How to Analyse .NET Malware

andreasc
-
0
How to Analyse .NET Malware
[ad_1]

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware. 

The write-up outlines the importance of sandbox analysis in preparing for reverse engineering by highlighting what to expect and focus on, given that malware creators use various tactics to confuse analysts.

It also mentions that the walkthrough will cover modifying malware to simplify analysis.

The initial understanding gained from sandbox analysis allows analysts to prioritize areas for investigation during the deconstruction phase. This is particularly useful as malware often employs obfuscation techniques to impede analysis.  

The preparation for reverse engineering Snake Keylogger, a.NET infostealer with anti-analysis techniques, where the author plans to use static and dynamic analysis with decompilers and debuggers in an isolated environment built with VirtualBox, Windows 11, Flare-VM, dnSpy, and.NET Reactor Slayer. 

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

To ensure safety, the network adapters will be disabled, and resource sharing between the guest and host machine will be minimized. 
The modded Snake Keylogger

Stages of the Malware Analysis:

The analysis identified “pago 4094.exe” as a .NET keylogger disguised as an airplane simulator. Static analysis revealed suspicious decryption code in the InitializeComponent function, and disabling the code confirmed its role in malicious activity. 

The entry point that contains the Main function

Dynamic analysis showed the code fetching data from a resource named “Grab” and decrypting it, which contained a valid DOS header, DOS stub, and PE header, indicating it was a new executable payload. 

The payload, loaded as an in-memory assembly using Assembly.Load, was identified as “Aads.dll” and determined to be stage 2 of the malware.  

The “Airplane Traveling” application on the ANY.RUN Sandbox

The analyst at ANY.RUN investigated “Aads.dll,” a.NET assembly DLL, using static and dynamic analysis, where static analysis in dnSpy revealed sorting/searching functions but no malicious code. 

“Aads.dll” on DIE shows the Library and Linker

Dynamic analysis with breakpoints showed “Aads.dll” using image data from resource “ivmsL” containing a potentially steganographic image. 

The image data was processed through sorting algorithms and examined in memory, revealing a DOS header (“MZ”) and PE header, indicating a packed executable, while the extracted executable, named “Tyrone.dll,”  was identified as stage 3 of the malware.  

The module “Tyrone.dll” can be observed under the Modules Tab

“Tyrone.dll” was found as a.NET DLL with VB.NET code that had been hidden by.NET Reactor. Static analysis of the deobfuscated code showed functions related to a “pandemic simulation” that were deemed unnecessary, but the presence of GetObject() suggested a next step. 

Deobfuscating the “Tyrone.dll”

Dynamic analysis confirmed this suspicion by setting breakpoints and examining memory, while retrieved data from resource “wHzyWQnRZ” was identified as a new executable containing a DOS header, DOS stub, and PE header – stage 4 of the malware. 

Document
Are you from SOC and DFIR Teams?

Sign up and start using the interactive malware sandbox for free. .

Analysts investigated “lfwhUWZlmFnGhDYPudAJ.exe,” a.NET assembly flagged as a keylogger, where the file had obfuscated code with non-descriptive names and after identifying it as a VB.NET compiled PE32 executable, they detonated it in a sandbox environment, confirming its keylogging functionality. 

The overview of “lfwhUWZlmFnGhDYPudAJ.exe” in an ANY.RUN sandbox

At last, the deobfuscation with renaming functions (e.g., “lena_”) improved code readability for further analysis. 

The malware configuration, encrypted with a hardcoded key, reveals SMTP information for exfiltration and the code steals login data from browsers (Chrome, Edge, etc.) and applications (Discord) by accessing their SQLite databases or LevelDB files. 

Snake Keylogger Config Decryption Python Code

It exfiltrates data via FTP, SMTP, or Telegram, as the analyzed sample uses SMTP with hardcoded credentials and sends data as an email attachment.

It describes modifying the Snake Keylogger malware for easier analysis by disabling internet connection checking, self-deletion, and self-movement functionalities. 

The encrypted SMTP information obtained from the Python code

A Python script has been written to encrypt SMTP credentials with a key derived from an MD5 hash and store them in the malware configuration to bypass email encryption. 

