In the Media

Infosanity's Blog - A Northern Geek’s trip South West (BsidesLiverpool recap): Reading Omri‘s talk abstract prior to the event, I was unsure I was going to agree with the premise “Focus on malware, not Infrastructure”. Thankfully it seemed I’d gotten the wrong impression, and instead of focusing on corporate infrastructure (as I’d expected), Omri covered malware analysis without focusing on the infrastructure required to do so..

Bleeping Computer - FBI Issues Warning on ‘Secure’ Websites Used For Phishing: The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns.

New Iranian hacking tool leaked on Telegram:
A new hacking tool believed to have been in the arsenal of Iranian state hackers has been published today online, in a Telegram channel.
According to security researcher Omri Segev Moyal, the Jason tool is a GUI utility for brute-forcing Microsoft Exchange email servers using pre-compiled lists of username and password combos.
Covered media channels: ZDNet,Security Affairs,Security Week,CYWAR,Bleeping Computer,digitalmunition.

Bleeping Computer - U.S. Govt Issues Microsoft Office 365 Security Best Practices: On top of the mitigations listed by CISA, MinervaLabs' malware researcher Omri Segev Moyal also shared with BleepingComputer an easy way to stay protected against phishing attacks which target Microsoft Office 365 users with the help of phishing landing pages hosted on Microsoft's Azure Blob Storage.

lemagit - New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web: This time no hacking tools were released, but the leakers exposed a previously unknown Iranian APT group.

ZDNet - Israel claims air strike in response to cyber attack
(France)
: For some, such as Minerva Labs' Omri Segev Moyal, this air strike will be a milestone and a first. Certainly, a kinetic action against a cyber-assailant has already been publicly recognized by the United States

SentinelOne - 21 CYBERSECURITY TWITTER ACCOUNTS YOU SHOULD BE FOLLOWING: Omri Segev Moyal is co-founder and research director at Minerva Labs. He also created and runs the Malware Research Slack Group, a community where malware researchers can exchange intel, ask questions and learn from each other. Omri is at the forefront of malware analysis and reverse engineering and @GelosSnake is a great account to follow for latest IoCs, malware outbreaks and new exploits.

haaretz - The Iranian cyber afikoman was discovered on Telegram (Hebrew): OilRig, one of Iran's most famous cyber espionage units, followed in the footsteps of the NSA after the Telegram account began to reveal critical information about its activities.

bleepingcomputer - Office 365 Custom Rules to Block Azure Blob Storage Phishing Attacks: Phishing attacks which use Microsoft's Azure Blob Storage for hosting their landing pages to take advantage of windows.net subdomains' valid Microsoft SSL certificates can easily be blocked using custom Office 365 rules.

haaretz - The hacker who stopped WannaCry admitted to being involved in developing a virus to steal bank accounts (Hebrew): "Anyone in the field was not exposed to Hutchins one bright day when the WannaCry story exploded," Omri Segev Moyal, co-founder and research director at Minerva, told Haaretz. "He was known for a few years (around 2013) as a virus researcher and published great findings that helped the community fight bots and Trojans.

MalScanBot allows you to scan malware in files from Telegram (Spanish): There are different well-known services that allow us to analyze a file in search of viruses, also URLs (addresses of websites) or even hashes. Now, we can even scan files for malware from the popular Telegram messaging application and the MalScanBot bot.

Forbes - 30 Under 30 (Hebrew): A researcher who helps doctors diagnose patients with artificial intelligence, and three companies that have led mass protests against violence against women - these are just three examples of the groundbreaking young people who make up the 2019 cycle of our 30Under30 project.

CodeBlue Japan - CoinMiner are Evasive by Thomas Roccia and Omri Moyal: CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit.
In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.

Intezer - New! API for Intezer Analyze Community: MalScanBot, created by Omri Moyal, and integrates with Intezer Analyze to provide a convenient chat-based malware analysis. We encourage you to write your own plugins with your preferred tools, and to publish them for the benefit of the security community.

Haaretz - The little twist that turned a simple hacker attack into a particularly dangerous one (Hebrew): A North American Chamber of Commerce has become a target for criminals who have tried to infiltrate a Trojan horse into corporate computers; Their method proved that sometimes the technique can be much more important than technology

VirusBay - a "why" article by Ido Naor: How to build a community of thousands of incredible malware researchers

Intezer - MalScanBot: MalScanBot is an initiative by Omri Moyal (@GelosSnake), to scan malware in Telegram bot. It’s possible to get Intezer’s detection through this interface.

DEF CON Groups 9723: Irena Damsky & Omri Moyal’s ‘Stories From The Dark Side Of Managing A Security Research Department In A Start-Up’

BleepingComputer - GhostMiner: GhostMiner Uses Fileless Techniques, Removes Other Miners, But Makes Only $200.

TechRepublic - GhostMiner: Fileless cryptomining malware has code that kills itself and other strains.

malware.dontneedcoffee.com: CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits

SC Magazine - WaterMiner: Modified video games on Russian forum tainted with WaterMiner cryptominer.

BleepingComputer - WaterMiner: Malware Author Can't Keep His Mouth Shut on Social Media.

ThreatPost - WaterMiner (Russian): КИБЕРПРЕСТУПНИК ВНЕДРИЛ МАЙНЕР ВАЛЮТЫ MONERO В МОД ДЛЯ GTA

SC Magazine - Playing Defence: Nuclear Posture Review allows nuclear response to cyber.

