What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-16 20:56:00 | Kaspersky releases decryptor for ransomware based on Conti source code (lien direct) |
Cybersecurity firm Kaspersky on Thursday released a decryptor that could help victims who had their data locked down by a version of the Conti ransomware. Kaspersky said the tool can be used on a malware strain that infected dozens of “companies and state institutions” throughout December 2022. Kaspersky did not name the strain, but experts |
Ransomware Malware Tool | ★★ | |
 |
2023-03-16 16:31:10 | ReMarkable emits Type Folio keyboard cover for e-paper tablet (lien direct) | Distraction-free long-life e-ink handheld writing tool becomes a typing tool too... but leaves us conflicted Norwegian e-ink tablet maker reMarkable has launched the Type Folio, a keyboard cover, causing one Reg hack to feel strangely conflicted.… | Hack Tool | ★★ | |
 |
2023-03-16 10:30:00 | NCSC Calms Fears Over ChatGPT Threat (lien direct) | Tool won't democratize cybercrime, agency argues | Tool Threat | ChatGPT ChatGPT | ★★ |
 |
2023-03-15 17:49:06 | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs (lien direct) | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs - Malware Update | Ransomware Tool | ★ | |
 |
2023-03-15 17:25:05 | Police shut down cryptocurrency mixer linked to laundering more than $3 billion in criminal funds (lien direct) | North Korean hackers alone used the tool to launder bitcoin worth more than $700 million. | Tool | ★★ | |
 |
2023-03-15 11:00:34 | Can your SASE solution block these top malware? (lien direct) | >Malware is a go-to tactic and essential tool for attackers. According to Check Point Research’s 2023 Cyber Security Report, 32% of cyber attacks globally are based on multipurpose malware with email as the attack vector in 86% of those attacks. The most vicious malware are wipers, whose only purpose is to cause irreversible damage and… | Malware Tool | ★★ | |
 |
2023-03-15 11:00:00 | Chinese Silkloader cyber attack tool falls into Russian hands (lien direct) | Pas de details / No more details | Tool | ★★★ | |
 |
2023-03-14 18:17:21 | Cloud Threats Memo: Cyber Espionage Campaign Using Remote Access Tools (lien direct) | >Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload. Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader […] | Tool Cloud | ★★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
 |
2023-03-14 10:30:49 | The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia (lien direct) | ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group | Tool | ★★★ | |
 |
2023-03-10 21:15:14 | CVE-2023-0193 (lien direct) | NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | Tool Vulnerability | ||
|
2023-03-09 17:20:02 | ChatGPT: A tool for offensive cyber operations?! Not so fast! (lien direct) | ChatGPT: A tool for offensive cyber operations?! Not so fast! By John Borrero Rodriguez, Trellix - Opinion | Tool | ChatGPT | ★★ |
 |
2023-03-08 13:00:14 | Influence Techniques in Everyday Life: Sales (lien direct) | People in many different professions use social engineering as a tool in everyday life. In the case of sales, social […] | Tool | ★★★ | |
 |
2023-03-08 12:04:53 | OSV and the Vulnerability Life Cycle (lien direct) | Posted by Oliver Chang and Andrew Pollock, Google Open Source Security Team It is an interesting time for everyone concerned with open source vulnerabilities. The U.S. Executive Order on Improving the Nation's Cybersecurity requirements for vulnerability disclosure programs and assurances for software used by the US government will go into effect later this year. Finding and fixing security vulnerabilities has never been more important, yet with increasing interest in the area, the vulnerability management space has become fragmented-there are a lot of new tools and competing standards. In 2021, we announced the launch of OSV, a database of open source vulnerabilities built partially from vulnerabilities found through Google's OSS-Fuzz program. OSV has grown since then and now includes a widely adopted OpenSSF schema and a vulnerability scanner. In this blog post, we'll cover how these tools help maintainers track vulnerabilities from discovery to remediation, and how to use OSV together with other SBOM and VEX standards. Vulnerability Databases The lifecycle of a known vulnerability begins when it is discovered. To reach developers, the vulnerability needs to be added to a database. CVEs are the industry standard for describing vulnerabilities across all software, but there was a lack of an open source centric database. As a result, several independent vulnerability databases exist across different ecosystems. To address this, we announced the OSV Schema to unify open source vulnerability databases. The schema is machine readable, and is designed so