What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-06-04 13:55:05 | OilRig\'s Jason email hacking tool leaked online (lien direct) | A few hours ago, a new email hacking tool dubbed Jason and associated with the OilRig APT group was leaked through the same Telegram channel used to leak other tools. A new email hacking tool associated with the Iran-linked OilRig APT group was leaked through the same Telegram channel that in April leaked the source […] | Tool | APT 34 | |
 |
2019-06-04 00:16:01 | Report: No \'Eternal Blue\' Exploit Found in Baltimore City Ransomware (lien direct) | For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as "Robbinhood." Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by "Eternal Blue," a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it. | Ransomware Malware Tool | ★★★★★ | |
 |
2019-06-03 17:33:00 | New Iranian hacking tool leaked on Telegram (lien direct) | New Iranian hacking tool is named Jason and can be used to brute-force Microsoft Exchange email servers. | Tool | ||
 |
2019-06-03 12:56:01 | New Email Hacking Tool from OilRig APT Group Leaked Online (lien direct) | A tool for hijacking Microsoft Exchange email accounts allegedly used by the OilRig hacker group has been leaked online. The utility is called Jason and it is not detected by antivirus engines on VirusTotal. [...] | Tool | APT 34 | |
 |
2019-06-02 19:30:03 | Multiple WordPress Vulnerabilities Identified – Security Expert Comment (lien direct) | Researchers are warning of flaws in three WordPress plugins – Slick Popup, WP Live Chat Support and WP Database Backup – including one that remains unpatched. WordPress plugin Slick Popup has 7,000 active installs and provides a tool for displaying the Contact Form 7 as a popup on WordPress websites. However, researchers with Wordfence said that they … The ISBuzz Post: This Post Multiple WordPress Vulnerabilities Identified – Security Expert Comment | Tool | ||
 |
2019-05-30 13:00:00 | Using misinformation for security awareness engagement (lien direct) |
.jpg)
Have you noticed that people are just too busy to read important information you send to them? One of the problems with disseminating information, especially when it is about cybersecurity, is that there needs to be a balance between timing, priority, and cadence.
Timing is simply when the message is sent.
You may send a message of the utmost urgency, such as a warning about a ransomware outbreak. However, if you sent that message at 3AM, it will probably be ignored amidst all the other E-mails that arrived overnight in the recipient’s in box.
Priority is the importance of the message.
Yes, you can flag a message as high importance, or some similar setting in your mail client, however, your priorities are not necessarily the same as the recipients’, so your important message may not generate any heightened interest.
Cadence is the frequency of your messages.
Do you send too many messages? If you do, you run the risk of the “boy who cried wolf” problem, where people will just ignore most, if not all, of your messages.
What can you do to get someone to read the message, or at least retain the most important part of the message? Sure, you could write a single line message, but that would offer no context.
I recently ran into a problem when I needed to send a message warning of a voicemail phishing scam. I needed high engagement, yet I had previously sent another message about another security event, so my cadence was too tight, and my frequency too close. How could I engage the recipients to notice this message above the other?
One interesting technique of social engineers is to use misinformation, or concession. This technique, as well as many others, is explained beautifully in Chris Hadnagy’s book “Social Engineering – the Science of Human Hacking”.
Here is how I used it to grab the readers’ attention. First, I sent the message that many people may not have entirely focused on:
If you are a total grammar, (or typo) geek, you may notice the error I made in the sentence:
We do not use any system that requests a network password to retrieve a voice
message from and external site.
Once this message settled in, (or became buried beneath the recipients’ other priorities), I followed it with this message:
Using this deliberate error, and conceding to the error, the reader is not only drawn to the most important idea in the message, but the reader may actually go back to look more closely at the original message, which offers a better chance of the recipient internalizing the message.
Of course, the nature of this technique could be perceived as manipulative, however, no one was harmed through its use. Also, it certainly cannot be used too often. Like all good tools, its effectiveness becomes dulled with overuse. Again, this is also part of the balance of social engineering skills, and if you have not already read Chris Hadnagy’s book, it is highly recommended. He can teach you how to use, yet not abuse, some of the best techniques in the social engineering profession to excellent effect.
