Get In Touch
By: Larry Cashdollar Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by Fortinet in October that same year. Written in Golang, the malware is called Stealthworker. Once a system is successfully infected, the attackers will use it to probe other targets in
The internationalized domain name (IDN) homograph attack is used to form domain names that visually resemble legitimate domain names, albeit, using a different set of characters . For example, the IDN "xn--akmai-yqa.com" which appears in unicode as "akámai.com" visually resembles the legitimate domain name "akamai.com". Attackers often apply IDN homograph attacks to form domain names that are used for malicious purposes, such as malware distribution  or phishing , while
I remember sitting down to "crack the cover" of the very first Verizon Data Breach Investigation Report (DBIR) a lifetime ago. I was the security manager of a small hosting company and the report was the first time I'd ever seen a real, data driven effort to quantize breaches and the security problems we were facing daily. It was the first time we had real data, rather than theories, opinions
On April 29, 2020, the Salt management framework, authored by the IT automation company SaltStack, received a patch concerning two CVEs; CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory-traversal vulnerability.
Since COVID-19 isolation protocols started in the United States in early March, bad actors have had a lot of time on their hands and a large pool of victims to target. Thousands of people, millions across the globe, suddenly found themselves working from home and away from many of the enterprise-grade protections that governed their day-to-day workflow.
Introduction In our previous post, The Building Wave of Internet Traffic, we looked at the traffic patterns across Europe and the effect the COVID-19 pandemic has had. We examined traffic in Italy, Poland, and Spain, and demonstrated how we observed huge surges of traffic around the implementation of isolation protocols, which then reduced to more normal levels in the days after. Though, it's important to note this new level of
Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.
I'm going to tell you a story. It's not a common story about research successes. This story is about a research project where I failed to find answers to questions, and why that's okay. Starting off, my research partner and I knew the project was a big ask, based on the open-ended question of whether there was a cause for the jump in SQL Injection (SQLi) attacks over the last
I've been working with many different honeypot implementations lately - from cowrie and WordPot, to Dionaea and WAPot. To expand on that, I decided to set up a simple docker image with SSH, running a guessable root password. The catch? I'd be capturing all the credentials used to login to the docker image, as well as the entire shell session, to a log file and the screen. The attacker wouldn't