Attacks on 5G Infrastructure From Users’ Devices

Credit to Author: Salim S.I.| Date: Wed, 20 Sep 2023 00:00:00 +0000

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.

Read more

The Journey to Zero Trust with Industry Frameworks

Credit to Author: Alifiya Sadikali| Date: Wed, 09 Aug 2023 00:00:00 +0000

Discover the core principles and frameworks of Zero Trust, NIST 800-207 guidelines, and best practices when implementing CISA’s Zero Trust Maturity Model.

Read more

Zero Trust Frameworks for Industry

Credit to Author: Alifiya Sadikali| Date: Wed, 09 Aug 2023 00:00:00 +0000

Discover the core principles and frameworks of Zero Trust, NIST 800-207 guidelines, and best practices when implementing CISA’s Zero Trust Maturity Model.

Read more

New SEC Cybersecurity Rules: What You Need to Know

Credit to Author: Greg Young| Date: Thu, 03 Aug 2023 00:00:00 +0000

The US Securities and Exchange Commission (SEC) recently adopted rules regarding mandatory cybersecurity disclosure. Explore what this announcement means for you and your organization.

Read more

ChatGPT Shared Links and Information Protection: Risks and Measures Organizations Must Understand

Credit to Author: Matsukawa Bakuei| Date: Wed, 05 Jul 2023 00:00:00 +0000

Since its initial release in late 2022, the AI-powered text generation tool known as ChatGPT has been experiencing rapid adoption rates from both organizations and individual users. However, its latest feature, known as Shared Links, comes with the potential risk of unintentional disclosure of confidential information.

Read more

SeroXen Mechanisms: Exploring Distribution, Risks, and Impact

Credit to Author: Peter Girnus| Date: Tue, 20 Jun 2023 00:00:00 +0000

This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators.

Read more

SeroXen Incorporates Latest BatCloak Engine Iteration

Credit to Author: Peter Girnus| Date: Thu, 15 Jun 2023 00:00:00 +0000

We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware.

Read more

Analyzing the FUD Malware Obfuscation Engine BatCloak

Credit to Author: Peter Girnus| Date: Fri, 09 Jun 2023 00:00:00 +0000

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.

Read more

Healthcare cybersecurity updated in HIMSS23

Credit to Author: Kazuhisa Tagaya| Date: Fri, 19 May 2023 00:00:00 +0000

This update reports on the current state of cybersecurity in the healthcare industry from the CISA’s keynote in Cybersecurity forum of HIMSS23.

Read more

Rust-Based Info Stealers Abuse GitHub Codespaces

Credit to Author: Nitesh Surana| Date: Fri, 19 May 2023 00:00:00 +0000

This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities.

Read more