Introduction This research began with finding a simple malware sample to extract strings for an unrelated topic. In my day-to-day malware analysis workflow, I stumbled upon a JavaScript (JS) file with what I would call trivial obfuscation. I knew it was malware but wanted to understand the infection chain. After some cleanup, I understood it to be a downloader of an … [Read more...]
Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
A new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a few breaches, Elon Musk's decision to alter Twitter's … [Read more...]
Give Us Your SSN, Your Email Password, and Your Dream Job
Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your favorite sports athlete or player? What was … [Read more...]
The Evolution of Phishing: A WatchGuard Real-World Example
Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these potential victims. Not to be confused with … [Read more...]
Phishing Deep in the Amazon
Find an online store you trust, pick an item with reliable reviews, enter your payment details and/or sign-in to the websites account, and finally, click ‘Purchase’. This process is all it takes to purchase gifts this holiday season. There is one final step: Receive the package. Though this may not feel like a step, the seemingly simple process of tracking and receiving your … [Read more...]