What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-08 15:11:19 | Record breaking DDoS Potential Discovered: CVE-2022-26143 (lien direct) | CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector Executive summary A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks. Security researchers, network operators, and security vendors observed these attacks and formed a task force to investigate the [...] | |||
|
2022-02-03 16:46:48 | Expert Analyst Insight into North Korean \'Internet Outages\' (lien direct) | The first month of 2022 saw the return of North Korean ballistic missile testing. Reports of several launches coincided with news of internet outages. This sequence of outages should peak interest due to the apparent impact on a variety of internet-facing assets of the Democratic People’s Republic of Korea (DPRK). Whilst we can speculate about [...] | |||
|
2022-01-26 15:49:49 | Analysis of a Management IP Address linked to Molerats APT (lien direct) | Key Findings Higher order infrastructure, utilizing IP addresses assigned to Palestinian providers, identified for the Molerats APT group Additional ‘attacker’ hosts identified (23.237.73[.]126 and 45.128.73[.]179), used to target entities in Israel and Saudi Arabia. Introduction On 20 January 2022, Zscaler released a research blog detailing a Molerats espionage campaign against targets in the Middle [...] | |||
|
2021-12-21 20:54:02 | The Biggest Cyber Security Developments in 2021 (lien direct) | As we charge towards another new year, we decided to pulse our threat intelligence team (@teamcymru_s2) for their views on what they perceive to be the biggest developments in cyber security over the past twelve months. Whilst this blog is a retrospective of recent events, it is also written with one eye on 2022 and [...] | Threat | ||
|
2021-11-12 13:40:54 | Interviews from The Underground Economy Conference – Part 6 (lien direct) | Welcome to the final post in the series of interviews from the underground economy conference. WHAT WE ASKED… Did you ever think you would be doing this as a child? How can the Internet Security community collaborate to improve online safety for children? How do we convince young people not to fall for the dark-side of the [...] | |||
|
2021-11-03 14:19:09 | Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns (lien direct) | The contents of this blog were shared with Team Cymru's community partners in the first half of 2021 and were subsequently presented by our analysts at RISE Las Vegas (September 2021). Much has been written about the role of webinjects in the evolution of banking trojans, facilitating the interception and manipulation of victim connections to [...] | Threat | ||
|
2021-10-14 16:21:45 | Interviews from The Underground Economy Conference – Part 5, IoT Security (lien direct) | From Las Vegas: We recently returned to hosting our live conferences! We have missed you, and we’re happy some of you were able to join us this past week! This RISE-USA conference did not disappoint! Our conference presentations were poignant and timely, engaging and informative. From the most impactful takedown in recent history to state-sponsored [...] | |||
|
2021-10-07 13:47:47 | Apache Vulnerability allows RCE and Path Traversal (lien direct) | October 5, CVE-2021-41773 made rounds through news, the blogosphere and twitterverse. We now see public POCs (proofs of concept) showing how to exploit this issue. Please pay attention to this vulnerability! Servers running Apache 2.4.49 may be exposed to remote code execution (RCE) and path traversal. RCE will allow attackers to run commands on your [...] | Vulnerability | ||
|
2021-10-05 16:00:48 | Collaborative Research on the CONTI Ransomware Group (lien direct) | Ransomware remains one of the pre-eminent cyber threats, with the evolution in tactics, techniques and procedures (TTPs) amongst threat actor groups over recent years upping the stakes for both victims and defenders. In addition to Team Cymru's involvement with the Ransomware Task Force, our analysts have also been collaborating over recent months with a [...] | Ransomware Threat | ||
|
2021-08-24 15:51:23 | Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting (lien direct) | In recent months, we've seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs [...] | Malware Threat | ||
|
