Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerable Networks
Bug Cisco Cloud Security Critical Flaws Device Security iOS Security flaw Vulnerabilities and Exploits Vulnerable Networks

Cisco SD-WAN Security Flaw Allows Root Code Execution

 

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation flaw in the IOS IE operating system, which could result in arbitrary code execution. 

Cisco's SD-WAN portfolio enables enterprises of all sizes to link different office sites over the cloud utilising a variety of networking technologies, including standard internet connections. Appliances at each location allow advanced analytics, monitoring, application-specific performance specifications and automation throughout a company's wide-area network. Meanwhile, IOS XE is the vendor's operating system that runs those appliances. 

The vulnerability (CVE-2021-1529) is an OS command-injection flaw that allows attackers to execute unexpected, harmful instructions directly on the operating system that would otherwise be inaccessible. It exists especially in the command-line interface (CLI) for Cisco's IOS XE SD-WAN software, and it could permit an authenticated, local attacker to run arbitrary commands with root privileges. 

According to Cisco’s advisory, posted this week, “The vulnerability is due to insufficient input validation by the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.” 

The alert further stated that the exploit method would comprise authenticating to a susceptible device and delivering "crafted input" to the system CLI. An attacker with successful compromise would be able to read and write any files on the system, execute operations as any user, modify system configurations, install and uninstall software, update the OS and/or firmware, and much more, including subsequent access to a corporate network. 

CVE-2021-1529 has a rating of 7.8 on the CVSS vulnerability-severity scale, and researchers and the Cybersecurity and Infrastructure Security Agency (CISA) have advised organisations to fix the problem as soon as possible. 

Greg Fitzgerald, the co-founder of Sevco Security, cautioned that some firms may still have outdated machines connected to their networks, which might provide a hidden threat with issues like these. 

He stated in the email, “The vast majority of organizations do an excellent job patching the vulnerabilities on the systems they know about. The problem arises when enterprises do not have complete visibility into their asset inventory, because even the most responsive IT and security teams can’t patch a vulnerability for an asset they don’t know is connected to their network. Abandoned and unknown IT assets are often the path of least resistance for malicious actors trying to access your network or data.”

This is solely the latest SD-WAN vulnerability addressed by Cisco this year. It patched many significant buffer-overflow and command-injection SD-WAN flaws in January, the most serious of which could be abused by an unauthenticated, remote attacker to execute arbitrary code with root privileges on the affected server.
Read more »
Tokyo Olympics
Cyber Attacks DDOS Attacks Russian Hackers Stealing of Sensitive data Tokyo Olympics

Nearly Half a Billion Cyberattacks Targeted the Tokyo 2020 Olympic Games

 

The NTT Corporation, which was in charge of supplying a large portion of the network security and telecommunications services for the 2020 Olympic and Paralympic Games in Tokyo this year, claimed that over 450 million attempted cyberattacks occurred throughout the event. Officials from the company have stated that none of the attacks were successful and that the games went off without a hitch. Despite this, the total number of attacks was 2.5 times higher than during the 2012 London Olympics. 

Emotet malware, email phishing, and phoney websites that looked like the official Games sites were among the assault types, according to NTT. NTT further claims that the attacks were successfully thwarted due to 200 cybersecurity professionals who had undergone extensive training and simulations of anticipated attacks before the games. These dangers were not unexpected; the company had anticipated ransomware and Distributed Denial of Service (DDoS) attacks from state-sponsored hackers, as well as strikes against key infrastructure.

"Cybercriminals certainly saw the Games -- and its related supply chain -- as a high-value target with low downtime tolerance. After all, crime follows opportunity. And with connected stadiums, fan engagement platforms, and complete digital replicas of sporting venues and the events themselves becoming the norm, there's plenty of IT infrastructure and data to target -- and via a multitude of components," NTT's Andrea MacLean said. 

