What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-18 12:59:43 | Malware Sunburst - Kaspersky partage son analyse initiale du malware et publie un décodeur pour aider les utilisateurs ciblés (lien direct) | Il y a quelques jours, une nouvelle attaque ciblant les services logistiques a été détectée. Un attaquant inconnu, appelé UNC2452 ou DarkHalo, a implémenté une porte dérobée dans le logiciel informatique SolarWinds Orion, laquelle a été téléchargée par plus de 18 000 clients de SolarWinds. Les chercheurs de Kaspersky ont analysé cette porte dérobée, qui se présente sous la forme d'un module .NET. Celle-ci s'est révélée avoir des caractéristiques intéressantes et plutôt uniques. Selon les experts, l'attaque (...) - Malwares | Malware | Solardwinds Solardwinds | |
 |
2020-12-17 23:27:06 | Additional Analysis into the SUNBURST Backdoor (lien direct) | 
Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persistence measures. Our analysis […]
|
Threat Mobile | Solardwinds Solardwinds | |
 |
2020-12-17 13:01:01 | Attribution de débunchage: comment mandiant suit les acteurs de menace non classés DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors (lien direct) |
Beaucoup de gens entendent le terme UNC pour la première fois après avoir publié les détails d'un groupe de menaces que nous appelons Un2452 .Groupes «UNC» - ou non «non classés», les groupes sont une analyse d'attribution brute que nous avons auparavant gardée principalement en interne.Nous avons récemment commencé à déployer des informations UNC à Advantage mandiant Clients parce que nous voulons donner aux utilisateurs un accès direct aux matériaux source et brutsAnalyse que les experts mandiants utilisent pour rédiger des renseignements, répondre aux violations et défendre nos clients.À la lumière des événements récents, nous voulons fournir plus de détails au plus grand public sur la désignation UNC.
Many people are hearing the term UNC for the first time after we published details of a threat group we refer to as UNC2452. “UNC” groups-or “uncategorized” groups-are raw attribution analysis that we previously kept primarily in house. We recently began rolling out UNC information to Mandiant Advantage customers because we want to give users direct access to source materials and raw analysis that Mandiant experts use to write intelligence, respond to breaches, and defend our clients. In light of recent events, we want to provide some more details to the greater public on the UNC designation. |
Threat | Solardwinds | ★★★ |
 |
2020-12-17 00:31:32 | FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor (lien direct) | Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had used a trojanized […] | Mobile | Solardwinds | ★★★ |
 |
2020-12-16 19:28:13 | SolarWinds Sunburst Attack: What Do You Need to Know and How Can You Remain Protected (lien direct) | On the week of December 13th , US government offices exposed they were targeted by a series of mega cyber attacks, allegedly related to state-sponsored threat organizations. Those attacks targeted government, technology and enterprise organizations worldwide. This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over… | Threat Mobile | Solardwinds Solardwinds | |
 |
2020-12-16 17:05:49 | The SolarWinds Perfect Storm: Default Password, Access Sales and More (lien direct) | Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. | Mobile | Solardwinds | ★★ |
|
2020-12-16 16:48:26 | SUNBURST Malware and SolarWinds Supply Chain Compromise (lien direct) | 
Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use of a Compromised Software Supply […]
|
Malware Threat | Solardwinds | |
 |
2020-12-16 16:21:50 | FireEye, Microsoft create kill switch for SolarWinds backdoor (lien direct) | Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. [...] | Malware Mobile | Solardwinds | |
 |
2020-12-16 00:09:40 | SolarWinds: Why the Sunburst hack is so serious (lien direct) | The hack of thousands of high-profile organisations, including the US government, could have major consequences. | Hack | Solardwinds | |
 |
2020-12-15 12:21:00 | SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear (lien direct) | Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform.The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind's Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others. | Patching | Solardwinds | |
 |
2020-12-15 00:41:04 | 2020-12-13 SUNBURST SolarWinds Backdoor samples (lien direct) | ReferenceI am sure you all saw the news. 2020-12-13 Fireeye Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor2020-12-13 MicrosoftCustomer Guidance on Recent Nation-State Cyber Attacks Well, here are the Sunburst binaries. Download Other malware |
Mobile | Solardwinds | |
 |
2020-12-15 00:00:00 | Overview of Recent Sunburst Targeted Attacks (lien direct) | Various sources have recently disclosed a sophisticated attack that hit organizations via the supply chain via a compromised network monitoring program. This post discusses what the Sunburst backdoor is and what you can do now to mitigate this threat.
|
Mobile | Solardwinds Solardwinds | |
 |
2020-12-14 19:45:21 | SolarWinds advanced cyberattack: What happened and what to do now (lien direct) |
Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.
