What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-27 09:51:40 | TriOp - tool for gathering (not just) security-related data from Shodan.io (tool drop), (Wed, Jan 27th) (lien direct) | If you're a regular reader of our Diaries, you may remember that over the last year and a half, a not insignificant portion of my posts has been devoted to discussing some of the trends in internet-connected systems. We looked at changes in the number of internet-facing machines affected by BlueKeep[1], SMBGhost[2], Shitrix[3] and several other vulnerabilities [4] as well as at the changes in TLS 1.3 support over time[5] and several other areas [6,7]. Today, we're going to take a look at the tool, that I've used to gather data, on which the Diaries were based, from Shodan.io. | Tool | ||
 |
2021-01-26 13:00:00 | TrickBot\'s Survival Instinct Prevails - What\'s Different About the TrickBoot Version? (lien direct) | October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trusteer examines […] | Tool | ||
 |
2021-01-26 11:37:41 | Which AppSec Testing Type Should You Deploy First? (lien direct) |  The gold standard for creating an application security (AppSec) program is ??? and always will be ??? to follow best practices. By following preestablished and proven methods, you can ensure that you are maximizing the benefits of your AppSec program.
Unfortunately, time, budget, culture, expertise, and executive buy-in often restrict organizations from following best practices. But that doesn???t mean that you can???t create an impactful AppSec program. You should aim to follow best practices but ??? when you can???t ??? there are practical first steps you can take to position your program for future improvements.
Ideally, you should be using every testing type ??? static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing.
Each AppSec test has its own strengths and weaknesses, with no one tool able to do it all. If you choose not to employ a specific test, you could be leaving your application vulnerable. For example, if you don???t employ software composition analysis, you may miss vulnerabilities in your third-party code. And if you don???t employ dynamic analysis, you could miss configuration errors. But by using all of the testing types together, you can drive down risk across the entire application lifetime from development to testing to production.
If you don???t have the funds or support to employ every AppSec testing type, you should always begin with the test(s) that will have the most impact, in the shortest amount of time, for the least amount of money. This will depend on factors like your release cadence, risk tolerance, and budget.
For organizations releasing software less than four times a year, manual AppSec scans will probably suffice. But if you release software daily or weekly ??? likely in a CI/CD fashion ??? you will need to automate your AppSec scans with each code commit.
You also need to consider the speed of different scan types. Static analysis can provide immediate feedback with each commit. Penetration tests, on the other hand, are much slower because they rely on a human pen-tester to review the code.
But speed isn???t the only concern. You also need to consider the risk of your applications. An application housing sensitive data ??? like banking information ??? needs to undergo more in-depth AppSec tests than a lower-risk application. In-depth AppSec tests, like penetration testing, may take longer but they are critical in preventing cyberattacks. It really comes down to weighing the risk vs. time to market. In some instances, it may be okay to release software with low- or medium-severity risks. But for high-severity risks, you should break the build until the vulnerability is remediated.
Budget is also a major factor. Penetration tests are considerably more expensive than other testing types. So, if you???re on a tight budget, frequent pen tests may not be feasible. You might be better off pen-testing on an annual or bi-annual basis.
Once you???ve successfully implemented the AppSec testing type(s) that provides the most value to your organization, it???s time to start making the case for additional scans. As always, consider your budget, risk tolerance, and technology when adding to your AppSec mix.ツ?
