#Analytics
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
#Malware_analysis
1. Top 10 macOS Malware Discoveries in 2022
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022
2. Technical Analysis of DanaBot Obfuscation Techniques
https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques
SentinelOne
macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques
Apple’s security measures are evolving, but macOS malware is still one step ahead. Learn how to keep the Macs in your fleet safe from attackers.
Container_Attacks_2022.pdf
6.8 MB
#Analytics
#Cloud_Security
"Container Attacks Catalog: A detailed analysis of container attacks", 2022.
#Cloud_Security
"Container Attacks Catalog: A detailed analysis of container attacks", 2022.
#info
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
#Analytics
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
https://opensourcesecurityindex.io
opensourcesecurityindex.io
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
#Analytics
#Malware_analysis
1. Ransomware Business Models: Future Pivots and Trends
https://www.trendmicro.com/en_us/research/22/l/ransomware-business-models-future-trends.html
2. SentinelSneak: Malicious PyPI module poses as security software development kit
https://blog.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk
#Malware_analysis
1. Ransomware Business Models: Future Pivots and Trends
https://www.trendmicro.com/en_us/research/22/l/ransomware-business-models-future-trends.html
2. SentinelSneak: Malicious PyPI module poses as security software development kit
https://blog.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk
Trend Micro
Ransomware Business Models: Future Pivots and Trends
Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations…
#Analytics
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Top 10 most exploited vulnerabilities in 2022
1. CVE-2022-30190: MS Office "Follina"
2. CVE-2021-44228: Apache Log4Shell
3. CVE-2022-22965: Spring4Shell
4. CVE-2022-1388: F5 BIG-IP
5. CVE-2022-0609: Google Chrome zero-day
https://blog.google/threat-analysis-group/countering-threats-north-korea
6. CVE-2017-11882: Old but not forgotten - MS Office bug
7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell
8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs
9. CVE-2022-26134: Atlassian Confluence RCE flaw
10. CVE-2022-30525: Zyxel RCE vulnerability
Google
Countering threats from North Korea
On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609.
#Analytics
#Sec_code_review
Top 10 bugs found in C++ projects in 2022
https://pvs-studio.com/en/blog/posts/cpp/1021
#Sec_code_review
Top 10 bugs found in C++ projects in 2022
https://pvs-studio.com/en/blog/posts/cpp/1021
PVS-Studio
Top 10 bugs found in C++ projects in 2022
New Year is coming! It means, according to tradition, it′s time to recall 10 of the most interesting warnings that PVS-Studio found during 2022.
#Analytics
#Infographics
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 3.0.
#Infographics
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 3.0.
#Analytics
Cybersecurity Trends Q1/23:
⬆️ Pwd spraying/creds stuffing;
⬆️ Phishing w/ new file types, eg .one, .iso, .lnk;
⬆️ Rust malware / loaders (+Go +Nim +Zig);
⬆️ Sliver implants;
⬆️ Abused legit RA software;
⬆️ Abused legit encryption tools (ransom);
⬆️ Token/Cloud API abuse;
⬇️ Malware attacks on non-standard ports;
⬇️ E-Skimming Incidents;
⬇️ Office Macros.
Cybersecurity Trends Q1/23:
⬆️ Pwd spraying/creds stuffing;
⬆️ Phishing w/ new file types, eg .one, .iso, .lnk;
⬆️ Rust malware / loaders (+Go +Nim +Zig);
⬆️ Sliver implants;
⬆️ Abused legit RA software;
⬆️ Abused legit encryption tools (ransom);
⬆️ Token/Cloud API abuse;
⬇️ Malware attacks on non-standard ports;
⬇️ E-Skimming Incidents;
⬇️ Office Macros.