Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity is an ever-changing landscape, and it’s essential to have the right people on your team, like a virtual chief information security officer. This person can help you protect yourself from cyberattacks by building out cyber security programming, including infrastructure protection, data management, and customer privacy concerns.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. This week a few quite chilling hacks appeared in my feed. They all may at first glance appear amusing but think how they could well have turned out…

In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage JScript launcher, how we extracted BlackByte binary from the second stage DLL, the inner workings of the ransomware, and our decryptor code. In this blog, we will detail how we analyzed and de-obfuscated the JScript launcher, BlackByte’s code, and strings.

Please click here for Part 2 UPDATE 19.October.2021 - Based on some reactions and responses to our BlackByte analysis, and specifically, the included decryptor, we wanted to provide an update and some clarification. First off, we’ve updated the decryptor on github to include two new files. One is the compiled build of the executable to make the tool more accessible and the second is a sample encrypted file “spider.png.blackbyte” that can be used to test the decryptor.

“Buy Now, Pay Later” (or BNPL) schemes are instant approval loans given at the point of sale on eCommerce websites. They are commonly seen on fashion websites, where shoppers are offered the chance to buy products right away and split the payment for their items over several months. Taking the FinTech world by storm in recent years, well-known BNPL providers include Klarna, Clearpay, Laybuy, Payl8r, Afterpay and Affirm.

A document sent to the US Congress published by Motherboard, the technology section of Vice, confirms that CIA personnel, the NSA and other members of the US Intelligence Community widely use ad blockers in their Internet browsers. This measure was adopted to remove the distraction of adverts on web pages for employees, but it provides additional protection against malware.

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.

Can MDR solve the cybersecurity crisis? The short answer: Every generation has its take on how to do security. And each one thinks it has found the solution in new technology. In the 1990s, the LAN firewall rose to prominence, followed by refinements in the form of unified threat management (UTM) and next-generation firewalls (NGFW) that put even more traffic inspection barriers in the way of malware communication.

The cyberworld has witnessed and defended against several forms of attacks. Some of the most common ones known to disrupt a network include credential stealing, malware installations, worms and viruses, and insider threats. In order to execute these attacks successfully, attackers often use different tools and techniques. For instance, in a ransomware attack, an attacker may install malicious software to encrypt all the files and folders in your network and demand a ransom to recover the files.