Document
Are you from SOC and DFIR Teams?

Integrate ANY.RUN Malware Sandbox in your workplace. .

The malware was customized by changing the icon and adding functionalities to change the wallpaper and save stolen credentials to text files on the desktop. The effectiveness of the modifications was verified by running the modded malware in a sandbox environment. 

Boosting Security with ANY.RUN Threat Intelligence

The solution offers a threat intelligence (TI) feed and a lookup portal, providing access to a constantly updated database of malware information that leverages data from over 1.5 million investigations by community and in-house analysts, allowing you to

  • Access the latest community-reported and analyst-discovered malware data.
  • Search across various aspects (fields) of 1.5 million investigations conducted in the past 6 months.
  • To identify risks, analyze command lines, registry changes, memory dumps, encrypted and unencrypted network traffic, and more.

It offers threat intelligence in two formats:

  • Threat Intelligence Lookup – Search our portal for relevant events using 30 criteria. Use wildcards (*) or widely to search substrings. With rapid search, you will get results in 5 seconds. The attached IOCs and event fields include links to recorded sandbox research sessions.
  • Threat Intelligence Feeds – Receive STIX data from our Feeds directly into your TIP and SIEM systems. Set up firewalls for the current threats. New data provides indications and event fields for context every two hours.

TI Lookup examines a massive database of Indicators of Compromise (IOCs) and related events across numerous parameters. Wildcards allow wide or particular searches, and results, including linked research sessions, are supplied in seconds.

SIEM systems can use TI Feeds’ continuous threat data in STIX format and every two hours, IOCs and event details are added for threat analysis.

What is ANY.RUN?

ANY.RUN is a cloud-based malware lab that does most of the work for security teams. 400,000 professionals use ANY.RUN platform every day to look into events and speed up threat research on Linux and Windows cloud VMs.

Advantages of ANY.RUN 

  • Real-time Detection: ANY.RUN can find malware and instantly identify many malware families using YARA and Suricata rules within about 40 seconds of posting a file.
  • Interactive Malware Analysis: ANY.RUN differs from many automated options because it lets you connect with the virtual machine from your browser. This live feature helps stop zero-day vulnerabilities and advanced malware that can get past signature-based protection.
  • Value for money: ANY.RUN’s cloud-based nature makes it a cost-effective option for businesses since your DevOps team doesn’t have to do any setup or support work.
  • Best for onboarding new security team members: ANY. RUN’s easy-to-use interface allows even new SOC researchers to quickly learn to examine malware and identify signs of compromise (IOCs).

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.


[ad_2]
Source link

Microsoft Edge bug allowed collection of data through extensions

andreasc
-
0
Microsoft Edge bug allowed collection of data through extensions
[ad_1]

Aside from showing Chrome users a popup to switch to Microsoft Edge, it turns out that the company is also striving to fix known bugs and security flaws of the browser, and the system associated with it. The tech giant has just fixed a prior glitchy update to its Edge browser, which was causing numerous problems for users. However, it turns out that there’s more and this particular one could be severe.

A recently patched bug in Microsoft Edge allowed potential attackers to install extensions on the user’s system. And it could happen without any interaction from the user. Notably, it could be exploited for financial gain or other purposes.

Tracked as CVE-2024-21388, this vulnerability was at first revealed by Guardio Labs security researcher Oleg Zaytsev, who highlighted its potential for malicious exploitation.

Attackers could have used the Microsoft Edge bug to install an extension by exploiting a private API

Researchers addressed the security flaw in Microsoft Edge stable version 121.0.2277.83 released on January 25, 2024. Bad actors could have exploited the flaw to leverage a private API originally intended for marketing purposes. This API could enable attackers to install browser extensions with broad permissions, which could lead to a browser sandbox escape.

The vulnerability, if successfully exploited, could have allowed attackers to gain the privileges needed to install extensions on users’ systems without their consent. An attacker could make it happen by exploiting a private API in the Chromium-based Edge browser. It reportedly granted privileged access to a list of websites, including Bing and Microsoft.

