SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2022-04-27 16:15:11	CVE-2022-22521 (lien direct)	In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.	Tool
	2022-04-26 16:24:00	Anomali Cyber Watch: Gamaredon Delivers Four Pterodos At Once, Known-Plaintext Attack on Yanlouwang Encryption, North-Korea Targets Blockchain Industry, and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, CatalanGate, Cloud, Cryptocurrency, Information stealers, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (published: April 25, 2022) Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables. Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 \| [MITRE ATT&CK] Phishing - T1566 \| [MITRE ATT&CK] User Execution - T1204 \| [MITRE ATT&CK] Command and Scripting Interpreter - T1059 \| [MITRE ATT&CK] Windows Management Instrumentation - T1047 \| [MITRE ATT&CK] Masquerading - T1036 \| [MITRE ATT&CK] Process Injection - T1055 \| [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 \| [MITRE ATT&CK] Credentials from Password Stores - T1555 \| [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 \| [MITRE ATT&CK] Steal Web Session Cookie - T1539 \| [MITRE ATT&CK] Unsecured Credentials - T1552 \| [MITRE ATT&CK] Remote System Discovery - T1018 \| [MITRE ATT&CK] System Owner/User Discovery - T1033 \|	Ransomware Malware Tool Vulnerability Threat Guideline Medical	Uber APT 38 APT 28
	2022-04-25 23:18:38	Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct)	An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and	Tool Vulnerability Threat
	2022-04-22 19:32:36	Chef vs Terraform: DevOps tool comparison (lien direct)	Server configuration, automation and infrastructure development are at the heart of every IT business operation. Read this feature comparison of two DevOps tools, Chef and Terraform, to enhance your IT efficiency.	Tool
	2022-04-22 18:30:28	A Detailed Guide on Hydra (lien direct)	Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent	Tool
	2022-04-21 19:15:08	CVE-2021-43708 (lien direct)	The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.	Tool
	2022-04-21 16:54:59	Terraform vs Puppet: DevOps tool comparison (lien direct)	Not all software tools are created equal, and one solution may be more beneficial to your DevOps needs than another. Read on to learn more about two popular DevOps tools: Terraform and Puppet.	Tool
	2022-04-21 12:07:55	Free Yanlouwang decryptor released, after flaw found in ransomware code (lien direct)	Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don't have to pay the ransom.	Ransomware Tool
	2022-04-20 22:34:24	Bamboo vs Jenkins: DevOps tools comparison (lien direct)	To choose the best CI/CD tool to power your DevOps initiatives, you need to take a close look at the features offered by the top contenders. See how two DevOps solutions, Bamboo and Jenkins, compare.	Tool
	2022-04-19 17:44:23	Monday.com vs Smartsheet: Project management software comparison (lien direct)	Smartsheet and monday work management are two similar project management tools. Here's a key feature comparison to help you choose which PM tool is right for your business.	Tool
	2022-04-18 05:58:45	Researchers Share In-Depth Analysis of PYSA Ransomware Group (lien direct)	An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to	Ransomware Malware Tool Threat
	2022-04-15 19:30:55	Prometheus vs Zabbix: Network monitoring tools comparison (lien direct)	Prometheus and Zabbix are popular network monitoring solutions with large and active communities. Which is the better tool for you?	Tool
	2022-04-15 19:15:12	CVE-2022-24851 (lien direct)	LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.	Tool Guideline
	2022-04-15 18:07:00	A Detailed Guide on Medusa (lien direct)	Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of	Tool
	2022-04-15 16:15:01	Wrike vs Monday: Project management software comparison (lien direct)	Wrike and monday work management are popular project management tools. Here's a features comparison rundown to help you decide which PM tool is best for your business.	Tool		★★
	2022-04-15 15:42:55	Best DevOps Tools & Solutions 2022: Compare DevOps Software (lien direct)	Running a successful DevOps operation requires a comprehensive tool set to support each phase of the software development cycle.	Tool
	2022-04-15 15:15:12	CVE-2022-20676 (lien direct)	A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.	Tool Vulnerability
	2022-04-15 03:24:29	Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct)	A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer	Malware Tool Threat
	2022-04-14 19:47:55	Talend vs Fivetran: ETL tool comparison (lien direct)	Choosing the best ETL tool is paramount for business success. Find the optimum solution with the help of this feature comparison of Talend and Fivetran.	Tool
	2022-04-14 19:32:53	Site24x7 vs Dynatrace: Website monitoring tool comparison (lien direct)	See how the popular website monitoring tools Site24x7 and Dynatrace compare.	Tool