NTT released a detailed report on the games, stating that it offered both communication and broadcasting services to connect the Games venues with the Tokyo Big Sight, which served as an International Broadcast Centre. To prepare its cybersecurity team, NTT stated it performed various cybersecurity training programmes and ran simulations ahead of the event. 

However, NTT was not the only corporation to foresee the threats. The FBI also issued a private advisory before the event, advising individuals working on the 2020 Olympics to be prepared for possible threats. According to the FBI report, the attacks could include "threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak sensitive data, or impact public or private digital infrastructure supporting the Olympics, or impact public or private digital infrastructure supporting the Olympics." 

The FBI's notification went on to mention the Pyeongchang cyberattack in February 2018, when Russian hackers used the OlympicDestroyer malware to destroy web servers during the opening ceremony.
Read more »
Windows Exploit
Chrome Attack Chain Malicious Codes Vulnerabilities and Exploit Windows Exploit

Magnitude Exploit Kit Adds Rare Chrome Attack Chain to Target Chrome Users

 

The handlers of the Magnitude exploit kit (EK) have added two new exploits in their arsenal, capable of targeting chromium-based browsers operating on Windows systems. It is a very rare sight since the very few exploit kits that are still active have mainly focused on Microsoft’s Internet Explorer over the past few years. 

Security experts with Avast uncovered a new chain of exploits for attacks on users of the Chrome browser. The two new exploits CVE-2021-21224 and CVE-2021-31956 affect the Google Chrome browser and Microsoft Windows platform, respectively.

The first exploit in the chain CVE-2021-21224, which Google patched in April 2021, is a type confusion vulnerability in the V8 rendering engine that allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page.

The second exploit CVE-2021-31956 is a privilege escalation vulnerability in Windows that leads attackers to bypass Chrome’s sandbox and secure system privileges. The vulnerability was addressed in June 2021. The two flaws were previously chained in malicious activity that Kaspersky named PuzzleMaker, but it couldn’t be linked to any known adversary. 

“The attacks we have seen so far are targeting only Windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). Build 19043 (21H1) is not targeted. The exploit for CVE-2021-31956 contains hardcoded syscall numbers relevant just for these builds. For the time being, the activity doesn’t appear to involve the use of a malicious payload, although it does lead to the victim’s Windows build number being exfiltrated,” Avast said. 

“Since Magnitude typically tests newly implemented exploits in this manner, it’s likely that malicious attacks will follow soon, likely deploying the Magniber ransomware,” Avast added. First discovered in 2017, Magniber was attributed right from the start with Magnitude, and was believed to be developed by the EK’s handlers. 

While the discovery of Avast is important because of a rare sighting of an exploit kit going after Chrome and Chromium-related browsers, other questions still remain, such as how the “half-dead” EK group got its hands on such a high-grade exploit chain and how effective is the exploit chain, to begin with. Fortunately, the Windows exploit is not universal and will only work against a small number of Windows 10 versions.
Read more »
Indexed Finance
$16 million Cyber Attacks DeFi Hacked Hacker Indexed Finance

The Hacker who Stole $16 Million of Indexed Finance, Gets Identified

 

Indexed Finance, decentralized finance (DeFi) technology that enables token holders to monitor market indices, has identified the attacker who stole their $16 million. 

On Thursday, October 14th, the DeFi protocol stated that it had been the victim of a flash loan attack in which the attacker stole $16 million. The attacker reportedly created new tokens valued for millions after overloading the system with fresh assets and causing price fluctuations. 

The Indexed team stated in a post-attack statement that the breach "was a pretty devastating one" and damaged the DEFI5 and CC10 indexes. The address utilized to take the cash, according to the investigation report, was 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe. 

Indexed Finance urged the attacker to retain 10% of the cash and refund the remainder within hours after the attack. However, once this deadline passed and an ultimatum to refund 100 percent of the stolen monies passed, the team stated that it had established connections that identified the hacker.

