“Protección de las infraestructuras críticas: la fusión de dos mundos” Joseba...Nextel S.A.
Presentación de Joseba Enjuto, Responsable de Control Corporativo y Cumplimiento Legal de Nextel S.A., “Protección de las infraestructuras críticas: la fusión de dos mundos” en la XIII Jornada de la Seguridad TI de Nextel S.A. 2011
Watch our webinar recap to learn what are the key considerations to navigate the Latin America region successfully and grasp the full value of nearshoring for your IT organization in 2023 and beyond.
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.
“Protección de las infraestructuras críticas: la fusión de dos mundos” Joseba...Nextel S.A.
Presentación de Joseba Enjuto, Responsable de Control Corporativo y Cumplimiento Legal de Nextel S.A., “Protección de las infraestructuras críticas: la fusión de dos mundos” en la XIII Jornada de la Seguridad TI de Nextel S.A. 2011
Watch our webinar recap to learn what are the key considerations to navigate the Latin America region successfully and grasp the full value of nearshoring for your IT organization in 2023 and beyond.
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.
Malvertising - Sounds like a mouthful, I know. But it’s a word-blend (postmanteau) between Malware and Advertising. Malvertising is what occurs when online advertising is used to spread malwares.
What a dramatic cyber soap opera we've witnessed with the Alpha ransomware group, also known by their edgy alias, BlackCat. It's like a game of digital whack-a-mole, with the FBI and friends swinging the mallet of justice and the ransomware rascals popping up with a cheeky "unseized" banner as if they're playing a high-stakes game of capture the flag.
The FBI's initial victory lap was cut short when AlphV's site reemerged, now mysteriously devoid of any incriminating victim lists.
Will the FBI finally pin the cyber tail on the Black Cat, or will these digital desperados slip away once more? Stay tuned for the next episode of "Feds vs. Felons: The Cyber Chronicles."
-------
This document presents a analysis of the Alpha ransomware site, associated with the ransomware group also known as BlackCat. The analysis covers the ransomware technical details, including its encryption mechanisms, initial access vectors, lateral movement techniques, and data exfiltration methods.
The insights gained from this analysis are important for cybersecurity practitioners, IT professionals, and policymakers. Understanding the intricacies of AlphV/BlackCat ransomware enables the development of more effective defense mechanisms, enhances incident response strategies.
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
This season is the time to consider the year in review and the year to come. Nick will review the biggest malware attacks and breaches of the year, including OPM breach, Apple App store malware, Ashley Madison and Hacking Team. Then it’s on to the future as Nick unveils his security predictions for 2016.
Fighting the next wave of sophisticated phishing attacksShashi Prakash
In this talk, we take a look at the latest trends in phishing - volume of attacks, brands and other interesting data points. We examine some newer techniques like use of free SSL services, social media based attacks, homograph attacks and some older techniques like reputation hijacking. We share tips and techniques that security researchers can use to identify each of the aforementioned attack types and uncover details on infrastructure of the bad actors.
Lookup tool: https://checkphish.ai
Company: https://www.redmarlin.ai
What is SPYWARE?
Spyware is a type of malware that's hard to detect.
It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the internet to pass this information along to third parties without you knowing.
o Key loggers are a type of spyware that monitors your key strokes.
Spyware is mostly classified into four types:
1.System monitors
2.Trojans
3.Adware
4.Tracking Cookies
spyware is mostly used for the purposes of tracking and storing internet users' movements on the web and serving up pop-up ads to internet users.
History and development of spyware.
The first recorded on October 16, 1995 in a UseNet post that poked fun at microsoft's business model.
Spyware at first denoted software meant for espionage purposes.
However, in early 2000 the founder of zone labs, gregor freund, used the term in a press release for the zone alarm personal firewall.
Use of exploits in JavaScript, internet explorer and windows to install.
Effect and behavior.
Unwanted behavior and degradation of system performance.
Unwanted CPU activity, disk usage, and network traffic.
Stability issues:-
Application's freezing.
Failure to boot.
System-wide crashes.
Difficulty connecting to the internet.