Categories: Threat analysis
Tags: backdoorFireEyehackingsolarwindssunburstsupply-chain
(Read more...)
|
Solardwinds | ||
|
2020-12-14 10:04:46 | US govt, FireEye breached after SolarWinds supply-chain attack (lien direct) | SolarWinds's Orion IT monitoring and management software has been used in a supply chain attack leading to the breach of government and high-profile companies using a malware dubbed SUNBURST or Solorigate. [...] | Malware Guideline | Solardwinds | |
|
2020-12-13 22:00:00 | L'attaquant très évasif exploite la chaîne d'approvisionnement de Solarwinds pour compromettre plusieurs victimes mondiales avec Sunburst Backdoor Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor (lien direct) |
Mise à jour (mai 2022): Nous avons fusionné unc2452 avec apt29 .L'activité UNC2452 décrite dans ce post est désormais attribuée à APT29.
Résumé de l'exécutif
Nous avons découvert une campagne mondiale d'intrusion.Nous suivons les acteurs derrière cette campagne sous le nom de UNC2452.
Fireeye a découvert une attaque de chaîne d'approvisionnement trrojanisant les mises à jour de logiciels commerciaux de Solarwinds Orion afin de distribuer des logiciels malveillants que nous appelons Sunburst.
L'activité post-compromis de l'attaquant exploite plusieurs techniques pour échapper à la détection et obscurcir leur activité, mais ces efforts offrent également quelques opportunités de détection.
le
UPDATE (May 2022): We have merged UNC2452 with APT29. The UNC2452 activity described in this post is now attributed to APT29. Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker\'s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection. The |
Malware | Solardwinds APT 29 | ★★★ |
 |
2018-09-24 14:00:00 | The Strange, Sad Case of Sunspot, the Empty Astronomy Town (lien direct) | The FBI ordered an evacuation at Sunspot Observatory, in New Mexico, in a child porn investigation. But that's only one of the forces causing the town to empty out. | Mobile | Solardwinds | |
 |
2017-09-26 13:00:00 | Ham Radio for Emergency Communications (lien direct) |
Why have an article on Ham Radio on an InfoSec blog? As IT/IS professionals we tend to be some of the most “connected” people in society. We usually have several communication devices within arms reach at any time, and rely on them to constantly update and alert us. Though many of us even work directly with infrastructure, we tend to take it for granted. I’m sure many of us cringe when we have a brief outage - it may wreck your 99.99% uptime. But, what do you do when all that underlying infrastructure is gone, or at least not operational? How do you communicate when you have no internet or cell service? The recent hurricanes have brought this possibility home for a large number of people.
Amateur Radio, commonly referred to as Ham Radio, has some answers for this type of dilemma. I’m sure some of you are thinking of an old guy in a shack with some huge, vacuum tube radio and a giant tower with antennas on it. Well, there are some of those around, but there is far more to Amateur Radio, particularly when it comes to Emergency Communications (EMCOM). Let’s start with a quick overview of the Amateur Radio Service.
Ham Radio is a huge hobby with considerable width and breadth, as such, I’m going to use lots of generalization and gross simplification. But it starts with passing an exam and being licensed by the FCC. Exams must be taken in person and on paper generally. The American Radio Relay League has a list of exam providers and locations. The exams are based on a published question pool and the fee for the exam is between free and $15.
There are three levels of licensing: Technician, General,and Extra that grant the ability to use different allocations of the radio spectrum. The exams are not difficult, they are multiple choice and there are lots of study resources available, including mobile apps. There is no requirement to send Morse Code anymore! Once you pass your test, you do have to wait a few days to get your license and callsign, these are published on the FCC’s website; my entry is here.
