loading..

Product

Our Product

We are Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.

loading..

Threatspy

Solutions

By Industry

Health Care

Education

IT & Telecom

By Role

Government

CISO/CTO

DevSecops

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

loading..

Threat Feeds

loading..

Threat Research

loading..

White Paper

loading..

SB Blogs

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..

Our Story

loading..

Our Team

loading..

Careers

Press & Media

loading..

Contact Us
loading..
loading..

Request Demo

loading..

By submitting this form, you agree to our Subscription Agreement and Legal Policies.

background
background
loading..
loading..
loading..
Loading...

Cybersecurity

loading..
loading..
loading..

Upgrade your organisations Cybersecurity with six key points

Here are six key points to Upgrade your organisation's Cybersecurity

loading..
  07-Dec-2020
loading..
 6 min read

Related Articles

loading..

Heuristic

Application Security

In this blog, we discuss the underlying concepts of the Heuristic Application Se...

Application security scanning is a process used to identify security vulnerabilities in applications. Heuristic scanning is a type of application security scanning that uses rules and algorithms to identify security vulnerabilities in an application. This is different from signature-based scanning, which uses predefined signatures to detect possible vulnerabilities. In this [blog](https://bit.ly/3Xfos1A), we will understand what heuristic application security scanning is and how it is different from traditional signature-based application security scanning. ## Heuristic Application Security Scanning Heuristic application security scanning does not need a database to detect vulnerabilities. This type of application security scanning uses rules and algorithms to identify vulnerabilities that signature-based scanning methods may not detect. This is why it is able to identify zero-day vulnerabilities, the ones that have been disclosed but don't have any available patch or fix, classifying them under the category of unknown vulnerabilities. ## Signature-Based Application Security Scanning Signature-based scanning is a traditional application security scanning process primarily used to identify known vulnerabilities by searching for predefined signatures. These scanners rely on a database of signatures, and their checks depend only on non-reliable criteria, such as the version details and numbers of the target web application, file paths, and directory structures, etc. due to that, they are more prone to reporting false positives in detecting vulnerabilities. This means they are ineffective at defending against ever-evolving attacks, constantly being updated to evade detection. ## Conclusion In conclusion, both heuristic application security scanning and signature-based application security scanning play a crucial role in the overall security of applications against modern threats. By using both methods to scan for vulnerabilities, organizations can ensure the overall security of applications. So we have developed [Threatspy](https://bit.ly/3Woo7JN), a Heuristic AppSec Management Platform that enables an organization to proactively address the known, unknown & third-party vulnerabilities associated with their applications by adaptively automating the detection, prioritizations, and remediation process before threat actors exploit them. By staying attuned to the latest application security trends, organizations can outperform without worrying about their web applications and keep them safe from ever-evolving threats. Want to take the very first step towards integrating Heuristic Approach in your application security? Then [head over to request a demo](https://bit.ly/3PV3C4M) to witness Threatspy in action!

loading..
  07-Jan-2023
loading..
  2 min read
loading..

SaaS

Application Security

Seamlessly prioritize your SaaS application security with our tailored checklist...

SaaS application's radical transformation proliferating the growth of businesses in varying verticals doesn't conceal the underlying security risks. Our research suggests that the amalgamation of remote work transition, shortage of security professionals, and even the inbuilt SaaS application complexity propelled CIOs & CISOs to prioritize SaaS application security before anything else. We have prepared a tailored set of best practices by introducing our SaaS Application Security Checklist. It is based on our extensive findings throughout our threat research in order to equip the organizations to decipher the intricacies of SaaS Applications Security. ### Our Comprehensive SaaS Application Security Checklist **Bridging Concealed Configuration Gaps:** More than 55% of companies have had sensitive data exposed over the public network, often due to unknown misconfiguration lapses. The configurability that makes SaaS Applications robust is also a viable cause of exploitation if not closely monitored & addressed. Gaining unified visibility becomes highly imperative for effectively configuring the SaaS Application to keep the underlying operations risk-free from any external threats. **Disable Legacy Authentication Protocols:** Many failed login attempts are due to legacy authentication, which does not support multi-factor authentication (MFA). Even if multi-factor authentication (MFA) is enabled for the directory, an attacker might still get unauthorized access by utilizing an older authentication method. A total ban on authentication requests from legacy protocols is the most effective measure you can take to prevent your environment from being exploited by fraudsters. **Enforce High Levels Of Security Authentication:** An account is 99.9% less likely to be compromised if you use MFA as an integral part of the enhanced authentication process. Access control for SaaS resources can be difficult to establish because of the several methods by which cloud providers can handle authentication. **Monitor & Analyze Conditional Access Policies:** Many intrusions primarily rely on exploiting vulnerabilities in conditional access controls, such as by creating new exceptions or implementing exception rules. Considering the potential depth and complexity of these rules, it is essential to validate rules and enable continuous monitoring. Always be on the lookout for IP address blocking updates and exceptions. **Evaluate Third-Party Access:** Integrations and third-party applications are frequently installed with elevated permissions and can serve as entry points for horizontal privilege escalation to other SaaS platforms. Ensure all third-party access to applications is processed, authorized, and utilized. Granting permissions and data access to third-party applications according to the principle of least privilege and removing access as soon as it is no longer required can reduce the danger of a compromise by a third party. **Determine User Access Data Management:** As ransomware attacks expand and the toolsets used to execute them become more widely dispersed, the use of least-privilege access provides more security. Better safeguarding of all data sets in the best possible manner via the use of data access modeling and analysis of third-party applications. **Keep An Eye Out For Red Flags:** Be wary of excessive failures and password spraying. Protect yourself by checking threat intelligence streams for signs of compromised accounts. If you can detect unauthorized actions quickly, you can react and mitigate the situation more effectively. SaaS applications become primarily responsible for running multiple critical business functions across cross-platforms. Thus its overall security often remains critical & complex with the advent of newer tech stacks. Therefore, extending the visibility throughout your SaaS ecosystem by continuously monitoring, addressing misconfigurations, and keeping a close eye on third-party access may hold the potential intrusion attempts at bay. At the same time, your businesses continue to run flawlessly. ### Are you still concerned about your SaaS Application Security? Let us introduce Threatspy! The absolute platform that addresses all your SaaS application security issues within a few clicks. If that interests you, please find a suitable time for a meeting [here](https://bit.ly/3UahQ3m) to experience Threatspy in action!