Disable software firewalls and anti-virus software.
Routes of infection.
Installed when you open an email attachment.
Spyware installs itself
Install by using deceptive tactics
Common tactics are using a Trojan horse.
USB Keylogger.
browser forces the download and installation of spyware.
Security Practices.
• Installing anti-spyware programs.
• Network firewalls and web proxies to block access to web sites known to install spyware
• Individual users can also install firewalls.
• Install a large hosts file.
• It Install shareware programs offered for download.
• Downloading programs only from reputable sources can provide some protection from this source of attack
Anti-spyware Programs
• Products dedicated to remove or block spyware.
• Programs such as pc tool’s spyware doctor, lava soft's ad-aware se and patrick kolla's spybot - search & destroy.
Legal Issues.
Criminal law
US FTC actions
Netherlands OPTA
Civil law
Libel suits by spyware developers
Webcam Gate
Thank You!
Stay Connected
Stay connected with me at Facebook :- https://www.facebook.com/mangesh.wadibhasme
Follow at Instagram: - @mangesh_hkr
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupSymantec
Waterbug is a cyberespionage group that uses sophisticated malware to systematically target government-related entities in a range of countries.
The group uses highly-targeted spear-phishing and watering-hole attack campaigns to target victims. The group has also been noted for its use of zero-day exploits and signing its malware with stolen certificates.
Once the group gains a foothold, it shifts focus to long-term persistent monitoring tools which can be used to exfiltrate data and provide powerful spying capabilities. Symantec has tracked the development of one such tool, Trojan.Turla, and has identified four unique variants being used in the wild.
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Invincea, Inc.
Within the last six months, Invincea has discovered and stopped highly targeted malvertising attacks against companies in the Defense industry as part of an active campaign we have dubbed Operation DeathClick.
Since the advent of the Internet, cybersecurity has been handed new challenges due to the massively expanded accessibility and interconnectedness of the web. Where once security was considered to be dealt with in a multi-layered manner, now those layers are so fuzzy and expanded as to no longer exist.
By United Security Providers
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
The Commtouch Quarterly Internet Threats Trend Report provides insight on the latest spam, malware, phishing schemes and other web security threats.
The January 2012 edition provides analysis of Internet security threats that occurred during the fourth quarter of 2011. This edition also provides an overview of Facebook attacks that occurred throughout 2011.
Fraud is a key--and evolving--challenge facing security teams today. This presentations highlight tactics organizations can deploy to dramatically reduce incidents of fraud, provides a high-level, technical overview of client-side attacks and demonstrates how man-in-the-browser attacks operate, reveals two techniques that can be used by a Web application to detect infected clients, and discusses practical aspects of implementing these two methods and how to use the output of the detection process in the application.
Malvertising - Sounds like a mouthful, I know. But it’s a word-blend (postmanteau) between Malware and Advertising. Malvertising is what occurs when online advertising is used to spread malwares.
What a dramatic cyber soap opera we've witnessed with the Alpha ransomware group, also known by their edgy alias, BlackCat. It's like a game of digital whack-a-mole, with the FBI and friends swinging the mallet of justice and the ransomware rascals popping up with a cheeky "unseized" banner as if they're playing a high-stakes game of capture the flag.
The FBI's initial victory lap was cut short when AlphV's site reemerged, now mysteriously devoid of any incriminating victim lists.
Will the FBI finally pin the cyber tail on the Black Cat, or will these digital desperados slip away once more? Stay tuned for the next episode of "Feds vs. Felons: The Cyber Chronicles."
-------
This document presents a analysis of the Alpha ransomware site, associated with the ransomware group also known as BlackCat. The analysis covers the ransomware technical details, including its encryption mechanisms, initial access vectors, lateral movement techniques, and data exfiltration methods.
The insights gained from this analysis are important for cybersecurity practitioners, IT professionals, and policymakers. Understanding the intricacies of AlphV/BlackCat ransomware enables the development of more effective defense mechanisms, enhances incident response strategies.
