Skip to main content

Posts

Recent updates to Prometei botnet reveal enhanced modules and expanded capabilities

The Prometei botnet has been an ongoing threat since Cisco Talos first reported on it in 2020. As of November 2022, the botnet has improved its infrastructure components and capabilities, including certain submodules of the execution chain that automate processes and challenge forensic analysis methods. Based on data obtained by sinkholing the DGA domains over a one-week period in February 2023, the Prometei v3 botnet is estimated to be of medium size, with more than 10,000 infected systems worldwide. The actors have been actively spreading improved Linux versions of the bot, continuously improving the current version.
Recent posts

Chinese Spy Balloon Spotted Over Central US, Secretary of State Blinken Postpones Trip to China

The US Pentagon announced on Friday that it had detected a Chinese spy balloon flying over the central United States. The US rejected China's claim that the balloon was a weather research airship and described it as a surveillance vehicle. Brig. Gen. Pat Ryder, the Pentagon press secretary, stated that the balloon was at an altitude of 60,000 feet, was maneuverable and posed no threat at the moment. The US Secretary of State Antony Blinken postponed a planned trip to China in response to the discovery of the balloon. The balloon was spotted over Montana, which is home to one of America's nuclear missile silo fields. The US prepared fighter jets, including F-22s, to shoot down the balloon, but ultimately decided against it due to the potential risks to people on the ground. China expressed regret for the balloon's entry into US airspace and said it was a civilian airship used mainly for meteorological research.

Prilex: The Most Advanced PoS Malware with the Ability to Block Contactless Payments

Prilex is a highly advanced malware that has evolved from ATM-focused malware into a unique modular PoS malware, known to be the most advanced PoS threat seen so far. It has a unique cryptographic scheme, performs real-time patching in target software, forces protocol downgrades, manipulates cryptograms, performs GHOST transactions and performs credit card fraud. Recently, three new versions of Prilex have been discovered with the ability to block contactless payment transactions, which have become popular due to the pandemic. These new versions block NFC-based transactions and force victims to use their physical card by inserting it into the PIN pad reader, which allows the malware to capture the data coming from the transaction.

Newcomers to the Cybersecurity Space: Opportunities Abound for Those Willing to Learn and Adapt to an Evolving Industry

There are several key roles within the cyber security field that are in high demand in the job market. Some of the top profiles in the market include: Cybersecurity Analyst: These professionals are responsible for identifying, assessing, and mitigating security threats to an organization's computer systems and networks. Penetration Tester: Also known as ethical hackers, these professionals are hired to test the security of an organization's systems and networks by simulating a cyber attack. Security Engineer: These professionals design, develop, and implement security systems and solutions to protect an organization's networks and data. Security Operations Center (SOC) Analyst: These professionals monitor and analyze security data to detect and respond to potential security threats and incidents.

Understanding the Importance of IT Governance and Compliance for Business Success

IT governance is the framework of policies and procedures that an organization follows to ensure that its IT resources are aligned with its overall business objectives and that it is in compliance with relevant laws and regulations. Compliance refers to the adherence to laws and regulations that apply to the organization and its industry. IT governance is essential for ensuring that IT resources are used in an effective and efficient manner. It helps to ensure that IT investments align with business objectives, that risks are identified and managed, and that the organization is in compliance with relevant laws and regulations. Effective IT governance is based on a combination of best practices, industry standards, and regulations. Some of the key components of IT governance include:     IT strategy and planning: This involves aligning IT resources with business objectives, setting goals and objectives for IT, and developing a plan for achieving them.

New APT Group 'Dark Pink' Discovered Targeting Military Branches and Government Agencies in APAC and Europe

Source@goup-ib A new APT group, known as Dark Pink, has been discovered by cybersecurity firm Group-IB. The group, which has been active since mid-2021, has been found to be targeting military branches, government ministries, and agencies in the APAC region, as well as one organization in Europe. As of December 2022, Dark Pink had successfully breached the defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).

SIEM, Introduction and most popular software to deploy your SIEM

SIEM (Security Information and Event Management) is a technology used to collect, analyze, and respond to security-related data from various sources in order to identify, investigate, and respond to cyber threats. It is designed to provide a comprehensive view of an organization's security posture by aggregating and correlating security-related data from multiple sources such as network devices, servers, applications, and endpoints. SIEM typically has two main components:     A log management system that collects and stores security-related data from various sources     An analytics engine that processes and analyzes the collected data to detect security threats and anomalies