	2022-04-14 11:00:00	More is Less: The Challenge of Utilizing Multiple Security Tools (lien direct)	Greetings everyone, and welcome to this week’s blog. This week, I’m diving into number six in our “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience: Lack of integrated cyber-security solutions. To deal with the cyberthreats they face every day, Enterprise Security Decision Makers seek new and well-supported solutions. They look for solutions that are easy to use and integrate with other cybersecurity systems and different parts of their organizations. 44% of those surveyed said that easily integrating with other cybersecurity tools is essential when evaluating cybersecurity solutions. What do you look for? initIframe('62573c84d0742a0929d79352'); So why do almost half of enterprise decision-makers want easily integrated tools? Enterprises frequently deploy new security tools and services to address changing needs and an increase in threats. In fact, according to recent findings, mature security organizations have deployed on average: Small business: 15 and 20 security tools Medium-sized companies: 50 to 60 security tools Enterprises: over 130 tools security tools If you like math, check out these stats: A typical six-layer enterprise tech stack, composed of networking, storage, physical servers, virtualization, management, and application layers, causes enterprise organizations to struggle with 1.6 billion versions of tech installations for 336 products by 57 vendors. Increasing Investments Our research showed that 74% of organizations had increased their cybersecurity budgets to help defend against increasing cyber-attacks. Despite these increasing investments in cybersecurity, only 46% are very confident that their cyber-protection technologies can detect today’s sophisticated attacks. While investment is on the uptake, effectiveness is not. Response efforts have been hindered by the complexity caused by fragmented toolsets, highlighting that investing in too many tools can reduce the effectiveness of security defenses. More Tools, More Problems The wide variety of tools enterprises invest their time and money into to combat security threats can create numerous issues. Security analysts are understandably frustrated. They’re spending most of their time chasing false positives and performing manual processes born from these disparate toolsets. They’re working longer hours and are under more pressure to protect the business. CSO Online provides a good article listing the top challenges of security tool integration: 7 top challenges of security tool integration \| CSO Online Too many security tools Lack of interoperability among security tools Broken functionality Limited network visibility Increase in false alarms Failure to set expectations properly Lack of skills You can find the full article here. Source: csoonline.com For this blog, I’ll focus on what I think is the biggest challenge the article did not mention: Disparate tools create siloed organizations. Creating Gaps and Silos In the last	Tool Threat Guideline
	2022-04-13 19:50:30	GitLab vs Bitbucket: DevOps tools comparison (lien direct)	Read this feature comparison of two popular DevOps solutions: Atlassian's Bitbucket and the open source platform GitLab. Which is the right DevOps tool for your organization?	Tool
	2022-04-13 17:13:23	How to install Filerun file share and sync on AlmaLinux (lien direct)	Filerun can help you store and manage files, photos, movies and more. Here's how to install this great tool for any business (or home) that even includes a built-in versioning system. Jack Wallen will show you.	Tool
	2022-04-13 15:30:00	Inconstruire: les nouveaux outils de cyberattaques parrainés par l'État ciblent plusieurs systèmes de contrôle industriel INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (lien direct)	Au début de 2022, Mandiant, en partenariat avec Schneider Electric, a analysé un ensemble de nouveaux outils d'attaque orientés vers le système de contrôle industriel (ICS) - que nous appelons Inconstroller (aka PipeDream) - construit aux dispositifs d'automatisation des machines cibles.Les outils peuvent interagir avec des équipements industriels spécifiques intégrés dans différents types de machines exploitées dans plusieurs industries.Bien que le ciblage de tout environnement opérationnel utilisant cet ensemble d'outils ne soit pas clair, le malware pose un risque critique pour les organisations tirant parti de l'équipement ciblé.Inconstroller est très probablement parrainé par l'État et contient In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. INCONTROLLER is very likely state sponsored and contains	Malware Tool Industrial		★★★★
