Category Archives: Cyber Security

Email Security: What is credential phishing?

Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:

  • Microsoft Outlook Web Access (OWA) and other corporate web-based email services
  • Free webmail services (e.g., Gmail, Yahoo, Hotmail)
  • Cloud-based sync and sharing services (e.g., DropBox, Box)
  • Online shopping (Apple ID, Amazon, etc) and loyalty program logins 

The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.

Credential phishing is one of most successful social engineering technique to target larger organizations.

CyberNews: Top Vulnerabilities this week

Following Vulnerabilities: 

CVE-2020-16898 — There’s an RCE in the Windows TCP/IP stack related to the handling of ICMPv6 Router Advertisements More 

CVE-2020-16898 Highlights

  • Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
  • This can only be exploited from the local subnet.
  • But it may lead to remote code execution / BSOD
  • PoC exploit is easy, but actual RCE is hard.
  • Patch

Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday. 800,000 SonicWall VPNs are vulnerable to an RCE.

Discord Desktop app RCE

A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Program.

The RCE I found was an interesting one because it is achieved by combining multiple bugs. In this article, I’d like to share the details.. More

Multiple vulnerabilities have been discovered in #Magento CMS, the most severe of which could allow for arbitrary code execution. More

Ransomware Facts, Trends & Statistics for 2020

Abstract

The following facts, statistics, and trends will help you realize how imminent the ransom threat is to your business and personal life.

Ransomware Facts, Trends & Statistics for 2020

Some hackers even corrupt and delete a company’s files while they await the ransom payment, just to show that they’re serious. Regardless of the cyber criminal’s ultimate actions, the actual cost of ransomware goes beyond just the payout.

Ransomware Facts, Trends & Statistics for 2020

Read more in

https://www.safetydetectives.com/blog/ransomware-statistics/

MacOS Forensic: How to compare malware app (.dmg) with authentic app in MacOS

Let’s consider a scenario in which you as security analyst needs to investigate if a particular endpoint (laptop, desktop or server) has downloaded a malware flash player. Let’s assume you have endpoint protection in your organization and you have received an alert regarding downloaded malware in ‘X’ Machine.

In most of the cases, you would get enough details in endpoint protection software itself however if you are interested in knowing malware behaviour or what is this new malware does then you would following steps:

  • Download fake malware flash player from virus total and also download authentic flash player from adobe site. You can find malware from virus total as well but that is premium service.
  • Open two command prompts side by side and type command like below image. In below snapshot, I have shown how to find metadata info about any dmg file.
codesign -dvv <file-name>

You can check the same code sign information on fake dmg file and compare it. You will get to know a lot of details.

Another method malware vs real Mac OS App

Another good method is to check contents of app. Basically, you have to compare folder & files within each Mac OS application In order to do that follow below steps:

  • Open malware & authentic app by double click and in Mac OS finder windows. Once it is open it like below image..

Right click on app and use “Show Package Contents”. Do it same for authentic app too and compare the folder structure.

This is a bit of forensics about how to extract metadata & details about malware. I hope this helps.

CrimeOps: The Operational Art of Cyber Crime

As we all know that if cyber crime is country, it may Be the World’s Third-Largest Economy by 2021 and it is interesting to see how organize cyber crime is evolving. There is an article published last month which explains how cyber crime is a big business & how cyber criminals are build from HR, Finance, Project management departments to get things done.

Good Read

CrimeOps: The Operational Art of Cyber Crime

Abstract

Their business… is crime! And every business needs business goals, so I wrote a mock FIN7 mission statement:

Our mission is to proactively leverage existing long-term, high-impact growth strategies so that we may deliver the kind of results on the bottom line that our investors expect and deserve.

How does FIN7 actualize this vision? This is CrimeOps:

  • Repeatable business process 
  • CrimeBosses manage workers, projects, data and money.
  • CrimeBosses don’t manage technical innovation. They use incremental improvement to TTP to remain effective, but no more 
  • Frontline workers don’t need to innovate (because the process is repeatable)