What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-21 08:33:03 | Experts found a critical vulnerability in the NSA Ghidra tool (lien direct) | A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is […] | Tool Vulnerability | ||
 |
2019-03-20 19:23:02 | Vulnerability in NSA\'s Reverse Engineering Tool Allows Remote Code Execution (lien direct) | A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. | Tool Vulnerability | ||
 |
2019-03-20 08:03:00 | (Déjà vu) Best Android antivirus? The top 11 tools (lien direct) | The following are the 11 best antivirus tools for Android, according to AV-TEST's November 2018 evaluations of 18 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six point max), usability (six points max) and features (one point max). Ten of the 11 Android antivirus software apps listed below received perfect protection and usability scores of 6.0. The other, F-Secure Mobile Security, lost a half point on the usability score. The apps are in alphabetical order. | Tool | ||
 |
2019-03-19 15:26:04 | Researcher Says NSA\'s Ghidra Tool Can Be Used for RCE (lien direct) | Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. | Tool Vulnerability | ||
 |
2019-03-19 13:00:00 | The NIST cybersecurity framework (CSF) and what it can do for you (lien direct) |
The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count). In addition, international organizations such as the Italian government, as well as private sector organizations including technology and education are using the framework.
Why is this?
If there’s one overarching theme of the NIST CSF when it comes to implementation, it’s that there’s no one-size-fits-all solution. Your risk profile, regulatory requirements, and financial and time constraints are unique, and the NIST CSF allows each organization to take these factors into account when implementing the CSF. Moreover, implementation is not an all-or-nothing proposition. Without the restrictions of a formal compliance regulation to hold you back, you are free to implement the NIST framework in whatever way best fits your business needs. Once you establish your unique, current profile and target profile, you can use the gaps between them as a tool to help prioritize improvement actions, based upon your budget and resources.
The NIST CSF allows you to establish or build upon your foundation by identifying what needs to be protected, implementing safeguards, and detecting, responding to, and recovering from events and incidents. In the simplest terms, NIST CSF defines outcomes based upon your unique threats and risks, as well as how you manage risks within your organization:
Know what you have and what you are facing
The NIST CSF calls on organizations to identify your data and the devices that store, transmit, and process information. This means you must have an inventory of data, the devices, the applications, and the underlying infrastructure that process and store that data.
Now that you know what data you have, you can identify threats and vulnerabilities in the environment. This allows you to focus on protecting the ‘riskiest’ assets or what is most valuable to your organization.
Put protection measures in place
Once you know what you need to protect, put measures in place to safeguard that data. Taking the approach of "We have a firewall. Our data is protected" is long gone. A layered approach to security is imperative protecting the connectivity layer, the application layer, and the device itself.
Monitor, monitor, monitor
There are always changing circumstances, even with the most mature security programs. That is why you must continually monitor the environment to detect events and potential incidents. Not only must you monitor but you must improve your monitoring strategy and technologies that you use. Detection must be efficient and effective - your organization can fall into one of these two buckets: you have been breached and you know it or you have been breached and you don’t know it. Continually optimize and tune the technologies and processes you have in place. You cannot respond to what you can’t detect.
Have a plan
Like we all know, it’s not if you get breached, it’s when. Having a formal, tested response plan that is known by the organization, its stakeholders, and responders is crucial. |
Tool | ||
 |
2019-03-19 10:12:01 | Command & Control Tool: Pupy (lien direct) | In this article, we will learn to exploit Windows, Linux and Android with pupy command and control tool. Table of Content : Introduction Installation Windows Exploitation Windows Post Exploitation Linux Exploitation Linux Post Exploitation Android Exploitation Android Post Exploitation Introduction Pupy is a cross-platform, post exploitation tool as well as a multi-function RAT. It's written... Continue reading → | Tool | ||
|
2019-03-18 13:00:00 | All about security analytics (lien direct) |
With or without a security operations center, and whether your network is on premises, in the cloud, or a hybrid, you need to determine which events and indicators correlate with cyber attacks. Organizations these days face a wider range and greater frequency of cyber threats than ever before. These threats can be from APTs (advanced persistent threats), cyberwarfare, promiscuous attacks through bots and botnets, script kiddies, malware-as-a-service via the Dark Web, or even internal attacks from entities within your organization. Everything from distributed denial of service attacks (DDoS) to cryptojacking, from man-in-the-middle attacks to spear phishing, from ransomware to data breaches hit businesses of all sizes and in all industries constantly and every single day. It’s perfectly normal to find it all to be overwhelming!