To learn more about AppSec best practices and practical first steps, check out our guide, Application Security Best Practices vs. Practicalities: What to Strive for and Where to Start, and keep an eye out for our upcomin |
Tool Vulnerability | ||
 |
2021-01-25 11:31:02 | Microsoft: Our free tool helps to improve your websites (lien direct) | Microsoft Clarity is a specialist tool that brings user experience analysis to the desktop with just a few clicks. | Tool | ||
 |
2021-01-24 17:08:14 | Comprehensive Guide on Dirsearch (lien direct) | In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website directory scanner designed to brute force site structure including directories and files. Table of Content Introduction to Dirsearch | Tool | ||
|
2021-01-24 15:05:15 | Video: Doc & RTF Malicious Document, (Sun, Jan 24th) (lien direct) | I made a video for my diary entry "Doc & RTF Malicious Document". And I show a new feature of my tool re-search.py, that helps with filtering URLs found in OOXML files. | Tool | ||
|
2021-01-22 12:17:49 | The new Microsoft Edge browser will warn you if your password has been leaked online (lien direct) | The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. | Tool | ||
|
2021-01-21 22:32:00 | How to edit a CentOS network connection from the command line (lien direct) | If you're struggling to edit your CentOS network connections from the command line, Jack Wallen shows you a tool that will ease that struggle. | Tool | ||
|
2021-01-21 20:02:55 | New smart hospital platform could be the digital transformation tool healthcare needs (lien direct) | Zyter Smart Hospitals software promises to combine disparate systems, IoT devices, apps, and sensors into one big network of efficient, streamlined care. | Tool | ||
 |
2021-01-21 14:08:16 | SolarWinds Attacks Highlight Importance of Operation-Centric Approach (lien direct) |
We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform. |
Tool | Solardwinds Solardwinds | |
 |
2021-01-21 12:00:00 | How One Rabbi Uses Roleplaying Games to Build Community (lien direct) | Spirituality is only one tool in this community leader's toolkit for bringing people closer together. Character sheets are another. | Tool Guideline | ||
 |
2021-01-20 20:15:15 | CVE-2021-1264 (lien direct) | A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. | Tool Vulnerability | ||
 |
2021-01-20 13:01:02 | FireEye releases an auditing tool to detect SolarWinds hackers\' activity (lien direct) | Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. The experts explained how the UNC2452 and other threat actors breached […] | Tool Threat | ★★★★★ | |
 |
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Hack Tool Threat | ||
|
2021-01-19 17:15:12 | CVE-2020-35929 (lien direct) | In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | Tool | ★★ | |
 |
2021-01-19 14:09:38 | SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader (lien direct) | The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...] | Tool | Solardwinds | |
 |
2021-01-19 14:00:04 | FireEye releases tool for auditing networks for techniques used by SolarWinds hackers (lien direct) | New Azure AD Investigator is now available via GitHub. | Tool | ||
|
2021-01-17 11:53:58 | New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) (lien direct) | Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity. | Tool | ||
|
2021-01-16 14:14:01 | Siemens fixed tens of flaws in Siemens Digital Industries Software products (lien direct) | Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […] | Tool | ||
 |
2021-01-14 21:28:41 | Craft brewers now have a new tool for sniffing out trace flavor compounds (lien direct) | Thiols impart a pleasant fruity aroma, but they can be difficult to track and measure. | Tool | ★★★★★ | |
|
2021-01-14 15:48:27 | How to install the Hestia Control Panel for an Apache/NGINX PHP-FPM web-based config tool (lien direct) | Hestia is a web-based GUI for configuring NGINX, Apache, and PHP-FPM. Jack Wallen shows you how to get this up and running on Ubuntu Server 20.04. | Tool | ||
|
2021-01-12 17:44:59 | Install Virtualmin on Ubuntu 20.04 for a cPanel/CentOS-like web hosting control panel (lien direct) | If you're looking for a cPanel/CentOS replacement, Jack Wallen thinks Virtualmin might do the job. He'll show you what the tool has to offer and how to install it on Ubuntu Server. | Tool | ||
|
2021-01-12 08:38:14 | (Déjà vu) Bitdefender releases free decrypter for Darkside ransomware (lien direct) | Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware, they could recover their files for free using a tool that was released by the security firm Bitdefender. The decrypter seems to work for all […] | Ransomware Tool | ★★★★ | |
|
2021-01-11 23:00:00 | What is STRIDE and How Does It Anticipate Cyberattacks? (lien direct) | STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] | Tool Threat | ||
 |
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 18:47:09 | Decryptor Released for Ransomware That Allegedly Helped Cybercriminals Make Millions (lien direct) | Bitdefender on Monday announced the availability of a free tool that organizations can use to recover files encrypted by DarkSide, a piece of ransomware that cybercriminals claim helped them make millions. | Ransomware Tool | ||
|
2021-01-11 15:52:48 | Free decrypter released for victims of Darkside ransomware (lien direct) | A new tool released today by Romanian security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand. | Ransomware Tool | ||
|
2021-01-11 14:58:51 | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) (lien direct) | Now with a firm approach to or putting an inventory and using the NVD API (https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ and https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Playing+with+Code+Part+2+of+3/26964/), for any client I typically create 4 inventories: | Tool | ||
|
2021-01-08 12:00:00 | The DC Mobs Could Become a Mythologized Recruitment Tool (lien direct) | Wednesday's riot in Washington was the result of conspiracy theories, anti-government sentiment, and online extremism-and it could start a movement. | Tool | ||
|
2021-01-08 09:48:08 | Ezuri memory loader used in Linux and Windows malware (lien direct) | Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T's Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […] | Malware Tool Threat | ||
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 | |
|
2021-01-07 15:41:12 | Windows PsExec zero-day vulnerability gets a free micropatch (lien direct) | A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. [...] | Tool Vulnerability | ||
 |
2021-01-07 11:00:00 | Malware using new Ezuri memory loader (lien direct) |
This blog was written by Ofer Caspi and Fernando Martinez of AT&T Alien Labs
Multiple threat actors have recently started using a Go language (Golang) tool to act as a packer and avoid Antivirus detection. Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in Linux environments.
