The Splunk Threat Research Team (STRT) has detected the resurface of a Crypto Botnet using Telegram, a widely used messaging application that can create bots and execute code remotely. The STRT has identified attacking sources from China and Iranian IP addresses specifically targeting AWS IP address space. The malicious actors behind this botnet specifically target Windows server operating systems with Remote Desktop Protocol.

Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing.

In an age when attackers create over a million phishing sites each month, and phishing serves as a beachhead for 95 percent of all attacks against enterprise networks, how can businesses respond? Part of the answer lies in educating users to recognize and report phishing, of course. But user education only goes so far – particularly because the same statistics cited above show that, on average, only 3 percent of users will report phishing emails.

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.

We’re going to talk about state versus change. For the purposes of our discussion, you need to know that Tripwire Enterprise offers something called TE Commander. Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a necessary function in most enterprise IT environments.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry?

Using unapproved tools, software, and devices is risky. You never know what vulnerabilities so-called shadow IT may have. The pandemic that began in 2020 put a new spin on the shadow IT problem. The sudden need to handle all processes remotely was a true challenge, since the majority of corporate networks were not configured to be safely accessed by employees from home.