But implementing the right tools and practices can help you make sense of all of the cacophony. That’s where cybersecurity analytics can be useful. Several years ago, security analytics became something of a buzzword, but it’s as relevant now as ever.
Cybersecurity data analytics explained
So what is it exactly? It’s actually quite simple.
Security analytics isn’t one particular type of tool or system. It is a way of thinking about cybersecurity proactively. It involves analyzing your network’s data from a multitude of sources in order to produce and maintain security measures. It’s all about aggregating data from every possible source and finding the “forests” that all of those “trees” of logs and other recorded details are a part of. Of course, being able to identify the “forests” can make it easier to not only put out “forest fires” of cyber attacks, but also prevent “forest fires” in the future.
Security analytics sources and tools
Here are some of the different types of data sources which can be used in your cybersecurity analytics practices:
Cloud resources
User data acquired from endpoints
Logs from network security appliances, such as firewalls, IPS, and IDS
Network traffic and its patterns
Identity and access management logs
Threat intelligence
Geolocation data
Mobile devices and storage mediums connected via WiFi, Ethernet, and USB
Antivirus applications
Business specific applications
There are some types of tools which your network can deploy which pertain to cybersecurity analytics. They include:
Code analysis applications to find vulnerabilities in software and scripting
File analysis tools to explore files in ways which may go beyond malware detection
Log analysis applications for firewalls, IDS, IPS, networked print devices, servers, and endpoints
SOC (security operations center) specific applications to organize data in a way which is useful for their functions
DLP (data loss prevention) tools
Security analytics use cases
Properly implemented cybersecurity analytics can not only improve your network’s security posture, but also help your organization with regulatory compliance needs. There are many industry-specific regulations which require log data collection and activity monitoring. HIPAA and PCI-DSS are just a couple of them.
It can even help show your organization’s stakeholders and management which security measures and policies are useful and worthy of investment.
Using an analytics approach and the right tools have the benefit of being able to |
Ransomware Malware Tool Threat Guideline | ||
 |
2019-03-15 12:00:00 | Facebook debuts AI tool to tackle revenge porn (lien direct) | A new support service has also been launched to tackle the spread of intimate images without consent. | Tool | ||
 |
2019-03-15 11:00:00 | Dissection d'une campagne de phishing de réseau Dissecting a NETWIRE Phishing Campaign\\'s Usage of Process Hollowing (lien direct) |
Introduction
Les auteurs de logiciels malveillants tentent d'échapper à la détection en exécutant leur charge utile sans avoir à écrire le fichier exécutable sur le disque.L'une des techniques les plus couramment vues de cette exécution "sans fil" est l'injection de code.Plutôt que d'exécuter directement les logiciels malveillants, les attaquants injectent le code de malware dans la mémoire d'un autre processus qui est déjà en cours d'exécution.