By running JavaScript on these pages, attackers could install extensions from the Edge Add-ons store. It won’t require any interaction from the user. The bug in Microsoft Edge essentially stemmed from insufficient validation. It could allow attackers to provide any extension identifier from the storefront and stealthily install it.

The potential impact of this vulnerability is significant, as it could have facilitated the installation of additional malicious extensions. In a hypothetical attack scenario, threat actors could not only publish seemingly harmless extensions to the add-on store but also leverage them to inject malicious JavaScript code into legitimate sites. Subsequently, users visiting these sites would unknowingly have the targeted extensions installed on their browsers without their consent.

Thankfully, there’s no record of a successful exploitation

Thankfully, there’s no evidence of a successful exploitation of this security flaw. Browser customizations aim to uplift the user experience. However, they can inadvertently introduce new attack vectors and this recorded security flaw is a perfect example of that. As Guardio Labs’ Oleg Zaytsev emphasized, attackers can easily trick users into installing seemingly harmless extensions, which could serve as the initial step in a more complex attack.


[ad_2]
Source link

C2A Security’s EVSec Platform Gains Automotive Industry Traction for Compliance

andreasc
-
0
C2A Security’s EVSec Platform Gains Automotive Industry Traction for Compliance
[ad_1]
C2A Security's EVSec Platform Gains Automotive Industry Traction for Compliance

C2A Security’s DevSecOps Platform, ‘EVSec’, has been gaining widespread traction as the automotive industry rushes to meet cybersecurity regulations and industry standards, such as UN Regulation No. 155, ISO/SAE 21434, Chinese GB Standards, and others.

2024 is a pivotal year for cybersecurity regulations in the automotive industry, as UN Regulation No. 155 goes into full effect. C2A Security’s EVSec risk-driven product security platform allows developers to focus on creative features and manage software and operations at scale, in an automated manner.

EVSec automates archaic manual processes and enables cross-functional sharing and collaboration between teams, customers, and supply chains while offering full digital twin capabilities. EVSec applies continuous feedback from product operations and vulnerabilities to improve development and design, as part of agile software development.

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others.

The collaboration with C2A Security supports the customers on the applicable standards and best practices for regulatory compliance. EVSec maps and automates the relevant standards and regulations, like ISO/SAE 21434 and UN Regulation No. 155, to simplify compliance efforts, which are essential to business success, as companies forge new grounds for their vehicles, develop innovative EV-powered vehicles, and plan for the EV infrastructure that supports them.

“We’re thrilled that EVSec has proven so popular and effective, as companies like Daimler Truck AG choose it as its product security platform. Dealing with current and emerging regulatory demands, software development at scale and overall product security operations can be a limitation on the business continuity of a company if not automated,” noted Roy Fridman, CEO, of C2A Security.

“At the end of 2023, we witnessed the first case of a premium car maker that stopped the sale of their most popular model in the European Union because it failed to comply with the regulation. To stay competitive companies must utilize advanced product security automation in their development and operations and we are excited to support them in achieving this goal.”

Images are available here.

About C2A Security

C2A Security is the only risk-driven DevSecOps Platform vendor that addresses the specific needs of car makers, Tier 1 suppliers, and mobility companies. Founded in 2016, C2A Security’s customers and technology partners include top-tier global players including Daimler Truck AG, BMW Group, Siemens, Valeo, ThunderSoft, Marelli, NTT Data, and Evvo Labs, among others.

C2A Security transforms cybersecurity from being a company-wide limitation to a business value multiplier through advanced security automation and compliance to shorten software release times and decrease costs.

Our vision is to turn product security into a seamless, automated, and transparent process, reducing time to deployment and costs of managing automotive software products and resources. C2A Security was founded by NDS/Cisco veteran Michael Dick, with its global headquarters in Jerusalem, Israel. c2a-sec.com.

Contact

  1. Navigating London’s Free Electric Car Charging Points
  2. Volkswagen Goes AI, Integrates ChatGPT into its Vehicles
  3. Cybersecurity Automation: How Can Businesses Benefit From It

[ad_2]
Source link

Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR

andreasc
-
0
Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR
[ad_1]

In early 2024, a large K-12 school district partnered with ThreatDown MDR to strengthen its cybersecurity posture. Shortly after onboarding, ThreatDown MDR analysts detected unusual patterns of activity subsequently identified as the work of SolarMarker, a sophisticated backdoor. It became evident that SolarMarker had been present in the district’s system since at least 2021, likely exfiltrating data over several years.

Let’s dive further into the investigation’s findings and the steps taken to mitigate the threat.

SolarMarker infection

Background

The incident began with the detection of an anomalous instance of PowerShell attempting to establish an outbound network connection to a suspicious IP address (188.241.83.61). This connection attempt was thwarted by Malwarebytes Web Protection (MWAC), signaling the first indication of a potential security breach.

Initial challenges

Upon investigation, it was discovered that Endpoint Detection and Response (EDR) settings were disabled in the client’s endpoint policy. This limitation prevented the use of Fast Response Scanning (FRS) to capture and analyze detailed endpoint data, necessitating a manual approach to the investigation utilizing Active Response Scanning (ARS).

Investigation and analysis

The first step involved querying active network connections with netstat, which revealed an instance of PowerShell in operation. To further understand the nature of this PowerShell instance, its command line was examined using Windows Management Instrumentation Command-line (WMIC) with the process ID (PID), which unveiled obfuscated code.

Decoding and understanding SolarMarker

The obfuscated PowerShell code was extracted and refactored for clarity. The analysis revealed the following components of the malware’s operation:

powershell

$decodeKey = '<Base64_encoded_string>'

$encodedFilePath="C:\Users\akeith\AppData\Roaming\micROSoft\wbpgVnSBjsytaokm\JqdVQplHfgwxyNmtaPX.gvzPlATqFe"

$decodedPayload = [System.IO.File]::ReadAllBytes($encodedFilePath)

for ($payloadIndex = 0; $payloadIndex -lt $decodedPayload.Count; $payloadIndex++) {

 $decodedPayload[$payloadIndex] = $decodedPayload[$payloadIndex] -bxor $decodeKey[$payloadIndex % $decodeKey.Length]

 if ($payloadIndex -ge $decodeKey.Length) {

 $payloadIndex = $decodeKey.Length

 }

}

[System.Reflection.Assembly]::Load($decodedPayload)

[ab821408b424418fa94bb4d815b4e.ad0682a943e4859ef35309cc0a537]::a1f5abfa214411baa77e25f6ceaa6()

This code reveals the malware’s methodology:

  • It utilizes a Base64-encoded string as a decryption key.
  • It targets a specific file path for encoded data.
  • It reads, decodes, and executes the encrypted payload.

The command line shows signs of the malicious script execution, with parameters indicative of a desire to hide the window (-WindowStyle Hidden), bypass execution policies (-Ep ByPass), and run encoded commands (-ComMand “sa43…). 

Further investigation uncovered randomly named folders within the AppData\Roaming\Microsoft directory, each containing encoded payloads. These discoveries suggested a more widespread infection than initially anticipated.

Response and mitigation

The response involved several steps to contain and eliminate the threat:

  • Terminating the malicious PowerShell instance.
  • Deleting the identified folders containing encoded payloads.
  • Conducting a thorough search for persistence mechanisms, which fortunately yielded no findings.

A comprehensive threat scan was executed, and the incident was escalated for visibility with the client. Post-reboot checks confirmed the absence of persistence, no spawn of new PowerShell instances, and blocking of suspicious network connections, indicating successful remediation of the infection.

Conclusion

As we’ve seen in our 2024 State of Ransomware in Education report, the educational sector continues to be a prime target for attackers. In this case, attackers used SolarMarker, a sophisticated backdoor, to lurk within the school district’s network for years, likely stealing data in the process. Its presence went undetected until the district onboarded with ThreatDown MDR. Despite facing initial obstacles, such as disabled EDR settings, the ThreatDown MDR team successfully identified and neutralized the SolarMarker infection through manual intervention.

Discover how ThreatDown MDR can safeguard your K-12 institution.


[ad_2]
Source link

Android 15 could block your location from your carrier

andreasc
-
0
Android 15 could block your location from your carrier
[ad_1]

Android 15 is fast approaching, and we are starting to get an idea of what sort of new features to expect. Well, if you’re a person who likes to keep their location private, then you’re going to like this potential feature discovered within the software. According to a new report, Android 15 may let you block your carrier from knowing your location.

Let’s face it, it’s extremely hard to keep companies from accessing your sensitive information. Your location is one of the worst bits of information that a company can get, and there are several ways of keeping companies from getting access to it. However, there is no way to be 100% certain that your location is preserved.

For example, you can manually disable your location on an app-per-app basis or throughout your entire phone. Unfortunately, that is not to say that your carrier can’t tune into your location. There’s actually a way for your carrier to know your location even if you have everything disabled.

Well, Android 15 could let you block your carrier from knowing your location

It seems that there’s always something that users never learn about when they purchase a device. When your phone restricts an app from accessing your data, it is a software-based solution. However, your carrier can tap the actual signal radio on your phone to get your location. This means that there is no user-facing solution to this problem other than breaking your phone with a bat.

Well, according to code found with an Android, Android 15 may be able to block your carrier from accessing your location. There are situations where you would want your carrier to access your location like emergencies. However, knowing that there’s a method of sharing your information that you cannot control or don’t even know about is unsettling for most users. So, this will be a great feature to look forward to in Android 15.


[ad_2]
Source link

WhatsApp testing a redesign for its calling screen so you’ll know where to tap to hang up

andreasc
-
0
WhatsApp testing a redesign for its calling screen so you’ll know where to tap to hang up
[ad_1]
WhatsApp usually nails all the essential features of a proper messaging app — group chats, broadcasts, communities, voice, video. However, as versatile as popular as the app is, WhatsApp’s user interface can sometimes feel very clunky and outdated. Fortunately, it looks like Meta is listening and doing something about it.
UI changes have been popping up in the beta version of WhatsApp for a while now. However, those changes were exclusive to particular parts of the interface, such as previews, bars, and other smaller elements. The calling screen, though, remained the same throughout all of that. That is, until now.
As noted by WABetaInfo’s AssembleDebug, the latest WhatsApp beta for Android (version 2.24.7.19), shows a revamped calling screen that promises a smoother, more intuitive experience. The biggest change is subtle, but it could fix a major annoyance. That back button in the top left corner? It’s gone. Instead, WhatsApp introduces a proper minimize button. Same function, but way more intuitive.
WhatsApp testing a redesign for its calling screen so you'll know where to tap to hang up

WhatsApp’s new calling screen UI | Source: WaBetaInfo

This is important because the old back button led to a lot of confusion. Because it was ambiguous, many users thought that by clicking on this back button they were ending the call entirely. Obviously, that was not the case, but with this new minimize option you get a clearer indication that by tapping it you’re just tucking the call screen away, not hanging up.

Additionally, the buttons are very distinctly designed to separate them visually from the rest of the screen. Judging by the screenshot above, I don’t think the new buttons leave any room for misinterpretation. It is a small yet thoughtful design change that can make all the difference.

WhatsApp’s clearly serious about making the calling experience as painless as possible. This isn’t the most earth-shattering update, but it shows they’re listening to how people actually use the app and tweaking things accordingly. Sometimes, the best features are the ones that get out of your way.


[ad_2]
Source link

New iMessage Phishing Campaign Targets Postal Service Users Globally

andreasc
-
0
New iMessage Phishing Campaign Targets Postal Service Users Globally
[ad_1]
New iMessage Phishing Campaign Targets Postal Service Users Globally

Netcraft Report Uncovers “Darcula” Platform Targeting Postal Services Worldwide via iMessage & RCS Phishing. Discover how USPS & global services are under attack and learn essential protection measures.

A new report by cybersecurity firm Netcraft has discovered a sophisticated phishing-as-a-service (PhaaS) platform called “Darcula.” This platform is being used to launch large-scale smishing attacks targeting the United States Postal Service (USPS) and global postal services across more than 100 countries.

Darcula represents a significant development in the world of cybercrime. Unlike traditional PhaaS platforms that rely on email communication, Darcula leverages iMessage and Rich Communication Services (RCS) messaging for its attacks. This allows cybercriminals to bypass SMS firewalls commonly used to block phishing attempts.

Why iMessage and RCS?

iMessage and RCS offer features like file transfers and enhanced media support, making them appear more legitimate than traditional SMS messages. Additionally, these messaging services are often used for personal communication, potentially lowering a user’s guard against potential phishing attempts.

The Smishing Tactic

The Darcula platform facilitates smishing attacks, a form of phishing that uses text messages to trick victims. These messages often impersonate legitimate organizations, such as postal services, and typically lure users into clicking malicious links or providing sensitive information.

New iMessage Phishing Campaign Targets Postal Service Users Globally
Screenshots of the actual malicious text sent to a user (Credit: Netcraft)

In the case of attacks targeting postal services, the messages might impersonate the USPS or a similar national postal service, informing recipients of missed deliveries or requesting additional information for package clearance. Clicking the malicious link could lead to a fake website designed to steal the user’s login credentials, credit card information, or other sensitive data.

Global Reach and Long History

The Netcraft report reveals that Darcula has been operational for at least a year and has been used in attacks on users in the UK and the United States. The platform’s capacity to target postal services in over 100 countries highlights its global reach and the potential impact of these phishing campaigns.

New iMessage Phishing Campaign Targets Postal Service Users Globally
Phishing pages to which a user is taken (Credit: Netcraft)

Importance of Cybersecurity Training

While the use of iMessage and RCS introduces a new element to smishing attacks, basic security principles and training remain crucial in protecting oneself. Users should be wary of unsolicited messages, even those coming from seemingly familiar sources.

Phishing attempts often create a sense of urgency, urging users to click links or respond immediately. Taking a moment to verify the legitimacy of a message by contacting the sender directly through a verified phone number or website can help avoid falling victim to these scams.

According to Max Gannon, Cyber Intelligence Analysis Manager at Cofense, Darcula, a very advanced phishing kit, paints a dire picture of phone-based phishing that individuals are not trained to avoid. This kit uses new techniques carefully designed to avoid security controls.

While this advanced phishing kit is problematic and avoids common security controls, a user trained properly to detect phishing emails should be just as likely to detect phishing messages on other platforms, Max emphasised.

The existence of this kit emphasizes the importance of training individuals to be more vigilant across platforms. Even if a trained individual were to fall for the phishing attempt and click the link, the request for sensitive information like credit card details or SSNs should raise immediate concerns, he added.

  1. Police Dismantle PhaaS Platform BulletProftLink
  2. Malspam targets hotels, spreading Redline and Vidar stealers
  3. Microsoft Warns of Tax Returns Phishing Scams Targeting You
  4. 800 Fake “Temu” Domains Lure Shoppers into Credential Theft
  5. “Failure in Parcel Delivery” Email Drops Malware on USPS Users’ PC

[ad_2]
Source link

Amazon is bringing palm recognition to phones

andreasc
-
0
Amazon is bringing palm recognition to phones
[ad_1]

Most people might not know this, but Amazon has its own method of identification called Amazon One. With it, users will use their palm to confirm their identity. Until now, users have been required to go to physical locations to sign up for an Amazon One account. However, Amazon just announced that Amazon One is making its way to phones via an app.

The company has been distributing Amazon One modules to different locations around the states. In order to use these modules, you simply have to hover your palm over the reader. Then, you’ll be able to make purchases at different locations through your Amazon account.

Amazon launches an official Amazon One app

As stated before, you needed to be at an official Amazon One reader in order to use this service. So, you couldn’t sign up for the service at home. This made it a bit inconvenient, as you’d have to go to a physical location.

Well, according to the company, that’s changing. Amazon just announced a new Amazon One app. With it, you can easily sign up for the service right at home. It’s available for both iOS and Android today, and you can download it using the link below.

Download Amazon One – Google Play Store

When you open the app, you will sign in with your Amazon account. Just know that you will need a valid telephone number. Once you’re signed in, you will use your phone’s camera to scan your palm. You can either scan one palm or both of them.

