Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design.

We also have a deep dive into password safety, including common myths from social media. Attackers may not be looking at your tweets. However, elements of social engineering do open up passwords for exploitation in some similar ways.

This month’s expert insights also involve the state of today’s operational technology (OT) attacks, finding DLL sideloading attacks with the prototype Frida tool Windows Feature Hunter and a new way to execute .NET assemblies. Check out our top advice and news from July.

Quick Briefs: Top Insights From July

2-Minute Read 🕒

3 Myths About Threat Actors and Password Safety

Most of us have a little bit of anxiety about social media sharing. Who doesn’t cringe in sympathy (or schadenfreude) at the story of a senator who posted a picture of his password by mistake? As social media involves, keep up to date and refresh yourself on some of the basics around preventing password theft. Plus, see some common myths around password theft aren’t really worth worrying about.

3-Minute Read 🕒

What Is Domain-Driven Design?

Security review on software design can take months by itself. But what about security-driven design, where the idea that your product might be attacked (or present a weak link) is built in from the beginning? See how domain-driven design can combine security and the business domain that makes your product a worthwhile purchase. It’s the best of both worlds.

4-Minute Read 🕒

Your Home Away From Home May Not Be as Cybersecure as You Think

We’ve all heard the warnings about keeping your cybersecurity rigorous while working from home. With luck, people are starting to settle in to their workplace again in 2021, whether that’s at the office or remote. You might even be starting to think about going on vacation, when it’s safe to do. So don’t forget digital safety on the road, too. A chief technology officer and professional hacker walk through their vacation plans — the ways they keep their eyes on unsecured networks or smart house devices while on the go, that is.

Worth Your While: In-Depth Coverage To Sharpen Your Skills & Tighten Security

6-Minute Read 🕒

REvil Ransomware Gang Launches Major Supply Chain Attack — Downstream Impact May Affect Over 1,500 Customers

At the beginning of the month, IT management software firm Kaseya urged customers to shut down the Kaseya VSA remote management tool product, as they had found a compromise in the latest update. The infamous REvil ransomware gang inserted malicious code into the tool, an attack with ripples through the linked world of managed service providers. See who is affected and what to do about it to keep your business safe.

11-Minute Read 🕒

Don’t Be Rude, Stay: Avoiding Fork&Run .NET Execution With InlineExecute-Assembly

Take a look at a new Beacon Object File (BOF) that allows operators to execute .NET assemblies in process via Cobalt Strike. This is another option to the traditional built-in execute-assembly module, which uses the fork and run technique. Like any tool, it has its benefits and drawbacks, but can be a useful element to have in your tool belt.

4-Minute Read 🕒

Attacks on Operational Technology From IBM X-Force and Dragos Data

Here’s another deep dive into hard data. IBM X-Force and Dragos studied the major intrusion trends that may impact OT and industrial control systems today, including specific ransomware trends and OT-specific Trojans. See what attackers going after OT want, how the most high-profile types of attacks may not really be the ones you want to focus on and common entry points to make sure you close the right doors first.

June’s Expert Insight: Hunting for Windows “Features” with Frida — DLL Sideloading

Red team expert Chris Spehn goes into step-by-step detail on how to use Frida when it comes to Windows. While this toolkit is often used to analyze iOS and Android mobile apps, it can also be applied to desktop operating systems. Take a look at how attackers and offensive testers can identify potential DLL sideloading problems using the new Frida tool Windows Feature Hunter.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

More from Software Vulnerabilities

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis

13 min read - The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and remotely. This analysis was performed in collaboration with the Randori and X-Force Adversary Services teams, by Valentina Palmiotti, Fabius Watson, and Aaron Portnoy. Research motivations…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today