En raison de sa présence sur toutes les machines Windows 7 et ultérieures et le grand nombre de fonctionnalités prises en charge, PowerShell est un outil préféré des attaquants depuis un certain temps.Fireeye a publié plusieurs rapports où PowerShell était
Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the malware code into the memory of another process that is already running. Due to its presence on all Windows 7 and later machines and the sheer number of supported features, PowerShell has been a favorite tool of attackers for some time. FireEye has published multiple reports where PowerShell was |
Malware Tool | ★★★ | |
|
2019-03-14 16:41:05 | Code Execution Flaw Found in Sonatype Nexus Repository Manager (lien direct) | A critical remote code execution vulnerability has been found and patched in Sonatype's Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. | Tool Vulnerability | ||
 |
2019-03-13 14:04:02 | Mozilla\'s Iodide tool helps data scientists write interactive reports (lien direct) | The experimental data science tool is meant to help professionals create interactive documents using web technologies within a familiar workflow. | Tool | ||
|
2019-03-13 11:00:00 | Breaking the Bank: faiblesse des demandes d'IA financières Breaking the Bank: Weakness in Financial AI Applications (lien direct) |
Actuellement, les acteurs de la menace ont un accès limité à la technologie requise pour mener des opérations perturbatrices contre les systèmes d'intelligence artificielle financière (IA) et le risque de ce type de ciblage reste faible.Cependant, il existe un risque élevé d'acteurs de la menace tirant parti de l'IA dans le cadre des campagnes de désinformation pour provoquer une panique financière.À mesure que les outils financiers de l'IA deviennent plus courants, les méthodes contradictoires pour exploiter ces outils deviendront également plus disponibles, et les opérations ciblant l'industrie financière seront de plus en plus probables à l'avenir.
composés AI à la fois l'efficacité et le risque
financi
Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence (AI) systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation campaigns to cause financial panic. As AI financial tools become more commonplace, adversarial methods to exploit these tools will also become more available, and operations targeting the financial industry will be increasingly likely in the future. AI Compounds Both Efficiency and Risk Financi |
Tool Threat | ★★★ | |
|
2019-03-12 10:00:00 | Aller atomique: regroupement et association de l'activité des attaquants à grande échelle Going ATOMIC: Clustering and Associating Attacker Activity at Scale (lien direct) |
À Fireeye, nous travaillons dur pour détecter, suivre et arrêter les attaquants.Dans le cadre de ce travail, nous apprenons beaucoup d'informations sur le fonctionnement des divers attaquants, y compris des détails sur les logiciels malveillants couramment utilisés, les infrastructures, les mécanismes de livraison et d'autres outils et techniques.Ces connaissances sont construites plus de centaines d'enquêtes et de milliers d'heures d'analyse chaque année.Au moment de la publication, nous avons 50 groupes APT ou FIN, chacun ayant des caractéristiques distinctes.Nous avons également collecté des milliers de grappes \\ 'non caractérisées \' d'activité connexe sur laquelle nous n'avons pas encore fait
At FireEye, we work hard to detect, track, and stop attackers. As part of this work, we learn a great deal of information about how various attackers operate, including details about commonly used malware, infrastructure, delivery mechanisms, and other tools and techniques. This knowledge is built up over hundreds of investigations and thousands of hours of analysis each year. At the time of publication, we have 50 APT or FIN groups, each of which have distinct characteristics. We have also collected thousands of uncharacterized \'clusters\' of related activity about which we have not yet made |
Tool | ★★★★ | |
|
2019-03-12 09:12:02 | Command and Control Guide to Merlin (lien direct) | In this article, we learn how to use Merlin C2 tool. It is developed by Russel Van Tuyl in Go language. Table of content: Introduction Installation Windows exploitation Windows post exploitation Linux exploitation Linux post exploitation Introduction Merlin is great cross platform Command and control tool written in Go language. It's made of two elements... Continue reading → | Tool | ||
