Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security Tool. Show all posts
Malwares
AI cybersecurity AI tools Cyber Security Cyber Security Tool GitHub GitHub Actions vulnerability GitHub Bug Malware Attack Malwares

Webrat Malware Targets Students and Junior Security Researchers Through Fake Exploits

 

In early 2025, security researchers uncovered a new malware family dubbed Webrat, which at that time was predominantly targeting ordinary users through fake distribution methods. The first propagation involved masking malware as cheats for online games-like Rust, Counter-Strike, and Roblox-but also as cracked versions of some commercial software. By the second half of that year, though, the Webrat operators had indeed widened their horizons, shifting toward a new target group that covered students and young professionals seeking careers in information security. 

This evolution started to surface in September and October 2025, when researchers discovered a campaign spreading Webrat through open GitHub repositories. The attackers embedded the malicious payloads as proof-of-concept exploits of highly publicized software vulnerabilities. Those vulnerabilities were chosen due to their resonance in security advisories and high severity ratings, making the repositories look relevant and credible for people searching for hands-on learning materials.  

Each of the GitHub repositories was crafted to closely resemble legitimate exploit releases. They all had detailed descriptions outlining the background of the vulnerability, affected systems, steps to install it, usage, and the most recommended ways of mitigation. Many of the repository descriptions have a similar or almost identical structure; the defensive advice offered is often strikingly similar, adding strong evidence that they were generated through automated or AI-assisted tools rather than various independent researchers. Inside each repository, users were instructed to fetch an archive with a password, labeled as the exploit package. 

The password was hidden in the name of one of the files inside the archive, a move intended to lure users into unzipping the file and researching its contents. Once unpacked, the archive contains a set of files meant to masquerade or divert attention from the actual payload. Among those is a corrupted dynamic-link library file meant as a decoy, along with a batch file whose purpose was to instruct execution of the main malicious executable file. The main executable, when run, executed several high-risk actions: It tried to elevate its privileges to administrator level, disabled the inbuilt security protections such as Windows Defender, and then downloaded the Webrat backdoor from a remote server and started it.

The Webrat backdoor provides a way to attackers for persistent access to infected systems, allowing them to conduct widespread surveillance and data theft activities. Webrat can steal credentials and other sensitive information from cryptocurrency wallets and applications like Telegram, Discord, and Steam. In addition to credential theft, it also supports spyware functionalities such as screen capture, keylogging, and audio and video surveillance via connected microphones and webcams. The functionality seen in this campaign is very similar to versions of Webrat described in previous incidents. 

It seems that the move to dressing the malware up as vulnerability exploits represents an effort to affect hobbyists rather than professionals. Professional analysts normally analyze such untrusted code in a sandbox or isolated environment, where such attacks have limited consequences. 

Consequently, researchers believe the attack focuses on students and beginners with lax operational security discipline. It ranges in topic from the risks in running unverified code downloaded from open-source sites to the need to perform malware analysis and exploit testing in a sandbox or virtual machine environment. 

Security professionals and students are encouraged to be keen in their practices, to trust only known and reputable security tools, and to bypass protection mechanisms only when this is needed with a clear and well-justified reason.
Read more »
Ransomwares
corporate cyber attacks Cyber Security Cyber Security Tool Cyberattack Cyberthreart Data protection data security Enterprise security Ingram Micro Password Security ransomware attacks Ransomwares

Why Major Companies Are Still Falling to Basic Cybersecurity Failures

 

In recent weeks, three major companies—Ingram Micro, United Natural Foods Inc. (UNFI), and McDonald’s—faced disruptive cybersecurity incidents. Despite operating in vastly different sectors—technology distribution, food logistics, and fast food retail—all three breaches stemmed from poor security fundamentals, not advanced cyber threats. 

Ingram Micro, a global distributor of IT and cybersecurity products, was hit by a ransomware attack in early July 2025. The company’s order systems and communication channels were temporarily shut down. Though systems were restored within days, the incident highlights a deeper issue: Ingram had access to top-tier security tools, yet failed to use them effectively. This wasn’t a tech failure—it was a lapse in execution and internal discipline. 

Just two weeks earlier, UNFI, the main distributor for Whole Foods, suffered a similar ransomware attack. The disruption caused significant delays in food supply chains, exposing the fragility of critical infrastructure. In industries that rely on real-time operations, cyber incidents are not just IT issues—they’re direct threats to business continuity. 