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
This season is the time to consider the year in review and the year to come. Nick will review the biggest malware attacks and breaches of the year, including OPM breach, Apple App store malware, Ashley Madison and Hacking Team. Then it’s on to the future as Nick unveils his security predictions for 2016.
Fighting the next wave of sophisticated phishing attacksShashi Prakash
In this talk, we take a look at the latest trends in phishing - volume of attacks, brands and other interesting data points. We examine some newer techniques like use of free SSL services, social media based attacks, homograph attacks and some older techniques like reputation hijacking. We share tips and techniques that security researchers can use to identify each of the aforementioned attack types and uncover details on infrastructure of the bad actors.
Lookup tool: https://checkphish.ai
Company: https://www.redmarlin.ai
What is SPYWARE?
Spyware is a type of malware that's hard to detect.
It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the internet to pass this information along to third parties without you knowing.
o Key loggers are a type of spyware that monitors your key strokes.
Spyware is mostly classified into four types:
1.System monitors
2.Trojans
3.Adware
4.Tracking Cookies
spyware is mostly used for the purposes of tracking and storing internet users' movements on the web and serving up pop-up ads to internet users.
History and development of spyware.
The first recorded on October 16, 1995 in a UseNet post that poked fun at microsoft's business model.
Spyware at first denoted software meant for espionage purposes.
However, in early 2000 the founder of zone labs, gregor freund, used the term in a press release for the zone alarm personal firewall.
Use of exploits in JavaScript, internet explorer and windows to install.
Effect and behavior.
Unwanted behavior and degradation of system performance.
Unwanted CPU activity, disk usage, and network traffic.
Stability issues:-
Application's freezing.
Failure to boot.
System-wide crashes.
Difficulty connecting to the internet.
Disable software firewalls and anti-virus software.
Routes of infection.
Installed when you open an email attachment.
Spyware installs itself
Install by using deceptive tactics
Common tactics are using a Trojan horse.
USB Keylogger.
browser forces the download and installation of spyware.
Security Practices.
• Installing anti-spyware programs.
• Network firewalls and web proxies to block access to web sites known to install spyware
• Individual users can also install firewalls.
• Install a large hosts file.
• It Install shareware programs offered for download.
• Downloading programs only from reputable sources can provide some protection from this source of attack
Anti-spyware Programs
• Products dedicated to remove or block spyware.
• Programs such as pc tool’s spyware doctor, lava soft's ad-aware se and patrick kolla's spybot - search & destroy.
Legal Issues.
Criminal law
US FTC actions
Netherlands OPTA
Civil law
Libel suits by spyware developers
Webcam Gate
Thank You!
Stay Connected
Stay connected with me at Facebook :- https://www.facebook.com/mangesh.wadibhasme
Follow at Instagram: - @mangesh_hkr
WHITE PAPER▶ Symantec Security Response Presents:The Waterbug Attack GroupSymantec
Waterbug is a cyberespionage group that uses sophisticated malware to systematically target government-related entities in a range of countries.
The group uses highly-targeted spear-phishing and watering-hole attack campaigns to target victims. The group has also been noted for its use of zero-day exploits and signing its malware with stolen certificates.
Once the group gains a foothold, it shifts focus to long-term persistent monitoring tools which can be used to exfiltrate data and provide powerful spying capabilities. Symantec has tracked the development of one such tool, Trojan.Turla, and has identified four unique variants being used in the wild.
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Invincea, Inc.
Within the last six months, Invincea has discovered and stopped highly targeted malvertising attacks against companies in the Defense industry as part of an active campaign we have dubbed Operation DeathClick.
Since the advent of the Internet, cybersecurity has been handed new challenges due to the massively expanded accessibility and interconnectedness of the web. Where once security was considered to be dealt with in a multi-layered manner, now those layers are so fuzzy and expanded as to no longer exist.
By United Security Providers
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
The Commtouch Quarterly Internet Threats Trend Report provides insight on the latest spam, malware, phishing schemes and other web security threats.
The January 2012 edition provides analysis of Internet security threats that occurred during the fourth quarter of 2011. This edition also provides an overview of Facebook attacks that occurred throughout 2011.
