Found 170 bookmarks
Custom sorting
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds
A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.
#businesswire#Juniper#EN#2022#Multi-factor#MFA#SMS#Research#Study#Authentication#Mobile
·businesswire.com·
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds
Raccoon Stealer: “Trash panda” abuses Telegram
Raccoon Stealer: “Trash panda” abuses Telegram
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
#avast#stealer#EN#2022#RaccoonStealer#Telegram#research#malware#passwordstealer
·decoded.avast.io·
Raccoon Stealer: “Trash panda” abuses Telegram
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Supply Chain Vulnerabilities Put Server Ecosystem At Risk
Supply Chain Vulnerabilities Put Server Ecosystem At Risk
BMC&C Eclypsium Research has discovered and reported 3 vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products. Server manufacturers…
#eclypsium#EN#2022#CVE-2022-40259#CVE-2022-40242#CVE-2022-2827#Research#AMI#BMC#MegaRAC#supply-chain#vulnerabilities#server
·eclypsium.com·
Supply Chain Vulnerabilities Put Server Ecosystem At Risk
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Threat actor RomCom RAT is now targeting Ukrainian military institutions. Known to deploy spoofed versions of popular software Advanced IP Scanner, once exposed, RomCom RAT switched to PDF Filler, another popular application, which indicates the group behind it is actively developing new capabilities.
#blackberry#EN#2022#Research#Unattributed#RomCom#Advanced-IP-Scanner#RAT
·blogs.blackberry.com·
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books. The malicious app was uploaded to VirusTotal where it triggered one of our YARA rules (used to classify and identify malware samples), which gave us the opportunity to analyze it.
#WeLiveSecurity#EN#2022#FurBall#APT-C-50#surveillance#Iran#research
·welivesecurity.com·
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
The Majority of PostgreSQL Servers on the Internet are Insecure
The Majority of PostgreSQL Servers on the Internet are Insecure
At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.
#innerjoin.bit.io#EN#2022#PostgreSQL#research#Insecure#internet#medium
·innerjoin.bit.io·
The Majority of PostgreSQL Servers on the Internet are Insecure
So RapperBot, What Ya Bruting For?
So RapperBot, What Ya Bruting For?
In June 2022, FortiGuard Labs encountered IoT malware samples with SSH-related strings, something not often seen in other IoT threat campaigns. What piqued our interest more was the size of the code referencing these strings in relation to the code used for DDoS attacks, which usually comprises most of the code in other variants.
#fortinet#EN#2022#RapperBot#research#threat#IoT#Mirai#SSH-2.0-HELLOWORLD#botnet
·fortinet.com·
So RapperBot, What Ya Bruting For?
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
MuddyWater’s “light” first-stager targetting Middle East
MuddyWater’s “light” first-stager targetting Middle East
Since the last quarter of 2020 MuddyWater has mantained a “long-term” infection campaign targeting Middle East countries. We have gathered samples from November 2020 to January 2022, and due to the recent samples found, it seems that this campaign might still be currently active. The latest campaigns of the Muddy Water threat group, allegedly sponsored by the Iranian government and linked to the Iranian revolutionary guard (the main armed forces of the Iranian government), could be framed within the dynamics of maintaining Iran’s regional sovereignty.
#lab52#EN#2022#muddywaters#research#Middle-East
·lab52.io·
MuddyWater’s “light” first-stager targetting Middle East
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
With the "Follina" / CVE-2022-30190 0day still hot, i.e., still waiting for an official fix while apparently already getting exploited by nation-backed attackers, another related unfixed vulnerability in Microsoft's Diagnostic Tool (MSDT) bubbled to the surface. In January 2020, security researcher Imre Rad published an article titled "The trouble with Microsoft’s Troubleshooters," describing a method for having a malicious executable file being saved to user's Startup folder, where it would subsequently get executed upon user's next login. What the user has to do for this to happen is open a "diagcab" file...
#0patch#EN#2022#Follina#diagcab#CVE-2022-30190#0-day#0day#Diagnostic#research
·blog.0patch.com·
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
At Grapl we believe that in order to build the best defensive system we need to deeply understand attacker behaviors. As part of that goal we're investing in offensive security research. Keep up with our blog for new research on high risk vulnerabilities, exploitation, and advanced threat tactics.
#Graplsecurity#en#2022#0-day#Linux#kernel#exploit#redteam#research
·graplsecurity.com·
Put an io_uring on it: Exploiting the Linux Kernel - Blog |
XLoader Botnet: Find Me If You Can
XLoader Botnet: Find Me If You Can
In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how XLoader emerged in the Darknet community to fill the empty niche after Formbook sales were abruptly stopped by its author. We did a deep technical analysis followed by a description of XLoader for macOS along with common points and differences in how both malware families conceal the heart of the whole operation, the Command-and-Control (C&C) infrastructure. However, the world does not stand still, and this applies to the malware cyber-world as well.
#checkpoint#EN#2022#XLoader#malware#Research
·research.checkpoint.com·
XLoader Botnet: Find Me If You Can