Threat intelligence to protect vulnerable communities

Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint […]

The post Threat intelligence to protect vulnerable communities appeared first on Security Intelligence.

Continue reading Threat intelligence to protect vulnerable communities

Audio-jacking: Using generative AI to distort live audio transactions

While the evolution of LLMs mark a new era of AI, we must be mindful that new technologies come with new risks. Explore one such risk called “audio-jacking.”

The post Audio-jacking: Using generative AI to distort live audio transactions appeared first on Security Intelligence.

Continue reading Audio-jacking: Using generative AI to distort live audio transactions

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

Being part of the Adversary Services team at IBM, it is important to keep your skills up to date and learn new things constantly. macOS security was one field where I decided to put more effort this year to further improve my exploitation and operation skills in macOS environments. During my research, I decided to […]

The post Exploiting GOG Galaxy XPC service for privilege escalation in macOS appeared first on Security Intelligence.

Continue reading Exploiting GOG Galaxy XPC service for privilege escalation in macOS

Empowering cybersecurity leadership: Strategies for effective Board engagement

With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are – serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why […]

The post Empowering cybersecurity leadership: Strategies for effective Board engagement appeared first on Security Intelligence.

Continue reading Empowering cybersecurity leadership: Strategies for effective Board engagement

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

Recent analysis of Hive0051 has identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware.

The post Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing appeared first on Security Intelligence.

Continue reading Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

AI vs. human deceit: Unravelling the new age of phishing tactics

Attackers seem to innovate nearly as fast as technology develops. Day by day, both technology and threats surge forward. Now, as we enter the AI era, machines not only mimic human behavior but also permeate nearly every facet of our lives. Yet, despite the mounting anxiety about AI’s implications, the full extent of its potential […]

The post AI vs. human deceit: Unravelling the new age of phishing tactics appeared first on Security Intelligence.

Continue reading AI vs. human deceit: Unravelling the new age of phishing tactics

Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service

Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a […]

The post Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service appeared first on Security Intelligence.

Continue reading Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service

Reflective call stack detections and evasions

In a blog published this March, we explored reflective loading through the lens of an offensive security tool developer, highlighting detection and evasion opportunities along the way. This time we are diving into call stack detections and evasions, and how BokuLoader reflectively loads call stack spoofing capabilities into beacon. We created this blog and public […]

The post Reflective call stack detections and evasions appeared first on Security Intelligence.

Continue reading Reflective call stack detections and evasions

X-Force uncovers global NetScaler Gateway credential harvesting campaign

This post was made possible through the contributions of Bastien Lardy and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The […]

The post X-Force uncovers global NetScaler Gateway credential harvesting campaign appeared first on Security Intelligence.

Continue reading X-Force uncovers global NetScaler Gateway credential harvesting campaign

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still […]

The post “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments appeared first on Security Intelligence.

Continue reading “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments