Dec 11

Binary Defense Vision with UEBA, Simpler Onboarding and 2FA, Improved Threat Hunting and Data Queries, Detection Visualizations

Binary Defense announces Agent 4.4 and Server 2.73 packed with substantial new features and enhancements to the Binary Defense Vision platform.

read more →
Dec 10

Real People of Binary Defense: Jimmy Byrd

Welcome to our blog series introducing the Real People at Binary Defense where you get to go inside our offices and meet the contributing members of our Binary Defense team.

read more →
Dec 06

Binary Defense Once Again Acknowledged as a Representative Vendor in Gartner Market Guide for Endpoint Detection and Response Solutions


Binary Defense, a leading provider of Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services, is happy to announce it has been identified for the second year in a row as a Representative Vendor in the Gartner "Market Guide for Endpoint Detection and Response Solutions" report.

read more →
Nov 20

Threat Intelligence: Make-A-Wish Targeted in Cryptojacking Attack

Make-A-Wish never patched the Drupal vulnerability which has allowed hackers to steal CPU-cycles to allow them to mine Monero cryptocurrency. Researchers have realized the miner has been active since May and is JavaScript-based after taking a quick look at drupalupdates.tk domain.“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come true.”

read more →
Nov 19

Threat Intelligence: Instagram Exposes Passwords in Plaintext

The popular social media photo sharing app Instagram has recently patched a bug in their website that accidentally exposed some of their users’ passwords in plaintext. The bug resides in the new “Download Your Data” feature. This new feature allows the user to download a copy of all the data they have shared with the site, including comments, posts, photos, and other information.

read more →
Nov 16

Threat Intelligence: Buyers Beware of Banking Trojans on Black Friday

Account-managing Trojans customarily target clients of online money related administrations--searching for budgetary information to take, or building botnets out of hacked gadgets for future assaults. Be that as it may, after some time a few of these Trojans have upgraded their usefulness, propelling new variations and broadening their range. Some are currently ready to get root access to tainted gadgets, perform exchanges, inject malicious code, record video, and the sky is the limit from there.

read more →
Nov 15

Threat Intelligence: Bitcoin Giveaway Scam Targets Google

The Google Twitter account for its G Suite cloud subsidiary, which has more than 800,000 followers, has been the most recent target of a growing Bitcoin scam. Many have been asking Twitter to intervene due to the increasing success of these attacks and the growing ability for hackers to compromise verified Twitter accounts. When these accounts are accessed, attackers tweet out a falsified 10,000 Bitcoin giveaway, which equates to around $62,000 dollars.

read more →
Nov 14

Threat Intelligence: Microsoft Zero-day Patched

Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.

read more →
Nov 13

Threat Intelligence: WordPress Zero-day

A zero-day vulnerability has been discovered affecting WP GDPR Compliance. WP GDPR Compliance is a WordPress plugin that aids website owners become GDPR compliant. The plugin is one of the more popular GDRP plugins available with over 100,000 active installations.

First seen roughly three weeks ago, the vulnerability used to gain access to WordPress sites and install backdoors. The plugin was removed earlier last week, however it was reinstated on November 7th after the release of version 1.4.3, which contained a patch for the vulnerability.

Attackers are actively exploiting the vulnerability for anyone running version 1.4.2 and older. According to researchers, “attackers are targeting a WP GDPR Compliance bug that allows them to make a call to one of the plugin's internal functions and change settings for both the plugin, but also for the entire WordPress CMS.” At the time of writing this article, there are two techniques using the vulnerability.

In the first, the attacker uses the vulnerability to open the website’s registration system and will reset the default role for new accounts to administrator. The attacker will then create a new account that has usually been seen as “t2trollherten” and set back default user role for new accounts to subscriber. Public registration is then disabled and the attacker logs into their new account to install a backdoor on the site titled “wp-cache.php.” The backdoor contains a file manager, PHP eval() runner, and a terminal emulator.

The second technique is quieter and involves using the GDPR compliance vulnerability. It’s used to add a new task to WP-Cron, which is the built-in task scheduler. The attacker will download and install the plugin, which is later used to upload another backdoor on the site. This backdoor is also named wp-cahe.php, but is different than the previous one. Even though the second scenario is supposed to be quieter, it actually caused the zero-day to be discovered. This is because on some sites, the attacker’s exploitation routine failed to delete the plugin and site owners saw that a new plugin appeared.

read more →
Nov 09

Threat Intelligence: Cisco Mistakenly Adds Dirty Cow Exploit Code to its Own Software

 

During a security brief on Wednesday, read more →