13Sep 2023 by webmaster No Comments

A New Security Evasion Technique- MalDoc in PDF

CHAT GPT, Cyber Attacks, Malware
Cybercriminals are always looking for new ways to evade security systems and deliver malware. To stay one step ahead, security researchers actively look for and disclose new attack techniques to raise awareness. Recently, researchers from JPCERT/CC discovered a new polyglot security evasion technique that uses PDF files to bypass malware detection and deliver infected Word documents containing malicious macros. JPCERT named this technique “MalDoc in PDF”. In this blog post, we tried explaining the workings of the MalDoc in PDF attack and ways security engineers can upgrade their defenses against this ingenious new technique. Let’s get started! What is a Polyglot File? A polyglot file is a file that is valid in multiple file formats. This allows the file to exhibit different behaviors when interpreted by different programs. For example, a file…
Read More
26Jun 2023 by Ernest Haberli Jr. No Comments
4 Uncommon Programming Languages for Malware Development

4 Uncommon Programming Languages for Malware Development

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Malware, Threats & Vulnerabilities
Technological advancements are one of the vital factors in the modern era. The latest technologies have improved efficiency, altered the status of society, and revolutionized living standards. However, they can also be misused by malicious actors with evil intentions or turned against the purpose of their creation. Bad actors have a reputation for being slow to change what works for them, but it’s not always the case. However, some malware groups have taken advantage of trying uncommon programming languages for malware development. Programming languages for malware development, such as DLang, Nim, Rust, and Go, are becoming famous among malware authors for bypassing security defenses and addressing the weak points in their development process, BlackBerry researchers report. The research team selected these four programming languages because they have noticed an increase in their use…
Read More
16Jun 2023 by Ernest Haberli Jr. No Comments
Understanding the Importance of ChatGPT In Cyber Security

Understanding the Importance of ChatGPT In Cyber Security

AI & Automation, Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Security, Futuristic Technologies, INFOSEC, Malware, Network Security, Threats & Vulnerabilities
As technology continues to evolve, so do cyber threats. According to Cybercrime Magazine:  In 2021 alone, cybercrime caused losses of around $1 trillion worldwide and is expected to grow to 10.5 trillion annually by 2025.   To stay ahead of attackers and strengthen defenses against them, cybersecurity companies are seeking ways to enhance technology. One promising technology that’s becoming increasingly popular in this space is ChatGPT – an emerging standard that promises improved efficiency when handling sensitive data. ChatGPT has the potential to revolutionize cybersecurity by providing a faster and more efficient method for analyzing data, detecting threats, and responding to incidents. By employing machine learning algorithms, ChatGPT helps security teams identify and mitigate threats more efficiently – thus reducing both the impact and cost of cyber attacks. In this blog we will explore…
Read More
15Jun 2023 by Ernest Haberli Jr. No Comments
What is Fileless Malware? How to Protect Against Fileless Malware?

What is Fileless Malware? How to Protect Against Fileless Malware?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, INFOSEC, Malware, Network Security, Threats & Vulnerabilities
Computers have always been vulnerable to malicious software. Like any other cyber threat, it has improved in potency and efficiency over time. Malware that doesn’t create a file is one of the most dangerous types of malware. For the first half of 2020, it has been named the “most prevalent critical-severity cybersecurity threat to endpoints.” The most dangerous aspect of fileless malware is how it hijacks a user’s machine by hiding in RAM and then using the user’s software and programs against them. In addition to being undetectable by standard means, it has no recognizable code or signature, making it even more dangerous. In this blog post, we will talk about what is fileless malware, how does fileless malware work and why it’s become a widespread attack method with cybercriminals. We’ll also explain how…
Read More
15Jun 2023 by Ernest Haberli Jr. No Comments
The New Post-Exploitation framework- Exfiltrator-22

The New Post-Exploitation framework- Exfiltrator-22

Application Security, Application/Appliance, Best Reads, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Malware, Pen Testing, Threats & Vulnerabilities
In December 2022, an anonymous threat actor started advertising the new tool even before the tool’s completion and availability via a new telegram channel (EXFILTRATOR-22 [EX-22]). They claim that the tool is fully undetectable (FUD) by any antivirus or endpoint detection system (EDR). In this article, we will walk you through what is the new post-exploitation framework, Exfiltrator-22, and is Exfiltrator-22 related to Lock bit 3.0. What Is a Post-Exploitation Framework? Post-exploitation refers to any action done by an attacker after they have successfully exploited the target. Both attackers and pen testers use the post-exploitation framework for lateral movement, privilege escalation, CnC, and many more without disturbing the user. One of the famous post-exploitation tools is Metasploit which is free and open-source. The post-exploitation attack framework will directly inject a malicious payload into…
Read More
15Jun 2023 by Ernest Haberli Jr. No Comments
Protect Your MacBook from Geacon- A Go Implementation of Cobalt Strike Beacon

