Silent Librarian APT right on schedule for 20/21 academic year

October 14, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, … Continue reading Silent Librarian APT right on schedule for 20/21 academic year

FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

October 14, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to … Continue reading FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks

Tyler Technologies Paid Ransomware Demand

October 14, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Tyler Tech Ransomware Attack Overview A couple of weeks ago, Tyler Technologies made it to the news after suffering a Tyler Technologies Paid Ransomware Demand on Latest Hacking News. View original article on Latest Hacking News

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

October 14, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of … Continue reading Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

October 14, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in … Continue reading Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

TryHackMe- LazyAdmin CTF Writeup (Detailed)

October 14, 2020October 14, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- CTF Writeup #3Welcome Folks!We are going to LazyAdmin CTF on TryHackMe. I hope you will like the writeup. There are 2 ways we will get root. Read along you’ll find them near the end.TryHackMe | LazyAdminLet’s dive in!! Enjoy the flow!!Deploy the machine.In the meantime when you are waiting for machine to be deployed, … Continue reading TryHackMe- LazyAdmin CTF Writeup (Detailed)

Self-Erasing Chips Can Potentially Help In Detecting Product Tampering

October 14, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Researchers have devised a way to detect counterfeit products. Specifically, they have created self-erasing chips that may help detect and Self-Erasing Chips Can Potentially Help In Detecting Product Tampering on Latest Hacking News. View original article on Latest Hacking News

Recipe for a successful phishing campaign (part 1/2)

October 13, 2020October 13, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- IntroductionPhishing attacks are great first-entry vectors with technical details which are frequently overlooked by both white and blackhat hackers.Having participated in multiple phishing campaigns over the years, both in offensive as well as defensive teams, I’ve learned from trial and error a lot of these things to pay attention to. This article … Continue reading Recipe for a successful phishing campaign (part 1/2)

XXE: Web App Security Basics

October 13, 2020October 13, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- XXE aka XML External Entity is an attack against an application which allows an XML input and an attacker can interfere with the application’s XML processing. In case of successful attack, the attacker can view file’s data on server, and many other attacks like path traversal, port scanning, denial of service … Continue reading XXE: Web App Security Basics

Google Removed Malicious Android Apps Showing Out-of-Context Ads

October 13, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Many more malicious Android apps flooded the Google Play Store. These apps targeted Android users with out-of-context and privacy intrusive Google Removed Malicious Android Apps Showing Out-of-Context Ads on Latest Hacking News. View original article on Latest Hacking News