Fraud is a key--and evolving--challenge facing security teams today. This presentations highlight tactics organizations can deploy to dramatically reduce incidents of fraud, provides a high-level, technical overview of client-side attacks and demonstrates how man-in-the-browser attacks operate, reveals two techniques that can be used by a Web application to detect infected clients, and discusses practical aspects of implementing these two methods and how to use the output of the detection process in the application.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
3. Malvertising is the use of online advertising to spread
malware.
Malvertising involves injecting malicious ads into
legitimate online advertising networks and web pages.
Anti-Malvertising.com
What is Malvertising
4. How Malvertising works
df
User
Visits a popular
website, gets infected
via exploit kit
Website
Serves a banner ad,
sometimes malicious
Attacker
Creates and injects malware
ads into advertising network
Advertising Network
Selects an ad based on
auction, sends to the website
5. Malvertising history timeline
Speedtest.net ad
network OpenX
serves malware
ad
New York Times
“Vonage” banner
hijacked, installed
FakeAV
2007 2008 2009 2010 2011 2012 2013 2014
Malvertising
technique was
first identified
in Flash files
Malvertising uses
dynamic domain
names
HuffPo, LA
Weekly
malvertising
ads reach 1.5
Billion users
6. Rise of Malvertising
OTA stats
• Malvertising increased 200%+ in
2013 to over 209,000 incidents,
generating 12.4B+ malicious ad
impressions.
Google stats
• Google filtered 524 million 'bad' ads
in 2014, and disabled 214,000
malware websites.
Cyphort stats
• Cyphort own data shows a 300%
malvertising growth in 2014
7. Techniques to avoid detection
o Enable malicious
payload after a delay
o Only serve exploits to
every 10th user
o Verifying user agents
and IP addresses
o HTTPS redirectors
8. o Exploit Kits infect you without a “click”
o Examples: Angler, Sweet Orange, Nuclear, RIG
Fox-it.com
11. GOPEGO malvertising
GOPEGO
Feb 4, 2015
gopego.com malvertising downloads
CryptoWall ransomware.
The attack serves an exploit package
embedded in a flash file, including exploits
which target four vulnerabilities. Among
them the notorious CVE-2015-0311 .
www.cyphort.com/gopego-malvertising-
cryptowall/
13. HuffingtonPost malware – Kovter analysis
o Kovter is an ad-fraud Trojan (MD5 sum: A2A6A36C94D4FF5B42C346F3A3A49E7)
o Communication to C&C is RC4 encrypted and BASE64
encoded
o If it detects any indication of analysis tools, virtualization
and debugging tools,
o it will POST the following data to a16-kite.pw then and exit
o Else,
o it will post data to a16-car.biz and then it will wait for commands.
o The C&C server can issue the following commands:
o RUN – execute a file
o UPDATE – update itself
o RESTART
o FEED – Ad Fraud
o SLEEP
14. Conclusions
o Advertising networks get millions of
submissions, and it is difficult to filter out
every single malicious one.
o Attackers will use a variety of techniques to
hide from detection by analysts and scanners
o Advertising networks should use continuous
monitoring – automated systems for repeated
checking for malware ads, need to scan early
and scan often, picking up changes in the
advertising chains.
Malvertising is the practice of injecting malicious advertisements into legitimate online advertising networks.
It is served with the goal to compromises users and their devices. It can occur through deceptive advertisers
or agencies running ads or compromises to the ad supply chain including ad networks, ad exchanges and ad servers.
Malvertising is not new malware, just a different delivery vehicle.. Malvertising is popular because compromising websites that have high traffic is very effective for malware distrubution. And because attacking these sites ad networks is easier and requires less efforts thatn finding a vulnerability in the site software.
Websites or web publishers unknowingly incorporate a corrupted or malicious advertisement into their page. Once the advertisement is in place, and visitors begin clicking on it, their computer can become infected. Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place "clean" advertisements on trustworthy sites first in order to gain a good reputation, then they later "insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus", thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace because the "ad network infrastructure is very complex with many linked connections between ads and click-through destinations." [8]
Malvertising was first identified by security experts in 2007, but the growing breadth of online advertising has made it more attractive to criminals as a way to reach millions of web users quickly and easily.
