Advanced Threats – Page 3 – WindowsTechs.com

The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have

Posted on September 1, 2021 by Mark Stone

The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications. The […]

The post The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have appeared first on Security Intelligence.

Continue reading The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have→

Red & Blue: United We Stand

Posted on August 26, 2021 by Abby Ross

Offensive and defensive security are typically viewed as opposite sides of the same fence. On one side, the offensive team aims to prevent attackers from compromising an organization, whereas on the other side the defensive team aims to stop attackers once they are inside. The fence, metaphorically speaking, is the adversary. The adversary’s moves, motives […]

The post Red & Blue: United We Stand appeared first on Security Intelligence.

Continue reading Red & Blue: United We Stand→

How to Protect Yourself From a Server-Side Template Injection Attack

Posted on August 24, 2021 by Ramandeep Kaur

Server-side templates provide an easy method of managing the dynamic generation of HTML code. But they can also fall victim to server-side template injection (SSTI). Take a look at the basics of server-side web templates, and how to detect, identify and mitigate SSTI in web applications. Server-side templates allow developers to pre-populate a web page […]

The post How to Protect Yourself From a Server-Side Template Injection Attack appeared first on Security Intelligence.

Continue reading How to Protect Yourself From a Server-Side Template Injection Attack→

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Posted on August 18, 2021 by John Dwyer

Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […]

The post Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon appeared first on Security Intelligence.

Continue reading Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon→

Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

Posted on August 17, 2021 by Charlotte Hammond

Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […]

The post Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang appeared first on Security Intelligence.

Continue reading Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang→

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

Posted on August 4, 2021 by Allison Wikoff

This blog supplements a Black Hat USA 2021 talk given August 2021. IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […]

The post ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group appeared first on Security Intelligence.

Continue reading ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group→

Beyond Ransomware: Four Threats Facing Companies Today

Posted on July 21, 2021 by Douglas Bonderud

The recent DarkSide attack makes it clear: no system is safe from ransomware. And while the attackers say they weren’t out to hurt anyone, only to make money, the impact is the same. It could lead to potential disruptions of critical services across the country. At the same time, it stokes fears that similar attacks […]

The post Beyond Ransomware: Four Threats Facing Companies Today appeared first on Security Intelligence.

Continue reading Beyond Ransomware: Four Threats Facing Companies Today→

FragAttacks: Everything You Need to Know

Posted on July 19, 2021 by Mike Elgan

A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity world because people only recently discovered and described them. Researchers unveiled the details on May […]

The post FragAttacks: Everything You Need to Know appeared first on Security Intelligence.

Continue reading FragAttacks: Everything You Need to Know→

Cyber Insurers Might Be Making the Ransomware Problem Worse

Posted on July 16, 2021 by David Bisson

In mid-May, one of the largest insurance companies in the U.S. paid $40 million to ransomware attackers. Two people familiar with the matter told Bloomberg that the malicious actors stole an undisclosed quantity of data and then effectively locked the insurer out of its network for two weeks. The company ignored the attackers’ demands at […]

The post Cyber Insurers Might Be Making the Ransomware Problem Worse appeared first on Security Intelligence.

Continue reading Cyber Insurers Might Be Making the Ransomware Problem Worse→

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

Posted on July 12, 2021 by Melissa Frydrych

In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of […]

The post RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation appeared first on Security Intelligence.

Continue reading RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation→