Year: 2021

How poking at the innards of satellites can make the future of cybersecurity in space more palatable Here at DEF CON 29, the Aerospace Village is alive and well, and aside from the repeated wailing of the neighboring car hacking village setting the car alarm off every 30 seconds, the hardware sitting here, called a…

A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim The infosec community has long been warning that ransomware has the potential to grow into the number one cyberthreat for business. However, since ransom demands were low and malware…

Why companies and their security teams need to engage with a lawyer before an incident occurs Presentations at Black Hat often involve slides full of data or code. Rarely, or maybe never, have I seen a slide that details parts of a policy, contract or general legal text. Nick Merker, a partner at ICE Miller…

The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers ESET researchers have discovered and analyzed a previously undocumented backdoor, implemented as an extension for Internet Information Services (IIS), Microsoft’s web server software. The backdoor, which we…

Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge? Here at Black Hat, the CISA keynote promises to deliver increased cooperation within government agencies over cybercriminals, especially those focused on critical infrastructure and ransoms against systems that might cripple the country. But that’s not…

Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls. Every day my inbox seems to receive more and more spam. Understanding what generates it and how to avoid it is essential in the…

ESET researchers publish a white paper putting IIS web server threats under the microscope ESET researchers have discovered a set of previously undocumented malware families, implemented as malicious extensions for Internet Information Services (IIS) web server software. Targeting both government mailboxes and e-commerce transactions, as well as aiding in malware distribution, this diverse class of…

The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information ESET researchers have discovered and analyzed a previously undocumented trojan that steals payment information from e-commerce websites’ customers. The trojan, which we named IIStealer, is detected by ESET security solutions as Win64/BadIIS.…

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. Summer vacation planning is in full swing, and most of us are looking to travel again while adhering to the preventive measures that countries have in place regarding the COVID-19 pandemic. And traveling, of course, means looking for…

There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet The leading cybersecurity and law enforcement agencies from the United States, the United Kingdom, and Australia have issued a joint cybersecurity advisory focusing on the top 30 vulnerabilities that were commonly abused by threat actors over…