After you scan your palm, Amazon will save that information. So, the next time you go to any eligible Amazon One physical location, all you have to do is scan your palm. Then, Amazon will automatically activate your account.

You will be able to use your account at participating Amazon locations including Amazon’s own stores, Whole Foods, Etc. So, if you want a more convenient way of using Amazon One, then you should give the app a try.


[ad_2]
Source link

Powering the future of ThreatDown with AI

andreasc
-
0
Powering the future of ThreatDown with AI
[ad_1]

Nobody can deny the influence of AI today. In just a few years, we have observed AI’s capacity to be as transformative as the internet and smartphones, especially for cybersecurity. Indeed, the potential of AI to radically simplify complex security environments is unmistakable, and aligns closely with our mission at ThreatDown to reduce threats, complexity, and costs for our customers.

With continuous advancements in AI and its ever-expanding potential to enhance user experiences, ThreatDown remains dedicated to integrating these technologies into our solutions going forward. Let’s dive into where we are with AI and where we’re headed.

What led us here

We’ve always been big on democratizing security for all, and we believe AI has the potential to do just that. With this in mind, in late March 2024 we added a powerful AI functionality to our industry-leading Security Advisor. Users can now use simple natural language requests to search for information about their environment, ask for recommendations on how to optimize their security posture, and more.

Users will now see an “Ask AI” search bar on the Endpoints, Detections and Vulnerabilities pages

The deployment of generative AI into our Security Advisor propels us closer to our goal to make security management more accessible, especially for companies with constrained IT resources. Generative AI’s ability to sift through vast datasets to highlight essential issues and suggest actions significantly lowers the barrier to advanced security, eliminating the necessity for deep security know-how among users. But we’re not done yet.

Where we’re going

As we integrate generative AI, we envisage a host of potential advancements that could further revolutionize security management:

  • Global AI search: Our team is considering the development of a universal AI search feature, integrated across all products, that can comprehend natural language queries and surface relevant data.
  • Evolving summarization techniques: Imagine an AI that can not only summarize threats detected by EDR tools but also provides remediation steps with contextual help to follow along.
  • Dynamic security recommendations: We’re exploring the possibility of AI that not only provides recommendations but also adapts them in real-time based on the evolving security context of each user.

Pioneering simplicity in security with AI

AI will likely become a bigger and bigger fixture in security as the years go on, and as it evolves, ThreatDown is deeply committed to simplifying security management through the power of AI.

Nebula users can use Security Advisor and its AI capabilities today. Learn more.


[ad_2]
Source link

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats – GBHackers on Security

andreasc
-
0
GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats – GBHackers on Security
[ad_1]

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential of Web3 user security data to aid in risk management.

The report’s findings reveal a clear and growing demand for more advanced security tools that can effectively safeguard digital assets, verify the authenticity of nonfungible tokens (NFTs), and monitor decentralized applications for threats. 

The report, “Uncharted Consensus: The Widespread Use and Potential of User Security Data in Web3”, showcases the rapid adoption of GoPlus’s API suite, which provides Web3 industry stakeholders with unparalleled insights into the health and vulnerability of various cryptocurrencies, NFTs and decentralized applications.

At the same time, it also underscores the unique role GoPlus plays in addressing Web3’s most pressing security challenges.

GoPlus is the developer of an API suite designed to address the multifaceted challenges of Web3 user security. The suite enables targeted data analysis across key industry aspects.

Its modules include a Token RIsk API and NFT Risk API that evaluate the risk associated with different cryptocurrencies and non-fungible tokens; a Malicious address API for monitoring and reporting malicious address; a dApp Security API for real-time monitoring and threat detection in decentralized applications; and an Approval API for checking malicious approval of an address.

The report shows rising demand for better Web3 security solutions. GoPlus revealed that its Token Risk API saw a rapid increase in utilization from November 2023, with some months witnessing peaks of over 20 million calls per day.

This suggests that the crypto industry is collectively shifting towards pre-emptive risk identification and mitigation, driven by the evolving and intensifying landscape of security threats. 