The team went on to explain that, while the attack was initially overlooked, investigations revealed that the attacker funded their wallet with accounts at crypto exchanges FTX and Kraken. Both exchanges required users to perform know your customer checks, which Indexed Finance was able to examine to identify the person behind the $16 million crime. 

"In the minutes before the deadline elapsed, @ZetaZeroes made changes to his accounts that have made us realize at the last minute that the attacker is significantly younger than we thought," the protocol wrote. 

Until the hacker's identity has been determined, Indexed Finance has placed a "hold" on disclosing any more information whereas an internal discussion on how best to proceed considering the hacker's age takes place. 

Nevertheless, the NDX coin is still under pressure in the marketplace, having dropped by 7% in the last week due to the attack. Currently, the token was trading at roughly $2.65 per US dollar with a -2.11% drop.
Read more »
virus
Digital signature FiveSys Rootkit Mallicious Attacks malware Microsoft Certification Proxy Server Rootkit threats virus

FiveSys Rootkit Exploits Microsoft-Issued Digital Signature

 

A rootkit termed FiveSys can potentially avoid detection and enter Windows users' PCs by abusing a Microsoft-issued digital signature, as per the Bitdefender security experts, 

Microsoft introduced rigorous requirements for driver packages that aim to receive a WHQL (Windows Hardware Quality Labs) digital signature to prevent certain types of malicious attacks, and starting with Windows 10 build 1607, it prevents kernel-mode drivers from being loaded without such a certificate. 

Malware developers, on the other hand, seem to have discovered a way to bypass Microsoft's certification and obtain digital signatures for their rootkits, allowing them to target victims without raising suspicion. 

Microsoft confirmed in June that intruders had successfully submitted the Netfilter rootkit for certification via the Windows Hardware Compatibility Program. Now, Bitdefender's researchers warn that the FiveSys rootkit also has a Microsoft-issued digital signature, implying that this might soon become an emerging trend in which adversaries successfully verify their malicious drivers and signed by Microsoft. 

According to the researchers, FiveSys is comparable to the Undead malware that was first disclosed a few years ago. Furthermore, the rootkit, like Netfilter, is aimed towards the Chinese gaming industry. 

Bitdefender stated, “The attackers seem to originate from China and target several domestic games. We can confidently attribute this campaign to several threat actors, as their tools share the same functionality but are vastly different in implementation.” 

The rootkit directs Internet traffic to a custom proxy server using a frequently updated autoconfiguration script that comprises a list of domains/URLs. Furthermore, the rootkit can prohibit drivers from the Netfilter and fk_undead malware families from being loaded by using a list of digital signatures. 

Moreover, FiveSys offers a built-in list of 300 supposedly randomly created domains that are encrypted and are intended to circumvent possible takedown attempts. Bitdefender also claims to have discovered multiple user-mode binaries that are used to obtain and execute malicious drivers on target PCs. 

FiveSys appears to use four drivers in all, although only two of them were isolated by the security experts. After discovering the abuse, Microsoft cancelled FiveSys' signature.

While the rootkit is being used to steal login credentials from gaming accounts, it is likely that it may be utilised against other targets in the future. However, by following a few easy cybersecurity safeguards, one can prevent falling prey to such or similar assaults.

Botezatu recommended,  "In order to stay safe, we recommend that users only download software from the vendor's website or from trusted resources. Additionally, modern security solutions can help detect malware – including rootkits – and block their execution before they are able to start." 
Read more »
User Security
Cyber Security Fingerprint Security Researchers United States User Privacy User Security

Gummy Browsers Attack Lets Hackers Spoof Browser's Digital Fingerprints

 

Gummy Browsers is a new fingerprint collecting and browser spoofing threat developed by university researchers in the United States. They warn about how simple it is to carry out the attack and the serious consequences it might have. The 'Gummy Browsers' attack involves obtaining a person's fingerprint by forcing them to visit an attacker-controlled website, then utilizing that fingerprint to fake that person's identity on a target platform. 

