Following our recent announcement about supporting the open source community, LimaCharlie is excited to share that we have decided to sponsor the IntelOwl project.

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself. Figure 1: The malicious spam message The messages in this campaign have two things in common.

Read also: Italy’s state railway operator halts ticket sales due to a suspected cyberattack, malicious npm packages target Azure developers, and more.

When it comes time for an employee to leave your organization, you want it to be on friendly terms. But there are definitely limits to how friendly you want folks to be after they leave. Especially when it comes to accessing materials from their old position for their new endeavors. In a recent bizarre case, it was reported that a former acting Department of Homeland Security Inspector General has pleaded guilty to stealing government software and data for use in his own product.

Trading on the stock market has only grown more complex in the past few decades. Thanks to high frequency trading (HFT) and the rise of Big Data in financial markets, it’s impossible for an individual investor, trader or stock analyst to make the right investment decisions quickly enough to react to an increasingly complex market. With traders needing to make investment decisions on-the-spot in seconds, not minutes, it’s unsurprising that they have turned to rule-based automation and AI.

On March 21st, President Biden released a warning about the possibility of Russian cyber warfare attacks against targets in the West as a response to sanctions. This is apparently backed by “evolving intelligence” and specifically mentions American companies and critical infrastructure.

Infrastructure security is something that is important to get right so that attacks can be prevented—or, in the case of a successful attack—damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure. Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening, and network security.

Everyday business documents continue to be one of the biggest sources of data leakage. The Facebook leaks and WikiLeaks are prime examples of the damage such breaches can wreak. Even with the best security tools in place users seem to always be able to find a way to circumvent security. Or, as in most cases, accidentally share data with the wrong audience creating a security issue.

Many Static Application Security Testing (SAST) tools struggle with false positives. They often report that a vulnerability is present, while, in reality, it does not exist. This inaccuracy weighs down the engineering team, as they spend productive hours triaging the false alarms. By setting a benchmark of false positives — a limit, above which is unacceptable — you can establish a point of reference or standard against which to measure the efficacy of your SAST tool.