-
What is the NSO Group Pegasus Spyware Software? How Does Pegasus Hack Phones?
There was a flurry of news this morning about NSO Group, an Israeli tech firm, and the Pegasus spyware that produces. Al Jazzeera has some interesting reporting and have been following the story for a while. Back in December they reported about their journalists being hacked. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal. “This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.…
-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
What is Remote Code Execution?
What is Remote code execution (RCE)? A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE). According to Wikipedia: In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution…