Latest News

2020/12/17

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control (C2) traffic.
2020/12/09

FireEye Cyberattack Compromises Red-Team Security Tools

An attacker stole FireEye’s Red Team assessment tools that the company uses to test its customers’ security.

Cybersecurity firm FireEye has been hit in what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers’ security.
2020/12/09

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.

Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things (IoT) devices and embedded systems, including smart thermometers, smart plugs and printers.
2020/12/03

An iOS zero-click radio proximity exploit odyssey

”In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data”
2020/11/13

New Slipstream NAT bypass attacks to be blocked by browsers

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices.

The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat actor's malicious website (or a site with maliciously crafted ads).

To expose hosted services, the attack abuses certain NAT devices scanning port 5060 to create port forwarding rules when detecting maliciously-crafted HTTP requests camouflaged as valid SIP requests.

Kamkar also provides proof-of-concept exploit code to demonstrate the validity of this newly disclosed NAT/firewal/router bypass technique.