Art Appraisal Blog

What is QBot? The QakBot banking Trojan, also known as QBot, QuackBot, and Pinkslipbot, has been around for over a decade. It was discovered in 2007 and is continuously developed and maintained since then. Over the last few years, QakBot has emerged as one of the most prevalent banking Trojans on the internet. Although its main purpose is to steal banking credentials (e.g., logins and passwords), it has also acquired...

Earlier this month, an actor posted an advertisement on a well-known hacking forum claiming to be selling a 2022 database of 487 million WhatsApp numbers. According to reports, the dataset contains data on WhatsApp users from 84 countries. According to the threat actor, more than 32 million records related to US users are included. There are also a huge number of phone numbers belonging to citizens of Egypt (45 million),...

Cyber attacks are becoming more sophisticated and attacks are targeting multiple endpoints. As cyber adversaries continue to improve their malware and increase its effectiveness, cybersecurity threats are beginning to undergo significant changes. Hackers find more creative and unique ways to infiltrate networks, and endpoints are their ultimate goal. Cyber ​​threat actors are constantly refining their tactics and are sometimes able to bypass the most sophisticated security measures. Organizations face a higher...

What is OpenSSL? OpenSSL is a very popular library that’s being used by billions and billions of devices all over the Internet. Basically, it gives you a bunch of cryptographic APIs that allow you to do everything from certificate management, generating certificates, and generating keys to hashing. You can also perform other encryption operations as well. It is a very popular library that is being used from printers to servers...

What is PowerShell? PowerShell is a scripting language and modern command line shell for windows system administration. You could use it to manage the registry, perform WMI command search for files, get query domain users and groups, etc. PowerShell is now a cross-platform version that runs on top of .net core, so individuals can now run PowerShell commands on Linux, Mac, and Windows. Why is PowerShell So Powerful? PowerShell is...

Type 1 and Type 2 errors are the statistical methodologies that are applicable to determine if the result is a false positive or false negative. In cyber security, as large number of security tools are employed to determine if a threat is real. In most of the situations, these tools are effective in detecting the real threats to organizations. Such accurate detection are called as “True Positive” alerts. However, there...

Summary: While performing a security investigation, researchers at Vietnamese cybersecurity firm GTSC identified that threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs to execute remote code. How it Works? According the GTSC’s report named “WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER“, it is mentioned that while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the...

What is Domain Shadowing? Domain Shadowing is picking up traction in 2022 as researchers observed multiple cyber attacks recently leveraging this technique. Domain shadowing attack is a special case of DNS hijacking technique that involves hacking a domain administrator’s account and creating multiple subdomains within the domain, so as to bypass the denylists. This is an extremely stealthy way of exploitation and highly difficult to detect by traditional security systems....

What is LockBit 3.0 Ransomware? The LockBit 3.0 ransomware (also known as LockBit Black) belongs to the LockBit ransomware family. A wave of ransomware attacks took place in September 2019 that resulted in the initial discovery of this group of ransomware programs. At first, LockBit was called the “.abcd virus”, but at that time, LockBit’s creators and users had no idea that their ransomware would evolve overtime. LockBit’s operators have...

A breach of Uber’s computer network was discovered on Thursday, prompting the company to temporarily shut down several internal communication and engineering systems while it investigated the breach. According to cybersecurity researchers and The New York Times, a person claiming responsibility for the hack sent images of Uber’s email, cloud storage, and code repositories. According to The New York Times, Sam Curry, a security engineer at Yuga Labs who corresponded...