Threat Research – Page 2 – WindowsTechs.com

X-Force Identifies Vulnerability in IoT Platform

Posted on April 5, 2023 by Katherine Bianco Vega

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a […]

The post X-Force Identifies Vulnerability in IoT Platform appeared first on Security Intelligence.

Continue reading X-Force Identifies Vulnerability in IoT Platform→

X-Force Prevents Zero Day from Going Anywhere

Posted on March 30, 2023 by John Dwyer

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While […]

The post X-Force Prevents Zero Day from Going Anywhere appeared first on Security Intelligence.

Continue reading X-Force Prevents Zero Day from Going Anywhere→

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

Posted on March 21, 2023 by Valentina Palmiotti

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption […]

The post Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours appeared first on Security Intelligence.

Continue reading Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours→

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

Posted on March 20, 2023 by John Dwyer

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]

The post When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule appeared first on Security Intelligence.

Continue reading When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule→

Defining the Cobalt Strike Reflective Loader

Posted on March 10, 2023 by Bobby Cooke

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams […]

The post Defining the Cobalt Strike Reflective Loader appeared first on Security Intelligence.

Continue reading Defining the Cobalt Strike Reflective Loader→

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Posted on February 22, 2023 by Mitch Mayne

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands […]

The post Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023 appeared first on Security Intelligence.

Continue reading Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023→

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Posted on February 21, 2023 by Ruben Boonen

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put […]

The post Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers appeared first on Security Intelligence.

Continue reading Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers→

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

Posted on January 20, 2023 by Valentina Palmiotti

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but […]

The post Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” appeared first on Security Intelligence.

Continue reading Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”→

Self-Checkout This Discord C2

Posted on January 17, 2023 by John Dwyer

In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated […]

The post Self-Checkout This Discord C2 appeared first on Security Intelligence.

Continue reading Self-Checkout This Discord C2→

A View Into Web(View) Attacks in Android

Posted on January 11, 2023 by Shahar Tavor

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware […]

The post A View Into Web(View) Attacks in Android appeared first on Security Intelligence.

Continue reading A View Into Web(View) Attacks in Android→