The researchers created the following way to impersonate the user on other sites after establishing a fingerprint of the user using existing or custom scripts: 

 • Script injection - Spoofing the fingerprint of the victim by running scripts (with Selenium) that deliver values retrieved from JavaScript API calls. 

 • Browser setting and the debugging tool - Both can be used to change the browser attributes to any custom value, which affects both the JavaScript API and the HTTP header value. 

 • Script manipulation - Modifying the scripts placed in the website before they are transmitted to the webserver to change the browser properties with faked values. 

A digital fingerprint is a one-of-a-kind online identifier linked to a certain person based on a device's characteristics. IP addresses, browser and OS versions, installed software, active add-ons, cookies, and even how a user moves their mouse or enters on the keyboard are all examples of these characteristics. These fingerprints can be used by websites and advertisers to verify that a visitor is human, monitor a user across several sites, and serve tailored advertising. Some authentication systems use fingerprints as well, allowing MFA or other security features to be circumvented if a valid fingerprint is identified. 

The researchers claimed they could fool state-of-the-art fingerprinting solutions like FPStalker and Panopliclick for long periods of time by just capturing the victim's fingerprint once. 

The researchers explained their findings in an Arxiv paper, "Our results showed that Gummy Browsers can successfully impersonate the victim’s browser transparently almost all the time without affecting the tracking of legitimate users." 

The attack system obtained average false-positive rates of greater than 0.95 in experimental tests, meaning that most of the faked fingerprints were misidentified as real ones, successfully fooling the digital fingerprinting algorithms. A breach of ad privacy and a bypass of defensive procedures put in place to verify users and detect fraud are two consequences of such an assault. 

"The impact of Gummy Browsers can be devastating and lasting on the online security and privacy of the users, especially given that browser fingerprinting is starting to get widely adopted in the real world," the researchers concluded. "In light of this attack, our work raises the question of whether browser fingerprinting is safe to deploy on a large scale."
Read more »
Russia
Data Breach Database Compromised Database Leaked Moscow Moscow Cyber Security Russia

Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

Read more »
Stolen Database
Cyber Attacks Private Data Ransomware attack Stolen Database

AvosLocker Ransomware Gang Target Motherboard Vendor Gigabyte

 

Taiwanese computer hardware vendor Gigabyte Technology Co. Ltd. has allegedly been hit by a ransomware attack, the second time in three months. The previous attack on the firm, occurred in August when the RansomEXX gang stole 112 gigabytes of sensitive data. 

The latest attack came to light when DarkWeb Criminal Intelligence noticed on Twitter that a group going by the name of AvosLocker is claiming to have successfully targeted the company and is publishing the samples of stolen data as proof. The ransomware gang was first discovered searching for affiliates on underground forums in late June. 

According to Privacy Sharks, the ransomware gang has released some stolen data as proof that they did indeed successfully target Gigabyte. The stolen data includes passwords and usernames, employee payroll details, human resources documents, and credit card details. 

Additionally, the shared 14.9 MB sample also contains documents linked to the relationship between Gigabyte and several firms including Barracuda Networks Inc., Blizzard Entertainment Inc., Black Magic, Intel Corp., Kingston Technology Corp., Amazon.com Inc., and Best Buy Co. Screenshots. 

If the stolen data is authentic as ransomware gang claims, then it could be a major concern for Gigabyte, especially since a report earlier this month indicated that AvosLocker is planning a twist to the classic double-extortion model to punish non-paying victims by auctioning their data rather than just free release. 

“The details in the file tree should be extremely concerning to Gigabyte as they consider the impact of this breach. In most double extortion schemes, the data theft focuses on quantity rather than quality. The file tree from this dump suggests that in this case, the threat actor focused on quality,” Jake Williams, co-founder and chief technology officer at incident response firm BreachQuest Inc. stated. “To facilitate sales, AvosLocker must steal data that’s worth buying,” he said.