2021-08-12 00:00:04 | MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan (lien direct) | Having last looked at the MoqHao (or Roaming Mantis) malware family in January 2021, we decided to take another look at activities of this threat group. MoqHao targets Android users, usually via an initial attack vector of phishing SMS messages, with a particular focus on Japan, South Korea and Taiwan (although MoqHao's focus continues [...] | Malware Threat | ||
|
2021-08-09 17:53:20 | Team Cymru\'s Threat Hunting Maturity Model Explained (lien direct) | Introduction to the Series In this four part series we'll be looking at Team Cymru's Threat Hunting Maturity Model. Its purpose is to define each step of the journey that organizations take to hire, empower and gain value from an elite threat hunting team. This series is aimed at those who may not be deeply [...] | Threat | ||
|
2021-07-26 20:47:01 | Interviews from The Underground Economy Conference – Part 4 (lien direct) | WHAT WE ASKED… What do you enjoy about Information Security? How do you balance the workload between your security job and personal life? As a security practitioner, how do you protect your personal data? Q: What do you enjoy about Information Security? A: “What I like, basically what my mother taught me to do through [...] | |||
|
2021-06-14 12:24:38 | Threat Reconnaissance, or Bust? (lien direct) | It's widely acknowledged that the role of CISO is one of the most stressful in the world of Cyber. Not only do they have to create, launch and run a complex program of defensive measures, there really is no telling what cyber related risks and threats lie around the corner, adding further pressure to them [...] | |||
|
2021-06-04 19:43:55 | Interviews from The Underground Economy Conference – Part 3 (lien direct) | Team Cymru holds four conferences per year, three Regional Internet Security Conferences and an annual conference called Underground Economy. If you are interested in applying for admittance to one of our events, please visit our events page. In 2019, we interviewed several of our veteran Underground Economy attendees. The following is Part 3 of our [...] | |||
|
2021-05-19 16:45:35 | Tracking BokBot Infrastructure (lien direct) | Co-authored by Josh Hopkins, Andy Kraus and Nick Byers BokBot (also known as IcedID) started life as a banking trojan using man-in-the-browser attacks to steal credentials from online banking sessions and initiate fraudulent transactions. Over time, the operator(s) of BokBot have also developed its use as a delivery mechanism for other malware, in particular [...] | |||
|
2021-05-14 12:45:45 | The Value of Near-Real-Time Visibility into Scanner Activity (lien direct) | Most people who have ever looked at a firewall log will have noticed scanning activity. Any system connected with an external facing IP address will at some stage receive probes for open ports. Depending on the port type, a bruteforce attempt might happen to get system access, or a vulnerability in the associated service exploited. [...] | Vulnerability | ||
|
2021-05-06 18:44:11 | The Tide is Turning for External Threat Hunting (lien direct) | Forrester has called out Team Cymru within two distinct categories in their newly published Tech Tide™: Threat Intelligence, Q2 2021Report, so what has changed? In this blog, we'll briefly explain why we feature in each category, and what advantages each of these has to your organization. The categories are Threat Intelligence Feeds and Internet Infrastructure [...] | Threat | ||
|
2021-04-29 10:01:46 | Approaching Ransomware with a Fresh Perspective (lien direct) | I am honored to represent Team Cymru on the Ransomware Task Force (RTF). The Ransomware Task Force is a collection of security and policy experts spanning several countries, organized by the Institute for Security Technology and led by my friend, Phil Rainer. The motivation is simple: we aren’t OK with ransomware ransacking innocent victims. We [...] | Ransomware | ||
|
2021-04-16 15:00:29 | Transparent Tribe APT Infrastructure Mapping (lien direct) | Introduction Transparent Tribe (APT36, Mythic Leopard, ProjectM, Operation C-Major) is the name given to a threat actor group largely targeting Indian entities and assets. Transparent Tribe has also been known to target entities in Afghanistan and social activists in Pakistan, the latter of which lean towards the assumed attribution of Pakistani intelligence. Tools used [...] | Threat | APT 36 | |
|