2007 – Malvertising technique was first identified in Flash files
2009 – New York Times “Vonage” banner hijacked, installed FakeAV
2011 – Speedtest.net ad network OpenX serves serves malware ad
2013 - The campaign is still active and uses Dynamic Domain Name System (DDNS) to prevent itself from being tracked.
2014 – HuffPo, LA Weekly malvertising ads reach 1.5 Billion users
In 2009, the banner feed of The New York Times was hacked for the weekend of September 11 to 14, causing some readers to see advertisements telling them their systems were infected and trying to trick them into installing infected software on their computers. According to spokeswoman Diane McNulty, "the culprit approached the newspaper as a national advertiser and had provided apparently legitimate ads for a week", and the ads were switched to the virus alert malvertisement afterwards. The New York Times suspended third-party advertisements to address the problem, and even posted advice for readers regarding this issue on its technology blog
Here are some numbers related to the rise of the malvertising threat. According to Online Trust Alliance research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. Majority of malicious ads infecting users’ computers via “drive by downloads,” which occur when a user innocently visits a web site, with no interaction or clicking required. Furthermore Cisco’s Annual Security Report found that online ads were the second most common source of Web malware encounters–16% of all encounters Cisco observed and 182 times more likely than viewing adult content. From our own data we collected from Cyphort crawler – we can see 300% increase in malvertising..
. Google published Fighting Bad Advertising Practices on the Web — 2014 Year in Review report, in which they mentioned they filtered half a billion bad ads in 2014 and disabled 2014,000 malware websites.
But lets take a step back and talk alittle bit about how online advertising works in general to understand the context of this problem.
It’s common practice to outsource the advertising on websites to third-party specialists. These companies re-sell this space, and provide software which allows people to upload their own adverts, bidding a certain amount of money to ‘win’ the right for more people to see them. This often provides a weak point, and cyber criminals have numerous clever ways of inserting their own malicious adverts into this self-service platform. Once loaded, all they have to do is set a price per advert, to compete with legitimate advertisers, and push it live. The ad networks get millions of ads submitted to them and any one of those could be malvertising. They try to detect and filter malicious ads from their systems, but it is challenging. The potential damage is high, as ad networks have a very deep reach and can infect many people quickly. The attackers are accustomed to tricking the networks by making "armored" malverts, where they use various techniques to appear legitimate to the analysts, but infect the users nonetheless. For instance they will enable the malicious payload after a delay of several days after the ad is approved. Another way is to only serve the exploits to every 10th user, or every 20th user who views the ad. Verifying user agents and ip addresses also is a common strategy to hide from analysts and automated malware detection. The attackers can implement various targeting strategies for malware infection, which appear normal in the context of advertisement, but in effect evade certain security detection. The use of redirection via HTTPS is unique (Hypertext Transfer Protocol Secure, a communications protocol for secure encrypted communication). It makes it harder to analyse the origin of attack because even if a security company has the recorded network traffic it is impossible to decrypt and reconstruct the origin of the malware redirect.
A common misconception is that you must click on ads to get infected, which is sometimes true, but often not. Online ads appear to be an image hosted on the website, but they’re neither hosted on that website nor just an image. Ad networks, which are not under the control of the host website, decide which ad to send you, but often don’t actually deliver the ads. Instead, the ad networks instruct your browser to call a server designated by the advertiser. Also, ads often deliver files and entire programs to your browser. To infect you, HTML-based Javascript or Flash-based ActionScript covertly routes your browser to a different server that hosts an exploit kit. Flash is scary because it embeds sophisticated logic into the ad, which manipulates your browser as the ad is displayed. Ads can be instructed to only attack you and others at particular times and geographies. Some examples are delaying the attack until after the ad network examines and approves the ad; or until holidays, when it’s peak time for people to surf and off time for advertisers’ personnel to promptly remove offending ads.
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/
In our most recent Malvertising discovery in February - we found that Clean.navy subdomain is loading Angler Exploit Kit with the exploit for CVE-2014-6332 Windows OLE Automation Array Remote Code Execution Vulnerability.
