Tag Archive for: hacker

How to Think Like a Hacker — and Defend Your Data


How do hackers hack?

What tools and techniques are commonly used against organizations to gain unauthorized access into systems?

Where can we learn about the mindset of hackers and how to best protect our personal and professional data?


How can you disrupt (or stop) your information from being stolen?

WHO IS MISHAAL KHAN?

A few weeks back, I was in Las Vegas for the World Game Protection Conference as an invited keynote speaker covering ransomware stories. The presentation immediately prior to mine on the main stage was given by Mishaal Khan, who gave an entertaining keynote that demonstrated how hackers “do their thing” — often with information that is openly available to everyone online.

Not only did I enjoy and learn from Khan’s presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity practice lead, in addition to his hacking roles. Mishaal is also an advocate for better online privacy, and he offers tips to audiences on how to protect your data.

You can learn more about Khan at his website bio. He’s co-author of The Phantom CISO, and he leans into the “hacker with a hoody” persona — which many in the cybersecurity industry shy away from. He also offers many presentations, podcasts and other online cyber resources at his website.

mishaal.jpg

Dan Lohrmann (DL):  Have you always wanted to be a hacker? When did you discover that you “think like a hacker”?

Mishaal Khan (MK): Ever since my middle school days, I’ve been immersed in a world of gadgets and computer parts, all thanks to my dad’s computer repair shop. Surrounded by the hum of computer fans, I couldn’t help but be drawn into the intricate workings of computers. As my understanding…

Source…

New Malware, Hacker Recruitment, and Global Threats Unveiled


Welcome to this week’s edition of the Cyber Security News Recap, diving into the forefront of cybersecurity advancements and the latest global threats. Our mission is to arm you with the knowledge needed to safeguard your digital landscape. From the recruitment of pentesters by a notorious hacker group to the discovery of innovative malware exploiting telecommunications protocols, we’ve got you covered.

Emerging Threats and Advanced Malware

One of the most concerning developments is the discovery of GTPDOOR, a Linux malware exploiting the GPRS protocol for stealthy command and control (C2) communication. Originating from the LightBasin hacker collective, this malware poses a significant threat to telecommunications networks, allowing attackers to spy on infected devices and exfiltrate sensitive data. Alongside, the Lazarus group’s exploitation of a Windows Kernel 0-day vulnerability in the wild demonstrates the increasing sophistication of cyber-attacks. Additionally, the startling revelation that millions of GitHub repositories have been infected with malicious code underscores the widespread vulnerability of open-source platforms.

Innovations in Cybersecurity Tools and Techniques

Amidst the alarming news, the cybersecurity community continues to innovate. The release of HackerGPT 2.0, a ChatGPT-powered AI tool for ethical hackers, marks a significant advancement in leveraging artificial intelligence for cybersecurity defense. Similarly, the deployment of the Stellar Cyber Open XDR platform by RSM US aims to enhance the security posture of clients by providing comprehensive threat detection and response capabilities. The publication of the NIST Cybersecurity Framework 2.0 offers updated guidelines for improving cybersecurity practices across industries.

Global Responses and Preventative Measures

On the global stage, the Five Eyes agencies’ exposure of Russian APT29 cloud attack tactics highlights the ongoing cyber espionage activities and the need for increased international cooperation in cybersecurity. Furthermore, the FBI and CISA’s warning about the ALPHV Blackcat ransomware targeting hospitals underscores the…

Source…

Hacker group hides malware in images to target Ukrainian organizations


A group of attackers targeting Ukraine-affiliated organizations has been delivering malicious payloads hidden within the pixels of image files. Known as steganography, it is just one of many advanced techniques the group uses to evade detection as part of a malware loader known as IDAT.

Tracked as UAC-0184 by several security firms, as well as the Computer Emergency Response Team of Ukraine (CERT-UA), the group was seen targeting Ukrainian servicemen via phishing emails masquerading as messages from Ukraine’s ​​3rd Separate Assault Brigade and the Israeli Defense Forces (IDF). While most of the recipients of these messages were located in Ukraine, security firm Morphisec has confirmed targets outside of the country as well.

“While the adversary strategically targeted Ukraine-based entities, they apparently sought to expand to additional entities affiliated with Ukraine,” researchers said in a new report. “Morphisec findings brought to the forefront a more specific target — Ukraine entities based in Finland.” Morphisec also observed the new steganography approach in delivering malicious payloads after the initial compromise.

Staged malware injection ends with Remcos trojan

The attacks detected by Morphisec delivered a malware loader known as IDAT or HijackLoader that has been used in the past to deliver a variety of trojans and malware programs including Danabot, SystemBC, and RedLine Stealer. In this case, UAC-0184 used it to deploy a commercial remote access trojan (RAT) program called Remcos.

“Distinguished by its modular architecture, IDAT employs unique features like code injection and execution modules, setting it apart from conventional loaders,” the Morphisec researchers said. “It employs sophisticated techniques such as dynamic loading of Windows API functions, HTTP connectivity tests, process blocklists, and syscalls to evade detection. The infection process of IDAT unfolds in multiple stages, each serving distinct functionalities.”

The infection happens in stages, with the first stage making a call to a remote URL to access a .js (JavaScript) file. The code in this file tells the executable where to look for an…

Source…

Hacker exposed weakness in German electronic ID, magazine reports


A hacker has reportedly uncovered security gaps in the online functions of Germany’s new national ID cards, according to the news magazine Der Spiegel.

Using his own software instead of the official government AusweisApp, the hacker managed to access login data for the so-called eID function of Germany’s identity card, which is intended to allow German citizens to securely identify themselves online.

According to the report, this is activated for more than 50 million ID card holders and serves as the basis for digital administrative procedures. It is also used for identification at banks, among other things.

The hacker, who goes by the pseudonym “CtrlAlt,” used the trick to open an account at a major German bank under someone else’s name.

A spokesman for the Chaos Computer Club (CCC), a well-known German hacker and computer security group, confirmed to Der Spiegel that the hacker had exposed a critical point in the eID procedure on mobile devices.

“This is a realistic attack scenario,” the spokesman told the news magazine. “It must be prevented that an ID app other than the officially approved one can register and log into the cell phone for eID authentication.”

The hacker had already informed Germany’s Federal Office for Information Security (BSI) of his findings on December 31.

The agency told Der Spiegel that it saw no reason to “change the risk assessment for the use of the eID,” since the vulnerability appeared to be not in the eID system itself but in devices used by consumers.

However, the agency said it would still examine a possible adjustment to the system.

Source…