If used judiciously, concession is a powerful tool to engage a population suffering from information-overload. Tread lightly!
|
Ransomware Tool | ★★★★★ | |
 |
2019-05-29 20:16:09 | Your threat model is wrong (lien direct) | Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you've morphed the threat into something else that you'd rather deal with, or which is easier to understand.PhishingAn example is this question that misunderstands the threat of "phishing":Should failing multiple phishing tests be grounds for firing? I ran into a guy at a recent conference, said his employer fired people for repeatedly falling for (simulated) phishing attacks. I talked to experts, who weren't wild about this disincentive. https://t.co/eRYPZ9qkzB pic.twitter.com/Q1aqCmkrWL- briankrebs (@briankrebs) May 29, 2019The (wrong) threat model is here is that phishing is an email that smart users with training can identify and avoid. This isn't true.Good phishing messages are indistinguishable from legitimate messages. Said another way, a lot of legitimate messages are in fact phishing messages, such as when HR sends out a message saying "log into this website with your organization username/password".Recently, my university sent me an email for mandatory Title IX training, not digitally signed, with an external link to the training, that requested my university login creds for access, that was sent from an external address but from the Title IX coordinator.- Tyler Pieron (@tyler_pieron) May 29, 2019Yes, it's amazing how easily stupid employees are tricked by the most obvious of phishing messages, and you want to point and laugh at them. But frankly, you want the idiot employees doing this. The more obvious phishing attempts are the least harmful and a good test of the rest of your security -- which should be based on the assumption that users will frequently fall for phishing.In other words, if you paid attention to the threat model, you'd be mitigating the threat in other ways and not even bother training employees. You'd be firing HR idiots for phishing employees, not punishing employees for getting tricked. Your systems would be resilient against successful phishes, such as using two-factor authentication.IoT securityAfter the Mirai worm, government types pushed for laws to secure IoT devices, as billions of insecure devices like TVs, cars, security cameras, and toasters are added to the Internet. Everyone is afraid of the next Mirai-type worm. For example, they are pushing for devices to be auto-updated.But auto-updates are a bigger threat than worms.Since Mirai, roughly 10-billion new IoT devices have been added to the Internet, yet there hasn't been a Mirai-sized worm. Why is that? After 10-billion new IoT devices, it's still Windows and not IoT that is the main problem.The answer is that number, 10-billion. Internet worms work by guessing IPv4 addresses, of which there are only 4-billion. You can't have 10-billion new devices on the public IPv4 addresses because there simply aren't enough addresses. Instead, those 10-billion devices are almost entirely being put on private ne | Ransomware Tool Vulnerability Threat Guideline | FedEx NotPetya | |
|
2019-05-29 15:45:00 | YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan (lien direct) | A scam and malware campaign is underway on YouTube that uses videos to promote a "bitcoin generator" tool that promises to generate free bitcoins for its users. In reality, this scam is pushing the Qulab information-stealing and clipboard hijacking Trojan. [...] | Malware Tool | ||
 |
2019-05-29 09:30:00 | Apprendre à classer les chaînes de sortie pour l'analyse de logiciels malveillants plus rapide Learning to Rank Strings Output for Speedier Malware Analysis (lien direct) |
inverse, les enquêteurs médico-légaux et les intervenants incidents ont un arsenal d'outils à leur disposition pour disséquer des binaires de logiciels malveillants.Lors de l'analyse des logiciels malveillants, ils appliquent successivement ces outils afin de recueillir progressivement des indices sur la fonction binaire, de concevoir des méthodes de détection et de déterminer comment contenir ses dommages.L'une des étapes initiales les plus utiles consiste à inspecter ses caractères imprimables via le Strings .Un binaire contiendra souvent des chaînes si elle effectue des opérations comme l'impression d'un message d'erreur, la connexion à une URL, la création d'une clé de registre ou la copie
Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary\'s function, design detection methods, and ascertain how to contain its damage. One of the most useful initial steps is to inspect its printable characters via the Strings program. A binary will often contain strings if it performs operations like printing an error message, connecting to a URL, creating a registry key, or copying |