2021-04-08 18:46:12 | Interviews from The Underground Economy Conference – Part 2 (lien direct) | Underground Economy (UE), our threat intelligence, cyber security and cyber crime conference, is slated for November 2-4 in Strasbourg, and we are taking attendance applications now. You can learn about how to apply for admittance and how to submit a proposal here. Below is Part 2 of our interviews from UE 2019. WHAT WE [...] | Threat | ||
|
2021-04-01 18:09:26 | Underground Economy Conference, Co-Hosted by Council of Europe (lien direct) | Apply early for our threat intelligence, cyber crime and cyber security conference. We are planning to hold UE21 from 2nd to 4th November, 2021 in Strasbourg, France and the application process is now open. As always, attendance is restricted, so get your application in now. It will be the same format [...] | Threat | ||
|
2021-03-15 15:41:42 | FIN8: BADHATCH Threat Indicator Enrichment (lien direct) | INTRODUCTION Last week (10 March 2021), Bitdefender released a whitepaper on the recent activities of the FIN8 threat actor group, focusing particularly on their BADHATCH toolkit[1]. The research found that FIN8, a financially motivated group, had used this toolkit to target victims in the chemicals, insurance, retail and technology sectors. We’ve expanded on Bitdefender's [...] | Threat | ||
|
2021-03-12 19:55:34 | Interviews from The Underground Economy Conference – Part 1 (lien direct) | When we used to run events, the biggest one ever was The Underground Economy (UE) which was took place at the Council of Europe in Strasbourg, France. With restrictions being lifted, we look forward to starting our annual event series again, starting with The Underground Economy. It’s a 3-day event in early November 2021 at [...] | |||
|
2021-02-16 19:54:16 | dnsmasq Vulnerability Mapping (lien direct) | Team, Last week, the team at CMU CERT Coordination Center updated a Vulnerability Note regarding Dnsmasq. Dnsmasq is an incredibly popular and widely deployed DNS resolver software found as part of IoT, embedded, and SOHO router deployments around the world. This specific attack is interesting, because it can be used to not only [...] | Vulnerability | ★★★ | |
|
2021-02-05 15:49:02 | Kobalos Malware Mapping (lien direct) | On February2nd the great team at ESET released their findings on malware being used to compromise UNIX-like systems, including various distributions of Linux and also FreeBSD, named Kobalos. Malware that targets these platforms is always of great interest to me. Having started my career in high performance computing (HPC) and then having moved [...] | Malware | ||
|
2021-01-27 16:07:03 | Taking Down Emotet (lien direct) | On Tuesday, January 26, 2021, available controllers talking like Emotet Tier 1 controllers dropped to zero. Team Cymru's monitoring confirmed that they dropped from over 100 to zero in a really short timeframe. That's interesting. Helping to make that happen? That’s fun. Let’s talk about the fun! A Call and a Request [...] | |||
|
2021-01-26 13:31:10 | GhostDNSbusters (Part 3) (lien direct) | This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br (https://cert.br). Last year we posted two blogs detailing our methodology for tracking GhostDNS infrastructure: GhostDNSbusters Part 1 GhostDNSbusters Part 2 In summary, Part 1 focused primarily on the identification of Rogue DNS servers and Part 2 on the discovery [...] | |||
|
2021-01-20 11:21:47 | Identifying Phishing Infrastructure That Targets Banking Customers (lien direct) | In mid-January, Twitter users @NaomiSuzuki_ and @KesaGataMe0 identified nearly 20 malicious phishing domains spoofing AEON Bank in Japan: Figure 1 – Seed Twitter Post Passive DNS Data Using Team Cymru's Pure Signal Platform, we performed a wildcard search for domains using the pattern of 't.aeo*.com'. This search identified all of the domains and [...] | |||
|
2021-01-08 18:04:30 | What We\'re Seeing with x.509 Certificates and Why You Should Worry (lien direct) | Here at Team Cymru we have a lot of data, and we work hard to extract the insight from these various types of data and serve up the key parts to our clients and partners in a useful form. Many security vendors power their offerings in a significant way with our Pure Signal. We provide a [...] | |||
|