Meanwhile, McDonald’s experienced a different type of breach. Researchers discovered that its AI-powered hiring tool, McHire, could be accessed using a default admin login and a weak password—“123456.” This exposed sensitive applicant data, potentially impacting millions. The breach wasn’t due to a sophisticated hacker but to oversight and poor configuration. All three cases demonstrate a common truth: major companies are still vulnerable to basic errors. 

Threat actors like SafePay and Pay2Key are capitalizing on these gaps. SafePay infiltrates networks through stolen VPN credentials, while Pay2Key, allegedly backed by Iran, is now offering incentives for targeting U.S. firms. These groups don’t need advanced tools when companies are leaving the door open. Although Ingram Micro responded quickly—resetting credentials, enforcing MFA, and working with external experts—the damage had already been done. 

Preventive action, such as stricter access control, routine security audits, and proper use of existing tools, could have stopped the breach before it started. These incidents aren’t isolated—they’re indicative of a larger issue: a culture that prioritizes speed and convenience over governance and accountability. 

Security frameworks like NIST or CMMC offer roadmaps for better protection, but they must be followed in practice, not just on paper. The lesson is clear: when organizations fail to take care of cybersecurity basics, they put systems, customers, and their own reputations at risk. Prevention starts with leadership, not technology.
Read more »
Data Analytics
Automation cyber resilience Cyber Security Cyber Security Tool cybersecurity best practices Cybersecurity Experts Data Analytics

Integrating Human Expertise and Technology for Robust Cybersecurity

 

In today’s complex digital landscape, the role of human expertise in cybersecurity remains indispensable. Two pivotal approaches — human-led security testing and human-centric cybersecurity (HCC) — have gained prominence, each contributing distinct strengths. However, these strategies often function in silos, creating fragmented defenses. To achieve comprehensive cyber resilience, organizations must integrate these methods with advanced technologies like automation and data analytics.

Human-led security testing leverages the intuition and expertise of cybersecurity professionals. Ethical hackers and penetration testers bring invaluable insights, uncovering vulnerabilities that automated tools may overlook. Their ability to simulate real-world attack scenarios allows organizations to anticipate and neutralize sophisticated cyber threats dynamically. This approach ensures tailored defenses capable of adapting to specific challenges.

On the other hand, human-centric cybersecurity (HCC) focuses on empowering end users by designing security measures that align with their behaviours and limitations. Traditional tools often burden users with complexity, leading to risky workarounds. HCC addresses this by creating intuitive, accessible solutions that seamlessly integrate into daily workflows. When users perceive these measures as helpful rather than obstructive, compliance improves, enhancing overall security frameworks.

Technology acts as a vital bridge between these human-driven approaches. Automation and data analytics provide scalability and efficiency, handling repetitive tasks and processing vast data volumes. Real-time threat intelligence and continuous monitoring enable organizations to identify and respond to emerging risks quickly. This technological backbone allows human experts to focus on addressing complex, strategic challenges.

Integrating these elements fosters a proactive security culture where people, not just systems, are central to defense strategies. Educating employees, conducting regular threat simulations, and promoting secure behaviors through incentives help build shared responsibility for cybersecurity. Research forecasts that by 2027, half of large enterprises will adopt HCC strategies, prioritizing security behavior and culture programs (SBCPs). These initiatives utilize simulations, automation, and analytics to encourage informed decision-making and enhance incident reporting.

A holistic cybersecurity approach blends human intuition, user-friendly processes, and technology-driven efficiency. Human-led testing uncovers evolving threats, while HCC empowers employees to respond confidently to risks. Automation and analytics amplify these efforts, providing actionable insights and driving continuous improvements. Together, these elements create a robust, forward-thinking cybersecurity environment capable of meeting the challenges of an ever-evolving digital world.

Read more »
malware
Computer Hacking Cyber Security Tool Dark Web Dark web malware Hacking Tools malware

Dark web listings for malware aimed at companies on rise


There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.

A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.

In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.

"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.

"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."

McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.

The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.

Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.
Read more »
Security Tools
Computer Security Cyber Security Tool Cyberattack Google Google Security Tools Security Tools

Google’s security tools can shield from cyber-attacks

Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts.

The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.

Let's take a look.

Advantage

Adding phone number can fend off bot-based attacks.

Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.

The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.

Protection

Two-factor authentication offers highest security.

Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now.

The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

Security key offers strongest shield.

Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.

Risk

Google also showed what happens when you don't use 2SV.

The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.

These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on.

The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.
Read more »
Information Security
Cyber Security News Cyber Security Tool Featured Hacking Tools Information Security

Will Cyber Security Companies shift their Headquarters out of US?


Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.


Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.
Read more »
Subscribe to: Comments (Atom)