The Nansh0u Campaign – Hackers Arsenal Grows Stronger
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
May 2019’s Patch Tuesday: Must-Knows for Every Data Center
/0 Comments/in Labs /by Daniel GoldbergGuardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
IResponse to IEncrypt
/1 Comment/in Labs /by Ophir HarpazGuardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Introducing Guardicore Cyber Threat Intelligence
/1 Comment/in Labs /by Daniel GoldbergGuardicore Labs is announcing the release of Cyber Threat Intelligence (CTI), a freely available resource to assist security teams in identifying and investigating malicious IP addresses and domains. Our Cyber Threat Intelligence is designed to allow security teams to keep track of potential threats that are specific to data center and cloud infrastructure.
Highlights of BlueHat Israel 2019
/0 Comments/in Labs /by Daniel GoldbergBlueHat Israel covered many interesting talks, covering supply chain attacks, processor flaws and many more.
A vulnerability in Debian’s apt allows for easy lateral movement in data centers
/0 Comments/in Labs /by Daniel GoldbergGuardicore Labs explains the recent vulnerability in the apt package management tool that allows attackers to exploit software installation process to attack Linux servers.
Bread and butter attacks
/2 Comments/in Labs /by Daniel GoldbergGuardicore Labs has uncovered an SSH brute force attack that has stayed under the radar for years. The attack deploys a RAT with DDoS capabilities and a cryptocurrency miner. In this post, we describe the attack, payload and different preventive steps.
What’s New in Infection Monkey Release 1.6
/0 Comments/in Labs /by Daniel GoldbergWe are proud to announce the release of a new version of the Infection Monkey, GuardiCore’s open-source Breach and Attack Simulation (BAS) tool. Release 1.6 introduces several new features and a few bug fixes.
With libSSH, Authentication is Optional
/1 Comment/in Labs /by Daniel GoldbergA critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.
Operation Prowli: Monetizing 40,000 Victim Machines
/3 Comments/in Labs /by Daniel GoldbergGuardicore Labs has uncovered a previously unknown operation named Prowli, focused on cryptocurrency mining and traffic hijacking. This operation showcases how attackers abuses insecure websites and their visitors by redirecting them to malicious domains.