#attack Archives - Page 3 of 4 - Alireza Gharib Blog

January 9, 2025

How to Defend Against the Three Most Dangerous Cybersecurity Attacks

There are a lot of different hacking techniques to be aware of. At the time of publication, the MITRE ATT&CK framework identified some 236 hacking techniques across 14 different categories. Luckily, you don’t need to understand all these tactics to stay safe. Many are close variations of the same basic approach. The best cybersecurity tools…

#attack, #go, #hack, #tech, #un
January 9, 2025

Securing AWS Lambda | How Misconfigurations Can Lead to Lateral Movement

Learn how several misconfigurations and user-defined code issues in AWS Lambda could lead to potential credential theft and lateral movement. As serverless computing continues to revolutionize the cloud landscape, AWS Lambda has emerged as a pivotal service, offering a Function-as-a-Service (FaaS) model that allows developers to focus solely on code while AWS manages the underlying…

#attack, #author, #ict, #malicious, #secure
January 9, 2025

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

The expanding attack surface is creating more opportunities for exploitation and adding to the pressure on security leaders and teams. Increasingly, organizations are investing in managed detection and response services (MDR) to bolster their security operations center (SOC) and meet the challenge. Demand is growing rapidly: according to Frost & Sullivan, the market for MDR…

#attack, #azure, #cyberattack, #linkedin, #tech
January 9, 2025

LABScon24 Replay | The Ransomware Trust Paradox

Max Smeets explores how ransomware groups leverage public reporting and why we must disrupt the trust dynamic between threat actors and victims. In his Keynote talk at LABScon 24, Max Smeets explores how ransomware operators build a unique relationship between themselves and their victims. In contrast to most other threat actors, ransomware operators rely on…

#attack, #author, #ict, #military, #national-security
January 9, 2025

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management

Binarly’s Alex Matrosov and Fabio Pagani present PKfail, a firmware supply-chain security issue affecting major device vendors and hundreds of device models. Modern computing heavily relies on establishing and maintaining trust, which begins with trusted foundations and extends through operating systems and applications in a chain-like manner. This ensures that end users can confidently rely…

#attack, #author, #bypass, #secure, #tech
January 9, 2025

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

A loose collective of mostly low-skilled actors, CyberVolk absorbs and adapts a wide array of destructive malware for use against political targets. Executive Summary CyberVolk/GLORIAMIST is a hacktivist collective originating in India with pro-Russia leanings. Between June and October 2024, CyberVolk claimed responsibility for multiple ransomware attacks. The main objective of CyberVolk and related groups…

#82, #attack, #author, #browser, #bug, #opjp
January 9, 2025

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. Executive Summary SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. We assess with high confidence that the same actor is responsible for earlier attacks attributed to BlueNoroff and the RustDoor/ThiefBucket and RustBucket campaigns.…

#attack, #author, #browser, #bypass, #tech
January 9, 2025

Cloud Malware | A Threat Hunter’s Guide to Analysis, Techniques and Delivery

Learn about cloud threats, how to hunt for them and how to analyze them in this post based on Alex Delamotte’s recent LABScon workshop. As many researchers have noticed, malware in the cloud is different. Perhaps more strikingly different than Windows versus Linux threats, cloud services are targeted through entirely different methods altogether. At LABScon…

#attack, #ict, #investigation, #programming, #tech
January 9, 2025

Protecting Web-Based Work

This blog was originally published on Security Boulevard. Connecting People, Web Browsers and Security The web browser has transformed significantly in recent years, becoming one of the most used tools for work today. However, as organizations adopt hybrid work models and cloud-based operations, securing this work tool has proved a challenge. Security infrastructures haven’t evolved…

#attack, #author, #browser, #cyberattack, #ict
January 9, 2025

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East

Hot on the heels of the re-emergence of a more advanced NonEuclid RAT variant in the cyber threat arena, a novel malware iteration known as the Eagerbee backdoor poses an increasing threat to organizations in the Middle East, primarily targeting Internet Service Providers (ISPs) and state agencies. The enhanced EAGERBEE backdoor variant can deploy payloads,…

Cybersecurity, Security

#attack, #cyberattack, #cybersecurity, #hack, #internet, #security, #soc, #tech

Tag: #attack