This year’s Real World Cryptography Conference recently took place in Toronto, Canada. As usual, this conference organized by the IACR showcased recent academic results and industry perspectives on current cryptography topics over three days of presentations. A number of co-located events also took place before and after the conference, including the FHE.org…
Category: Interesting Stuff
DID YOU KNOW A CYBERATTACK HAPPENS EVERY39 SECONDS?
Read More This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only multiply manifold but become far more individualized.…
In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming more sophisticated and industries worldwide grappling with a digital environment that’s more integral to operations than ever before. …
AhnLab SEcurity intelligence Center (ASEC) has been publishing the Online Scams series to inform the readers about the ever-evolving scams. Prevention and blocking are the two most important measures to mitigate the damage inflicted by scams. Various security providers are supporting features to detect and block the damage from scams, financial frauds, and phishing.…
Spain’s most wanted cybercriminal arrested in Romania
Read More A mastermind behind the organized crime group responsible for various online fraud schemes has been detained in Bucharest, Romania. The individual, who had been on the run for several years, is linked to over 300 reported fraud cases across Spain, with illicit financial transactions totaling 10 million euros.…
Summary: This blog discusses AI jailbreaks, their impact on generative AI systems, and how to mitigate the associated risks and harms.
Threat Actor: N/A
Victim: N/A
Key Point :
An AI jailbreak is a technique that can bypass the defense mechanisms of AI models, leading to harmful consequences such as policy violations, biased decision-making, or execution of malicious instructions.…Summary: This content is the Android Security Bulletin for June 2024, which provides details of security vulnerabilities affecting Android devices and the corresponding security patch levels.
Threat Actor: N/A
Victim: Android devices
Key Point :
The Android Security Bulletin provides information on security vulnerabilities affecting Android devices.…Cyberthreat intelligence (CTI) can be a powerful weapon for protecting an organization from cyberattack, enabling teams to understand both the threats they face and the tactics, techniques, and procedures of their adversaries.
Views: 0…
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics
Targeted attacks Operation Triangulation: the final mysteryLast June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information and execute additional modules that extended their control over compromised devices.…
Why AI Will Not Fully Replace Humans in Web Penetration TestingContextual Understanding:AI handles large data volumes and identifies patterns.
Human testers understand the business context, industry specifics, user behavior, and regulatory requirements.
They prioritize findings based on potential impact on organizational objectives.Adaptability to Novel Threats:AI detects known vulnerabilities but may struggle with novel attack vectors or zero-day exploits.…
Read More This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.
TL;DRSekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…In this blog, we will learn how to write a YARA Rule to detect different samples from the same families and hunt for them on a scale.
This section defines the metadata for the rule such as (the description of the rule, the author’s name, the date of writing the rule, etc.)…
Hello and welcome back to the Cryptopals Guided Tour (previously, previously)! Today we are taking on Challenge 17, the famous padding oracle attack.
For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks on them.…
AhnLab Security Intelligence Center is publishing the “Online Scam” series to inform about the evolving scam threats. To reduce scam damages, prevention and blocking are crucial.
