You are viewing 'threat mitigation'

New and Improved Dridex

Atom Bombing Returns

David Biser

April 06, 2017 - Posted by David Biser to Security News

Atom Bombing

In November of 2016, I wrote a blog titled “Atom Bombing: Three ways to protect yourself.”  I discussed a new attack vector uncovered by security researchers at enSilo that allowed attackers to inject code directly into atom tables. Atom tables are present in all Windows operating systems and function in multiple ways across the operating system. Here is a link that can help you learn more about atom tables.

Dridex, a common banking malware, has evolved to include atom bombing into its attack vector. It doesn’t take long for criminals to adopt new attack methods and this is a clear example. The latest Dridex variant,... read more >

DNS Threat Hunting

John Meyers

January 12, 2017 - Posted by John Meyers to Security Insight

DNS Threat Hunting

Recently, I read an article in SANS News Bytes about the Stegano malvertising campaign that was discovered by ESET Research. Instead of discussing this campaign in great detail, which ESET has already done, I am going to focus this blog on what you can do when information about a new malicious campaign becomes public.

One of the SANS News Bytes editors, Gal Shpantzer, recommended looking for the attack’s domain names in DNS logs. Most organizations do not retain their DNS traffic, but these can be a valuable source of information. In a corporate environment, having a historical record of traffic that traversed your network can aid in threat hunting, especially as new intelligence is made public. A SIEM is a... read more >

IDN Homograph Attacks

How a Russian spammer registered ɢoogle.com

Brandon Louder

January 05, 2017 - Posted by Brandon Louder to Security News

A friend recently brought to my attention that the Google Analytics report for his website was showing that 18% of his visitors had the below message showing up under the language field. Typically, this field shows language abbreviations depicting the native language of the visitor to the site such as: “en”, “es”, “fr”.

“Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!”

Google Analytics Screen Shot

Looking beyond the political aspect of this message, there are two issues here. The second being the most unsettling:

  1. First of all, it is not uncommon for spammers to target Google Analytics with messages that incite the website owner to follow the link. This specific spammer has been active with this campaign for several months now. Google...
read more >

Taking Security Back to the Basics

Working from a strong foundation is the key to a successful security program

John Moran

December 01, 2016 - Posted by John Moran to Security Insight

Cyber Attacks ahead

When a major security vulnerability is disclosed, everyone stops what they are doing and takes notice, especially when that vulnerability comes with its own logo. Now don’t get me wrong, newly disclosed vulnerabilities are important. They provide exciting opportunities for researchers and they do, if only temporarily, focus management’s attention on the often overlooked information security. 

Don’t worry, this isn’t another blog about the pros and cons of vulnerability hype. Instead, I’d like to focus on the importance of keeping one eye on the basics, while the other is scrolling through the Twitter feed for the next upcoming disclosure. Because all too often, it is not the latest security vulnerability, but a failure to properly secure and deploy systems that is the root cause of a costly network breach.

Below are several recommendations to help keep your network more secure, and your company safe from new vulnerabilities (or old... read more >

Atom Bombing

Three ways to protect yourself

David Biser

November 10, 2016 - Posted by David Biser to Security News

Atom Bombing

If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.

Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details. 

For the purposes of this blog, I am... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS