Aggregator

11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious […]

Instructor: Carlos Fragoso

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post Recon Village – Maltego Community Workshop: OSINT & Custom Transforms appeared first on Security Boulevard.

 

Cyber
Crime Junkies podcast

Breaking
Down Risks in Cybersecurity – A great conversation on the Cyber Crime Junkies
podcast with David Mauro! 

We
covered so many different topics that the CISOs are struggling with:

•          Generative
  vs Agentic AI risks and opportunities

•          How
  cyber attackers leverage powerful tools like AI

•          Why
  defenders are slower than attackers in using AI

•          How
  attackers adapt with AI advantages

•          Why
  the value of security is a blind spot

•          The
  difficulty of cybersecurity metrics

•          Not
  all incidents are equal – preparedness matters

•          CISO
  and Board collaboration on common goals

•          Why
  CISOs are now business leaders

•          Different
  types of cybersecurity business value

•          Understanding
  the difference: Obstacles versus Opposition problems

•          The
  importance of good strategic goals

•          Why
  CISOs must be a good story teller

•          Examples
  of Board level metrics

Check
out the podcast on YouTube https://www.youtube.com/watch?v=Y60C5u6lzdI
and Spotify https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3&nd=1&dlsi=0bebeabd1b974a0d

 

Shameless
Plug: If you are interested in a CISO mentor or advisory help on the Board,
drop me a line. 

The post Breaking Down Risks in Cybersecurity appeared first on Security Boulevard.

Фриланс-биржи и VPN помогают скрывать истинное положение вещей.

Cyber threats are growing in sophistication, and adversaries are continually evolving their methods, targeting businesses, governments, and individuals with precision. For network defenders and fraud prevention teams, understanding this evolving landscape is critical to preempt attacks, mitigate risks, and protect key assets. But how do you stay ahead of these relentless attackers? The answer lies in HYAS's Infrastructure Intelligence.

This blog defines the concept of Infrastructure Intelligence, and establishes its components and how they empower security teams with unmatched visibility into adversary infrastructure. By leveraging Infrastructure Intelligence, organizations can turn raw data into actionable insights to detect, prevent, and respond to threats better than ever before.

Understanding Infrastructure Intelligence

At its core, Infrastructure Intelligence provides a detailed view of the infrastructure used by adversaries to plan and execute cyberattacks. It includes data related to adversary techniques and operations, enabling organizations to uncover critical details of attack campaigns.

Infrastructure Intelligence goes beyond traditional datasets offered by most threat intelligence feeds. It consolidates multiple layers of information and correlates them to deliver a contextualized understanding of cyber threats.

Here are the five key elements that define Infrastructure Intelligence:

1. Details on Attacker Infrastructure

The foundation of Infrastructure Intelligence lies in identifying the infrastructure footprint of malicious actors. This includes:

• Passive DNS Data: Historical records of DNS queries, enabling investigators to trace domains used in past attacks.
• WhoIs Records: Ownership and registration details of domains involved in malicious activities.
• Certificate Data: SSL certificates that shed light on the configuration of adversary infrastructure and shared resources.

Such information serves as the bedrock for tracing adversary origins and methods, and is not unlike the internet intelligence providers going back to the early days of companies like RiskIQ.

2. Enhanced Datasets for Advanced Threat Analysis

While traditional internet intelligence (e.g., passive DNS or WhoIs data) remains valuable, Infrastructure Intelligence extends far beyond this:

• Command and Control (C2) Infrastructure: Insights into adversaries’ malicious servers and tools used for attack coordination.
• Specialized WhoIs and Geospatial Data: Granular exclusive datasets offering unmatched visibility into attacker identify, location, and behavior.
• Internal Account Details: Data from private sources to link threat activity to specific aliases and unique IOCs.
• Malware Infrastructure: Comprehensive details on new malware infrastructure, providing teams with better information on malware families and related context to effectively block new and existing threats.

These expanded datasets enable investigators with an ability to detect and respond to threat actor activity with new levels of precision.

3. Correlating Data to Manufacture Better Context

Infrastructure Intelligence is not just about collecting data; it’s about connecting the dots. It correlates diverse intelligence "nuggets" and generates a more unified view of threats.

For example, imagine uncovering a domain linked to phishing attacks. Infrastructure Intelligence fingerprints past DNS resolutions and connects that domain to command-and-control servers, associated IP addresses, and related malware samples. It provides details about the identity and behavior of attackers that can lead directly to the take-down of their infrastructure and follow-on law enforcement actions. This correlation helps security teams see not just isolated events but the broader adversary ecosystem, and take active threat actors off the grid.

4. Answering Key Questions with a Proven "VRA" Model

Effective Infrastructure Intelligence provides answers to three critical questions commonly posed by threat hunters, fraud prevention investigators, and mission-specific teams in federal agencies and law enforcement:

• Verdicts on Indicators of Compromise (IOCs): Is this IP, domain, or observable malicious, benign, or suspicious? What evidence is available to support this assertion?
• Related Infrastructure: What other domains, IPs, or networks are associated with this activity? Connecting a piece of known-bad intelligence into a larger picture can be priceless in terms of protecting your organization.
• Threat Actor Information: Who is behind the attack? What can we ascertain about their goals and motivations, and also their behavior and identity? When attribution matters (I am looking at you fraud investigators and government types), there is no substitute for Infrastructure Intelligence.

This framework, often referred to as the "VRA" model (Verdict, Related Infrastructure, Actor Information), makes HYAS Infrastructure Intelligence essential in uncovering threats and proactively mitigating risks.

5. Geospatial and Behavioral Insights

To truly elevate your understanding of your adversary, Infrastructure Intelligence matrixes additional intelligence layers against the insights described above in several other ways:

• Geospatial Data: Pinpoint attacker locations to understand geographic footprints of campaigns and the spatial correlation of attacker activity with wifi networks, other adversaries, and more.
• Behavior-Based Indicators: Identify unusual network behaviors and patterns linked to adversarial activity.

These insights put the cherry on top of the Infrastructure Intelligence sundae, transforming raw technical data into actionable intelligence, and making it easier to act decisively to protect your organization or realize your operational mission.

Infrastructure Intelligence is Vital for Effective, Modern Cybersecurity

The value of HYAS Infrastructure Intelligence lies in its ability to provide actionable, real-time context that amplifies an organization’s security posture. Here’s why it matters:

1. Proactive Threat Mitigation

Unlike much of the noisy intelligence available to organizations today, Infrastructure Intelligence equips teams with the tools to detect attacks in their early stages (and even before they are launched) by shining a light on adversary infrastructure. By seeing these connections you can anticipate the attacker's moves and proactively block attacks.

2. Improved Incident Response

By correlating infrastructure data with threat actor activity, organizations can quickly identify root causes, contain threats, and reduce response times. This expedites investigations and enhances the speed and accuracy of remediation efforts.

3. Enhanced Decision-Making

With enriched datasets and contextual insights, decision-makers gain a comprehensive view of the cyber threat landscape. This ensures not only precise actions but also informed long-term strategies for enterprise cybersecurity.

4. Greater ROI on Security Investments

Infrastructure Intelligence acts as a force multiplier for existing security tools. Integrating these insights with SIEMs, threat hunting platforms, or DNS security solutions enhances ROI by improving overall effectiveness.

How Organizations Are Applying Infrastructure Intelligence

Real-world use cases illustrate the tangible benefits of this intelligence. Here are two examples:

1. Fraud Prevention in Financial Institutions

A major European bank prevented twice the amount of fraud it had previously by leveraging Infrastructure Intelligence to identify and block suspicious account infrastructure, saving millions in downstream fraud costs.

2. Defending Against APT Groups

Organizations dealing with advanced persistent threat (APT) campaigns, such as Typhoon cyber groups targeting critical infrastructure, have used Infrastructure Intelligence to uncover C2 servers and disrupt adversary tactics before widespread damage occurs.

These stories underscore the importance of HYAS Infrastructure Intelligence in safeguarding digital assets, protecting customers, and staying resilient in the face of sophisticated adversaries.

Take the Next Step in Threat Defense

Adversaries are getting smarter, faster, and more resourceful. To stay ahead, security leaders must equip their threat hunting and cyber fraud teams with the best tools available. HYAS Infrastructure Intelligence offers unmatched insight into adversary infrastructure, empowering teams to act decisively and protect their organizations.

If you’re looking to enhance your threat intelligence capabilities and learn more about HYAS Infrastructure Intelligence, now’s the time. Rig out your team with the only provider of Infrastructure Intelligence to uncover hidden threats, preempt attacks, and achieve a higher level of operational resiliency.

Learn more aboutHYAS Insight andcontact HYAS today

The post What is Infrastructure Intelligence? appeared first on Security Boulevard.

Алгоритм распознает блюда и оценивает их питательную ценность.

Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members, according to the shared messages.

Эксперименты доказали, что стабильный кофе — это вопрос контроля физических процессов.

Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]

Google acquires cloud security leader Wiz for $32B—the largest cybersecurity deal ever. This historic purchase boosts Google Cloud's security offerings, enhances its multicloud capabilities, and intensifies competition with Microsoft and AWS in the rapidly evolving cloud security landscape.

The post Google’s $32B Wiz Acquisition: A Watershed Moment in Cloud Security M&A appeared first on Security Boulevard.

Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.

ClearFake, a malicious JavaScript framework first identified in July 2023, has evolved with sophisticated new social engineering tactics. Originally designed to display fake browser update pages, the framework has undergone significant developments, incorporating more advanced deception techniques to deliver malware through compromised websites. The latest variant, discovered in December 2024, employs fake reCAPTCHA or Cloudflare […]

The post New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code appeared first on Cyber Security News.

A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts to trick users into transferring their funds to wallets controlled by attackers through a deceptive “mandatory wallet migration” scheme. How the Scam Works The phishing emails, with the subject line “Migrate to Coinbase wallet,” falsely […]

The post Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical Windows vulnerability that has been exploited since 2017 by state-sponsored threat actors has been uncovered recently by researchers. The vulnerability, tracked as ZDI-CAN-25373, allows attackers to execute hidden malicious commands on victims’ machines by leveraging specially crafted Windows shortcut (.lnk) files. This security flaw impacts how Windows displays the contents of shortcut files […]

The post 8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Hacker Groups appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Safe App 3.0.9. This issue affects some unknown processing. The manipulation leads to improper restriction of excessive authentication attempts. The identification of this vulnerability is CVE-2025-25595. The attack can only be done within the local network. There is no exploit available.