New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

-

A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. read more



Comments

Post a Comment

Popular posts from this blog

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

-
  A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the   fourth round   of the Post-Quantum Cryptography (PQC) standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST). "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively," KU Leuven researchers Wouter Castryck and Thomas Decru said in a new paper."A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core." The code was executed on an Intel Xeon CPU E5-2630v2 at 2.60GHz, whi...
Read more

Common Mistakes Destroyed Your Security Training

-
Image
Phishing incidents are on the rise. A report from  IBM  shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. As the saying goes, "knowledge is power," but the effectiveness of knowledge depends heavily on how it is delivered. When it comes to phishing attacks, simulations are among the most effective forms of training because the events in training simulations directly mimic how an employee would react in the event of an actual attack. Since employees do not know whether a suspicious email in their inbox is a simulation or a real threat, the training becomes even more valuable. Phishing Simulations:  It is critical to plan, implement and evaluate a cyber awareness training program to ensure it truly changes employee behavior. However, for this effort to be successful, it should involve much more than just emailing employees. Key practices to consider include: Real-life phishing si...
Read more