2020-12-16 19:28:07 | Mapping out AridViper Infrastructure Using Augury\'s Malware Module (lien direct) | Twitter user @BaoshengbinCumt posted malware hash faff57734fe08af63e90c0492b4a9a56 on 27 November 2020, which they attributed to AridViper (APT-C-23 / GnatSpy)[i]. This user is a researcher for Qihoo and has previously reported on the activities of AridViper. AridViper, also known as APT-C-23 and GnatSpy, are a group active within the Middle Eastern region, known in [...] | Malware | APT-C-23 | |
|
2020-12-16 18:55:46 | Who Comes Knocking on Home Router Backdoors? (lien direct) | Backdoors appear in many platforms, devices, and codebases. When cyber security researchers find backdoors, it always raises questions about the who, why, and how behind the backdoor. In the past few weeks, I have seen a few stories about backdoors in home routers. A recent post from cybernews.com, says several routers sold by large US [...] | |||
|
2020-11-23 21:07:15 | Massive Increase in Global IP Address Visibility (lien direct) | We've had an amazing year here at Team Cymru – the revenue from our commercial offerings has enabled us to invest heavily in community services, through which we support the global IT Security community. We've added more teammates and more no-cost tools and services. This brief post outlines the specific new tool we've been working [...] | Tool | ||
|
2020-11-04 13:21:38 | Tracking Botnets and other Threats with Team Cymru (lien direct) | Recently, multiple teams in our industry worked together to dismantle the Trickbot botnet. Incidentally, the teams involved use Team Cymru data in their research, investigations and solutions. We are well known in the industry for our botnet tracking. However, TrickBot has survived the takedown effort by briefly leveraging what are effectively competing botnet platforms. To [...] | |||
|
2020-10-29 18:21:34 | FlowSpec for DDoS (lien direct) | We tend to not announce new features until we’re ready to announce a new version. But 2020 throws the old rules out the window! The Institute for Security and Technology (IST) reached out to me recently to talk about BGP FlowSpec. The topic? Is this a viable tool to help networks defend themselves? [...] | Tool | ||
|
2020-10-28 18:51:10 | Draft EU Legislation to Stop Banks Using Insecure Tech Suppliers (lien direct) | The Wall Street Journal reports that national regulators in EU member states could be given the authority to force financial institutions to drop existing tech suppliers, if they fail to address cybersecurity problems. The WSJ reports that these proposals have not yet been agreed upon by European governments, but – to invoke the immortal internet [...] | |||
|
2020-10-07 15:35:45 | (Déjà vu) GhostDNSbusters (Part 2) (lien direct) | This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br (https://cert.br). Manabu is a Tokyo-based researcher who has been tracking GhostDNS for a number of years. His leads and insight into GhostDNS assisted in confirming the findings documented in this blog post. We will continue to collaborate with CERT.br on [...] | Guideline | ||
|
2020-09-08 11:18:19 | GhostDNSbusters (lien direct) | This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br (https://cert.br). Manabu is a Tokyo-based researcher who has been tracking GhostDNS for a number of years. His leads and insight into GhostDNS assisted in confirming the findings documented in this blog post. We will continue to collaborate with CERT.br [...] | Guideline | ||
|
2020-08-26 18:14:15 | CSIRT Assistance Program Hits New High with 129 CSIRT Teams (lien direct) | We added the Swiss Government CSIRT team to one of our most well established Community Services last week, bringing the total number of members to 129 national and regional organizations in over 85 countries for our CAP program. What? Team Cymru’s mission is to save and improve lives. To further that mission, we have [...] | |||
|
2020-06-22 18:17:56 | Quick Wins with Network Flow Analysis (lien direct) | While this article focuses on the use of Team Cymru's Pure Signal™ platform - the Augury™ solution - readers will gain some great guidance on how to use flows in their analysis in general. The Augury dataset comprises network flows records that are downloadable as CSV. Compared to the direct utility of some other Augury... Continue Reading → | |||
|
2020-06-03 20:00:19 | Network Perimeters in the Age of Social Distancing (lien direct) | The COVID-19 pandemic has turned our world upside down, leaving many of us to question whether we will ever see “normal” again. One concept, we've all become familiar with recently is “Social Distancing”. The CDC [1] describes this as “physical distancing”, meaning to keep space between yourself and other people outside of your home. For me, this... Continue Reading → | |||