|
2019-03-11 17:24:05 | How to install the OpenVAS security audit tool on Ubuntu Server 18.04 (lien direct) | Learn how to install the open source security audit tool, OpenVAS, on the Ubuntu Server platform. | Tool | ||
 |
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability | ||
|
2019-03-08 17:21:00 | (Déjà vu) How to install Magento with NGINX and Letsencrypt (lien direct) | If you have a need for an e-commerce solution in your data center, look no further than Magento. Find out how to install this flexible tool on Ubuntu Server 18.04. | Tool | ||
 |
2019-03-08 14:54:00 | Termite and EarthWorm testing tool weaponized to create multi-platform botnet. (lien direct) | Hackers are leveraging Termite and EarthWorm, packet relay tools written by an employee of Beijing-based security research firm 360Netlab, to create a botnet of Internet of Things (IoT) devices, according to a report by AT&T Cybersecurity (formerly AlienVault). Source: Tech Republic | Tool | ||
|
2019-03-08 14:37:00 | How China Exploits Social Media to Influence American Public (lien direct) | The growth of Russia's attempts to manipulate American public opinion since 2015 is well known and documented. At heart, it is basic political propaganda -- which is an accepted tool of international diplomacy. Russia, however, is commonly perceived as having over-stepped the mark by actively seeking to sow discord, weaken western democracy, and influence elections. | Tool | ||
|
2019-03-08 13:42:05 | nps_payload: An Application Whitelisting Bypass Tool (lien direct) | In this article, we will create payloads using a tool named nps_payload and get meterpreter sessions using those payloads. This tool is written by Larry Spohn and Ben Mauch. Find this tool on GitHub. Attacker: Kali Linux Target: Windows 10 Table of Content: Downloading and Installing Getting session using MSBuild Getting session using MSBuild HTA... Continue reading → | Tool | ||
 |
2019-03-08 11:30:00 | 5 Reasons why you should have set up a SIEM yesterday (lien direct) | By Jake Anthony, Senior Sales Engineering Manager, LogPoint While it's becoming clear, that Security Information and Event Management (SIEM) solutions like LogPoint is the cornerstone of corporate cybersecurity, it is not necessarily a tool found in any enterprise. See below for 5 reasons why you should have set up a SIEM tool yesterday. Reason #1: [...] | Tool | ||
 |
2019-03-07 16:15:03 | The NSA Makes Ghidra, A Powerful Cybersecurity Tool, Open Source (lien direct) | It has been reported that the NSA has released an open-source, reverse-engineering, hacking tool, called Ghidra into the public domain. “There's really no downside to releasing Ghidra"… The NSA Makes Its Powerful Cybersecurity Tool Open Source https://t.co/bG1XkJVxPi via @WIRED — Nicolai Fink Gundersen (@NFGMBA) March 7, 2019 Experts Comments below: Adam Brown, Manager of Security Solutions at Synopsys: “Ghidra made … The ISBuzz Post: This Post The NSA Makes Ghidra, A Powerful Cybersecurity Tool, Open Source | Tool | ||
|
2019-03-07 14:39:04 | Termite and EarthWorm testing tool weaponized to create multi-platform botnet (lien direct) | Hacker groups in Asia have weaponized the networking and pentesting tools in a series of attacks first identified in March 2018, as well as the high-profile SingHealth attack. | Tool | ||
|
2019-03-06 12:12:03 | NSA Makes Reverse Engineering Tool Freely Available (lien direct) | The United States National Security Agency (NSA) this week released its in-house reverse engineering tool Ghidra to the public, for free. | Tool | ||
|
2019-03-06 00:38:00 | NSA Releases GHIDRA 9.0 - Free, Powerful Reverse Engineering Tool (lien direct) | The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.
GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) |
Tool | ||
 |
2019-03-05 22:20:02 | Clever Tool Uses Apple\'s Videogame Logic Engine to Protect Macs (lien direct) | A new Mac security service called GamePlan uses a system's own indicators, and some videogame magic, to keep a lookout. | Tool | ||
|
2019-03-05 16:49:03 | Save time and hassle writing clean-formatted text with Byword 2 (lien direct) | If you need to draft clean, uncorrupted copy on a Mac, try Byword 2. The elegant little Markdown-compatible writing tool might become your new favorite app. | Tool | ||
 |
2019-03-05 10:34:01 | DeepSound – Audio Steganography Tool (lien direct) |  DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks.