loading..
  07-Nov-2022
loading..
  4 min read
loading..

Activison

Call of Duty

Malware

Call of Duty cheats turned out to be RAT malware and dropper, threat actor poste...

Call of Duty: Warzone cheat programs were disguised by remote-access trojan (RAT) malware, according to a warning issued by Activision. Threat actors are targeting popular cheating sites to circulate the masqueraded cheats across the users. While this "newbie-friendly" strategy that explicitly shows how to circulate this malware through convincing it to be a video game cheat to the users of Call of Duty: Warzone was posted in a hacking forum back in March for the first time, as per the **[Activision](https://research.activision.com/publications/2021/03/cheating-cheaters-malware-delivered-as-call-of-duty-cheats)** warning. ***“It is common practice when configuring a cheat program to run it with the highest system privileges, ”*** Activision reported. ***“Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code-signing, etc.”*** Now for those who are not familiar with the team, 'cheats' are a program that creates interference with the in-game activities or players' interactions that leads to additional advantages that may seem to be unfair to their opponents. However, they are often banned from being utilized by the official creators of the game. ![COD-fake-cheat-ad](https://sb-cms.s3.ap-south-1.amazonaws.com/COD-fake-cheat-ad_d80cd8fa0d/COD-fake-cheat-ad_COD-fake-cheat-ad_d80cd8fa0d.png) ### **IDENTIFIED AS DROPPER** “COD-Dropper v0.1.” is the name of the malware that the researchers eventually identified. ***“Instead of malicious actors putting in hours of work creating complicated mitigation bypasses or leveraging existing exploits – they can instead work to create convincing cheat advertisements, which is priced competitively, could potentially get some attention,"*** Activision’s report added. ***“In December 2020, the dropper was also included in a ‘black hat’ tutorial aimed at ‘noobies’ looking to make some easy money.”*** Moreover, the Activision report also pinpoints that cheat forums filter out any malicious activities, which means the threat actors might have maintained a low profile to keep from getting booted. ***“This advertisement did not appear to be particularly clever or take much effort, but still had people replying, asking if anyone had tried it before being removed a day later, ”*** the report said. Additionally, the threat actor behind injecting this malware posted the entire malware file to set up the attack, which gained over 10,000 views and 260 replies. Besides, it was later followed up by further instruction in the post's comment along with a video tutorial link that redirects to a YouTube video that has over 5,000 views. ***“In likely a further attempt to scam people, the description also offered a private version of the cheat for a $10 BTC payment, ”*** the report added. ![COD-youtube-](https://sb-cms.s3.ap-south-1.amazonaws.com/COD-youtube-_937b7931bb/COD-youtube-_COD-youtube-_937b7931bb.png) Here these comments indicate that the members of the hacking forum did try out and download the tool. Following YouTube video pushing, the same malware showed up last August, with a direct link to infect the user, which had received 376 views, Activision added. Activision also illustrated that manipulating the game players into downloading the software wasn't a heavy lift. ***“While this method is rather simplistic, it is ultimately a social-engineering technique that leverages the willingness of its target (players that want to cheat) to voluntarily lower their security protections and ignore warnings about running potentially malicious software, ”*** Activision added. ##CALL OF DUTY UNDER ATTACK BY MALICIOUS While it is a RAT that allows the threat actors to gain full access to the victim's device but it is also a dropper that can be customizable in installing other malicious code on the victim's device, as the observed dropper in this attack is a .NET app that implores the target to agree in allowing the bug admin privilege post successful downloading. ***“Once the payload has been saved to disk, the application creates a VBScript named ‘CheatEngine.VBS,'”*** according to the report. ***“It then starts the ‘CheatEngine.exe’ process and deletes the ‘CheatEngine.exe’ executable. The creator/generator is a .NET executable that contains the dropper .NET executable as a resource object.”*** If the victim clicks on **“:: Build::, the application inspects the ‘COD_bin’ object with the ‘dnlib’ .NET assembly library, it replaces the URL placeholder named ‘[[URL]]’ with the provided URL and saves the ‘COD_bin’ resource under a new filename, ”** according to the analysis. **“The video gaming industry is a popular target for various threat actors, ”** Activision said. ***“Players, as well as studios and publishers themselves, are at risk for both opportunistic and targeted cyberattacks – tactics range from leveraging fake APKs of popular mobile games to compromising accounts for resale. Even [advanced persistent threat] actors have been known to target the video-gaming industry.”*** The Call of Duty: Warzone incident surfaced on the same day that the Talos security team of Cisco **[published](https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html?m=1)** a new malware campaign targeting gamers who use cheats. These malicious cheats were previously utilized by unknown cryptor tools that deterred antivirus programs from detecting the payload. Talos didn’t identify the game titles that were targeted.

loading..
  04-Apr-2021
loading..
  5 min read