Malware Tool | ★★★★ | |
 |
2019-05-24 13:42:00 | Snapchat workers snooped on users with internal tool (lien direct) | Snapchat’s 186 million users may be in for a rude awakening today after revelation that multiple employees of the social media giant were able to abuse their power and snoop on members. Read more in my article on the Hot for Security blog. | Tool | ||
|
2019-05-21 21:30:03 | Another WannaCry May Be Coming – Are You Ready? (lien direct) | The vulnerability is severe enough that Microsoft took a pretty unusual step in releasing updates for Windows XP and Server 2003 in addition to currently supported versions of Windows that are affected. Unlike WannaCry, this threat is seen as extremely easy to exploit. It took a leaked NSA tool to exploit the WannaCry vulnerability, whereas the fear … The ISBuzz Post: This Post Another WannaCry May Be Coming – Are You Ready? | Tool Vulnerability Threat | Wannacry | |
 |
2019-05-21 14:40:05 | Gigamon Launches New Tool To Shine Light On Digital Apps Within the Enterprise. (lien direct) | Gigamon Application Intelligence provides visibility into complex digital apps, helping companies with their digital transformation A failure to transform digitally, and keep pace with the likes of Airbnb and Uber, has been cited as the main reason over half of the Fortune 500 companies have disappeared since 2000. But to successfully execute a digital transformation, […] | Tool | Uber | |
|
2019-05-21 13:00:00 | The future of stock market analysis (lien direct) |
.jpg)
Image Source: Pexels
Stock sales and trading play a huge role in the U.S. and global economy. Stock exchanges provide the backbone to the economic infrastructure of our nation, as they help companies to expand when they’re ready by offering the general public a chance to invest in company stock.
However, investing in the stock market can be a gamble. You need to understand the market and know what you’re doing in order to receive a return on your investment, which is why many people go through stock brokers.
In order to understand the market and make predictions about it, stock brokers and investors pay close attention to data that helps them understand market trends and where smart investments may be waiting.
However, over the last few years, advancements in technology have provided investors with a new and valuable tool to make informed investments: artificial intelligence. AI has seen a huge amount of growth over the last decade, and it has been adopted in the financial sector for its ability to process data and discover trends.
Machine learning algorithms can track patterns within data and make it easier for investors to make better decisions faster. What does AI’s role in investments mean for the future of stock market analysis?
AI-Powered Predictions
The stock market moves faster now than it did in the past, which means investors need to do the same. Oftentimes, investors are up tracking the pre-market before the market even opens in order to analyze the volume and movement of stocks, as this often changes soon after the market opens and throughout the day.
Investors are constantly analyzing mass sets of numbers, including stock prices, gains and losses, and the volume of stock movement at any given time. To get a good feeling for how stocks are or will be performing, brokers and firms will add stocks to a watchlist and track them for months to understand their movement in the trade.
This process requires the investor to keep track of trends and numbers over long periods of time; however, machine learning has begun to take over some of these steps. AI technology now provides investors with the market analysis history for potential investments, giving them the information they need to make data-driven decisions. The algorithms gauging market trends are able to simplify the process of gathering the information needed to make calls about future stock performance.
Although machine learning technology is able to make better and faster predictions based on data, there is an increased need for people who are able to make judgement calls. AI can interpret new information and analyze it against the context of stock market movement in the past, but it’s not capable of predicting market outcomes for information that it does not have or that hasn’t happened yet. This means people will continue to have the role they’ve always had, which is to find unique insights that will determine the data that is yet to come.
