Mandiant and FireEye reported that they discovered the APT29 group supported by the Russian nation-state that has been using domain fronting for over two years. Mandiant has been observing for at least two years how Russian nation-state attackers use domain-fronting techniques and clandestine backdoor access in victim environments.
Domain fronting is a relatively new (ish) technique that allows attackers to conceal command and control traffic on infected computers by disguising themselves as traffic from trusted servers hosted on content delivery networks (CDNs).
You may have heard of domain fronting in the context of circumventing state censorship of popular messaging apps like Signal and Telegram. Domain fronting enables bypassing the censorship by resource blocking, DPI, DNS filtering, and IP blocking, but beneath the hood, it relies on CDNs hosting multiple domains. …
Pegasus Spyware has recently hit the headlines because it is used to target devices of critical people in various sectors of the country including journalists, activists, politicians, and business leaders.
Last week we saw a story after another on a company called NSO Group and a piece of software called Pegasus. These include shocking claims that updated smartphones can be hacked using a single text message. At our Security Analyst Summit, researchers from Lookout discovered that Pegasus Spyware, which is capable of hacking any iPad or iPhone, collecting data about the victim, and establishing surveillance on them, exists not only on iOS but also on Android.
Pegasus Spyware is a surveillance software developed by the Israeli cyber intelligence service NSO Group. Israel-based cyber warfare provider NSO produces and sells spying…
Malware has become more sophisticated and attacks vulnerabilities in countless ways. It includes new and dangerous species, including worms (named after the human parasitic worm), trojans, and ransomware which are not by strict definitions computer viruses and should be designated as such. In general, malware, worms, and Trojan horses can cause billions of dollars in damage and disrupt critical infrastructure in real life.
In our daily lives, we often say that we feel sick when we are infected with a virus. But we must not forget that each of these types of viruses represents a unique threat to their respective worlds. The same thing is valid for computer viruses. In this list, we highlight some of the worst and most notorious computer viruses that have caused real-life great damage. Some equate common malware, worms, and Trojan horses.
The creator of the world’s first global computer virus pleaded guilty to 20 years of the design of his software after it infected tens of millions…
The US Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity for the Federal Government and Defense Industrial Base (DIB). The CMMC is a unified standard that implements cybersecurity across the DIB, including over 300,000 companies in the supply chain. It is DoD’s response to a significant compromise of sensitive defense information contained in contractors’ information systems.
When the Department of Defense realized that under NIST SP 800–171 it needed more structure than self-certification and compliance it began to develop what would later become the Cybersecurity Maturity Model Certification (CMMC). Contractors are responsible for implementing, monitoring, and certifying the security of their information technology systems and the sensitive DOD information they store and transmit on these systems.
The Department of Defense (DoD) published version 1.0 of the proposed CMMC framework in January 2020. The new CMMC framework will serve as a verification mechanism to ensure that the appropriate levels of cybersecurity controls and processes are in place…
The RATs themselves should consider using threat information to detect new digital threats and implement defenses and precautions. RATs play a prominent role in the execution of advanced persistent threats (APT).
A Remote Access Trojan (RAT) is a type of malware that allows attackers to remotely control your system. It is an application that allows hackers to get in the door and have administrative access to a computer. Given that RAT is a malware program that tries to open a back door into a target computer system in order to gain administrative access.
Remote access Trojan is a program that provides features that enable covered monitoring and the ability to gain unauthorized access to a victim PC.
When a RAT reaches your computer it allows the attacker to access your local…
X11 for Windows systems is a graphical window system common to Unix and Linux implementations and found in Windows software such as Hummingbird and surpassed by X Server. Several vulnerabilities have been found in X11 (xinput, evi, mit, shm, xfree86, misc extensions), Solaris X11 display server (xorg-1, xsun-1), and Solaris x11 print server (XPRT-1).
Multiple vulnerabilities allow a local or remote, unprivileged user to execute arbitrary code with root privileges on the Solaris X11 display server from XHost [1] or XAuth [1] to access arbitrary memory and X server address space and crash the X11 display server process. Vulnerabilities have been found in Xorg X11 Server, Windows, and the system software of unknown versions.
It is also possible for an attacker to take a screenshot of the remote machine and exploit it for malicious purposes. For example, a cyber attacker can connect to the X11 server to listen to the keyboard and mouse events…
The Trusted Execution Environments are one of the technologies that help manufacturers, service providers, and consumers protect their devices and sensitive data. TEE protects the area of the hardware where the code is executed in isolation. The code executed in the trusted execution environment cannot be viewed or modified, so an attacker would only be able to execute malicious code with full privileges on the same processor.
A Trusted Execution Environment (TEE) is an environment in which the executed code and the data that is accessed are physically isolated and confidentially protected so that no one without integrity can access the data or change the code or its behavior. We are not aware of many devices in the US that use trusted execution environments, including smartphones, set-top boxes, video game consoles, and Smart TVs. A TEE is a secure and integrity-protected processing environment that consists of processing, and storage capabilities.
A trusted execution environment (TEE) is a portion of the main processor device that is separate from…
Zero-knowledge proof systems that have received a lot of attention since their introduction are those that use a single message, such as proof of the existence of zero-knowledge or proof against a certain type of proof.
What is it?
A zero-knowledge proof protocol is a way for a prover to convince a verifier that a statement containing classified information is true without revealing even a single bit of information (or a fraction thereof) about that knowledge. This is because the prover can prove the accuracy of the claim to the verifier without providing them with additional information. As a consequence, the verifier nor any passive eavesdropper gains any information from taking part in any number of executions of the protocol. To this end, a non-interactive zero-knowledge proof system contains only one message sent by the prover to the verifier.
What are the must-have properties?
…
The billions of login credentials available on the dark web make it easy for cybercriminals to steal login credentials. It has been widely reported that automated access data — the plug-in attack that has found its way onto the internet — is hitting systems such as credit cards, bank accounts, and credit card numbers.
Credential Stuffing is a technique that involves an automatic injection attack to access online services with stolen credentials. In an attack on the login data, fraudsters use it to access consumer accounts to make fraudulent purchases, carry out phishing attacks and steal information and money.
This attack method is facilitated by a range of off-the-shelf tools which are easily available, making it unsophisticated and relatively straightforward.
Commonly used tools include Sentry MBA, Account Hitman, Vertex, and Apex. To launch an attack, an attacker simply needs their tool of choice, a configuration file for the website to be attacked, and a…
As with all emerging technologies, blockchain faces a number of challenges that will lead to its broader implementation. As with any new technology, compliance with existing data standards in terms of security, privacy, and information sharing could prove to be the first hurdle for blockchain in telecommunications. Cryptographically immutable automation systems, whose blockchain technology ensures that participants are protected and trusted, will also address the inherent challenges associated with the abundance of data that suddenly flows abundantly across countless devices. Knowing this information will use blockchain applications as a secure identity system that solves many of the problems of distributed systems such as eSIM.
As its name suggests, the embedded SIM card or eSIM is built into the phone’s board.
eSIM will help operators and their customers to develop new business models and open up new business opportunities.
Telecommunications group Verizon is considering using blockchain technology to bolster the dynamic creation of virtual SIM cards. Contrary to the headlines, Verizon is not the first provider to try to use blockchain technology for a SIM card.
A 5G blockchain eSIM technology jointly developed by China Unicom, Gotell, and Webank was officially approved by the GSMA organization and officially released on April 20, 2020.
The existing…
