Examples, Information Security and Libraries - Information Management Today

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Example: peframe file_name.

Libraries

Libraries Metadata Education Security

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts.

Libraries

Libraries IT Security Access

Bugs in open-source libraries impact 70% of modern software

Security Affairs

MAY 26, 2020

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. Experts pointed out that every library could be affected by one o more issues which will be inherited from all the applications that use them. ” reads the report.

Libraries

Libraries Security Access IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries

Libraries Security IT Information Security

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Specially crafted certificates could be provided in multiple ways, for example in digitally signed and encrypted messages via the S/MIME protocol. Pierluigi Paganini.

Libraries

Libraries Encryption Security IT

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

“Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. SO file) that can be placed either in persistent storage, for example /lib/libntpVnQE6mk/, or in shim-memory under /dev/shm/ldx/.

Libraries

Libraries Cybersecurity Authentication Access

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system. 2023-07-14: OpenSSH plans for security-only release on July 19th. 2023-07-14: OpenSSH plans for security-only release on July 19th.

Libraries

Libraries Authentication Encryption Communications

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

“Today we experienced an exploit on the Ledger Connect Kit, a Javascript library that implements a button allowing users to connect their Ledger device to third party DApps (wallet-connected Web sites). This is a good example of the industry working swiftly together to address security challenges.”

Phishing

Phishing Libraries Authentication Access

What Is the CIA Triad and Why Is It Important?

IT Governance

FEBRUARY 14, 2023

These are the three components of the CIA triad, an information security model designed to protect sensitive information from data breaches. The CIA triad is a widely accepted principle within the industry, and is used in ISO 27001 , the international standard for information security management.

IT

IT Risk GDPR Information Security

While attackers begin exploiting a second Log4j flaw, a third one emerges

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries

Libraries Ransomware Access Security

Apache releases the third patch to address a new Log4j flaw

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries

Libraries Security Ransomware IT

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

This Linux version is 64-bit and also uses the Boost library, it uses the Crypto++ library instead of Windows CryptoAPI. The authors used Microsoft Linker version 14.35. In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. Type both names of the files. ” states Avast.

Ransomware

Ransomware Encryption Libraries Education

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Upon executing one of the infected apps, it loads a heavily obfuscated native library containing a dropper that decrypts and runs malicious code from the app assets. The payload sends information about the infected device to the C2 servers, including the MCC (Mobile Country Code) and MNC (Mobile Network Code).

Libraries

Libraries Cybersecurity Security IT

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs

MARCH 25, 2024

Developers of cryptographic libraries can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs.” Finally, preventing attackers from measuring DMP activation in the first place, for example by avoiding hardware sharing, can further enhance the security of cryptographic protocols.”

Libraries

Libraries Paper Access Security

Multiple malicious packages in PyPI repository found stealing AWS secrets

Security Affairs

JUNE 25, 2022

The malicious packages, which were reported to PyPI, are: loglib-modules — appears to target developers familiar with the legitimate ‘loglib’ library. pyg-modules — appears to target developers familiar with the legitimate ‘pyg’ library. ” reads the post published by Sonatype. . com:8000/upload.

Libraries

Libraries Metadata Security IT

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

With the example limit of 1, encrypt the file twice. Every document library in SharePoint Online and OneDrive is characterized with a set of attributes, including the number of saved versions that can be changed by the site owner can change, regardless of their other roles. Encrypt the file more times than the versioning limit.

Libraries

Libraries Encryption Ransomware Cloud

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

ForAllSecure

JUNE 7, 2023

Hartford CyberSecurity Summit Get ready for the very first Hartford Cyber Security Summit, where C-Suite and Senior Executives responsible for protecting their companies' critical infrastructures will connect with innovative solution providers and renowned information security experts.

Libraries

Libraries Sales Cybersecurity Education

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Mining

Mining Honeypots Libraries IT

Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind

Lenny Zeltser

NOVEMBER 3, 2023

To increase the chances that the distributed security measures will be in effect, we can use a combination of three approaches: Enforce security expectations using technology to prevent insecure choices or actions. Monitor for gaps and take action when the right security steps aren’t taken.

Cybersecurity

Cybersecurity Security Authentication Compliance

Drupal addresses two XSS flaws by updating the CKEditor

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. the flaws are not easy to exploit.

