News – Page 507

Ghidra 101: Loading Windows Symbols (PDB files) in Ghidra 10.x

Posted on 27 July 2021

From tripwire.com

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively.

In this post, I will again be going over how to use Ghidra to download symbols from a PDB Symbol Server and apply them to a loaded program. As noted in the previous post on this feature, PDB support is a rapidly evolving feature. Ghidra 10.x has made some considerable improvements including a new workflow with support for multiple local or remote symbol servers. This post contains updated steps for using Ghidra to download and apply symbols for a Windows OS binary. Please refer to the previous post for more information on the background of this feature.

Airlines under constant threat of Cyber Attacks says Eurocontrol Data

Posted on 27 July 2021

From cybersecurity-insiders.com

From the past few months, most of the commercial airlines have witnessed a dip in their profits- all due to the fast spreading corona virus pandemic injected global shutdown of air travel.

Adding to this torment is a report released by Eurocontrol that says that most of the airliners are facing the constant threat of being hit by a sophisticated cyber attack.

The Eurocontrol data that was compiled by the European Air Traffic Management Computer Emergency Response team stated that a rise by 530% was witnessed in the cyber attacks hitting commercial airliners during 2020-2021.

Discord targeted to spread malware

Posted on 27 July 2021

From itsecurityguru.org

In a new campaign, cybercriminals are using Discord to target gamers and steal their credentials and financial info. The bad actors have abused Discord to host, spread, and control malware aimed at the users of this chat service, according to new research from Sophos.

Since last year, Discord has increased in popularity with 140 times more URLs hosting malware were blocked in the past two months, compared with the same period in 2020. The Sophos researchers said Discord hosts 4% of all TLS-protected malware downloads they have detected.

In the second quarter, researchers detected 17,000 unique URLs in Discord’s CDN that pointed to malware. This excludes malware not hosted within Discord that leverages Discord’s application interfaces in various ways. What’s more, over 4,700 of URLs that point to a malicious Windows .exe file still remain active.

Ransomware Attack Response and Mitigation Checklist

Posted on 26 July 2021

From gbhackers.com

Ransomware is one of the fast-growing threat in the worldwide and its considered as a leader of Global cyberattack in recent days which cause some dangerous issues and loss in many organizations and individuals. Here is the Ransomware response Checklist for Attack Response and Mitigation.

The ransomware is a turnkey business for some criminals, and victims still pay the ever-increasing demands for ransom, it’s become a billion-dollar industry that shows no signs of going away anytime soon.

A cost of Ransomware attacks Crossed more than $1Billion in a single year alone and day by day number of Ransomware attacks are increasing and threatening around the world.

Here we will see the important ransomware response checklist and mitigation techniques for Sophisticated Ransomware attacks.

Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike)

Posted on 26 July 2021

From malware.news

The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel documents that are being distributed were found to perform malicious behaviors after a certain time using the task scheduler. It is assumed that the change in the operation method was made to bypass detection and behavior detection in a sandbox environment. Because Dridex and Cobalt Strike had previous cases of subsequently leading to ransomware infection such as DopplePaymer and CLOP, users in company environments should take extra caution.

LightMe: HTTP Server serving obfuscated Powershell Scripts/Payloads

Posted on 26 July 2021

From securityonline.info

LightMe

LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them and run obfuscation as a service in the background in order to keep obfuscate the payloads which giving an almost new obfuscated payload on each HTTP request.

1.2 Million Aussies Suffered when Uber was Breached in 2016

Posted on 26 July 2021

From ehackingnews.com

Uber infringed on the privacy of more than 1 million Australians in 2016, according to the Office of the Australian Information Commissioner (OAIC). Personal data of an estimated 1.2 million Australian customers and drivers was accessed from a breach in October and November 2016, Australia’s Information Commissioner and Privacy Commissioner Angelene Falk said on Friday that US-based Uber Technologies Inc and Dutch-based Uber B.V. failed to adequately protect it.
In late 2017, it was revealed that hackers had stolen data on 57 million Uber users throughout the world, as well as data on over 600,000 Uber drivers. Uber hid the breach for over a year and paid the hacker to keep it hidden instead of notifying individuals affected. OAIC said its investigation focused on whether Uber had preventative measures in place to secure Australians’ data, even though Uber compelled the attackers to destroy the data so that there was no evidence of future exploitation.