Career Planning Changes
Although machine lea |
Tool | ★★ | |
|
2019-05-17 14:18:04 | Cisco addressed a critical flaw in networks management tool Prime Infrastructure (lien direct) | Cisco had issued security updates to address 57 security flaw, including three flaws in networks management tool Prime Infrastructure. One of the flaws addressed by Cisco in the Prime Infrastructure management tool could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on PI devices. “Multiple vulnerabilities in the web-based management […] | Tool | ||
|
2019-05-16 13:08:02 | Microsoft renewed its Attack Surface Analyzer, version 2.0 is online (lien direct) | Microsoft has renewed its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies. The first version of the Attack Surface Analyzer 1.0 was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. The Analyzer has been released on GitHub, it […] | Tool | ||
 |
2019-05-16 11:11:05 | Microsoft Releases Attack Surface Analyzer 2.0 (lien direct) | Microsoft has rewritten its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies, the company announced this week. | Tool | ||
|
2019-05-13 18:50:03 | US Government Unveils New North Korean Hacking Tool (lien direct) | It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public … The ISBuzz Post: This Post US Government Unveils New North Korean Hacking Tool | Malware Tool Medical | APT 38 | |
|
2019-05-10 17:15:02 | The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More (lien direct) | This week the biggest news was the analysis of MegaCortex by Sophos. Then we had Dharma utilizing an ESET Remover tool as a distraction while the ransomware encrypted a victim's files. Finally, we had the Jokeroo RaaS pull an exit scam. [...] | Ransomware Tool | ||
|
2019-05-10 16:36:00 | Nigerian BEC Scammers Shifting to RATs As Tool of Choice (lien direct) | Scammers running business email compromise (BEC) fraud have grown in number, attack more often, and turn to remote access trojans as the preferred malware type to accompany their raids. [...] | Malware Tool | ||
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
|
2019-05-10 10:41:04 | North Korea debuts new Electricfish malware in Hidden Cobra campaigns (lien direct) | The tool is used to forge covert pathways out of infected Windows PCs. | Malware Tool | APT 38 | |
|
2019-05-08 19:49:00 | Google\'s Web Packaging standard arises as a new tool for privacy enthusiasts (lien direct) | Web Packaging will let site owners create signed versions of their pages to distribute via alternative channels. | Tool | ||
 |
2019-05-08 12:01:03 | Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats (lien direct) | Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources. | Tool | ||
|
2019-05-08 10:16:01 | Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims (lien direct) | A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. [...] | Ransomware Tool | ||
|
2019-05-08 06:54:03 | Cisco addresses a critical flaw in Elastic Services Controller (lien direct) | Cisco released security updates to address a critical vulnerability in its virtualized function automation tool Elastic Services Controller (ESC). Cisco has released security updates to address a critical vulnerability affecting its virtualized function automation tool, Cisco Elastic Services Controller (ESC). The flaw could be exploited by a remote attacker could be exploited by an unauthenticated, […] | Tool Vulnerability | ||
 |
2019-05-07 13:52:02 | PowerCat -A PowerShell Netcat (lien direct) | The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines. Table of Content Requirement & Installations Testing PowerShell Communication Bind Shell Execute Shell Tunnelling or port forwarding... Continue reading → | Tool | ||
|
2019-05-07 13:21:04 | Evil Clippy Makes Malicious Office Docs that Dodge Detection. (lien direct) | Security researchers brought to life and released a wicked variant of Clippy, the recently resurfaced assistant in Microsoft Office that we all loved so much to hate, that makes it more difficult to detect a malicious macro in documents. Dubbed Evil Clippy, the tool modifies Office documents at file format level to spew out malicious versions that […] | Tool | ||
 |
2019-05-07 11:56:04 | Cynet\'s Free Incident Response Tool - Stop Active Attacks With Greater Visibility (lien direct) | The saying that there are two types of organizations, those that have gotten breached and those who have but just don't know it yet, has never been more relevant, making the sound incident response a required capability in any organization's security stack.
To assist in this critical mission, Cynet is launching a free IR tool offering, applicable to both IR service providers in need of a |
Tool | ||
|
2019-05-07 11:15:00 | Buckeye APT group used Equation Group tools prior to ShadowBrokers leak (lien direct) | China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. China-linked APT group tracked as APT3 (aka Buckeye, APT3, UPS Team, Gothic Panda, and TG-0110) was using a tool attributed to the NSA-linked Equation Group more than one year prior […] | Tool | APT 3 | |
 |
2019-05-07 03:00:00 | How to get started using Ghidra, the free reverse engineering tool (lien direct) | The National Security Agency (NSA), the same agency that brought you blockbuster malware Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field. | Malware Tool | ||
 |
2019-05-06 11:00:00 | This Programming Tool Makes It Easier for Apps to Work Anywhere (lien direct) | WebAssembly was created by Mozilla to build applications for browsers, but it's increasingly finding a home in cloud computing centers. | Tool | ||
 |
2019-05-03 18:42:02 | How to create custom quick actions with Automator in macOS (lien direct) | Using the macOS Automator tool can simplify your mobile workflow. | Tool | ★★★★ | |
|
2019-04-29 16:49:01 | How to troubleshoot Apple mail connectivity issues with Connection Doctor (lien direct) | When you need to troubleshoot Apple Mail connectivity issues, the Connection Doctor tool will help you diagnose the problem. | Tool | ||
|
2019-04-29 16:44:00 | Botnet of Over 100K Devices Used to DDoS Electrum Servers (lien direct) | The malicious actors behind the DDoS attacks against Electrum Bitcoin wallet users have switched to a new malware loader for their botnet Trojan, after previously using the Smoke Loader tool and the RIG exploit kit. [...] | Malware Tool | ||
|
2019-04-27 12:55:02 | Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan (lien direct) | Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...] | Tool | ||
|
2019-04-25 08:01:01 | Carbanak Week Four partie partie: le joueur vidéo de bureau de Carbanak CARBANAK Week Part Four: The CARBANAK Desktop Video Player (lien direct) |
La première partie , la deuxième partie et la troisième partie de la semaine de Carbanak sont derrière nous.Dans ce dernier article de blog, nous plongeons dans l'un des outils les plus intéressants qui fait partie de l'ensemble d'outils Carbanak.Les auteurs de Carbanak ont écrit leur propre joueur vidéo et nous avons rencontré une capture vidéo intéressante de Carbanak d'un opérateur de réseau préparant un engagement offensant.Pouvons-nous le rejouer?