Libraries

Libraries Risk Access Security

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

NOVEMBER 17, 2020

The analysis of a shellcode requires know-how of which system library and functions will be invoked to help its execution, and depends on the operating system it can be a wide variation of commands from direct calls to an OS functions calls to the hash of the API of certain OS libraries. radare2 is one example of those tools.

Libraries

Libraries IT Security Information Security

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. trendmrcio[.]com,

Ransomware

Ransomware Libraries File names Encryption

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e.

Libraries

Libraries Paper Security Cybersecurity

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. “For example, the variant captured this time uses nuctech-gj0okyci (nuctech is the English name of Nuctech Technology Co., as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

In the example below, q:erpbirel.yax deciphers to d:recovery.lnk.”. The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. exe to execute a malicious command.

Manufacturing

Manufacturing Libraries Communications Cybersecurity

node-ipc NPM Package sabotage to protest Ukraine invasion

Security Affairs

MARCH 17, 2022

of the library wipe the content of arbitrary files and replace it with a heart emoji. ” “This code serves as a non-destructive example of why controlling your node modules is important. and bundles the “colors” NPM library, while it doesn’t include the STDOUT console messages. Versions 10.1.1

Libraries

Libraries Communications Security IT

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

There is also a great deal of tension within financial markets between the requirements on innovation and agility for banking solutions versus the security, compliance and regulatory requirements that CISOs (Chief Information Security Officers) and CROs (Chief Risk Officers) need to guarantee for their financial institutions.

Cloud

Cloud Financial Services Compliance Risk

The first iPhone Rapid Security Response update released by Apple fails to install

Security Affairs

MAY 2, 2023

“They deliver important security improvements between software updates — for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. “New Rapid Security Responses are delivered only for the latest version of iOS, iPadOS and macOS — beginning with iOS 16.4.1,

Security

Security Libraries Education Cybersecurity

Google addresses two new Chrome zero-day flaws

Security Affairs

NOVEMBER 12, 2020

Google experts did not disclose the way the flaws have been exploited in the attacks, for example, it is not clear if they were chained by threat actors. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Libraries

Libraries Security IT Information Security

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

In the example below, q:erpbirel.yax deciphers to d:recovery.lnk.”. The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. exe to execute a malicious command.

Manufacturing

Manufacturing Libraries Communications IT

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

Malwarebytes researchers observed the use of 3 different themes by the threat actor to hide their skimmer, named after JavaScript libraries: hal-data[.]org/gre/code.js For an example of a client-side attack via JavaScript draining crypto assets, check out this blog from Eliya Stein over at Confiant.” org/data/ ( Logger ) js.g-livestatic[.]com/theme/main.js

Cleanup

Cleanup CMS Libraries Phishing

How to write an ISO 27001-compliant risk assessment procedure

IT Governance

NOVEMBER 15, 2019

ISO 27001 says that you must document your information security risk assessment process. An information security risk assessment is a formal, top management-driven process and sits at the core of an ISO 27001 information security management system (ISMS). Clause 6.1.2 Identify risks. Analyse risks.

Risk

Risk Information Security Libraries Compliance

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

“In places like a cafe, library, meeting room, or conference lobbies, people might place their smartphone face-down on the table2. For example, an attacker may impersonate the victim to answer a phone call which would eavesdrop the private conversation, or visit a malicious website.” ” concludes the paper.

Paper

Paper Libraries Authentication Passwords

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

Table 2: AutoUpdate.dll Information. The “ AutoUpdate.dll” library then gains persistence by setting the following registry key “ HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnceWindowsDefender ”. Table 5: Information about second DLL injected in explorer.exe process. Every 15 minutes, the malware contacts the C2 ( suzuki.]datastore.]pe.]hu

IT

IT File names Libraries Communications

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Security Affairs

SEPTEMBER 24, 2021

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records. Now, however, the expanded compilation – if genuine – “could serve as a goldmine for scammers,” says CyberNews senior information security researcher Mantas Sasnauskas.

Sales

Sales Passwords Personal data Phishing

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records. Read more about the April 2021 LinkedIn scrape: Scraped data of 500 million LinkedIn users being sold online. What’s being sold by the threat actor?

