What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-24 15:05:15 | Video: Doc & RTF Malicious Document, (Sun, Jan 24th) (lien direct) | I made a video for my diary entry "Doc & RTF Malicious Document". And I show a new feature of my tool re-search.py, that helps with filtering URLs found in OOXML files. | Tool | ||
 |
2021-01-22 12:17:49 | The new Microsoft Edge browser will warn you if your password has been leaked online (lien direct) | The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. | Tool | ||
|
2021-01-21 22:32:00 | How to edit a CentOS network connection from the command line (lien direct) | If you're struggling to edit your CentOS network connections from the command line, Jack Wallen shows you a tool that will ease that struggle. | Tool | ||
|
2021-01-21 20:02:55 | New smart hospital platform could be the digital transformation tool healthcare needs (lien direct) | Zyter Smart Hospitals software promises to combine disparate systems, IoT devices, apps, and sensors into one big network of efficient, streamlined care. | Tool | ||
 |
2021-01-21 14:08:16 | SolarWinds Attacks Highlight Importance of Operation-Centric Approach (lien direct) |
We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform. |
Tool | Solardwinds Solardwinds | |
 |
2021-01-21 12:00:00 | How One Rabbi Uses Roleplaying Games to Build Community (lien direct) | Spirituality is only one tool in this community leader's toolkit for bringing people closer together. Character sheets are another. | Guideline Tool | ||
 |
2021-01-20 20:15:15 | CVE-2021-1264 (lien direct) | A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. | Tool Vulnerability | ||
 |
2021-01-20 13:01:02 | FireEye releases an auditing tool to detect SolarWinds hackers\' activity (lien direct) | Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. The experts explained how the UNC2452 and other threat actors breached […] | Threat Tool | ★★★★★ | |
 |
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Threat Hack Tool | ||
|
2021-01-19 17:15:12 | CVE-2020-35929 (lien direct) | In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | Tool | ★★ | |
 |
2021-01-19 14:09:38 | SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader (lien direct) | The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...] | Tool | Solardwinds | |
 |
2021-01-19 14:00:04 | FireEye releases tool for auditing networks for techniques used by SolarWinds hackers (lien direct) | New Azure AD Investigator is now available via GitHub. | Tool | ||
|
2021-01-17 11:53:58 | New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) (lien direct) | Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity. | Tool | ||
|
2021-01-16 14:14:01 | Siemens fixed tens of flaws in Siemens Digital Industries Software products (lien direct) | Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […] | Tool | ||
 |
2021-01-14 21:28:41 | Craft brewers now have a new tool for sniffing out trace flavor compounds (lien direct) | Thiols impart a pleasant fruity aroma, but they can be difficult to track and measure. | Tool | ★★★★★ | |
|
2021-01-14 15:48:27 | How to install the Hestia Control Panel for an Apache/NGINX PHP-FPM web-based config tool (lien direct) | Hestia is a web-based GUI for configuring NGINX, Apache, and PHP-FPM. Jack Wallen shows you how to get this up and running on Ubuntu Server 20.04. | Tool | ||
|
2021-01-12 17:44:59 | Install Virtualmin on Ubuntu 20.04 for a cPanel/CentOS-like web hosting control panel (lien direct) | If you're looking for a cPanel/CentOS replacement, Jack Wallen thinks Virtualmin might do the job. He'll show you what the tool has to offer and how to install it on Ubuntu Server. | Tool | ||
|
2021-01-12 08:38:14 | (Déjà vu) Bitdefender releases free decrypter for Darkside ransomware (lien direct) | Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware, they could recover their files for free using a tool that was released by the security firm Bitdefender. The decrypter seems to work for all […] | Ransomware Tool | ★★★★ | |
 |
2021-01-11 23:00:00 | What is STRIDE and How Does It Anticipate Cyberattacks? (lien direct) | STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] | Threat Tool | ||
 |
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 18:47:09 | Decryptor Released for Ransomware That Allegedly Helped Cybercriminals Make Millions (lien direct) | Bitdefender on Monday announced the availability of a free tool that organizations can use to recover files encrypted by DarkSide, a piece of ransomware that cybercriminals claim helped them make millions. | Ransomware Tool | ||
|
2021-01-11 15:52:48 | Free decrypter released for victims of Darkside ransomware (lien direct) | A new tool released today by Romanian security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand. | Ransomware Tool | ||
|
2021-01-11 14:58:51 | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) (lien direct) | Now with a firm approach to or putting an inventory and using the NVD API (https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ and https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Playing+with+Code+Part+2+of+3/26964/), for any client I typically create 4 inventories: | Tool | ||
|
2021-01-08 12:00:00 | The DC Mobs Could Become a Mythologized Recruitment Tool (lien direct) | Wednesday's riot in Washington was the result of conspiracy theories, anti-government sentiment, and online extremism-and it could start a movement. | Tool | ||
|
2021-01-08 09:48:08 | Ezuri memory loader used in Linux and Windows malware (lien direct) | Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T's Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […] | Threat Malware Tool | ||
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Cloud Tool | APT 37 | |
|
2021-01-07 15:41:12 | Windows PsExec zero-day vulnerability gets a free micropatch (lien direct) | A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. [...] | Tool Vulnerability | ||
 |
2021-01-07 11:00:00 | Malware using new Ezuri memory loader (lien direct) |
This blog was written by Ofer Caspi and Fernando Martinez of AT&T Alien Labs
Multiple threat actors have recently started using a Go language (Golang) tool to act as a packer and avoid Antivirus detection. Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in Linux environments.
