOS.  Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.”  Sure enough, a January 2018-dated marketing document from Cellebrite, touting its ability to unlock smartphones and extract data from them, appears to confirm the company has found a method to meddle with iOS 11’s security on the latest Apple devices.  Such a technique has ramifications for all users of Apple products. Because if Cellebrite has found a way to do this, the ability could also potentially be found by others - including law enforcement agencies and dodgy authoritarian regimes.  And if they haven’t discovered how to do it… well, they could always pay Cellebrite to do it for them.  The one thing you can be pretty sure about is that Cellebrite is unlikely to have shared details with Apple. After all, Apple would presumably work quickly to secure any vulnerability, protecting hundreds of millions of its users around the world. And that would simply work against Cellebrite’s business model.

Forbes has also uncovered that the US government has used the phone-cracking technology in a criminal investigation, extracting information from a suspected arms trafficker’s iPhone X.

One interesting aside. Bruce Schneier notes the possibility that whatever Cellebrite has up its sleeve against latest iPhones may “only” stop iOS from preventing you from multiple attempts at guessing an owner’s PIN or password:

Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

New #bypass and protection techniques for #ASLR on #Linux

New #bypass and protection techniques for #ASLR on #Linux | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
By Ilya Smith (@blackzert), Positive Technologies researcher 0. Abstract The Linux kernel is used on systems of all kind
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Ransom.ShurL0ckr - AlienVault - Open Threat Exchange

Ransom.ShurL0ckr is a ransomware that encrypts files on the compromised computer and demands a payment to decrypt them. The ransomware uses .cypher extension to encrypt files.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Attackers Abused Indian Bank's SWIFT System to Try to Steal $2M

Attackers Abused Indian Bank's SWIFT System to Try to Steal $2M | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds.
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Jailbreaking iOS 11 And All Versions Of iOS 10

Jailbreaking iOS 11 And All Versions Of iOS 10 | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
by Oleg Afonin, Mobile Product Specialist at ElcomSoft Jailbreaking iOS is becoming increasingly difficult, especially considering the amounts of money Apple and independent bug hunters are paying for discovered vulnerabilities that could lead to a working exploit. Late last year, a bug hunter at Google’s Project Zero discovered one such vulnerability and developed and published an…
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Plague of the Cyber RATS – The Cyber Shafarat – Treadstone 71

Plague of the Cyber RATS – The Cyber Shafarat – Treadstone 71 | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
a new era of warfare… a destructive and deadly mix of conventional military might and malicious cyber attacks
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

The Legitimisation of Have I Been Pwned

The Legitimisation of Have I Been Pwned | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
There's no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

E-Mailing Private HTTPS Keys - Schneier on Security

E-Mailing Private HTTPS Keys - Schneier on Security | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Empty description
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Who Will Steal Satoshi’s  #Bitcoins? #quantum, #computing

I woke up in the middle of the night so I fired up Twitter and I encountered two well-known cryptographers’ conversation about quantum computing. Tim is one of the inventor of…
Constantin Ionel Milos / Milos Constantin's insight:
Share your insight
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

The #Slingshot #APT FAQ - Securelist

The #Slingshot #APT FAQ - Securelist | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
While analyzing some memory dumps suspicious of being infected with a keylogger, we identified a library containing strings to interact with a virtual file
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

Cisco's Talos Intelligence Group Blog: CannibalRAT targets Brazil

Cisco's Talos Intelligence Group Blog: CannibalRAT targets Brazil | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

How Hackers Are Leveraging Machine Learning

How Hackers Are Leveraging Machine Learning | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Unfortunately, like many advanced and innovative technological processes, machine learning can be leveraged for both beneficial enterprise purposes as well as malicious activity.
more...
Richard Platt's curator insight, August 14, 2:58 PM

For business executives and internal information security specialists, it seems that every day brings a new potential risk to the company – and in the current threat environment, it isn't hard to understand this viewpoint.  Sophisticated cybercriminals are continually on the lookout for the next big hacking strategy, and aren't shy about trying out new approaches to breach targets and infiltrate enterprises' IT assets and sensitive data. One of the best ways to stem the rising tide of threats in this type of landscape is to boost awareness and increase knowledge about the latest risks and how to guard against them.  Currently, an emerging strategy among hackers is the use of machine learning. Unfortunately, like many advanced and innovative technological processes, machine learning can be leveraged for both beneficial enterprise purposes as well as malicious activity.