Archiving

Archiving Passwords Data collection Sales

Google released PathAuditor to detect unsafe path access patterns

Security Affairs

DECEMBER 9, 2019

PathAuditor is a shared library that can be loaded into processes using LD_PRELOAD. “For that, we traverse the path and check if any component could be replaced by an unprivileged user, for example if a directory is user-writable. It then hooks all filesystem related libc functions and checks if the access is safe.”

Access

Access Libraries Security IT

Microsoft details techniques of Mac ransomware

Security Affairs

JANUARY 6, 2023

The FileCoder ransomware, for example, searches the “/Users” and “/Volumes” directories by invoking the find command twice, using different paths to enumerate and excluding the README file while searching the “/Users” path.

Ransomware

Ransomware Encryption Libraries Security

Information Governance and the Records Lifecycle

The Texas Record

JUNE 28, 2021

Records management (RM) is no longer a siloed discipline; RIM practitioners need to manage records within the entire information landscape of their organizations. The key difference lies in the distinction between the terms “information” and “record.” Source: Texas State Library and Archives Commission.

Information governance

Information governance Government Records Management e-Discovery

Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents

Security Affairs

FEBRUARY 10, 2022

Regsvr32 is a Microsoft-signed command line utility in Windows which allows users to register and unregister DLLs (Dynamic Link Library). By registering a DLL file, information is added to the central directory (Registry) so that it can be used by Windows. Example – regsvr32.exe” Figure 1: Squiblydoo Technique.

Libraries

Libraries Ransomware Security IT

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

“The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving

Archiving File names Government Libraries

Multiple Nation-State actors are exploiting Log4Shell flaw

Security Affairs

DECEMBER 16, 2021

Microsoft researchers reported that Nation-state actors from China, Iran, North Korea, and Turkey are now abusing the Log4Shell (CVE-2021-44228) in the Log4J library in their campaigns. Nation-state actors from China, Iran, North Korea, and Turkey are attempting to exploit the Log4Shell vulnerability to in attacks in the wild.

Ransomware

Ransomware Libraries Access Security

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Security Affairs

JANUARY 31, 2022

“Once the user clicks Open, the file is downloaded onto the victim’s machine at the location /Users/<user>/Library/Mobile Documents/com~apple~CloudDocs then automatically opened via Launch Services. For example, the owner of the file could change the entire byte content and file extension after you agree to open it.

Access

Access Libraries IT Security

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially exploited for malicious purposes, for example sending a malicious e-book to potential victims.

Authentication

Authentication Libraries Phishing Security

Malicious file analysis – Example 01

A flaw in libcue library impacts GNOME Linux systems

Webinars

Trending Sources

Bugs in open-source libraries impact 70% of modern software

Webinars

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Google expert disclosed details of an unpatched flaw in SymCrypt library

OrBit, a new sophisticated Linux malware still undetected

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

What Is the CIA Triad and Why Is It Important?

While attackers begin exploiting a second Log4j flaw, a third one emerges

Apache releases the third patch to address a new Log4j flaw

Avast released a free decryptor for the Windows version of the Akira ransomware

Fleckpe Android malware totaled +620K downloads via Google Play Store

GoFetch side-channel attack against Apple systems allows secret keys extraction

Multiple malicious packages in PyPI repository found stealing AWS secrets

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

Log4Shell was in the wild at least nine days before public disclosure

Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind

Drupal addresses two XSS flaws by updating the CKEditor

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Experts warn of attacks using a new Linux variant of SFile ransomware

Microsoft: Raspberry Robin worm already infected hundreds of networks

node-ipc NPM Package sabotage to protest Ukraine invasion

Deploying applications built in external CI through IBM Cloud DevSecOps

The first iPhone Rapid Security Response update released by Apple fails to install

Google addresses two new Chrome zero-day flaws

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Magecart attacks are still around but are more difficult to detect

How to write an ISO 27001-compliant risk assessment procedure

GhostTouch: how to remotely control touchscreens with EMI

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Google released PathAuditor to detect unsafe path access patterns

Microsoft details techniques of Mac ransomware

Information Governance and the Records Lifecycle

Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents

China-linked LuminousMoth APT targets entities from Southeast Asia

Multiple Nation-State actors are exploiting Log4Shell flaw

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

KindleDrip exploit – Hacking a Kindle device with a simple email

Stay Connected