sur le lecteur vidéo
La porte dérobée de Carbanak est capable d'enregistrer la vidéo du bureau de la victime.Les attaquants auraient Viches de bureau enregistrées du flux de travail opérationnel de
Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBANAK of a network operator preparing for an offensive engagement. Can we replay it? About the Video Player The CARBANAK backdoor is capable of recording video of the victim\'s desktop. Attackers reportedly viewed recorded desktop videos to gain an understanding of the operational workflow of |
Tool | ★★★ | |
|
2019-04-24 14:50:04 | MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks (lien direct) | Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe's GDPR, NYDFS's cybersecurity requirements or even California's newly minted Consumer Privacy Act. What does this mean for company decision makers, going forward, especially as digital transformation and expansion of the […] | Tool | ||
|
2019-04-22 19:43:00 | Who\'s Behind the RevCode WebMonitor RAT? (lien direct) | The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. | Malware Tool Guideline | ||
|
2019-04-22 12:00:00 | Carbanak Week Première partie: un événement rare CARBANAK Week Part One: A Rare Occurrence (lien direct) |
Il est très inhabituel pour Flare d'analyser une porte dérobée en privé prolifique et développée pour que le code source et les outils d'opérateur tombent dans nos tours.Pourtant, c'est la circonstance extraordinaire qui ouvre la voie à Carbanak Week, une série de blogs en quatre parties qui commence par ce post.
Carbanak est l'une des délais les plus complets du monde.Il a été utilisé pour perpétrer des millions de dollars de délits financiers, en grande partie par le groupe que nous suivons comme |
Tool | ★★★ | |
 |
2019-04-19 22:21:04 | Checklist 134: Many Things, Revisited! (lien direct) | On this week's Checklist by SecureMac: Worried about your internet of things things? Princeton has a tool for that!, Worried about hotels and data security? You should be!, Apple's new steps against scammy subscriptions,and Facebook: amiright...? | Tool | ||
|
2019-04-16 08:17:00 | Adobe Flash security tool Flashmingo debuts in open source community (lien direct) | Flashmingo can be used to automatically search for Flash vulnerabilities and weaknesses. | Tool | ||
|
2019-04-16 06:13:04 | Command & Control: Ares (lien direct) | In this article, we will learn how to use Ares tool. This tool performs the Command and Control over the Web Interface. This tool can be found on GitHub. Table of Content: Introduction Installation Exploiting Target Command Execution Capturing Screenshot File Download Compressing Files Persistence Agent Clean Up Introduction Ares is a Python Remote Access... Continue reading → | Tool | ||
|
2019-04-14 18:40:03 | \'Land Lordz\' Service Powers Airbnb Scams (lien direct) | Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. | Tool | ||
|
2019-04-14 06:30:02 | Command & Control: WebSocket C2 (lien direct) | In this article, we will learn how to use WebSocket C2 tool. It is also known as WSC2. Table of Content: Introduction Installation Exploiting Target Command Execution File Download Introduction WSC2 is primarily a tool for post-exploitation. WSC2 uses the WebSocket and a browser process. This serves as a C2 communication channel between an agent,... Continue reading → | Tool | ||
|
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
|
2019-04-11 13:00:00 | DNS cache poisoning part 2 (lien direct) |
My last blog on DNS cache poisoning only covered the superficial aspects of this long-standing issue. This installment aims to give a bit more technical detail, and expose some of the tactics used by the "bad-actors" looking to leverage a poisoned DNS cache against you and your network. In a worst-case scenario, the results of a poisoned DNS cache could lead to more than just a headache: civil liability, phishing, increased DNS overhead, and other kinds of nightmares are too easy to overlook with this type of 'attack'.