This audio steganography tool can be used as copyright marking software for wave, flac, wma, ape, and audio CD.
DeepSound also support encrypting secret files using AES-256(Advanced Encryption Standard) to improve data protection. The application additionally contains an easy to use Audio Converter Module that can encode several audio formats (FLAC, MP3, WMA, WAV, APE) to others (FLAC, MP3, WAV, APE).
Read the rest of DeepSound – Audio Steganography Tool now! Only available at Darknet.
|
Tool | ||
|
2019-03-05 00:13:05 | Google Launches Backstory - A New Cyber Security Tool for Businesses (lien direct) | Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats.
Network infrastructures at most enterprises regularly generate enormous amounts of network |
Tool Threat | ||
 |
2019-03-04 14:13:05 | Windows 10 IoT Core Test Interface Lets Attackers Take Over Devices (lien direct) | Embedded and IoT cable-connected devices running Microsoft's Windows 10 IoT Core are exposed to remote command execution attacks with SYSTEM privileges that require no authentication, with the help of an open source RAT tool released on GitHub. [...] | Tool | ||
 |
2019-03-01 16:00:01 | JAVA-VBS Joint Exercise Delivers RAT (lien direct) | 
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]
|
Malware Tool | ||
|
2019-02-28 16:30:00 | Série de scripts Flare: récupération de stackstrings en utilisant l'émulation avec des irontrements FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings (lien direct) |
Cet article de blog poursuit notre série de scripts où l'équipe de la FireEye Labs Advanced Reverser Engineering (Flare) partage des outils pour aider la communauté d'analyse des logiciels malveillants.Aujourd'hui, nous publions ironstrings : Une nouvelle idapythonscript pour récupérer les stackstrings à partir de logiciels malveillants.Le script exploite l'émulation de code pour surmonter cette technique d'obscurcissement de la chaîne commune.Plus précisément, il utilise notre Outil, qui combine IDA Pro et le moteur d'émulation Unicorn.Dans cet article de blog, j'explique comment notre nouveau script utilise Flare-EMU pour récupérer les stackstrings à partir de logiciels malveillants.De plus, je discute de Flare-emu \'s Event Hooks
This blog post continues our Script Series where the FireEye Labs Advanced Reverse Engineering (FLARE) team shares tools to aid the malware analysis community. Today, we release ironstrings: a new IDAPython script to recover stackstrings from malware. The script leverages code emulation to overcome this common string obfuscation technique. More precisely, it makes use of our flare-emu tool, which combines IDA Pro and the Unicorn emulation engine. In this blog post, I explain how our new script uses flare-emu to recover stackstrings from malware. In addition, I discuss flare-emu\'s event hooks |
Malware Tool | ★★★★ | |
|
2019-02-28 12:24:05 | Polaris Software Integrity Platform Enables Security and Development Teams To Build Secure, High-Quality Software Faster. (lien direct) | With the most recent estimate of the average cost of a breach at $3.86 (a 6.4% increase since the previous year), and with 84% of breaches occurring in the application layer, application security is a growing concern among organisations of every sector. The need for an integrated, efficient tool for developers to monitor the security […] | Tool | ||
|
2019-02-27 15:33:00 | Facebook will introduce \'clear history\' tool this year: CFO. (lien direct) | Facebook Inc will introduce a tool allowing users to clear their browsing history this year, which will affect the company's ability to target advertisements, Chief Financial Officer David Wehner told an investment conference on Tuesday. Facebook announced plans for a “Clear History” product last year, but technical challenges have delayed its implementation. Source: Reuters | Tool | ||
|
2019-02-27 15:00:05 | Can this solution slash the cost of enterprise 5G network build-out? (lien direct) | A new tool from HERE Technologies, Shields, and Infosys claims it will cut the cost of RF designs by more than 40%. | Tool | ||
|
2019-02-27 14:00:01 | Ansible overtakes Chef and Puppet as the top cloud configuration management tool (lien direct) | Organizations are moving to multicloud. Here are the 10 most popular cloud configuration management tools for enterprises and SMBs, according to RightScale and Flexera. | Tool | ||
|
2019-02-26 15:00:01 | How to use LinkedIn to find a job with a higher salary (lien direct) | Salary rates are one of the top motivating factors for today's workforce. Here's how LinkedIn's latest tool helps promote salary transparency. | Tool | ||
|
2019-02-25 17:14:03 | Google\'s Digital Wellbeing: An important tool for limiting your screen time (lien direct) | Google's Digital Wellbeing gives us an eye-opening look at our app and screen usage. Jack Wallen discusses its features and explains why this tool is more important than ever. | Tool | ||
|
2019-02-25 03:50:05 | GoBuster – Directory/File & DNS Busting Tool in Go (lien direct) |  GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.
