Authentic8 Blog Author: Guest Contributor

Authentic8 welcomes suggestions and submissions from guest contributors. Blog posts should be relevant, non-promotional and add valuable and actionable insights for improving IT security on the web.

Browser Security: What's Up with WASM?

Illustration: Browser Security: What's Up with WASM? - Authentic8 Blog

WebAssembly, a newer type of “low-level” code that can be run by modern web browsers, is aimed at improving the web experience. The catch: Regular browsers execute such code locally. WebAssembly - merely a faster way for web-borne exploits to reach the local browser?

*

WebAssembly (WASM) is currently supported by major browsers including Firefox, Chrome, WebKit/Safari, and Microsoft Edge. Because the browser is running the WebAssembly code locally, any problems with that code also end up on the user’s machine and potentially pose a threat to the local IT environment.

How does WebAssembly work? WASM is not a high-level language. It is a way for language compilers (like those that read C, C++, and Rust high-level code) to express their assembly-level output in a different format. This output then can be directly executed by the browser.

Source: LogRocket Blog

By itself, WebAssembly code isn’t supposed to be able to do anything. It’s run inside a sandboxed virtual machine.

10 Top Tools for Threat Hunters from Black Hat USA 2018

Illustration: 10 Top Tools for Threat Hunters from Black Hat USA 2018 - Authentic8 Blog

You weren't able to make it to Las Vegas this year? Check out these ten short reviews of useful tools for threat intelligence researchers and threat hunters presented at Black Hat USA 2018:

Xori: Automated Disassembly

Black Hat USA 2018: 10 Top Tools - Xori

Malware disassembly can be quite tedious, even with a bells-and-whistles IDA Pro license. If only there was a way to automate all of it. That’s where Xori comes in.

Amanda Rousseau and Rich Seymour created a new automated disassembly platform that’s not only free, but fast. Reverse engineers often come across dozens of sample variants from the same family of malware. Having the ability to dissect all the assembly code and tell the results apart, automated and at a fast pace is something need in their arsenal of tools.

There are two modes in Xori, light and full emulation. Light emulation enumerates all the paths in CPU registers, the stack, and you’ll see some instructions. Full emulation follows the code’s path (shows

Supply Chain Attacks: Shipping the Exploits

Illustration: Supply Chain Attacks: Shipping the Exploits - Authentic8 Blog

Malware inserted along the business supply chain can be far more effective than directly compromising a single company’s network. Local browsers, used by vendors and customers alike, open the door for attackers.

*
What do banks and airlines, law firms and software makers, shipping companies and concert ticket sellers all have in common? Their day-to-day business depends on tightly integrated networks of service providers and product vendors.

Without functioning IT, most of these supply chains would break down. Network breaches can - and with increasing frequency do - result in significant damages.

A different kind of box office hit

Two recent incidents illustrate the broad spectrum and impact of web-borne third-party risks. Vendor vulnerabilities pose a growing threat not only to digital commerce but also to traditional sectors, such as the global shipping and logistics industry.

  • The first example, from June, involved online box office Ticketmaster. The incident highlights the vulnerability of the digital economy to exploits introduced into the software supply

How to Prevent Browser “Cryptojacking”

Illustration: How to Prevent Browser “Cryptojacking” - Authentic8 Blog

If you thought your “secure” browser is blocking all these cryptojacking attempts (perhaps you even installed a cryptoblocker extension), think again. Cryptominers are using other people’s browsers to make bank while getting better at evading detection. What have they been up to recently?

*
For readers of this blog who don’t already know, cryptojacking is the process in which a machine’s resources are hijacked and used to mine cryptocurrency. This type of attack can take place in various ways, usually involving the local browser and JavaScript. For more details, check out our “Cryptojacking 101” here.

Lately, cryptojackers have found more ways to hog their victims’ computing resources. Chrome browser extensions offered through the Chrome Web Store were discovered to contain mining code. Ubuntu’s own Snap Store has been supplying software with “miners” built in.

One-two punch: ransomware+cryptojacking

Even garden-variety malware now usually comes equipped with miners. A new variant of the Rakhni ransomware now contains a cryptocurrency miner.

How the PageUp Hack is Highlighting HR's Data Protection Problems

Illustration: How the PageUp Hack is Highlighting HR's Data Protection Problems - Authentic8 Blog

The recent data breach at global Human Resources services provider PageUp may have impacted millions of job seekers, the firm announced last week. Following such incidents that affect HR records, it’s often IT that gets the blame. Are HR firms and departments generally too lax at handling confidential data?

*

HR professionals have been found to be especially vulnerable to cyberattacks or user error. HR data breaches have severe consequences for individual employees and the whole organization. In 2015, confidental information of more than 22 million current and former federal employees and contractors was stolen when state-sponsored hackers hit the Office of Personnel Management (OPM), the U.S. government’s HR department.

Since then, employees have started suing their employers over other incidents, as in the case of an HR data breach at Seagate, and more law firms are lining up to take their cases. Lamps Plus was slapped with a class action in California federal court, accusing it of failing to