	2022-04-13 12:35:03	How to SLSA Part 2 - The Details (lien direct)	Posted by Tom Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we'll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribution and trust.Attestation storageAttestations play a large role in SLSA and it's essential that consumers of artifacts know where to find the attestations for those artifacts.Co-located in repoAttestations could be colocated in the repository that hosts the artifact. This is how Squirrel plans to store attestations for packages. They even want to add support to the Squirrel CLI (e.g. acorn get-attestations foo@1.2.3).Acme really likes this approach because the attestations are always available and it doesn't introduce any new dependencies.RekorMeanwhile, Oppy plans to store attestations in Rekor. They like being able to direct users to an existing public instance while not having to maintain any new infrastructure themselves, and the in-depth defense the transparency log provides against tampering with the attestations.Though the latency of querying attestations from Rekor is likely too high for doing verification at time of use, Oppy isn't too concerned since they expect users to query Rekor at install time.HybridA hybrid model is also available where the publisher stores the attestations in Rekor as well as co-located with the artifact in the repo-along with Rekor's inclusion proof. This provides confidence the data was added to Rekor while providing the benefits of co-locating attestations in the repository.Policy content'Policy' refers to the rules used to determine if an artifact should be allowed for a use case.Policies often use the package name as a proxy for determining the use case. An example being, if you want to find the policy to apply you could look up the policy using the package name of the artifact you're evaluating.Policy specifics may vary based on ease of use, availability of data, risk tolerance and more. Full verification needs more from policies than delegated verification does.Default policyDefault policies allow admission decisions without the need to create specific policies for each package. A default policy is a way of saying “anything that doesn't have a more specific policy must comply with this policy”.Squirrel plans to eventually implement a default policy of “any package without a more specific policy will be accepted as long as it meets SLSA 3”, but they recognize that most packages don't support this yet. Until they achieve critical mass they'll have a default SLSA 0 policy (all artifacts are accepted).While Oppy is leaving verification to their users, they'll suggest a default policy of “any package built by 'https://oppy.example/slsa/builder/v1'”.Specific policySquirrel also plans to allow users to create policies for specific packages. For example, this policy requires that package 'foo' must have been built by GitHub Actions, from github.com/foo/acorn-foo, and be SLSA 4.	Tool
	2022-04-12 19:06:00	Anomali Cyber Watch: Zyxel Patches Critical Firewall Bypass Vulnerability, Spring4Shell (CVE-2022-22965), The Caddywiper Malware Attacking Ukraine and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Caddywiper, Colibri Loader, Gamaredon, SaintBear, SolarMaker and Spring4Shell. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New SolarMaker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns (published: April 8, 2022) Palo Alto Researchers have released their technical analysis of a new version of SolarMaker malware. Prevalent since September 2020, SolarMaker’s initial infection vector is SEO poisoning; creating malicious websites with popular keywords to increase their ranking in search engines. Once clicked on, an encrypted Powershell script is automatically downloaded. When executed, the malware is installed. SolarMaker’s main functionality is the theft of web browser information such as stored passwords, auto-fill data, and saved credit card information. All the data is sent back to an encoded C2 server encrypted with AES. New features discovered by this technical analysis include increased dropper file size, droppers are always signed with legitimate certificates, a switch back to executables instead of MSI files. Furthermore, the backdoor is now loaded into the dropper process instead of the Powershell process upon first time execution. Analyst Comment: Never click on suspicious links, always inspect the url for any anomalies. Untrusted executables should never be executed, nor privileges assigned to them. Monitor network traffic to assist in the discovery of non standard outbound connections which may indicate c2 activity. MITRE ATT&CK: [MITRE ATT&CK] Data Obfuscation - T1001 \| [MITRE ATT&CK] Encrypted Channel - T1573 \| [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 \| [MITRE ATT&CK] Obfuscated Files or Information - T1027 \| [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 Tags: SolarMaker, Jupyter, Powershell, AES, C2, SEO poisoning Google is on Guard: Sharks shall not Pass! (published: April 7, 2022) Check Point researchers have discovered a series of malicious apps on the Google Play store that infect users with the info stealer Sharkbot whilst masquerading as AV products. The primary functionality of Sharkbot is to steal user credentials and banking details which the user is asked to provide upon launching the app. Furthermore, Sharkbot asks the user to permit it a wide array of permissions that grant the malware a variety of functions such as reading and sending SMS messages and uninstalling other applications. Additionally, the malware is able to evade detection through various techniques. Sharkbot is geofenced, therefore it will stop functioning if it detects the user is from Belarus, China, India, Romania, Russia or Ukraine. Interestingly for Android malware, Sharkbot also utilizes domain generation algorithm (DGA). This allows the malware to dynamically generate C2 domains to help the malware function after a period of time even i	Malware Tool Vulnerability Threat Patching	APT-C-23
