Code Red Featured post Thaumaturgic Security Thaumaturgic. Its Merriam-Webster definition is “performing miracles,” and in the context of expert penetration testing and white hat engagements, it seems a relevant term – and one that potential Randori customers are likely to remember. Hacker Perspective Rules for Real APTs (and Implications for Those Who Have to Defend Against Them) There may be no stronger trend in talking about threat actors in infosec today than to describe anyone under the sun who appears to show any degree of competence as “advanced” or “sophisticated.” It’s epidemic. Hacker Perspective Building a Strong Security Foundation with RapidDeploy's CISO Alex Kreilein "When security is a shared responsibility, it trickles down to building a stronger culture, a stronger product and a stronger response team." Hacks Triton Framework Exposes Russia's Craft in SCADA Attacks The Triton malware appears to have been written to enable the attackers to quickly and effectively adjust their attack strategy based on the software and hardware deployed within the environment. Tactics, Tools & Procedures Lessons From the Equation Group: Situational Awareness and OpSec Getting caught likely means creating new tradecraft, re-engineering and re-writing tools and re-training operators. Hacker Perspective What Gives an Attacker Pause? "It is not until we have our teeth sunk in that we have multi-layers of persistence and it is really hard to evict us.” Hacker Perspective Stop Chasing Zeroes “If you can’t find every vulnerability and patch every vulnerability, you will never keep the hackers out." News reaction news reaction Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks If somebody sells you “end-to-end” encryption, you should probably be sure that is what you are getting.Source: Bleeping ComputerThe details: Headphone maker Sennheiser has been caught compromising the security of its customers. news reaction Cryptojacking Attack Targets Make-A-Wish Foundation The Drupalgeddon 2 attack takes advantage of Drupal installations that have not patched CVE-2018-7600 and CVE-2018-7602, two vulnerabilities that have already been targeted this year. Vulnerabilities New Botnet Targets Unpatched Router Vulnerability, Because Of Course Attackers thrive on old, unpatched vulnerabilities. They are not going to burn a zero-day exploit unless they absolutely have to and will look for known holes in devices and network configurations to find their way inside. Hacks Hey Criminals! Don't Trust Your Shady Encryption Providers Given the technical bugs in IronChat's application, it already throws red flags as an insecure tool for use by a clandestine organization. Tactics, Tools & Procedures It's Hard to Find Android Malware in the Google Play Store The rate of malware actually on people’s devices does not match Android’s reputation for being a hellpit of malicious apps and activity. Vulnerabilities Ecommerce "Formjacking" is Attackers New Kind of Card Skimming "Every additional domain reference or third-party package is a risk multiplier. These days there isn’t a good way for most people to quantify the risk posed by any particular page." Vulnerabilities Persistence of SamSam Ransomeware Attacks Highlight Basic Security Flaws SamSam attackers know what they are doing. This is not some fly-by-night operation of opportunity. SamSam and other ransomware attacks expose basic failings in security Hacks China Turns to Insiders in Latest Move to Win Economic Cyber War The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems. Vulnerabilities Malicious Python Packages Provide a Backdoor to the Careless Coder The code was designed to collect data from the infected system, obtain boot persistence or, “even open a reverse shell on remote workstations. Hacks Nation State Hackers "GreyEnergy" Target Ukraine's Power Grid It appears that after the press that BlackEnergy received, the attack group rewrote some of their custom attack tooling and systems. Vulnerabilities Microsoft is the Most Spoofed Company in Phishing Emails It is not surprising that Microsoft is in the top of spoofed pages as Outlook Web Access is often available on a customer’s perimeter and gaining access can be very valuable to the attacker.