“The file tree (directory listing) teased by AvosLocker certainly appears to be the kind of data that would be valuable to a multitude of cybercriminals.,” he added. Ransomware assaults have been on the surge since the infamous WannaCry attack in 2017. 

According to a report by Comparitech, in 2021 alone US firms suffered a loss of US$21 billion due to ransomware attacks. 

“The selective leaking of information is a method to further entice victims into paying the ransom, noting that this will keep occurring as long as the economics favor paying a ransom John Bambenek, principal threat hunter at information technology and security operations company Netenrich Inc. stated. What will be interesting to see is how this method of auctioning data will change the math, but in the end, crime on the internet still pays,” the report read. 
Read more »
USA
Cyber Attacks Extortion Groove Ransomware Gang Orange Ransomware REvil USA

Groove Ransomware Gang Approaches other Ransomware Gangs to Strike Attacks against the US

 

Following the shutting down of REvil's networks and infrastructure last week by the law authorities, the Groove ransomware gang has called on certain other extortion organizations to strike US interests. 

The REvil ransomware campaign was halted again during the weekend, according to Bleeping Computer, when an unidentified third party hacked its dark web domains. The Russian-led REvil ransomware syndicate was brought down by an extensive multi-country law enforcement investigation in the last week, which led to its network getting hacked and getting knocked offline again for the second time, in the latest effort taken by governments to destabilize the lucrative ecosystem. 

Whilst this takedown, a recognized REvil operator alleged that the unknown party was "looking" for them by changing configuration settings to lure the threat actor into visiting a site maintained by the mysterious entity. According to Reuters, REvil's takedown was the culmination of a multinational law enforcement effort that included FBI assistance. 

In a Russian blog post, the Groove ransomware group urged all the other ransomware organizations to target and attack US interests. 

The blog post also urges ransomware operators not to target Chinese enterprises, as organizations may need to utilize the nation as a haven if Russia takes a tougher stance against cybercriminals operating within its borders. 

The entire translated message, with some unacceptable phrases censored, read:

"In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing, unite and start xxcking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet while our boys were dying on honeypots, the nets from rude aibi squeezed their own... but he was rewarded with higher and now he will go to jail for treason, so let's help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies, I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors - the Chinese! I BELIEVE THAT ALL ZONES IN THE USA WILL BE OPENED, ALL xxOES WILL COME OUT AND xxCK THIS xxCKING BIDEN IN ALL THE CRACKS, I myself will personally make efforts to do this" - Groove ransomware. 

The possibility of assaults on US interests is consistent with previous information supplied this week to BleepingComputer by a threat intelligence analyst for a Dutch bank. 

After closing down and separating from the original Babuk Ransomware operation, a threat actor identified as 'Orange' created the RAMP hacker forum in July 2021. Because Orange still had control of Babuk's Tor site, he utilized it to build the hacker forum wherein he served as an administrator. Orange is also thought to be a symbol of the Groove ransomware attack. 

Orange recently resigned as the forum's administrator to explore a new venture, but he provided no additional details. 

In addition, a subsequent tweet implies that the malicious actor is likely launching a new ransomware campaign after actively seeking the purchase of network access to US hospitals and government entities. 

It's indeed unknown if 'Orange' would carry out these assaults on US firms as part of the Groove operation or initiate a separate ransomware campaign.
Read more »
User Security
Data Breach Data Leak Data Scrap Social Media Social media influencers User Data User Data Leak User Privacy User Security

Over 2.6 Million Data of Instagram and TikTok Users Exposed by Data Scrapers

 

Security researchers detected over two million social network user accounts scraped from the internet after they were unintentionally posted online by an analytics firm. 

Anurag Sen's team at reviews site SafetyDetectives discovered the data on a misconfigured Elasticsearch server that had been left accessible with no password security or encryption in place. It instantly traced the 3.6GB trove of over 2.6 million TikTok and Instagram accounts to IGBlade, a company that delivers marketing information on social media users to its clients. 

The researchers wrote, “The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” this is how we know the database belongs to IGBlade.com.” 

