Security Research – Page 20

Symantec reveals state-sponsored group that doesn’t care for malware

Posted on October 10, 2018 by Sean Lyngaas

A newly revealed hacking group has been going after diplomatic and military targets in a malware-less campaign that researchers say makes it difficult to detect. Over the last 10 months, the so-called Gallmaker group has conducted what appear to be cyber-espionage operations against several embassies belonging to an Eastern European country, according to research from cybersecurity company Symantec published Wednesday. The group, which researchers say is likely state-sponsored, has also targeted military and defense organizations in the Middle East. “The type of targets seen in the attacks really fit that of what an espionage group would be interested in,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told CyberScoop. “If simply for financial gain, it would be odd to restrict targets to diplomatic, military and defense personnel.” Gallmaker’s end goal appears to collecting intelligence on its targets in the form of documents and communications, according to DiMaggio. Gallmaker’s hackers use […]

The post Symantec reveals state-sponsored group that doesn’t care for malware appeared first on Cyberscoop.

Continue reading Symantec reveals state-sponsored group that doesn’t care for malware→

DEF CON founder says there’s a ‘civil war’ at voting vendors over security

Posted on September 28, 2018 by Sean Lyngaas

There is a “civil war’ going on at big U.S. voting-equipment vendors between employees who want to proactively address security vulnerabilities and those who stubbornly oppose doing that, according to DEF CON founder Jeff Moss. “Half the company wants to deny that there’s any problem and to do things on their own timescale and basically soldier on,” Moss said Thursday, while the other half typically includes “younger engineers who think this is a great opportunity to make a change” in how the company approaches cybersecurity. He spoke on Capitol Hill at the rollout of the DEF CON Voting Village report, which highlighted a decade-old vulnerability in a ballot-counting machine used in more than half the states. Moss, a cybersecurity expert and outside adviser to the Department of Homeland Security, told CyberScoop that the opposing impulses at voting-equipment vendors could force some engineers to leave the companies. Engineers who have reached […]

The post DEF CON founder says there’s a ‘civil war’ at voting vendors over security appeared first on Cyberscoop.

Continue reading DEF CON founder says there’s a ‘civil war’ at voting vendors over security→

SKREAM: Kernel-Mode Exploits Mitigations For the Rest of Us

Posted on September 27, 2018 by Yarden Shafir and Assaf Carlsbad

This article presents a Windows kernel exploitation technique and suggests a method to mitigate the vulnerability that enables it
The post SKREAM: Kernel-Mode Exploits Mitigations For the Rest of Us appeared first on Security Boulevard.
Continue reading SKREAM: Kernel-Mode Exploits Mitigations For the Rest of Us→

Sen. Rubio wants answers from Apple on privacy-violating app

Posted on September 19, 2018 by Sean Lyngaas

Earlier this month, news broke that one of Apple’s most popular paid applications had been surreptitiously collecting user data and browser history and sending it to a server in China. On Wednesday, Sen. Marco Rubio wrote to Apple demanding answers on why it reportedly took the tech giant weeks to address the issue. “For a company that prides itself on prioritizing user privacy and security, this delayed response is extremely disconcerting,” Rubio, R-Fla., wrote to Apple CEO Tim Cook. The application in question is Adware Doctor, a scanning tool that offers to remove adware from Mac computers. After security researchers published evidence on Sept. 7 that Adware Doctor was violating Apple’s data collection and storage rules, the company pulled it from the Mac App Store. But that was nearly a month after researcher @privacyis1st said he alerted Apple to the issue. Rubio, who has repeatedly raised national security concerns about technology […]

The post Sen. Rubio wants answers from Apple on privacy-violating app appeared first on Cyberscoop.

Continue reading Sen. Rubio wants answers from Apple on privacy-violating app→

Meterpreter – An Advanced and Powerful Metasploit Payload

Posted on September 6, 2018 by Gal Abadi

Meterpreter is a powerful tool used both by pentesters and cyber criminals. See a demo how SentinelOne is detecting and blocking Meterpreter attempt
The post Meterpreter – An Advanced and Powerful Metasploit Payload appeared first on Security Boulevard… Continue reading Meterpreter – An Advanced and Powerful Metasploit Payload→

Browser Cookie Jar: The Pilferage

Posted on August 17, 2018 by Marc Handelman

via Cory Doctorow, comes this fascinating stoy of academicians exercising superlative research and detection skills in the effort to understand – in excrutiatingly intense detail – the true nature of cookie policies, in this case third-party cookie po… Continue reading Browser Cookie Jar: The Pilferage→

The Foreshadow Attack: Intel On The Ropes

Posted on August 15, 2018 by Marc Handelman

Is Intel Corporation (Nasdaq:INTC) Down and Out, or Just Down? As always you be the judge…
Permalink
The post The Foreshadow Attack: Intel On The Ropes appeared first on Security Boulevard.
Continue reading The Foreshadow Attack: Intel On The Ropes→

DNSMessenger PowerShell Malware Analysis

Posted on August 14, 2018 by Alex Kuo

A walkthrough of known PowerShell malware named DNSMessenger, a multi-stage malware trying to evade detection and to use DNS communication to gain control of a victim machine
The post DNSMessenger PowerShell Malware Analysis appeared first on Security … Continue reading DNSMessenger PowerShell Malware Analysis→

Alejandro Hernandez’s Exposing Security Weakness in Stock Trading Tech

Posted on August 10, 2018 by Marc Handelman

via the White Paper mentioned herein.
Superlative security research is still coming out of the IOActive game-changing environment (this has been going on for years now – how do they do it…).
Case in Point: The work of Alejandro Hernandez and his cu… Continue reading Alejandro Hernandez’s Exposing Security Weakness in Stock Trading Tech→

DNSMessenger PowerShell Malware Analysis

Posted on August 8, 2018 by Aviram Shmueli

In this blog post I’ll cover some interesting insights extracted by analysing the DNSMessenger malware. I’ll go through the results of my analysis and talk about the methods I used and thought processes at each step. Extracting the Source C… Continue reading DNSMessenger PowerShell Malware Analysis→