The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018). When creating a process, the system returns a file descriptor to an anonymous file in '/proc/PID/fd/' which is visible only in the filesystem.
Figure 1 shows a code snippet from the loader, containing the information it uses in order to decrypt the payload using the AES algorithm.
Figure 1. Loader code snippet via Alien Labs analysis.
The loader, written in Golang, is taken from the "Ezuri" code on GitHub via the user guitmz. This user originally created the ELF loader around March 2019, when he wrote a blog about the technique to run ELF executables from memory and shared the loader on his github. Additionally, a similar user ‘TMZ’ (presumably associated with the previously mentioned ‘guitmz’) posted this same code in late August, on a small forum where malware samples are shared.
The guitmz user even ran tests against VirusTotal to prove the efficiency of the code, uploading a detected Linux.Cephei sample (35308b8b770d2d4f78299262f595a0769e55152cb432d0efc42292db01609a18) with 30/61 AV detections in VirusTotal, compared to the zero AV detections by the same sample hidden with the Ezuri code (ddbb714157f2ef91c1ec350cdf1d1f545290967f61491404c81b4e6e52f5c41f).
|
Threat Malware Tool | ||
|
2021-01-06 19:08:48 | How to view stats on your Linux servers with Saidar (lien direct) | Jack Wallen introduces you to a tool that can help you view system statistics and resource usage on your Linux servers. | Tool | ★★ | |
 |
2021-01-06 16:58:00 | ElectroRAT Drains Crypto Wallets (lien direct) | Attacker creates fake companies and new remote access tool to steal cryptocurrency in year-long campaign | Tool | ||
|
2021-01-06 15:56:20 | Microsoft makes the Windows 10 File Recovery tool easier to use (lien direct) | Microsoft released today a new simplified version of the Windows File Recovery tool to test on the latest Windows 10 Insider build. [...] | Tool | ||
 |
2021-01-05 22:28:17 | RCE \'Bug\' Found and Disputed in Popular PHP Scripting Framework (lien direct) | Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. | Tool | ||
|
2021-01-05 20:34:57 | Crypto-Hijacking Campaign Leverages New Golang RAT (lien direct) | Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users. | Tool | ||
|
2021-01-05 14:34:10 | Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th) (lien direct) | [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] | Tool | ||
|
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2021-01-05 04:59:54 | Ransomware Attacks Linked to Chinese Cyberspies (lien direct) | China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. | Ransomware Tool | APT 27 APT 27 | |
 |
2021-01-01 10:59:21 | GKE Auditor – Detect Google Kubernetes Engine Misconfigurations (lien direct) |  GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.
The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.
Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation
git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh
Usage
The tool has to be built by running the build.sh script first.
Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.