Protect Your MacBook from Geacon- A Go Implementation of Cobalt Strike Beacon

Application Security, Application/Appliance, Best Reads, Cloud & OS Platforms, Cyber Security, Malware, Pen Testing, Threats & Vulnerabilities
In the constantly shifting world of modern cybersecurity, threat actors consistently create new methods and tools to penetrate and corrupt networks. Geacon is one example of this tool; it is an infamous implementation of the Cobalt Strike Beacon in the Go programming language.  The purpose of this blog article is to give a complete knowledge of Geacon, its consequences for users of MacBooks, as well as concrete methods for protecting your MacBook against a complex attack. About Go-Lang The Go language is an open-source high-level programming language developed by Google. Google designed Golang in a manner similar to the C language, leading to its nickname as the “C for the 21st century.” If you’re familiar with C, you won’t have much trouble learning Go, as it utilizes a syntax similar to C’s.…
Read More
14Jun 2023 by Ernest Haberli Jr. No Comments
What is Red Team? How Red Teaming is Different Than Penetration Testing?

What is Red Team? How Red Teaming is Different Than Penetration Testing?

Application Security, Best Reads, Cyber Security, Data Breaches, Malware, Network Security, Threats & Vulnerabilities
With the rapid technological advancements, there’s a high risk of cyber attacks making organizations compromise their sensitive data. With this risk, it is important for organizations to know where they are lacking and what they should do to improve their security.    This is where the need for red teaming arises. Spending some dollars to hire someone to tell you your technological flaws can be fruitful in the longer term. According to a survey conducted in 2020, 92% respondents used red teaming processes.  If you want to improve your organizational processes, read this post to know what red Team is, how Red Teaming differs From Penetration Testing, and a comparison of Red Team vs Penetration Testing. What is Red Teaming? In the field of cyber security, red teaming is a type of assault intended…
Read More
13Jun 2023 by Ernest Haberli Jr. No Comments
New All-in-One Stealer – EvilExtractor

New All-in-One Stealer – EvilExtractor

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Malware, Network Security, Threats & Vulnerabilities, Vulnerabilities, Windows
The most widely used computer operating system in this world is Microsoft Windows, which itself makes Windows the most targeted for stealing data. A new attack tool was developed by the company Kodex which targets the Windows operating system and steals data. In this article, we will discuss the new EvilExtractor stealer and the technical analysis of the malware. What is EvilExtractor? EvilExtractor is a tool that targets Windows operating systems and extracts data and files from endpoint devices through an FTP service. It was developed by Kodex, who claims it is an educational tool, but malware researchers suggest that cybercriminals are using it as an information stealer. The tool includes multiple modules that can be used for extracting data. By March 2023, there was a huge spike in communication…
Read More
12Jun 2023 by Ernest Haberli Jr. No Comments
How Lazarus Group Abuses IIS Servers to Spread Malware? How Should You Protect Your IIS Servers from DLL side-loading Attacks?

How Lazarus Group Abuses IIS Servers to Spread Malware? How Should You Protect Your IIS Servers from DLL side-loading Attacks?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Malware, Network Security, Threats & Vulnerabilities
Attackers are always searching for weak points to establish a foothold within your network. Today, we are uncovering one such group of attackers who have been observed exploiting Windows IIS servers to distribute malware. We’re referring to the Lazarus group, a notorious cyber assault organization known for its relentless attacks. They have now shifted their focus towards exploiting vulnerable Microsoft Internet Information Services (IIS) servers. Recently, the AhnLab Security Emergency Response Center (ASEC) published a report explaining how the Lazarus group abuses IIS servers to propagate malware. We’ve created this post to let security and Windows teams know about how to protect IIS servers from DLL Side-Loading Attacks. A Short Introduction to Lazarus Group: Lazarus group is one of the notorious North Korean-backed APT groups performing multiple attacks worldwide. Many…
Read More
10Jun 2023 by Ernest Haberli Jr. No Comments
Protecting Your macOS Device From Atomic macOS Stealer Malware- AMOS Malware

Protecting Your macOS Device From Atomic macOS Stealer Malware- AMOS Malware

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Mac, Malware, Threats & Vulnerabilities
It is a known fact that Apple is growing its market in smartphones to mac books by releasing powerful exciting and more productive products over the years. This made threat actors create more malware programs to target Apple’s products. If you have been following cybersecurity blogs or intelligence for a year, MacStealer, RustBucket, and DazzleSpy are a few good examples, which show how threat actors are actively working on macOS exploits. There is a new addition to this list. Atomic macOS Stealer Malware (AMOS Malware).   Cyble Research and Intelligence Labs (CRIL) recently uncovered a Telegram channel promoting a new information-stealing malware, dubbed Atomic macOS Stealer (AMOS). This malware is specifically engineered to target macOS users and pilfer sensitive information from their devices. The research team also reveals that the…
Read More