CyberSecurityTrend - Invisible Malware: The Evasive Threat Is Now Mainstream

DarkReading - Meet Some Of The Emerging Israeli Cybersecurity Firms: Minerva Labs brings a new paradigm to malware detection by "preventing malware execution by using the malware's strengths against it.

SC Media - Playing Defense: While "going nuclear" in response to a cyberattack might be a good sound bite, cyber execs say building a stronger defense is a smarter path.

TechTarget - Vendors selling into health IT market talk tech to HIT Squad: A recent health IT conference was a forum for health IT and cybersecurity vendors to reach healthcare organizations and potential customers; the HIT Squad talks with the vendors.

SecurityWeek - Bot vs Bot in Never-Ending Cycle of Improving Artificial intelligence: Artificial intelligence, usually in the form of machine learning (ML), is infosecurity's current buzz. Many consider it will be the savior of the internet, able to defeat hackers and malware by learning and responding to their behavior in all-but real time. But others counsel caution: it is a great aid; but not a silver bullet.

Globes - Cyber security co Minerva raises $7.5m: Israeli cyber security startup Minerva today announced a $7.5 million financing round led by Amplify Partners.

HB Litigation Conferences: Omri Moyal, is speaking on the ‘Cloud & Data Storage’ session at the upcoming NetDiligence Cyber Risk & Privacy Liability Forum.

SANS - Evasive malware is everywhere:
In the world of cyber security there is no time to waste. Zero day vulnerabilities and critical alerts keep security professionals busy around the clock, and the sense of urgency never fades. Security professionals struggle with securing their network, deploying a vast array of cyber security tools. But, instead of relieving their stress, every new tool creates another constant stream of alerts, often wasting the security teams time and increasing their frustration. This Tool Talk will demonstrate the capabilities of the attacker, the five minute process to create zero day malware which eludes known security defenses, and an approach that prioritizes prevention of malware without the need to detect it first.

BrightTalk - NotPetya: Ransomware Or a Cyber Attack in Disguise: The major ransomware attack that spread across the world in late June struck large pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport, banks, hospitals and government agencies. Was this a financially motivated cyber attack or something more sinister? Is the worst over or is there more to come?

Forbes - Israel Cyber-Tech Startup Minerva Labs Say Prevention Without Detection Is Possible: A moment of clarity can make the difference between a serial award winning startup and just another hardworking collection of coders, it seems.

CSO - Surviving ransomware by keeping things simple: One administrator shares his war stories for surviving ransomware attacks.

BleepingComputer - We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities: Security researchers are seeing an ever-increasing number of suspicious file samples that are experimenting with the Meltdown and Spectre vulnerabilities.

Times of Israel - After ransomware attack, focus turns to backup and prevention services: Cybersecurity experts say the best way to counter an infection is to be prepared and have backup systems in place.

SANS - Evasive malware is everywhere: Learn how it works and how to prevent it:
In the world of cyber security there is no time to waste. Zero day vulnerabilities and critical alerts keep security professionals busy around the clock, and the sense of urgency never fades. Security professionals struggle with securing their network, deploying a vast array of cyber security tools. But, instead of relieving their stress, every new tool creates another constant stream of alerts, often wasting the security teams time and increasing their frustration. This Tool Talk will demonstrate the capabilities of the attacker, the five minute process to create zero day malware which eludes known security defenses, and an approach that prioritizes prevention of malware without the need to detect it first.

Techworm - Main ISIS forum promote ‘How To Hack’ Tutorials Online: The new online course offered by main ISIS noobs is based on Kali Linux.

Ynet - From Israel to Singapore, The Local cyber Companies Distributing in the world (Hebrew)

Vocativ - Israelis Mock Anonymous’ #OpIsrael Hacking Campaign: The hacking collective known as Anonymous launched its fourth annual #OpIsrael campaign on Thursday to wage cyberattacks against Israel. But Israelis active on Twitter were quick to mock the effort, and make fun of life in their own country.

PC.co.il - Minerva Wins QPrize by Qualcomm Ventures

GeekTime - Minerva Labs wins hub:raum’s cyber security competition in Berlin: This fast rising preventative cyber security startup just won its second competition in a week

GeekTime - Israeli Minerva Labs wins CyBox cyber security competition with preventative solution: Rather than just identify and deal with cyber attackers, Israeli Minerva Labs tries to prevent them from entering systems entirely.

ClearSky - Thamar Reservoir: An Iranian cyber-attack campaign against targets in the Middle East.

Geektime - First OSX push update (Hebrew): Apple on Monday pushed out an update addressing a "critical security issue" for OS X concerning a vulnerability discovered in the Network Time Protocol service, affecting Mac users running OS X Yosemite, Mavericks and Mountain Lion.

Forbes - Minerva Labs: End-Point Protection, Deception

Radio Haifa - DUQU 2.0 (Hebrew): Discussing the latest headlines of spying against Iran nuclear talks.

GeekTime/ISOC IL - End-Users, the weakest link (Hebrew): Despite modern enterprise security products and procedures, End-Users are still the most targeted. Presenting a few guidelines to prevent user's takeover.

Radio Haifa - Korea Versus Sony (Hebrew): Short interview with Yosi Mizrahi at 107.5FM on the latest Korea Versus Sony fiasco.

SecurityAffairs - Clearsky detected Gholee malware – The Israel-Gaza Conflict Takes to the Cyber-Arena: Experts at Clearsky detected the Gholee virus which was likely developed by highly qualified factors, which may even be related to Israel’s long-time nemesis Iran.