X-Force – Page 2 – WindowsTechs.com

X-Force uncovers global NetScaler Gateway credential harvesting campaign

Posted on October 6, 2023 by John Dwyer

This post was made possible through the contributions of Bastien Lardy and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The […]

The post X-Force uncovers global NetScaler Gateway credential harvesting campaign appeared first on Security Intelligence.

Continue reading X-Force uncovers global NetScaler Gateway credential harvesting campaign→

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

Posted on September 13, 2023 by Chris Caridi

Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still […]

The post “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments appeared first on Security Intelligence.

Continue reading “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments→

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

Posted on September 12, 2023 by Ole Villadsen

IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. Explore the analysis.

The post Email campaigns leverage updated DBatLoader to deliver RATs, stealers appeared first on Security Intelligence.

Continue reading Email campaigns leverage updated DBatLoader to deliver RATs, stealers→

X-Force releases detection & response framework for managed file transfer software

Posted on August 9, 2023 by John Dwyer

How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response […]

The post X-Force releases detection & response framework for managed file transfer software appeared first on Security Intelligence.

Continue reading X-Force releases detection & response framework for managed file transfer software→

Databases beware: Abusing Microsoft SQL Server with SQLRecon

Posted on August 7, 2023 by Sanjiv Kawa

Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, […]

The post Databases beware: Abusing Microsoft SQL Server with SQLRecon appeared first on Security Intelligence.

Continue reading Databases beware: Abusing Microsoft SQL Server with SQLRecon→

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

Posted on August 3, 2023 by Charles Henderson

Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek […]

The post Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub appeared first on Security Intelligence.

Continue reading Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub→

MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

Posted on August 2, 2023 by Valentina Palmiotti

The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and […]

The post MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis appeared first on Security Intelligence.

Continue reading MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis→

Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

Posted on July 18, 2023 by John Dwyer

This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker […]

The post Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain appeared first on Security Intelligence.

Continue reading Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain→

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Posted on July 14, 2023 by Melissa Frydrych

In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations […]

The post BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan appeared first on Security Intelligence.

Continue reading BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan→

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

Posted on June 28, 2023 by Joshua Magri

In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living […]

The post Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution appeared first on Security Intelligence.

Continue reading Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution→