Analysts rely on User and Entity Behavior Analytics (UEBA) tools to track anomalies, investigate incidents, and respond to cybersecurity threats. However, the varying nature of user and entity behaviors across different organizations means that predetermined thresholds often fail to account for unique baselines. Even within the same environment, temporal variations can cause significant differences in monitoring signals.

LNK (shortcut) files are a common starting point for many phishing campaigns. Threat actors abuse the unique properties of LNK files to deceive users and evade detection and prevention countermeasures, making them potent tools for compromising systems and networks. In this blog, we'll provide an in-depth analysis of recent LNK phishing campaigns, examining the tactics, techniques, and procedures (TTPs) employed by threat actors.

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT team officially has a Zero-Day vulnerability/exploit on their hands! A zero-day vulnerability is a software vulnerability discovered by attackers before the vendor has become aware of it.

Ongoing monitoring is a key step in effective Third-Party Risk Management (TPRM) that helps ensure continuous compliance, cybersecurity performance, and risk management of external vendors and service providers. It’s a necessary step that reinforces how vendors are managing their cybersecurity processes to prevent potential data breaches or reputational damage.

We’re excited to announce that the Snyk Language Server (LS for short) can now be integrated with your existing IntelliJ IDEs.

With 86% of UK adults using a form of online or remote banking and high street banks closing in record numbers, banking websites have become an integral part of our daily lives. They have changed how we manage our money, allowing us to send and receive money from anywhere in the world, open or close accounts at the click of a button (or tap or a screen), and avoid queuing in physical banks. They have also transformed the UK's criminal landscape.

Security-Enhanced Linux (SELinux), initially known for its perceived complexity in configuration and maintenance, has evolved into an indispensable security architecture across most Linux distributions. It empowers administrators to finely control the actions permitted to individual users, processes, and system daemons, thereby bolstering defense against potential security breaches.

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware. “Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware,” the researchers state.

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails. This practice not only helps in identifying and mitigating potential threats, but also plays a significant role in educating and creating awareness among employees. The importance of reporting suspected phishing emails cannot be overstated, as it acts as a last line of defense against cyber threats.

You might already know a fair bit about r2frida by now - its definition, usage, features, installation, and examples - something we discussed in the previous blog of this series. In case you missed out on it, you can find it here. In this blog, we will explore how r2frida can be instrumental in manipulating an iOS app's runtime.

At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.