The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..
… something that didn't have a fat Java GUI (console FTW).
… to build something that just worked on the command line.
… something that did not do recursive brute force.
Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.
|
Tool | ||
|
2019-02-23 18:43:02 | Report: Apps Give Facebook Sensitive Health and Other Data (lien direct) | Several phone apps are sending sensitive user data, including health information, to Facebook without users' consent, according to a report by The Wall Street Journal. An analytics tool called "App Events" allows app developers to record user activity and report it back to Facebook, even if the user isn't on Facebook, according to the report . | Tool | ||
|
2019-02-22 14:12:00 | 19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support (lien direct) | A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...] | Tool Vulnerability | ||
|
2019-02-21 15:05:04 | 19-Year-Old WinRAR Flaw Plagues 500 Million Users (lien direct) | Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR. | Tool | ||
|
2019-02-21 14:25:04 | How to install Matomo Web Analytics on Ubuntu 18.04 (lien direct) | The Matomo website analytic tool lets you analyze traffic to your cloud and other servers. | Tool | ||
|
2019-02-21 13:47:04 | WinRAR Vulnerability Exposes Millions of Users to Attacks (lien direct) | WinRAR, the popular data compression tool utilized by over 500 million users worldwide, is affected by a serious vulnerability that can allow arbitrary code execution through specially crafted ACE archives. | Tool Vulnerability | ||
|
2019-02-20 15:00:00 | Don\'t Toss That Busted Toy Just Yet-Grab a Multimeter (lien direct) | This essential tool lets you measure the electric current and voltage of a circuit. Here's what you need to know to use it correctly. | Tool | ||
|
2019-02-20 05:47:00 | BrandPost: Addressing Today\'s Risks Requires Reliable Threat Intelligence (lien direct) | Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don't support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions. | Tool Threat | ||
|
2019-02-19 15:06:01 | How to use RoboForm to create and secure your website passwords (lien direct) | RoboForm is an effective tool for creating and managing your website passwords. Learn how to use this password management tool. | Tool | ||
|
2019-02-19 11:17:01 | (Déjà vu) GandCrab Decrypter Available for v5.1, New 5.2 Variant Already Out (lien direct) | A free file decryption tool is available for users whose computers got infected with the latest confirmed versions of GandCrab. It can unlock data encrypted by versions 4 through 5.1 of the malware, and some earlier releases of the threat. [...] | Tool | ||
|
2019-02-19 11:17:01 | (Déjà vu) GandCrab Decrypter Available for v5.1, New Variant Already Out (lien direct) | A free file decryption tool is available for users whose computers got infected with the latest confirmed versions of GandCrab. It can unlock data encrypted by versions 4 through 5.1 of the malware, and some earlier releases of the threat. [...] | Tool | ||
|
2019-02-18 08:51:02 | Free Tool: Honey Feed (lien direct) | Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. Hi folks, today I'd like to point you out another tool of mine which extracts suspicious IPs from undesired connections. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over […] | Tool |
To see everything:
Our RSS (filtrered)
