In the previous post (Part 1), we covered several rootkit technique implementations. Now we will focus on kernel rootkit analysis, looking at two case studies of rootkits found in the wild: Husky Rootkit and Mingloa/CopperStealer Rootkit.Through these case studies, we’ll share our insights about rootkit analysis techniques and methodology.
The people closest to your business can sometimes cause the most damage. Yet while top-secret data leaks are headline news today, most insider threats are well-intentioned people who just screw up.
In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022. Soon after this cyberattack, Australia’s biggest health insurer also faced a ransomware attack in October 2022 that caused systems to go down. Customers could not access services through the company’s website or app.
Andy Thompson, Offensive Security Research Evangelist at CyberArk Labs, returns to Trust Issues for a dive with host David Puner into the latest developments in the world of ransomware. With ransomware events on the rise, Thompson sheds light on the alarming trend of data exfiltration and double extortion. But what’s causing this surge? Thompson connects the dots between the rise of digital identities and the increasing frequency of ransomware attacks.
Twitter’s recent decision to turn off SMS two-factor authentication (2FA) for non-Twitter Blue users created a stir. While media and tech pundits questioned the company’s motives, many users complained of losing a universal security measure behind a paywall.
In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog post, we will show the other vulnerable functions we were able to exploit.
There’s a scene in the original “Matrix” movie when Neo is sitting in the grimy kitchen with the rest of the crew and eating gray, runny slop. No matter what new version of gray slop they eat, they always seem to think that it tastes like chicken. When confronted with something new, it’s a natural human trait to relate it back to something we already know.
CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware operators by using social engineering tactics on them. Additionally, we have found that Vare uses Discord’s infrastructure as a backbone for its operations. This malware is linked to a new group called “Kurdistan 4455” based out of southern Turkey and is still early in its forming stage.
We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most. In short, we buckle up for safety.
When I wrote my first applications in high school, coding was a lot more time-consuming. I didn’t have libraries I could shop through with ready-made bits of code to drop in to save myself time or bridge the gap between the pieces of code I could write to create something more complex. Instead, I had to write everything from scratch. If I wanted to include any kind of image, I would have to draw it with mathematical coordinates, which took a ton of time.