Many security companies provide features to detect and block scams, financial fraud, and phishing attacks. However, security products alone cannot prevent all scam threats.…
Read More *replace .bawang with .onion (use TOR to access it)*source: https://www.breachsense.com/
Darknet MarketsNameURLStatus0-DAYhttps://0-day.shopONLINEStealer credential leakshttps://whiteintel.ioONLINEDarth maul shophttps://1977.ws/ONLINE2EASYhttps://2easy.ccONLINEAlphaBay (Dark i2p)https://tnaefzkcnhryeusi7hdpqujqiqmnbtah3dmjcg3gvezohunjuxbq.b32.i2pONLINEAlphaBay (Dark Tor)http://alphabay522szl32u4ci5e3iokdsyth56ei7rwngr2wm7i5jo54j2eid.bawangONLINEArchetyphttp://4pt4axjgzmm4ibmxplfiuvopxzf775e5bqseyllafcecryfthdupjwyd.bawangONLINEAREShttp://sn2sfdqay6cxztroslaxa36covrhoowe6a5xug6wlm6ek7nmeiujgvad.bawangONLINEASEANhttp://asap2u4pvplnkzl7ecle45wajojnftja45wvovl3jrvhangeyq67ziid.bawangONLINEBIDEN CASH (Dark Tor)http://bidenjxwb7khlh3djrmi6zkkmggiuoh6cnxll7my7uk25ohe27pcfryd.bawangONLINEBIDEN CASH (free CVV – dark web)http://l5wy5mo2bqv4pm5ozschtmqool2uwju4emahlqzfxlwsdgxtppjcblad.bawangONLINEBIDEN CASH (free CVV – deep web)https://bidencash.stONLINEBLACKBONEShttps://blackbones.netONLINEBLACKPASShttp://blackpasspn7734jqltjj2qx4qez5gcpcwujuugymky3lzcmmcfpzbyd.bawangONLINEBOHEMIAhttp://bohemiaobko4cecexkj5xmlaove6yn726dstp5wfw4pojjwp6762paqd.bawangONLINEBOHEMIAhttp://bohemia65jifi6rj3dcvu23tks5teidk6wllndg62vb37f57e6ymtgid.bawangONLINEBRAINSCLUBhttps://brainsclub.toONLINEBRIAN’S CLUBhttps://briansclub.cmONLINEBR0K3Rhttp://brok3r7bhcblynwpoymgarr6zwcy4ttfbhkhcmotz4lw2gcsuojgaeqd.bawang/ONLINEB-P Markethttps://b-p.sale/ONLINECABYChttp://cabyceogpsji73sske5nvo45mdrkbz4m3qd3iommf3zaaa6izg3j2cqd.bawangONLINECARD STOREhttps://carding.storeONLINECARDING TEAMhttps://cardingteam.ruONLINECARDVILLAhttps://cardvilla.ccONLINECRIMEMARKEThttps://crimemarket.isONLINECRIMEMARKET (Dark)http://crimemosjicmij6jqtwww7wm2rmor5ymrs6wha6tzyiisxhy34go5sid.bawang/ONLINECVV SHOP DUMPShttp://masterc2oss6cmeiwd6hzz44ghjdvkw2og6zv5iczcrssrbkrbuhn3qd.bawangONLINECYPHERhttp://6c5qaeiibh6ggmobsrv6vuilgb5uzjejpt2n3inoz2kv2sgzocymdvyd.bawangONLINEDARKCLUBhttps://darkclub.pw/ONLINEDARKCLUB (Onion Site)http://darkclubolst4fiquh7eodn3gffa4jr3y6nrfdxxii3hboulgotjj4ad.bawangONLINEDARKCLUB (Onion Site 2http://darkclub7swbzf2ndqowmijp735urtfv6vp5z327vdga5iltlwzyapid.bawang//ONLINEDARK…No one is safe from scams. In fact, scams targeting corporations and organizations employ meticulously social-engineered attack scenarios. Unlike smishing targeting individuals or online shopping scams, such attacks design tailored phishing scenarios based on previously collected information about the target. As such, it is not easy for the victim organization to recognize the scam.…
Email forensics overview
Read More Email forensics involves the examination, extraction, and analysis of email data to gather digital evidence crucial for resolving crimes and specific incidents, ensuring the integrity of the investigation process.This investigative process encompasses various aspects of emails, focusing on:
Email content, including messages and attachments.…In this post, we'll demonstrate the Garbageman analysis tool. Garbageman is a .NET analysis tool that can be used to obtain information from packed or obfuscated .NET malware.
Here is a great blog on the internals of Garbageman. The TLDR is that Garbageman intercepts the memory management components of .NET…
This post is a continuation of "Malware Unpacking With Hardware Breakpoints".
Here we will be utilising Ghidra to locate the shellcode, analyse the decryption logic and obtain the final decrypted content using Cyberchef.
Locating the Shellcode Decryption Function In GhidraAt the point where the hardware breakpoint was first triggered, the primary executable was likely in the middle of the decryption function.…
Leveraging Ghidra to establish context and intent behind suspicious strings. Taking things one step further after initial analysis tooling like Pe-Studio and Detect-it-easy.
This is a great technique for working with Ghidra and establishing a starting point for analysis. It reduces total investigation time and allows one to determine why and how a string is contained within a file.…