Dead Drop Resolver | Breaking Cybersecurity News | The Hacker News

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as  dead drop resolvers , command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security defenses and making upstream infrastructure tracking and actor attribution more difficult," Recorded Future  said  in a report shared with The Hacker News. The cybersecurity firm described the approach as "living-off-trusted-sites" (LOTS), a spin on the living-off-the-land (LotL) techniques often adopted by threat actors to conceal rogue activity and fly under the radar. Prominent among the methods by which GitHub is  abused   relates  to  payload   delivery , with some actors leveraging its features for command-and-control (C2) obfuscation. Last month, ReversingLabs  detailed  a number of rogue

Travel agencies have emerged as the target of a hack-for-hire group dubbed  Evilnum  as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress and YouTube as  dead drop resolvers , Kaspersky  said  in a technical report published this week. Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group. Also tracked as DeathStalker, the threat actor is known to deploy  backdoors  like Janicab, Evilnum, Powersing, and PowerPepper to exfiltrate confidential corporate information. "Their interest in gathering sensitive business information leads us to believe that Deat

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

The subgroup of an Iranian nation-state group known as  Nemesis Kitten  has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling  said . "All the traffic to GitHub is encrypted, meaning defensive technologies can't see what is being passed back and forth. And because GitHub is a legitimate service, it raises fewer questions." The Iranian government-sponsored actor's malicious activities came under the radar earlier in February 2022, when it was  observed  exploiting  Log4Shell flaws  in unpatched VMware Horizon servers to deploy ransomware. Nemesis Kitten is  tracked  by the larger cybersecurity community under various monikers such as TunnelVision, Cobalt Mirage, and UNC2448. It's also a sub-clus