The website belongs to a US Department of Defense contractor – Werth Sanitary Supply Co., Inc. , of 916 Fesler Street El Cajon, California.
Werth Sanitary is a woman owned small business specializing in Bio-Based & U.S. Navy Shipboard Approved Cleaners on GSA and DOD EMALL Contract.
We have reached out to Werth and notified them about this issue. This is very serious, because compromising contractor’s assets is a common way into secure networks, for instance hackers have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain access to Target in 2013. Before that , in 2013 – 50 successful intrusions were made into US government contractors’ systems, and of those, 20 were attributed to an advanced persistent threat, likely China, according to the Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors.
In late January we discovered another malvertising campaign, with more than 20 websites used. Here is list of domains that were infected
www.womenfriction.biz
www.netcq.net
www.buzzgfx.com
www.findingresult.com
www.hawaaweb.com
www.munworks.com
www.panosapps.com
www.poisonloaf.eu
www.castlive.tv
All of these sites were redirecting the users to an ad from an affiliate ad-network, affiliate.affyield.com, which claims to be a part of Affiture, subsidiary of CPXI, a privately held digital advertising company based in New York on Times Square. It has 170 employees, a revenue of 116 Million dollars and was listed on Forbes list of America’s Most Promising Companies.
In a unique twist – an exploit for a zero-day Flash vulnerability was used. This vulnerability was not publicly disclosed at the time we first detected the attack on Jan 21. The exploit kit is Angler and the malware payload appears to be Bedep.We recommended to the users to disable Flash in their browser, if you have to go to the sites above. use a JavaScript/Flash blocker like NoScript Firefox plugin or ScriptSafe Chrome plugin. –
On February 4, 2015, Cyphort Labs detected another malvertising campaign originating from gopego.com. The site displays a malicious advertisement that redirects to other malicious links and eventually downloads CryptoWall ransomware. The attack serves an exploit package embedded in a flash file, including exploits which target four vulnerabilities. Among them the notorious CVE-2015-0311 which hit affyield.com a few days back. -
The final payload is a variant of Cryptowall version 3.0 (also known as Crowti). Similar to its predecessor, it uses RSA-2048 algorithm to encrypt files on the hard disk. It also drops the following already well known files in each of the affected directories. These files contain instructions on how to pay the ransom.
Once it finished encrypting files, the malware visits the url http://paytoc4gtpn5czl2.torpaysolutions.com/hkmxYL and demands victims to pay US$500 using Bitcoin in order to receive the decryption key that allows them to recover their files. It also displays a countdown of 168 hours (7 days) to pay the ransom. If the victim does not obey, the price will increase to USD $ 1,000 after the countdown. –
The ransomware program provides users with links to several Tor gateways leading to CryptoWall decryption services hosted on the Tor network. There have been reports also that this new version of cryptowall use I2P (Invisible Internet Project) anonymity networks to carry out communication between victims and controllers to hide from researchers and law enforcement officials. -
In our most famous discovery, around the New Year’s time – we found the advertising.com ad network compromise that lead to major websites displaying malvertising. These attacks are the work of the Kovter gang which has been busy hitting major other players (ie. YouTube) during the past year. We have observed several high level domains being victim of malvertising with a combined monthly traffic of 1.5 billion visitors.
According to Cyphort Labs the malvertising was served from advertising.com. Over the past several days, Cyphort Labs has seen other sites that contained ads from advertising.com redirecting visitors to malware.
These include FHM, RTV6, GameZone, LA Weekly, soapcentral.com and WeatherBug.
The attackers used a mix of HTTP and HTTPS redirects to hide the servers involved in this attack. Cyphort Labs explains the HTTPS redirector is hosted on a Google App Engine page, which makes analysis based on traffic PCAPs more difficult, because HTTPS traffic is encrypted
Explaining the threat, Bilogorskiy wrote that navigating to The Huffington Post website – or another website hosting an advertisement from the AOL ad network, adtech[dot]de – ultimately resulted in the user being redirected to a landing page serving what appeared to be the Sweet Orange Exploit Kit.