So, you may be wondering, "What exactly makes a DNS cache poisoning attack so dangerous, and what can we do to prevent it?" Well, as outlined in my first article, not answering DNS requests on the web is a great place to start. If you're only running an internal DNS infrastructure, your attack-surface is much lower. However, this comes with a caveat; "internal-only" DNS attacks are much harder to detect, and can often go weeks or months before even the keenest of sysops recognize them. This has to do with the fundamental structure of DNS. Let me explain.
Fundamental structure of DNS
In a typical DNS server (e.g. Windows DNS, or BIND) there is little mechanism (e.g. NONE) to provide any sanity checking. In its simplest form, a DNS query will look to its local database (the 'cache') first, upon finding no answer for the request it will then send a lookup request to its configured DNS server (the one you hopefully manage) and see if it can find an answer for the request.
If this lookup fails a 2nd time, there is a 'forwarder' configuration that kicks in, and the request goes to a list of pre-specified DNS hosts that your server will send the request to, looking for a resolution to the name. If this final 'forward' lookup fails, the final lookup happens out on the internet, on one of the 'Root' nameservers that share a distributed list of all the DNS hosts that make up the TCP/IPv4 internet. If this final lookup fails, the original requesting client is returned with a 'DNS Name not found' answer, and the name will not resolve. At any point during this journey, a "faked" response can be issued, and the initiator will accept it. No questions asked.
Problems with the model
This model is good when we can trust each one of the segments in the process. However, even during the early days of the web - there were some issues that became apparent with the way DNS works. For example, what if the root servers are unavailable? Unless your local DNS server has a record of ALL of the domains on the web, or one of your 'forwarders' does - the DNS name will not resolve. Even if it is a valid domain, DNS will simply not be able to lookup your host.
There was an "attack" on several of the root servers in the late 1990's. Several of the root servers were knocked offline, effectively taking down the internet for a large portion of the USA. It was during this outage that many network operators realized a large oversight of the DNS system, and a push was made to distribute control of these systems to a variety of trustworthy and capable internet entities. At the time of this attack, much of the internet name resolution duties fell to a single entity: Yahoo. A DDoS of Yahoo effectively killed the internet. Sure, we could still get to our desired hosts via IP, but e-mail, for example, was not as resilient. It was a great learning lesson for the web community at-large.
This was just a denial-of-service at the highest level of the infrastructure. What would happen if the localized database on every computer in your organization had different "answers" for DNS lookups? Instead of consistent |
Tool Guideline | Yahoo | |
|
2019-04-10 16:35:03 | Google DLP Makes It Easier to Safeguard Sensitive Data Troves (lien direct) | Google's Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible. | Tool | ||
 |
2019-04-10 15:18:02 | Exodus Android spyware discovered in Apple\'s iOS platform (lien direct) | Android version of Exodus malware finds its way to iOS devices Researchers at cybersecurity firm Lookout recently discovered an iOS version of a powerful mobile phone spyware tool that is aimed at targeting iPhone users. Last month, researchers from a non-profit security organization, 'Security Without Borders', had reported the discovery of several Android versions (nearly 25) […] | Malware Tool | ||
|
2019-04-10 13:44:05 | How Mozilla uses AI to manage Firefox bug reports (lien direct) | The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report. | Tool | ||
|
2019-04-10 09:12:00 | Yoroi Welcomes “Yomi: The Malware Hunter” (lien direct) | Yomi's malware engine implements a multi-analysis approach that is able to exploit both: static analysis and behavioral analysis, enjoy it” Nowadays malware represents a powerful tool for cyber attackers and cyber criminals all around the world, with over 856 million of distinct samples identified during the last year it is, with no doubt, one of […] | Malware Tool |
To see everything:
Our RSS (filtrered)