|
Tool | Uber | |
|
2020-12-30 16:01:41 | Google Docs bug could have allowed hackers to hijack screenshots (lien direct) | Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by […] | Tool | ||
|
2020-12-29 11:31:47 | (Déjà vu) CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365 (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments. The tool was developed to […] | Tool | ||
|
2020-12-29 03:21:53 | A Google Docs Bug Could Have Allowed Hackers See Your Private Documents (lien direct) | Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. | Tool Vulnerability | ||
|
2020-12-28 12:48:46 | CISA releases Azure, Microsoft 365 malicious activity detection tool (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. [...] | Tool | ||
|
2020-12-25 23:53:44 | CrowdStrike releases free Azure tool to review assigned privileges (lien direct) | CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike that threat actors attempted to read CrowdStrike’s emails by using a compromised Microsoft Azure reseller’s account. “Specifically, they […] | Threat Tool | ||
|
2020-12-25 14:08:50 | CrowdStrike releases free Azure security tool after failed hack (lien direct) | Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. [...] | Threat Hack Guideline Tool | ||
|
2020-12-22 11:00:01 | Five ways technology is helping get the COVID-19 vaccine from the manufacturer to the doctor\'s office (lien direct) | Pharma companies are using every tool in the digital transformation toolbox to make and deliver billions of doses safely and quickly. | Tool | ||
|
2020-12-20 09:55:11 | New Windows 10 tool lets you group your taskbar shortcuts (lien direct) | A new Windows 10 utility called TaskbarGroups lets you group shortcuts on the taskbar so they can easily be launched without taking up a lot of space. [...] | Tool | ||
|
2020-12-18 12:26:17 | All-source intelligence: reshaping an old tool for future challenges (lien direct) | An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source intelligence discipline could serve the purpose. Today's society hinges on technologies and they will have most likely an ever-increasing clout in […] | Tool | ★★★★ | |
 |
2020-12-17 15:00:00 | Anomali December Release: The Need for Speed (lien direct) | We are happy to announce the Anomali Quarterly Release for December 2020. For our product and engineering teams to deliver this latest set of features and enhancements, they worked closely with our customers with a particular eye to further improving the speed of threat intelligence operations. As organizations mature in their threat intelligence programs and seek to leverage ever-larger quantities of threat intelligence inputs and security telemetry data, the need for capabilities that enhance the efficiency of threat intelligence and SOC analysts becomes paramount. So we worked (and will continue to work) to reduce friction in the moment-to-moment workday of our users and add velocity to overall workflows in a way that improves their organizations’ overall security posture. Examples of enhancements in this latest release include:
Pre-Built Themed Dashboards
The addition of pre-customized, themed dashboards allow analysts to quickly focus on new and relevant intelligence investigations about specific events impacting their organizations. Anomali Threat Research analysts applied their expertise to aid in the design and development of these dashboards for real-world investigation scenarios. Now available via the Anomali ThreatStream threat intelligence platform (TIP), new dashboard themes include COVID-19 indicators of compromise (IOC’s), relevant global cyberthreat activities, and a view to vulnerabilities and exploits that adversaries are using to compromise your systems and data.
Figure 1 - Example Covid-19 IOCs focused dashboard
Figure 2 - Example Global Threat Activity dashboard
Flexible MITRE ATT&CK Framework Coverage — With this new capability, threat intelligence analysts can configure their security coverage levels for each technique in the framework. This allows them to align their work more precisely with targeted organizational security response strategies, which removes friction and increases the speed of overall workflows.
Figure 3 - Analysts can tune security coverage for each Mitre Attack technique
Faster Investigations
To continue making threat analysts’ lives easier and more productive, we’ve added a Threat Card feature that allows users to gain deeper insights into threats without having to navigate to additional pages, and have also improved collaboration in active investigations by introducing visibility and access controls. Analysts will be able to mark their Investigations until completed as “Private,” and optionally increase the visibility to their workgroups or their organization. While users are editing their Investigation, it can be locked so that other team members do not duplicate efforts. Threat analysts also now have greater control over the UI via added mouse functionality, the type of utility that helps them move more quickly through an investigation.
Figure 4 - Active investigations benefit from Threat Cards and privacy controls
Faster Finished Intelligence
Anomali ThreatStream now offers multiple default templates for the creation of finished intelligence products, giving analysts the ability to apply their organizations’ branding to reports and then distribute them directly from ThreatStream to all relevant stakeholders. This added feature gives analysts a more simplified, intuitive and faster way to format and distribute insights and findings they’ve developed.
 |
Threat Guideline Tool | ||
|
2020-12-17 12:29:01 | This \'off the shelf\' Tor backdoor malware is now a firm favorite with ransomware operators (lien direct) | SystemBC is making its mark as a popular tool used in high-profile ransomware campaigns. | Ransomware Malware Tool | ||
|
2020-12-17 06:39:54 | Phobos launches Orbital, a tool for finding attack pathways and entry points into your network (lien direct) | After months of work, teasing, and planning, Phobos Orbital is out of beta and available for trials. | Tool | ||
 |
2020-12-16 17:40:00 | Attackers Leverage IMAP to Infiltrate Email Accounts (lien direct) | Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP. | Tool |
To see everything:
Our RSS (filtrered)