The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018). When creating a process, the system returns a file descriptor to an anonymous file in '/proc/PID/fd/' which is visible only in the filesystem.
Figure 1 shows a code snippet from the loader, containing the information it uses in order to decrypt the payload using the AES algorithm.
Figure 1. Loader code snippet via Alien Labs analysis.
The loader, written in Golang, is taken from the "Ezuri" code on GitHub via the user guitmz. This user originally created the ELF loader around March 2019, when he wrote a blog about the technique to run ELF executables from memory and shared the loader on his github. Additionally, a similar user ‘TMZ’ (presumably associated with the previously mentioned ‘guitmz’) posted this same code in late August, on a small forum where malware samples are shared.
The guitmz user even ran tests against VirusTotal to prove the efficiency of the code, uploading a detected Linux.Cephei sample (35308b8b770d2d4f78299262f595a0769e55152cb432d0efc42292db01609a18) with 30/61 AV detections in VirusTotal, compared to the zero AV detections by the same sample hidden with the Ezuri code (ddbb714157f2ef91c1ec350cdf1d1f545290967f61491404c81b4e6e52f5c41f).
|
Malware Tool Threat | ||
|
2021-01-06 19:08:48 | How to view stats on your Linux servers with Saidar (lien direct) | Jack Wallen introduces you to a tool that can help you view system statistics and resource usage on your Linux servers. | Tool | ★★ | |
 |
2021-01-06 16:58:00 | ElectroRAT Drains Crypto Wallets (lien direct) | Attacker creates fake companies and new remote access tool to steal cryptocurrency in year-long campaign | Tool | ||
|
2021-01-06 15:56:20 | Microsoft makes the Windows 10 File Recovery tool easier to use (lien direct) | Microsoft released today a new simplified version of the Windows File Recovery tool to test on the latest Windows 10 Insider build. [...] | Tool | ||
 |
2021-01-05 22:28:17 | RCE \'Bug\' Found and Disputed in Popular PHP Scripting Framework (lien direct) | Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases. | Tool | ||
|
2021-01-05 20:34:57 | Crypto-Hijacking Campaign Leverages New Golang RAT (lien direct) | Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users. | Tool | ||
|
2021-01-05 14:34:10 | Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th) (lien direct) | [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] | Tool | ||
|
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2021-01-05 04:59:54 | Ransomware Attacks Linked to Chinese Cyberspies (lien direct) | China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. | Ransomware Tool | APT 27 APT 27 | |
 |
2021-01-01 10:59:21 | GKE Auditor – Detect Google Kubernetes Engine Misconfigurations (lien direct) |  GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.
The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.
Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation
git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh
Usage
The tool has to be built by running the build.sh script first.
Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.
|
Tool | Uber | |
|
2020-12-30 16:01:41 | Google Docs bug could have allowed hackers to hijack screenshots (lien direct) | Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by […] | Tool | ||
|
2020-12-29 11:31:47 | (Déjà vu) CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365 (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments. The tool was developed to […] | Tool | ||
|
2020-12-29 03:21:53 | A Google Docs Bug Could Have Allowed Hackers See Your Private Documents (lien direct) | Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. | Tool Vulnerability | ||
|
2020-12-28 12:48:46 | CISA releases Azure, Microsoft 365 malicious activity detection tool (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. [...] | Tool | ||
|
2020-12-25 23:53:44 | CrowdStrike releases free Azure tool to review assigned privileges (lien direct) | CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike that threat actors attempted to read CrowdStrike’s emails by using a compromised Microsoft Azure reseller’s account. “Specifically, they […] | Tool Threat | ||
|
2020-12-25 14:08:50 | CrowdStrike releases free Azure security tool after failed hack (lien direct) | Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. [...] | Hack Tool Threat Guideline | ||
|
2020-12-22 11:00:01 | Five ways technology is helping get the COVID-19 vaccine from the manufacturer to the doctor\'s office (lien direct) | Pharma companies are using every tool in the digital transformation toolbox to make and deliver billions of doses safely and quickly. | Tool | ||
|
2020-12-20 09:55:11 | New Windows 10 tool lets you group your taskbar shortcuts (lien direct) | A new Windows 10 utility called TaskbarGroups lets you group shortcuts on the taskbar so they can easily be launched without taking up a lot of space. [...] | Tool |
To see everything:
Our RSS (filtrered)
