Cyberattacks don’t begin with malware; they begin with intelligence. Before a single exploit is launched, threat actors conduct careful reconnaissance, mapping out their targets in detail. This often-overlooked phase of the attack lifecycle is where defenders have a unique opportunity to get ahead. In this post, we’ll explore cyber threat...

Successful cybercrime campaigns make use of different elements working together to achieve their common goal. In the case of Onliner, the spambot appears to be a key piece of the puzzle in the distribution process. Many malware campaigns have been successful because the spamming process was so effective. Blueliv's Head...

Many companies, however, don’t even recognize they’ve been attacked until months down the line, leaving them more susceptible to brand damage and greater financial loss. And today’s CISOs are well aware of the cost – their jobs depend on it. According to IBM the average cost for a data breach in 2018...

Looking back over the years and what we see happening now is the same attack vectors being used that have led to breaches. Web applications and the human element of security remain the cornerstones when it comes to protecting your organization against any weak spots. Your organization’s ever-expanding digital footprint...

Introduction In recent years, cyberthreat intelligence has become an important supporting pillar in a mature cybersecurity strategy. When applied well, threat intelligence can help security teams defend against an ever-more sophisticated threat landscape before, during and after attack. By studying adversaries and understanding their strategies and objectives, organizations can build...

1. Trojans using CryptoAPI In this section we analyze some bankers and Remote Access Trojans, or RATs, that use CryptoAPI. These particular families have been selected since they use the library in distinct, interesting ways. 1.1 PandaBanker PandaBanker is a Zeus-like banking malware. Like all other Zeus-based bankers, the malware...

Local File Inclusion – aka LFI – is one of the most common Web Application vulnerabilities. If conducted successfully, It might allow attackers to read sensitive information, access configuration files or even execute system commands remotely. This is going to be the second part of our first blog post regarding...

What are credentials? In the field of information technology, credentials refer to specific data or authentication tools required to verify the identity of a user, authenticate them and grant access to a system or network ID. Credentials are extremely important when it comes to securing a company’s network infrastructure, protecting...

Local File Inclusion – aka LFI – is one of the most common Web Application vulnerabilities. If conducted successfully, It might allow attackers to read sensitive information, access configuration files or even execute system commands remotely. As most web application vulnerabilities, the problem is mostly caused due to insufficient user...

Web application penetration testing is one of the most important components of an organization’s vulnerability management program. As more critical business processes move online, including customer portals, Software-as-a-Service (SaaS) platforms, APIs and internal tools, web applications have become a primary target for attackers. According to Verizon’s Data Breach Investigations Report,...