|
2020-05-28 19:43:14 | LDAP Your DNS Configuration to Prevent Internal Domain Leakages (lien direct) | During these difficult times, users of many organisations find themselves working remotely, away from their usual office locations. For a lot of organisations, this is business as usual, and infrastructure is in place to support secure working practices from remote locations. However, for some, this is uncharted territory, and some ways in which internal data... Continue Reading → | |||
|
2020-05-15 13:09:48 | Dissecting DDoS Attack (lien direct) | Introduction Distributed Denial of Service (DDoS) attacks are designed to prevent or degrade online services. This blog post will explain, in extremely basic terms, a specific type of attack called a Reflection/Amplification DDoS Attack. This post is not intended to serve as a comprehensive technical guide, but merely a relatively non-technical overview for the novice.... Continue Reading → | |||
|
2020-05-04 16:00:51 | We Got Zoom Bombed (lien direct) | Do we ever grow up? We recently hosted an invite-only meeting with some of our business partners and clients. We followed most of the basic security measures and best practices for Zoom calls. Yet we got Zoom Bombed! How? The technical details are not the core story here, though we will share those, as well... Continue Reading → | |||
|
2020-04-27 15:37:37 | Puzzle Me This: Context From Curiosity (lien direct) | One definition of ‘proxy’ is “a figure that can be used to represent the value of something in a calculation.” Proxy servers are used for various purposes, some for hiding their true origination IP address for malicious intent; while others for circumventing totalitarian government censorship. Regardless of the use of proxies, with Augury we make... Continue Reading → | |||
|
2020-04-21 13:09:17 | Research Shows Number of Potentially Compromised Organizations More than Doubles Since January (lien direct) | Guest Author: Lari Huttunen, Senior Analyst, Arctic Security At the end of March, we at Arctic Security noticed an uptick in the number of organizations being potentially compromised on a weekly basis in Finland. During a normal week, the number for a small country such as Finland is approximately 200 organizations. For the week starting... Continue Reading → | |||
|
2020-04-08 16:32:27 | BGP Hijacking and BGP Security (lien direct) | Another BGP hijacking event took place last week. This one involves Rostelecom AS12389, a Russian state-owned telecommunication company, hijacking routes to Google, AWS, Cloudflare and others. In fact, this event impacted over 8,000 prefixes of many different ASes. That is newsworthy, no doubt, and many people have talked about it. I do not seek to... Continue Reading → | |||
|
2020-04-03 13:50:58 | Covid-19 Cyber Threat: DanaBot (lien direct) | COVID 19 is an ideal opportunity for malicious actors. With much of the global workforce working from home, we and our partners have seen a dramatic change in the compromise landscape (look for more analysis on that topic in an upcoming blog). The community is also very much aware of attempts to leverage popular websites,... Continue Reading → | |||
|
2020-03-25 10:10:49 | How the Iranian Cyber Security Agency Detects Emissary Panda Malware (lien direct) | Other threat intelligence groups have previously publicised that the Chinese-attributed threat group, Emissary Panda (aka APT27, TG-3390, BRONZE UNION, Iron Tiger and LuckyMouse), have been targeting various sectors in the Middle East, including government organisations. On 15 December 2019, Iran’s Minister of Communications and Information Technology, Mohammad Javad Azari-Jahromi, announced that Iranian authorities had detected foreign spying malware on their government servers which they attributed... Continue Reading → | Malware Threat | APT 27 | |
|
2020-03-18 12:34:19 | Something to help you manage your new remote workforce. (lien direct) | Many companies around the world are taking the sensible step of asking employees to work from home. What that means in in theory is that the spread of COVID-19 will be partly slowed by the lack of additional exposures caused at the workplace. What this means in practice? Presumably the theory holds true but in... Continue Reading → |
To see everything:
Our RSS (filtrered)
