Welcome - New England Safety Partners, LLC

Symbiote Backdoor in Linux

June 22, 2022 Welcome Ed Gardner 0

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability…

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

June 16, 2022 Welcome Ed Gardner 0

Original release date: June 16, 2022CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibili…

M1 Chip Vulnerability

June 15, 2022 Welcome Ed Gardner 0

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable.

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.
The attack, appropriately called “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered. This is done using speculative execution—a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation—to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct…

Karakurt Data Extortion Group

June 1, 2022 Welcome Ed Gardner 0

Original release date: June 1, 2022CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karak…

Drupal Releases Security Updates

May 26, 2022 Welcome Ed Gardner 0

Original release date: May 26, 2022Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow …

CISA Adds Two Known Exploited Vulnerabilities to Catalog

May 16, 2022 Welcome Ed Gardner 0

Original release date: May 16, 2022CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors a…

U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors

May 10, 2022 Welcome Ed Gardner 0

Original release date: May 10, 2022<br/><p>CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-076a">Strengthening Cybersecu…

Chrome Zero-Day from North Korea

March 31, 2022 Welcome Ed Gardner 0

North Korean hackers have been exploiting a zero-day in Chrome.

The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.

Details:

The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised…

A Detailed Look at the Conti Ransomware Gang

March 29, 2022 Welcome Ed Gardner 0

Based on two years of leaked messages, 60,000 in all:
The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers s…

Gus Simmons’s Memoir

March 25, 2022 Welcome Ed Gardner 0

Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography.
He…

« 1 … 3 4 5 6 7 … 11 »

Category: Welcome