	2022-04-12 16:35:29	OpenSSH Moves to Prevent \'Capture Now, Decrypt Later\' Attacks (lien direct)	OpenSSH has joined the high-stakes fight to protect data from quantum computers. The latest version of the widely used encryption and connectivity tool has been fitted with new features to prevent "capture now, decrypt later" attacks linked to advancements in quantum computing.	Tool
	2022-04-11 18:03:43	How to list Linux services with systemctl for easier troubleshooting (lien direct)	If you serve as an admin over Linux systems, one tool that you'll fall back on daily is systemctl. Jack Wallen shows you how easy it is to list services with this command.	Tool
	2022-04-11 17:58:36	How to repair a Microsoft Outlook PST or OST file with the Inbox Repair tool (lien direct)	Microsoft's Inbox Repair tool can solve certain problems with your Outlook file. Find out how you can fix issues that may arise from a corrupt personal folder file.	Tool
	2022-04-11 17:26:45	How to convert all your Snap packages to Flatpak on Ubuntu with Unsnap (lien direct)	For anyone who wants to dump Snap in favor of Flatpak, a new tool has surfaced to make this process simple. Let Jack Wallen introduce you to Unsnap.	Tool
	2022-04-11 10:28:22	Malware Evasion - Detecting Security and Forensic Tools (lien direct)	This is the third post in our evasion techniques blog series. Feel free to view the other posts which discussed Sandbox Evasion and Living Off the Land techniques.	Tool
	2022-04-11 10:11:53	Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang (lien direct)	Conti ransomware gang claimed responsibility for cyberattack on Wisconsin-based tool maker	Ransomware Tool
	2022-04-11 10:01:39	Fraudsters stole £58m with RATs in 2021 (lien direct)	2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […]	Tool		★★★
	2022-04-09 16:57:55	A Detailed Guide on Responder (LLMNR Poisoning) (lien direct)	Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The	Tool
	2022-04-08 22:56:18	Asana vs ClickUp: Project management software comparison (lien direct)	Selecting the best project management tool can be challenging, especially with so many options available. Check out this guide to learn the differences between Asana and ClickUp.	Tool
	2022-04-08 13:05:39	Stitch vs Fivetran: ETL tool comparison (lien direct)	Read this feature comparison of popular ETL software solutions Stitch and Fivetran. Automation, compliance, and more features are explored.	Tool
	2022-04-08 09:48:47	Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct)	Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in	Ransomware Malware Tool
	2022-04-08 05:15:24	Alteryx vs Tableau: BI tool comparison (lien direct)	Find out how the business intelligence tools Atleryx and Tableau compare when it comes to features.	Tool
	2022-04-07 17:50:31	A Detailed Guide on Cewl (lien direct)	Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist.	Tool
	2022-04-07 15:32:38	Domo vs Tableau: BI tool comparison (lien direct)	Choosing the best data analysis tool means comparing features to determine how well each product suit your needs. Learn which features you should consider when deciding between Domo and Tableau.	Tool
	2022-04-07 12:09:29	BlackCat Ransomware Targets Industrial Companies (lien direct)	A data theft tool used by the ransomware group tracked as BlackCat, ALPHV and Noberus suggests that the cybercriminals are increasingly interested in targeting industrial organizations.	Ransomware Tool
	2022-04-05 21:59:46	BigQuery vs Snowflake: Which ETL tool is best? (lien direct)	ETL tools can help you gain more actionable insights from your data sets across multiple sources. Read this comparison of popular solutions BigQuery and Snowflake for your data processing needs.	Tool
	2022-04-05 18:17:00	Anomali Cyber Watch: AcidRain Wiped Viasat Modems, BlackMatter Rewritten into BlackCat Ransomware, SaintBear Goes with Go, and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Information stealers, Phishing, Russia, Ukraine, Vulnerabilities, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence AcidRain \| A Modem Wiper Rains Down on Europe (published: March 31, 2022) On February 24, 2022, Viasat KA-SAT modems became inoperable in Ukraine after threat actors exploited a misconfigured VPN appliance, compromised KA-SAT network, and were able to execute management commands on a large number of residential modems simultaneously. SentinelOne researchers discovered that a specific Linux wiper, dubbed AcidRain, likely used in that attack as it shows the same targeting and the same overwriting method that was seen in a Viasat’s Surfbeam2 modem targeted in the attack. AcidRain shows code similarities with VPNFilter stage 3 wiping plugin called dstr, but AcidRain’s code appears to be sloppier, so