CRAC INSIGHTS
CRAC Learning
Cybersecurity Research & Awareness Community (CRAC learning, nonprofit initiative in India)
TOP CVEs
CRAC Community Engagement
Last month, October globally recognised for Cybersecurity Awareness was filled with numerous impactful moments. Each day, we strived to make a difference in our digital lives through various initiatives. A particularly proud moment was the opportunity to engage with the talented students of Navy Children School. We were honored to have a platform and to contribute to this significant awareness drive organized by Indian Navy as part of NCASM initiative for Cyber Security Awareness Month.Thanks to Ashish Sir and the entire school staff for organi
zing this wonderful event! A special shoutout goes to the students of 8th and 9th standard for their active participation. It was inspiring to witness such curious and aware young minds!
CRAC News Byte:
Attackers have hijacked the open-source Wazuh SIEM agent to secretly mine Monero cryptocurrency. Known as the "SilentCryptoMiner" campaign, this malware spreads through fake downloads shared on Telegram, YouTube, and other platforms. Once inside a system, it can disable antivirus software, install cryptominers, and even steal crypto wallets or log keystrokes—all while remaining hidden.
This campaign employs SEO poisoning and social engineering to lure users to fake software sites, combining these with sophisticated persistence mechanisms to evade removal. Additionally, variations of this malware have advanced capabilities beyond cryptomining, including wallet theft and user monitoring via screenshots. While Wazuh’s SIEM and XDR tools typically offer robust defense, the misuse here highlights the need for rigorous threat monitoring to counter such sophisticated misuse. By incorporating threat intelligence and proactive security protocols, organizations can strengthen their resilience against increasingly crafty and evasive cryptomining threats.
CRAC Upcoming Event:
Join us for a full-day cybersecurity event featuring hacking competitions, hands-on workshops, and exclusive networking opportunities with tech leaders. Starting at 8 AM, take part in Capture the Flag challenges, specialized tracks in AI, IoT, Web, DFIR, and more. Meet industry experts from Microsoft, Amazon, Adobe, KPMG, and beyond!
Register Now: https://lnkd.in/gyUswuWV
???Date: November 28, 2024 (8 AM to 9 PM)
??Venue: Chitkara University, Baddi
??Event link: https://lnkd.in/gDSiwM24
CRAC Upcoming Workshops:
On November 28, 2024, from 9 AM to 3:30 PM, dive into secure coding with Kartik Singh, Security Researcher at Loginsoft. This workshop covers essential secure coding practices and defensive techniques. You’ll explore common vulnerabilities like SQL Injection and XSS, learn to conduct secure code reviews, and gain hands-on experience in building resilient applications.
Limited spots available—enroll now!
On November 28, 2024 (9 AM - 3:30 PM), learn how to secure AI systems with experts Swati Laxmi (DefHawk founder) and Annapurna Sastry Ganduri (Senior Security Specialist, EPAM). Discover key techniques for attacking and defending AI, from adversarial attacks to model poisoning.
With limited spots, grab your chance to gain hands-on experience! Register here and future-proof your AI security skills.
Try out our own labs using below links
Github: https://lnkd.in/gF3eFGU8
Challenges: https://lnkd.in/guNV-Pcs
Meme of the Day:
Stay tuned for more interesting updates in the Cybersecurity space! Keep learning!