Wi-Fi Warfare: The Shocking New Hack That Exploits Neighboring Businesses

by adminCyberSec Case Study, CyberSec News, Malicious SoftwarePosted on No Comments

A Russian state-sponsored hacking group, GruesomeLarch (also known as APT28 or Fancy Bear), has developed a sophisticated method called the “Nearest Neighbor Attack.” This technique allows hackers to remotely infiltrate organizations by exploiting the Wi-Fi networks of nearby businesses, without needing malware or physical presence. How the Attack Worked The attack was discovered in February …

Read more “Wi-Fi Warfare: The Shocking New Hack That Exploits Neighboring Businesses”

TOR Spoofing Attacks: epilogue

by adminCyberSec NewsPosted on No Comments

https://blog.torproject.org/defending-tor-mitigating-IP-spoofing/   At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor …

Read more “TOR Spoofing Attacks: epilogue”

Using AI to Identify Web Anomalies

by adminCyberSec Case Study, CyberSec NewsPosted on No Comments

  Download PDF Order Article Reprints As companies increasingly undergo digital transformation, the value of their data assets also rises, making them even more attractive targets for hackers. The large volume of weblogs warrants the use of advanced classification methodologies in order for cybersecurity specialists to identify web traffic anomalies. This study aims to implement …

Read more “Using AI to Identify Web Anomalies”

Is this attacker’s IP spoofed?

by adminCyberSec Case Study, CyberSec News, Malicious SoftwarePosted on No Comments

We’re actively sending abuse alert emails to network owners, alerting them to potential compromises on their servers. Recently, several TOR operators (middle, guard, and exit nodes) have reached out, reporting that their IPs were spoofed. While these claims have validity, we’d like to highlight that a significant amount of the TCP port 22 traffic we …

Read more “Is this attacker’s IP spoofed?”

Why our Agent is different from Crowdstrike

by adminCyberSec Case Study, CyberSec News, Software Vulnerabilities and UpdatesPosted on No Comments

The security agent we use in our Managed SOC is just a “grab and log” agent. As such, it doesn’t need deep integration at the OS level like Crowdstrike. So, while Crowdstrike runs at the kernel level, our agent runs natively in user space. This is a much safer approach to security monitoring and threat …

Read more “Why our Agent is different from Crowdstrike”