New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers

We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the targeted website traffic from all devices connected to the same router.

The post New Exploit Kit “Novidade” Found Targeting Home and SOHO Routers appeared first on .


Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities

We delve into the protocol security issues that may crop up from a technology perspective. The scarce awareness that we’ve observed around the current state of MQTT and CoAP can enable attackers in achieving their goals, ranging from reconnaissance and lateral movement to remote control and targeted attacks.

The post Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities appeared first on .


New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

MuddyWater is a well-known threat actor group that has been active since 2017. They have regularly targeted various organizations in Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. We recently observed a few interesting delivery documents with similarities to the known MuddyWater tools, techniques and procedures.

The post New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools appeared first on .


Water and Energy Sectors Through the Lens of the Cybercriminal Underground

In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.

The post Water and Energy Sectors Through the Lens of the Cybercriminal Underground appeared first on .


Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices

We explored possible strategies attackers can employ when abusing PowerShell Core. These proofs of concept (PoCs) would help in better understanding — and in turn, detecting and preventing — the common routines and behaviors of possible and future threats that attackers might use. The PoCs we developed using PowerShell Core were conducted on Windows, Linux, and mac OSs. Most of the techniques we applied can be seen from previous threats involving PowerShell-based functionalities, such as the fileless KOVTER and POWMET. The scenarios in our PoCs are also based on the PowerShell function they use.

The post Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices appeared first on .