Although data scraping is not unlawful, and all of the user information in the leaked database was publicly available, it violates TikTok and Instagram's terms of service. The breach might also benefit cyber criminals, who can use the enormous amount of user information collected in one place to facilitate mass social engineering and fraud schemes. 

As per the report, the compromised data was publicly available online for more than a month before the research team discovered it and contacted IGBlade. The Romanian company obtained it on the same day, July 5. 

The database contained complete names and usernames, profile images, "about" information, email addresses, phone numbers, and geographical data. Celebrities such as Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray have all been caught up in the privacy issue. 

According to SafetyDetectives, the disclosure might find IGBlade in hot water with the two social media behemoths. Furthermore, if thieves had access to the trove, they might utilise it in subsequent phishing attempts and bulk robocalling frauds.  They might even utilise the collected profile pictures to build new bogus profiles for disinformation and fraud operations. 

SafetyDetectives stated, “Data scraping can make information for thousands or millions of users instantly accessible, as it’s all stored in the same place. For example, navigating logs in a database is a far quicker solution than navigating between each user on a social media site.” 

“In this case, cyber-criminals can use data scraping as a cybercrime accelerant rather than an enabler. It can accelerate the speed and scope of hackers’ criminal activities.”
Read more »
Threat actors
Cyber Security Email Hacking Open Source Software Security Researchers Threat actors

TA551 Employs the SLIVER Red Team Tool

 

According to cybersecurity firm Proofpoint, the cybercriminal group known as TA551 has demonstrated a significant shift in tactics with the inclusion of the open-source pentest tool Sliver to its arsenal. 

Proofpoint has been tracking TA551 as a criminal threat actor since 2016. Other security firms refer to it as Shathak. TA551 acquires access to stolen mails or hacked email accounts – commonly known as thread hijacking – which it exploits in email campaigns to disseminate malware, according to Proofpoint. Ursnif, IcedID, Qbot, and Emotet were among the malware payloads released by TA551. For ransomware threat actors, this actor serves as an initial access facilitator. 

The use of SLIVER by TA551 illustrates the actor's versatility. TA551 would compromise a victim and potentially broker access to enable the deployment of Cobalt Strike and eventually ransomware as an established initial access broker exploiting initial access via email threat campaigns. SLIVER allows TA551 actors to obtain rapid access to victims and engage with them, giving them more direct capabilities for execution, persistence, and lateral mobility. This could eliminate the need for secondary access. 

Proofpoint has discovered that their banking trojan-based operations have resulted in ransomware attacks. Proofpoint examines with a high level of certainty. In 2020, TA551 IcedID implants were linked to the Maze and Egregor ransomware attacks.

Proofpoint discovered emails that seemed to be answers to prior conversations but included password-protected compressed Word documents on October 20, 2021. Sliver, an open-source, cross-platform adversary simulation, and red team platform are downloaded from the attachments. The activity differed significantly from the strategies, techniques, and processes used in TA551. When a victim opens the zipped attachment, they are routed to a Microsoft Word document with macros. SLIVER is downloaded if macros are enabled. 

Information collection, command and control (C2) functionality, token manipulation, process injection, and other functions are all available for free online with SLIVER. Cybercrime threat actors are increasingly relying on red teaming techniques. Between 2019 and 2020, for example, Proofpoint saw a 161% rise in threat actors using the red teaming tool Cobalt Strike. Lemon Tree and Veil are two further offensive frameworks that appear to be employed as first-stage payloads by cybercriminals. 

Cybercriminals' adoption of Sliver comes only months after US and UK government agencies warned that Russian state-sponsored cyberspy organization APT29 had added the pentest framework to their arsenal. However, the move is unsurprising, as security specialists have long warned of the blurring line between nation-state and cybercriminal activity, with each side adopting strategies from the other to better mask their footprints, or engaging in both sorts of operations.
Read more »
Subscribe to: Comments (Atom)