Researchers observed two bugs being exploited: CVE-2013-2551, a use-after-free vulnerability in Microsoft Internet Explorer, and CVE-2014-6332, a Windows OLE Automation Array vulnerability in Microsoft Internet Explorer, Bilogorskiy said.
In the end, the exploit kit downloaded a Kovter trojan used for advertising click fraud, Bilogorskiy said. In early January, he explained that the attack requires no user interaction, and that users are infected if they simply navigate to the affected site and their browsers or plugins are vulnerable.
Bilogorskiy said that Kovter – an advanced malware that detects analysis, virtualization and debugging tools – has ad fraud and ransomware variants, and that Cyphort Labs believed it was ransomware that was being delivered when the attack was first observed in early January. Cyphort Labs analyzed that variant of Kovter in an in-depth follow-up post published in the middle of January.
“It is [for] automatically clicking online advertisements, thus generating revenue for the ad-hosting website,” Bilogorskiy said. “The variant used here is very similar [to the one used in early January], but connects to a different command-and-control backend. It also uses a different key for the communication to the command-and-control server.”
Cyphort Labs notified AOL of the issue and researchers have not observed any adtech[dot]de infections since Monday, Bilogorskiy wrote. However, he added that two other advertising network involved in the campaign were still serving malicious advertisements as of Tuesday: adxpansion[dot]com and ad[dot]directrev[dot]com.
Advertising networks get millions of submissions, and it is difficult to filter out every single malicious advertisement, Bilogorskiy said, explaining attackers will use a variety of techniques to hide from analysts and automated malware detection.
“Advertising networks should use continuous monitoring – automated systems for repeated checking for malware ads,” Bilogorskiy said. “They need to scan early and scan often, picking up changes in the advertising chains. Ad networks should have the latest security intelligence to power these monitoring systems.”
http://www.zdnet.com/article/malvertising-campaign-strikes-news-outlets-through-aol/
Kovter is an ad-fraud Trojan . It simulates user visiting pages with ads.
By automatically ‘clicking’ online advertisements, it generates revenue for the ad-hosting website. All these requests are made in the background and game the system while the victim is none the wiser.
As outlined by a study conducted by the Association of National Advertisers ad-fraud will cost global advertisers around $6.3 billion dollars in 2015 –
All network communication of Kovter to its C&C is RC4 encrypted and BASE64 encoded
If it detects any indication of analysis tools, virtualization and debugging tools, it will POST the following data to a16-kite.pw then and exit
Else, it will post data to a16-car.biz and then it will wait for commands.
The C&C server can issue the following commands:
RUN – execute a file
UPDATE – update itself
RESTART
FEED – Ad Fraud
SLEEP
By defrauding advertisers, Kovter are adding insult to injury, as the malware was not distributed through advertisers, it is also hitting them with the payload.
Advertising networks get millions of submissions, and it is difficult to filter out every single malicious advertisement.
Attackers will use a variety of techniques to hide from analysts and automated malware detection.
Some of these techniques are:
a) enable the malicious payload after a delay of several days after the ad is approved.
b) only serve the exploits to every 10th user, or every 20th user who views the ad
C) . Verifying user agents and ip addresses also is a common strategy to hide from analysts and automated malware detection.
d) The use of redirection via HTTPS is unique (Hypertext Transfer Protocol Secure, a communications protocol for secure encrypted communication).
In terms of the mechanics of how it happened exactly in this case, when user opens HuffingtonPost web site, several scripts are executed from the advertising network to show ads. One of these scripts loads an external function through HTTPS from Google AppSpot, and this function loads another redirect through HTTPS. And only then the user receives the redirect to malware payload. It makes it harder to analyse the origin of attack because even if a security company has the recorded network traffic it is impossible to decrypt and reconstruct the origin of the malware redirect.
Advertising networks should use continuous monitoring – automated systems for repeated checking for malware ads, need to scan early and scan often, picking up changes in the advertising chains.
Ad networks should have the latest security intelligence to power these monitoring systems.