Cymulate | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called  GuLoader  to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri  said  in a technical write-up published last week. GuLoader, also called  CloudEyE , is a Visual Basic Script (VBS) downloader that's used to distribute remote access trojans such as Remcos on infected machines. It was first detected in the wild in 2019. In November 2021, a JavaScript malware strain dubbed RATDispenser  emerged  as a conduit for dropping GuLoader by means of a Base64-encoded VBScript dropper. Recent GuLoader samples unearthed by CrowdStrike have been found to exhibit a three-stage process wherein the VBScript is designed to deliver a next-stage that performs anti-a

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some  Akin Gump Strauss Hauer & Feld LLP's  law firm clients, for example, reported a three-fold increase in insurance rates, and carriers are making "a huge pullback" on coverage limits in the past two years. Their cybersecurity practice co-head, Michelle Reed, adds, "The reduced coverage amount can no longer shield policyholders from cyber losses. A $10 million policy can end up with a $150,000 limit on cyber frauds." The cyber-insurance situation is so concerning that the U.S. Treasury Department recently issued a  request for public input  on a potential federal cyber-insurance response program. This request is in addition to the assessment led conjointly by the Federal Insura

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea that I wanted to keep working as a blue teamer because, as far as he was concerned, the only natural progression is to move to the red team.  Red teams include many roles ranging from penetration testers to attackers and exploit developers. These roles attract most of the buzz, and the many certifications revolving around these roles (OSCP, OSEP, CEH) make them seem fancy. Movies usually make hackers the heroes, while typically ignoring the defending side, the complexities and challenges of blue teamers' roles are far less known. While blue teams' defending roles might not sound as

"Shifting (security)" left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back to fix and patch, they understood that building secure software requires incorporating and consolidating numerous resources. This conclusion led DevOps and R&D leaders to become proactive, acquiring technology to find and close these gaps in advance, with the aim of reducing the cost and effort while improving the quality of their outcomes.  With emerging comprehensive  continuous security validation technology , the demonstrated benefits of 'shifting left' as a fundamental part of SDLC can now be applied to your cybersecurity program, with results far exceeding the purely technical aspects of security posture management.  At the development level, the conceptuali

The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to match this new tantalizing target landscape. With threat actors' high reactivity and adaptability, it is recommended to assume that organizations are under attack and that some user accounts or applications might already have been compromised. Finding out exactly which assets are put at risk through compromised accounts or breached assets requires mapping potential attack paths across a comprehensive map of all the relationships between assets.  Today, mapping potential attack paths is performed with scanning tools such as AzureHound or AWSPX. Those are graph-based tools enabling the visualization of assets and resources relationships within the related cloud service provider. By r

The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen  results of this expanded and attack surface  with fragmented monitoring has been a marked increase in the number of successful cyber-attacks, most notoriously, ransomware, but covering a range of other types of attacks as well. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations' infrastructure and escalate their attack or move laterally, seeking valuable information.  The problem lies in discovery. Most organizations have evolved faster than their ability to keep track of all the moving parts involved and to catch up to catalog all past and present assets is often viewed as a complex and resource-heavy task wit

It's been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here's a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution Trends The heat must have had an effect as this summer saw malware continuing to evolve, particularly around three core trends: Evasion-by-design Malware has been increasingly designed to bypass security controls leveraging a host of tactics, most notably by: Changing hashes via file obfuscation to evade AVs. Using encrypted communication with C2 servers to foil EDRs. Using feature manipulation and tampering to trick AI, machine-learning engines, and sandboxes through the detection of such environments and the deliberate delay in execution. Fileless Attacks and Living-Off-The-Land (LOTL) Taking evasion techniques one step further, an in