These increases were mirrored by similar usage spikes in GoPlus’s other API modules. For instance, usage of its NFT API spiked between Dec. 2022 and Feb. 2023 and then several times again between March and May 2023 before stabilizing, followed by a sustained period of much steadier growth.

These usage trends mirror the growing adoption of NFTs and the corresponding need for tools to assess the risks associated with these digital assets.

Evolving Threat Landscape

A closer analysis of the API usage data illustrated a significant fluctuation in the presence of “high-risk” tokens, reflecting a threat landscape that’s just as volatile as the crypto industry itself.

The majority of these high-risk tokens were identified as being either “blacklisted” or “honeypots”. However, many other kinds of threats were identified, illustrating the evolving tactics used by hackers and scammers in the industry. The report also found an exponential increase in threats associated with NFTs, such as privileged operations (burn and minting), restricted approvals, self-destruct mechanisms, and unauthorized transfers.

The threat-related insights demonstrate the need for Web3 projects to employ more dynamic, robust, and adaptable security strategies and countermeasures to deal with the evolving threat landscape. They also highlight the need for education and collaboration to increase awareness of these threats and find better ways to mitigate them.

Top Ecosystems & Threats

The comprehensive study also highlighted the differing levels of user engagement and security concerns across blockchains, providing perspective on the unique challenges and risks faced by each ecosystem. 

BNB Chain emerged as the most prominent user of GoPlus’s APIs, being queried more than 92.7 million times during the research period. This reflects Binance’s laudable achievement in fostering a large community that’s united in its determination to identify and proactively mitigate security risks such as token vulnerabilities and scams.

Ethereum was the second-most popular chain to leverage GoPlus, with users querying its APIs 84 million times, highlighting both the extent of its user base and its vigilance against vulnerabilities and scams. Meanwhile, Polygon also stood out with almost 9.8 million queries during the period. This high level of adoption in the much smaller Polygon community illustrates the strong emphasis it places on scaling security solutions for the Web3 industry. 

Other insights from the report include the top ten token risks faced by the crypto industry today, with further analysis uncovering ten tokens with characteristics that mark them out as being “particularly malicious”, and also the top ten NFT collections that could be perceived as risky, due to their close association with phishing scams.  

The Importance Of User Security Insights

The GoPlus report provides valuable insights into aspects such as user engagement, preferences and the nature of the evolving threats in Web3, which can be essential for stakeholders to make more informed decisions and mitigate the risks they face. 

Perhaps the most significant finding is that the report underlines the critical importance Web3 security data can play in helping the industry to address the evolving risk landscape. As the Web3 ecosystem grows and evolves, the need for comprehensive security data will become all the more vital, helping dApp developers protect their users, while educating users on how to protect themselves.  

About GoPlus Labs

GoPlus Labs is revolutionizing Web3 security by offering a transparent, User Security Network with permissionless security data. It provides User Security Module as a Service to any blockchain, utilizing advanced AI for comprehensive threat detection.

Notably, its security data infrastructure has seen a massive usage increase, the user security data usage has grown 5000x from 2022 to now, with daily data API calls 21M.

SecwareX, launched in March 2024, quickly gained significant traction, showcasing high user trust. Within its first two weeks, it attracted over 400,000 users, including more than 30,000 premium (paid) users, highlighting its immediate impact and user trust.

GoPlus enhances Web3 user security through broad support for over 20 chains, collaboration with RaaS and Layer2 partners like Altlayer, zkSync, and Manta, and the introduction of innovative products like the “Secscan” security engine and Secware Middleware. These advancements facilitate a more open data and computing layer, moving towards gradual decentralization.

GoPlus enhances Web3 user security and promotes decentralization by motivating user participation with its token system. The GoPlus Token will act as a “gas fee,” necessary to reinforce the user security network and expand its utility. Moreover, it encourages users to become SecWare Service Providers, Data Providers, and Computing Node Providers. By contributing to the network, these participants can earn GoPlus Tokens.

Contact
Dasi Kaplan
[email protected]

[ad_2]
Source link
1...260261262...1,470Page 261 of 1,470