TracWrap: Staying Safe on Discord, the Future of Manual Pentesting, PlexTrac Releases AI Feature, and More
This week’s TrapWrap recap:?
In the News?
Researchers Discover npm Package Dropping Remote Access Trojan (RAT) Aimed at Gulp Users
Researchers have identified a suspicious package named glup-debugger-log on the npm registry, designed to deploy a remote access trojan (RAT) on affected systems. Disguised as a "logger for gulp and gulp plugins," the package has been downloaded 175 times so far. Phylum, a software supply chain security firm, discovered the package and found two obfuscated files within it, working together to install the malicious payload. One file sets the stage by compromising the target machine and downloading additional malware, while the other provides a persistent remote access mechanism.?
The package.json file reveals a test script triggering a series of checks before executing the malware, including network interfaces, Windows operating systems, and the number of files in the Desktop folder. If these checks pass, it establishes persistence and executes arbitrary commands from a URL or local file. The RAT is described as both crude and sophisticated due to its minimal functionality, self-contained nature, and reliance on obfuscation.?
This discovery underscores the evolving landscape of malware development in open source ecosystems, where attackers employ new techniques to create compact, stealthy malware with powerful capabilities. It’s crucial to have a process in place for scanning your open source libraries regularly.?
Warning: Phony Browser Updates Distribute BitRAT and Lumma Stealer Malware
Fake web browser updates are being used as a method to distribute remote access trojans (RATs) and information stealer malware like BitRAT and Lumma Stealer (also known as LummaC2). Cybersecurity firm eSentire warns of the prevalence of such attacks, citing instances like FakeBat being distributed through similar fake update mechanisms.?
The attack begins when users visit compromised websites containing JavaScript code that redirects them to fake browser update pages. These pages prompt users to download a ZIP archive file ("Update.zip") hosted on Discord, containing a JavaScript file ("Update.js"). This JavaScript triggers PowerShell scripts to retrieve additional payloads, including BitRAT and Lumma Stealer, from a remote server in the form of PNG image files.?
Fake browser update lures are becoming more and more common. It’s important to remain vigilant and avoid clicking suspicious links.?
Employee Insights??
The Future of Manual Security Testing
Nicholas Popovich , founder of Rotas Security , and Jordan Treasure , PlexTrac senior professional service manager, recently shared their insights on the future of manual security testing in the context of increasing automation.?
Nicholas Popovich discussed the spectrum of perspectives on automation, highlighting its benefits for scaling security testing. He emphasizes the importance of human oversight to validate automated results and maximize the value of automation investments. Jordan Treasure agreed, noting the necessity of human expertise to address the limitations of automation and interpret results accurately.
They also touched on physical pentesting, noting the limited role of automation in this area but foreseeing potential benefits in automating detection and response activities.
Popovich predicts the continued importance of skilled humans in communicating with and understanding technology, suggesting that technology whisperers will be crucial in the future.
Overall, the conversation underscores the complementary nature of automation and human expertise in security testing.
Company Highlights?
Upcoming Webinar | How AI Impacts the Future of Pentest Reporting and Vulnerability Management
Join cybersecurity leader Jason Haddix from Arcanum Information Security and AI expert Michael B. from PlexTrac for an educational session on the transformative impact of artificial intelligence on offensive security processes and workflows.
They will discuss:?
Michael will also walk you through PlexTrac’s homegrown AI reporting tool, Plex AI, so you can see how easy it is to start working AI into your current workflows. Don't miss this opportunity to stay ahead in the rapidly evolving landscape of artificial intelligence.
New Feature Release | Plex AI, Real-Time Collaboration, and Scheduler?
Plex AI, our new artificial intelligence feature, helps you auto-generate findings writeups and remediation recommendations and summarize large data sets. Best of all, it’s a homegrown solution so your data is fully secure.
In addition to Plex AI, we also updated our QA features to be more collaborative and added a scheduler to the platform. Our QA features are now on par with a Google Doc experience. You can see who and when someone else is in a report and where they are making edits or suggestions — all in real time.?
领英推荐
Scheduler helps you to maximize your time savings from Plex AI and our new QA features by enabling you to manage team utilization right from the platform. You can even allow clients and stakeholders to request engagements with Scheduler via the client portal.?
How do these features benefit you??
On-Demand LinkedIn Live | Building a Mature OffSec Program?
Proactive security is the name of the game these days. Everyone is doing it, right? Well, maybe not, but they should be. The need to get ahead of threats is greater than ever, and there are countless solutions to help organizations of every type and size with their offensive security efforts. But you can’t just buy a tool or hire a contractor and call it a day. Effective offensive security is hard and complex.??
Daniel DeCloss , founder and CTO at PlexTrac, and Phillip Wylie , OffSec expert at Horizon3.ai recently sat down to discuss offensive security and tips for helping your organization not just build a program, but maintain it.?
Updated Packages?
We’ve recently updated our package options to meet the needs of your team regardless of size!
Whether you’re a pentest team of 3 or 3,000, we have a package to meet your mission and stay within your budget.
Where to Find Us
Integrity360 Security First??
June 25 | Milan?
SecretCon 2024
June 27 - 28 | Minnesota
BSides?
July 19 - 20 | Albuquerque, NM
Black Hat USA?
August 3 - 8 | Las Vegas, NV
mWise
September 18 - 19 | Denver, CO?
Black Hat Europe?
December 9-12 | ExCel London?
Community Spotlight:?
Dark Reading released and article, Understanding Security's New Blind Spot: Shadow Engineering: https://lnkd.in/ea9ihZTd by Yair Finzi , Co-Founder & CEO, Nokod Security .
Veracode was named a TrustRadius 2024 Top Rated Award winner.