Machine learning: A primer

Many internal IT and development teams as well as technological agencies are experimenting with machine learning – but white hats aren't alone in their use of this method.  As SAS explained, machine learning is an offshoot of artificial intelligence, and is based on the ability to build automated analytical models. In other words, machine learning enables systems to increase their own knowledge and adapt their processes and activities according to their ongoing use and experience.  "The iterative aspect of machine learning is important because as models are exposed to new data, they are able to independently adapt," SAS stated. "They learn from previous computations to produce reliable, repeatable decisions and results. It's a science that's not new – but one that has gained fresh momentum."  Individuals have likely encountered some form of machine learning algorithm in their daily life already – things like online recommendations from streaming services and retailers, as well as automated fraud detection represent machine learning use cases already in place in the real world. Artificial intelligence and machine learning can be used to bolster malicious attacks.

Machine learning on both sides of the coin

However, as legitimate agencies and white hat security professionals continue to dig deeper into advantageous machine learning capabilities, hackers are increasingly looking toward AI-based processes to boost the effects of cyberattacks.  "We must recognize that although technologies such as machine learning, deep learning, and AI will be cornerstones of tomorrow's cyber defenses, our adversaries are working just as furiously to implement and innovate around them," Steve Grobman, security expert and McAfee chief technology officer told CSO. "As is so often the case in cybersecurity, human intelligence amplified by technology will be the winning factor in the arms race between attackers and defenders."  But how, exactly, are hackers putting machine learning algorithms to work, and how will these impact today's enterprises? Let's take a look:

ML vs. ML: Evasive malware

When hackers create malware, they don't just look to breach a business – they also often want to remain within victims' systems for as long as possible. One of the first, and likely most dangerous, ways machine learning will be leveraged by hackers is to fly under the radar of security systems aimed at identifying and blocking cybercriminal activity.  A research paper from Cornell University authors described how this type of instance could be brought to life by hackers. Researchers were able to create a generative adversarial network (GAN) algorithm which, in and of itself, was able to generate malware samples. Thanks to machine learning capabilities, the resulting infection samples were able to effectively sidestep machine learning-based security solutions designed specifically to detect dangerous samples.  Security experts also predicted that machine learning could be utilized by cybercriminals to modify the code of new malware samples based on the ways in which security systems detect older infections. In this way, hackers will leverage machine learning to create smarter malware that could potentially fly under the radar within infected systems for longer periods of time.  This will require enterprises to be increasingly proactive with their security posture – monitoring of critical IT systems and assets must take place continually, and security officers must ensure that users are observing best protection practices in their daily access and network activities.

Rescooped by Constantin Ionel Milos / Milos Constantin from Mac Tech Support
Scoop.it!

Fixing OS X Install Errors “can’t be verified” and “error occurred while preparing the installation”

Fixing OS X Install Errors “can’t be verified” and “error occurred while preparing the installation” | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Fixing OS X Install Errors “can’t be verified” and “error occurred while preparing the installation”

Via David Anders
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

FinSpy VM Unpacking Tutorial Part 3: Devirtualization —

1. Overview This is the third and final part in my series on statically unpacking the FinSpy VM. After having deobfuscated the x86 implementation of FinSpy in part one and after having analyzed the VM and written a disassembler for the bytecode format for the particular sample in question in part tw
more...
No comment yet.
Scooped by Constantin Ionel Milos / Milos Constantin
Scoop.it!

 #Mandiant Exposes #APT1 – One of #China's #Cyber #Espionage Units & Releases 3,000 Indicators 

 #Mandiant Exposes #APT1 – One of #China's #Cyber #Espionage Units & Releases 3,000 Indicators  | Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it
Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1's multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen.
more...
No comment yet.