Surviving college distance learning during the pandemic: a cybersecurity guide

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Social distancing, the wearing of face masks, practicing hand hygiene, and disinfecting often-touched surfaces have become human necessities during the pandemic era. For schools, they’ve also had to adapt quickly to incorporate distance learning methods that let students continue their studies. But being in crisis management mode didn’t give higher educational institutions much … Continue reading Surviving college distance learning during the pandemic: a cybersecurity guide

Evading Filters to perform the Arbitrary URL Redirection Attack

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a common web vulnerability that allows an attacker to redirect the victim user to an attacker-controlled domain. This attack can leveraged to steal sensitive information such as tokens, perform social engineering, and other attacks.The Arbitrary URL Redirection … Continue reading Evading Filters to perform the Arbitrary URL Redirection Attack

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

~ Dade Murphy ~ Leave a comment

The Hacker News-- A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities. "CostaRicto … Continue reading Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) … Continue reading Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, widely used software suite restaurants, and hospitality … Continue reading New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

MISSIONS — The Next Level of Interactive Developer Security Training

~ Dade Murphy ~ Leave a comment

The Hacker News-- If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their … Continue reading MISSIONS — The Next Level of Interactive Developer Security Training