The Technician license gives you access to Ham Radio Bands in the VHF/UHF range (30mhz - 10ghz). Radio waves in this range are generally line of sight (LoS). You must have an unobstructed path between your transmitter and the receiver at the destination. This is what you have probably experienced with GMRS/FRS radios (which are UHF). In order to extend the range and usefulness of LoS communications, repeaters placed in elevated locations are used. This can be extended even further with the use of linked repeaters. Repeaters do exactly what their name sounds like, they receive your signal and then re-broadcast it. As licensed operators, we also have the ability to use far more power (up to 1500 watts) than the GMRS/FRS radios (about 1 watt). Systems based on these frequency ranges are used for local communications, generally within a metro area.
The General license type gives you access to the HF bands (1mhz - 29mhz). In this frequency range the radio waves travel by skywave instead of LoS. This allows you to potentially talk around the world by bouncing radio waves off of the ionosphere. The distance and direction of your communications are heavily dependent on the condition of the ionosphere. Things that affect the ionosphere: Da |
Solardwinds | ||
|
2017-05-11 13:00:00 | What Got CISOs Here, Won\'t Get CISOs There (lien direct) |
A common theme at security conferences for many years was the common complaint that security departments lacked a voice at the table. CISOs were sometimes treated as second-class C-levelers, and were often not represented at the board.
(Un)Luckily, in recent years, the rise of nation-state hacking, large breaches, data dumps, and financial penalties has put security under the spotlight for many organisations.
Finally, the recognition and visibility that so many security departments have craved for so long here.
But with this, come a new set of challenges.
Dealing with a newer, and more senior set of stakeholders requires security teams to add new tools to their proverbial utility belt to be able to communicate and educate more effectively. Convincing a CEO that cyber-pathogens they read about on an in-flight magazine is nothing to worry about requires a different tack than when dealing with an auditor.
Perhaps one of the bigger challenges that presents itself to security teams is fending off the snake-oil salesmen that have been attracted by 'cyber' security and want to make a quick profit. While these types often lack the skills or expertise to improve security, they do present themselves as well-polished and well-spoken and are often well-versed in tactics needed to gain the ear of a senior stakeholder.
While all these distractions and attacks can't be thwarted, there are some strategies that CISOs and security teams can adopt to position themselves better and prevent this:
Here are five non-security tips to help security teams:
1. Put toothpicks in your data
Security historically has presented data in a rather statistical manner. But merely stating how many suspicious emails your spam filter caught is akin to describing your umbrella by the number of raindrops it stops.
The debate to find the ideal security metrics has raged on for many years without showing any signs of slowing down. One way to look at the problem is by asking how the existing data could be presented in a way that is aligned to the target audience expectations.
For example, research has found that when you tell people that what they are eating or drinking is a high-end product, they won't just say that it tastes better than a cheaper product — their brains will actually experience it as better. This was proven by two Dutch pranksters who snuck into a large food-industry expo in Houten, The Netherlands. The pranksters served McDonalds food cut into pieces with toothpicks on trays, telling attendees it was an organic product.
Tasters described the samples as tasting very rich, and very pure.
Try presenting data differently with some toothpicks and see how it changes perceptions.
2. Reframing
Security on its own has little meaning. Many businesses will judge security teams and their effectiveness based on how they feel about it.
Most will tend to frame risk based on how they have perceived it in the past. Although this isn't wrong in some cases, at other times, particularly where experience is tied to a negative perception, these habits need to be changed - or reframed.
In this regard, there are two areas that a CISO can focus on to reframe.
The first aspect is around framing context correctly and involves framing something that seems undesirable, and showing the benefits in another context. For example, Rudolph's red nose was an anomaly that made him stick out from the other reindeers. But the red nose saved all the reindeer on a dark and stormy night.
Similarly, many security controls may seem undesirable in some situations, can become a great asset given the right con |
Guideline | Solardwinds |
To see everything:
Our RSS (filtrered)
