Collaborate Disseminate
We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities.
Every other week, the attackers int… Continue reading A New Wave of Buggy WordPress Infections
I need to store a key (symmetric-key cryptography) within my C++ application binary (based on OpenCV) so that the key as unidentifiable as possible. Can someone help me choose the key so that is secure and it will be difficul… Continue reading Prevent finding key in C++ application binary
Reading Time: 4 minutes If CISOs could make one cybersecurity issue vanish, malware would top the list. While there’s no silver-bullet solutions, the world of magic offers insights for effective malware prevention.
The post Disappearing Act: What Magic Tricks Can Teach CISOs About Malware Prevention appeared first on Security Intelligence.
Continue reading Disappearing Act: What Magic Tricks Can Teach CISOs About Malware Prevention
I encountered an email from someone with an HTML attachment (the user is somewhat trusted). I by mistake clicked on the attachment in Gmail but immediately closed the new window. On viewing the source code it looks like there… Continue reading Suspected phishing attack – is this obfuscated JavaScript dangerous? [on hold]
We have a client that runs some native (C++) code on both Android and iOS, to mitigate MITM attacks we use certificate pinning.
This means that the binary includes some strings (const char * const bla = “XXXXXXXXXX”) that id… Continue reading Obfuscating "sensetive" strings in mobile client
We have a client that runs some native (C++) code on both Android and iOS, to mitigate MITM attacks we use certificate pinning.
This means that the binary includes some strings (const char * const bla = “XXXXXXXXXX”) that id… Continue reading Obfuscating "sensetive" strings in mobile client
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this:
It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://li… Continue reading Magento Skimmers: From Atob to Alibaba
I am currently working on a form of backup software that supports encryption but also maintains the directory structure of the encrypted files and folders so that it is also decryptable and easily accessible on mobile. The pr… Continue reading How to obfuscate the structure of an encrypted directory to an outsider while maintaining the original directory structure to the intended user?
Need recommendations for security best practices for the JS/HTML/CSS code in hybrid mobile applications.
The javascript code in a hybrid mobile application built on a platform like Cordova, Ionic, IBM Worklight etc. contain… Continue reading Obfuscation for Hybrid Mobile Applications [on hold]
I’ve been reading a lot about how AVs use different heuristic methods to detect obfuscated malware and it seems like some of these methods are very time/processor intensive. For example, to detect encrypted malware AVs will s… Continue reading Are there types of malware that are so time-intensive to detect that AV vendors simply choose to not detect them?