Explore GreenCharlie’s expanding cyber threat against US political and government entities. Learn how this Iran-nexus group uses advanced phishing techniques and malware like GORBLE and POWERSTAR.
In this blog, the second in the series, you will learn about how to build a database of Bluetooth Low-Energy (BTLE) Generic Attribute (GATT) Universally Unique Identifiers (UUIDs) capable of...
Agave and Jito are Solana validator clients. Solana executes eBPF bytecode from an ELF file when being executed. The development toolchain aligns the ELF program. During the ELF sanitization...
Modern JS frameworks like react, Angular and Vue safeguard against XSS. If you want to include input as HTML, there are mechanisms to do this but are dangerous. Vue.js uses the mustache template...
Jetpack Compose is a new way for building UIs in Android, replacing the fragments style. Now, navigation between screens represents composable functions. Hence, the Jetpack Navigation library is...
Soko is Go software for publishing Gentoo Linux packages. It uses an ORM which should in theory make us safe against SQL injection attacks. However, the code authors were misusing the prepared...
The Threshold Network is a collection of various services that use threshold cryptography by relying on multiple secret keepers. One of these services is tBTC that bridges native assets. The...
The Apache HTTP server is constructed with modules, with 136 listed in the documentation and about half that are in normal use. To the author this, there was a bad code smell: a giant request_rec...
Browsers can request any data via HTTP using JavaScript. From a website, it's possible to make requests to items on the local network, such as localhost. Should this be allowed? IP scanning and...
ControlLogix 1756 is a series of programmable automation controllers from Rockwell for highly scalable industrial automation. This device is a chassis component that servers as the enclosure for...
Researchers have discovered a new PostgreSQL malware called PG_MEM, which uses brute force attacks to access databases, hide its operations, and mine cryptocurrency. The attack involves creating a...
A newly discovered backdoor, dubbed Backdoor.Msupedge, was used in an attack on a Taiwanese university, leveraging an unusual communication method through DNS traffic to reach its...
James Kettle published research on exploiting race conditions more relably by putting things in the same packet. However, the author of this post ran into a limitation of this - the allowed for...
Advice for tackling and completing these major projects, including metrics, alerts, and prevention strategies.
Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme
IntroductionRansomware attacks are becoming increasingly damaging, but one thing remains consistent: the tools these cybercriminals rely on. The Ransomware Tool Matrix is a comprehensive resource...
Wiz is now the fastest company to be listed FedRAMP Moderate Authorized on the FedRAMP Marketplace, making it easier for government agencies to effectively protect their cloud environment with Wiz’s CNAPP
China’s military and defense industry have prioritized the development of amphibious armored vehicles with high water speed (HWS) capabilities in preparation for potential Taiwan invasion scenarios.
Researchers uncovered an extortion campaign that exploited exposed environment variable files (.env) in cloud environments. These files, which contained sensitive credentials, were accessed and...
Google’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.
Our next steps and hope for the industry.
Researchers identified a new variant of the Gafgyt botnet targeting cloud-native environments by exploiting weak SSH passwords. This variant integrates cryptomining with traditional botnet...
Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data
What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance?
Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! Table of Contents: Summary Analysts Adversary Infrastructure Capability Victim Indicators Summary In this report, we...
Unsurprisingly, many discussions revolved around the implications of the CrowdStrike outage, including the lessons it may have offered for bad actors
In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated
In May 2024, CrowdStrike observed the cyber threat group Scattered Spider establish a foothold on a cloud-hosted virtual machine (VM) using a cloud service VM management agent. The attackers...
Earth Baku, a threat actor linked to APT41, has extended its operations beyond the Indo-Pacific, targeting regions across Europe, the Middle East, and Africa, including countries such as Italy,...
Between late June 2023 and early August 2023, CrowdStrike detected suspicious activity at a South Asian telecommunications provider linked to the China-based threat group Horde Panda. The...