the connection between the two is still under investigation. Analyst Comment: Internet service providers are heavily targeted due to their trust relationships with their customers and they should harden their configurations and access policies. Devices targeted by AcidRain can be brought back to service through flash memory/factory reset. Organizations exposed to Russia-Ukrainian military conflict should plan for backup options in case of a wiper attack. MITRE ATT&CK: [MITRE ATT&CK] Data Destruction - T1485 \| [MITRE ATT&CK] System Shutdown/Reboot - T1529 \| [MITRE ATT&CK] Exploit Public-Facing Application - T1190 \| [MITRE ATT&CK] Supply Chain Compromise - T1195 Tags: AcidRain, Viasat KA-SAT, Russia, Ukraine, Germany, target-country:UA, target-country:DE, Wiper, Modem, Supply-chain compromise, VPN appliance, VPNFilter BlackCat Ransomware (published: March 31, 2022) BlackCat (ALPHV) ransomware-as-a-service surfaced on Russian-speaking underground forums in late 2021. The BlackCat ransomware is perhaps the first ransomware written entirely in Rust, and is capable of targeting both Windows and Linux machines. It targeted multiple industries in the US, Europe, the Philippines, and other regions, and Polyswarm researchers expect it to expand its operations. It is attributed to the BlackMatter/DarkSide ransomware threat group. BlackCat used some known BlackMatter infrastructure and shared the same techniques: reverse SSH tunnels and scheduled tasks for persistence, LSASS for credential access, lmpacket, RDP, and psexec for command and control. Analyst Comment: It is crucial for your company to ensure that servers are always running the most current software version. Your company should have policies in place in regards to the proper configurations needed for your servers in order to conduct your business needs safely. Additionally, always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). Furthermore, a business continuity plan should be in place in the case of a	Ransomware Malware Tool Vulnerability Threat Guideline	VPNFilter VPNFilter
	2022-04-05 17:31:41	Infosec control attributes paper completed (lien direct)	Yesterday, I completed and published the white paper on information security control attributes. Today I drafted a set of comments on ISO/IEC JTC 1/SC 27's proposed Preliminary Work Item for ISO/IEC 27028, using content from the white paper to build a 'donor document' with fairly minor changes in accordance with ISO's rquired structure and format. It includes the following summary: "This document extends the concept of 'control attributes' introduced in ISO/IEC 27002:2022, discussing a wider variety of factors potentially worth bearing in mind when considering, selecting, designing, using and reviewing information security controls. Control attributes are a powerful and flexible tool for information security management purposes, a novel way to design, manage and improve an organisation's approach to mitigating unacceptable information risks, supplementing more traditional or conventional methods. The document includes pragmatic suggestions on how to make use of control attributes in the business context, with a worked example illustrating the approach." Once the comments are submitted, we must wait patiently to see how much of it (if any!) makes it through to the Working Draft, blended with inputs and comments from other committee members. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.Meanwhile, I'm actively looking for opportunities for clients to start using control attributes as an integral part of their ISO27k information risk and security management activities - designing better, more relevant and meaningful security metrics for instance. If that or any other ideas in the paper catch your imagination, please comment below or email me (Gary@isect.com). I see a lot of potential business value in control attributes: how about you?	Tool
	2022-04-05 10:50:32	GitHub now scans for secret leaks in developer workflows (lien direct)	The new tool aims to protect developers against API and token exposure.	Tool
	2022-04-05 02:28:02	Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct)	Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident	Data Breach Tool
	2022-04-04 22:42:16	Azure Synapse vs Snowflake: ETL tool comparison (lien direct)	Azure Synapse and Snowflake are both good ETL platforms, so how do you choose between them? See how their features stack up and which one is more suitable for your use cases.	Tool
	2022-04-04 15:46:16	Easily manage your Google activity with this handy tool (lien direct)	Try this very useful tool to manage all your activity on Google and increase your privacy. Jack Wallen shows you how.	Tool
	2022-04-04 00:00:00	MITRE Engenuity ATT&CK Tests (lien direct)	Trend Micro Vision One achieved a protection score of 100% in this year's evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.	Tool
	2022-04-01 23:15:08	CVE-2019-14839 (lien direct)	It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.	Tool

Last update at: 2024-07-06 21:08:48
See our sources.

To see everything: Our RSS (filtrered)