dependencies can be easily matched to vulnerabilities using automation. The OSV Schema remains the only widely adopted schema that treats open source as a first class citizen. Since becoming a part of OpenSSF, the OSV Schema has seen adoption from services like GitHub, ecosystems such as Rust and Python, and Linux distributions such as Rocky Linux. Thanks to such wide community adoption of the OSV Schema, OSV.dev is able to provide a distributed vulnerability database and service that pulls from language specific authoritative sources. In total, the OSV.dev database now includes 43,302 vulnerabilities from 16 ecosystems as of March 2023. Users can check OSV for a comprehensive view of all known vulnerabilities in open source. Every vulnerability in OSV.dev contains package manager versions and git commit hashes, so open source users can easily determine if their packages are impacted because of the familiar style of versioning. Maintainers are also familiar with OSV's community driven and distributed collaboration on the development of OSV's database, tools, and schema. Matching The next step in managing vulnerabilities is to determine project dependencies and their associated vulnerabilities. Last December we released OSV-Scanner, a free, open source tool which scans software projects' lockfiles, SBOMs, or git repositories to identify vulnerabilities found in the | Tool Vulnerability | ★★★★ | |
|
2023-03-08 11:59:13 | Thank you and goodbye to the Chrome Cleanup Tool (lien direct) | Posted by Jasika Bawa, Chrome Security Team Starting in Chrome 111 we will begin to turn down the Chrome Cleanup Tool, an application distributed to Chrome users on Windows to help find and remove unwanted software (UwS). Origin story The Chrome Cleanup Tool was introduced in 2015 to help users recover from unexpected settings changes, and to detect and remove unwanted software. To date, it has performed more than 80 million cleanups, helping to pave the way for a cleaner, safer web. A changing landscape In recent years, several factors have led us to reevaluate the need for this application to keep Chrome users on Windows safe. First, the user perspective – Chrome user complaints about UwS have continued to fall over the years, averaging out to around 3% of total complaints in the past year. Commensurate with this, we have observed a steady decline in UwS findings on users' machines. For example, last month just 0.06% of Chrome Cleanup Tool scans run by users detected known UwS. Next, several positive changes in the platform ecosystem have contributed to a more proactive safety stance than a reactive one. For example, Google Safe Browsing as well as antivirus software both block file-based UwS more effectively now, which was originally the goal of the Chrome Cleanup Tool. Where file-based UwS migrated over to extensions, our substantial investments in the Chrome Web Store review process have helped catch malicious extensions that violate the Chrome Web Store's policies. Finally, we've observed changing trends in the malware space with techniques such as Cookie Theft on the rise – as such, we've doubled down on defenses against such malware via a variety of improvements including hardened authentication workflows and advanced heuristics for blocking phishing and social engineering emails, malware landing pages, and downloads. What to expect Starting in Chrome 111, users will no longer be able to request a Chrome Cleanup Tool scan through Safety Check or leverage the "Reset settings and cleanup" option offered in chrome://settings on Windows. Chrome will also remove the component that periodically scans Windows machines and prompts users for cleanup should it find anything suspicious. Even without the Chrome Cleanup Tool, users are automatically protected by Safe Browsing in Chrome. Users also have the option to turn on Enhanced protection by navigating to chrome://settings/security – this mode substantially increases protection from dangerous websites and downloads by sharing real-time data with Safe Browsing. While we'll miss the Chrome Cleanup Tool, we wanted to take this opportunity to acknowledge its role in combating UwS for the past 8 years. We'll continue to monitor user feedback and trends in the malware ecosystem, and when adversaries adapt their techniques again – which they will – we'll be at the ready. As always, please feel free to send us feedback or find us on Twitter @googlechrome. | Malware Tool | ★★★ | |
 |
2023-03-07 19:50:00 | Hacker Cracks Toyota Customer Search Tool (lien direct) | Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says. | Tool | ★★★★ | |
|
2023-03-07 16:30:00 | Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Cryptojacking, Phishing, Ransomware, Secure boot bypass, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT
(published: March 2, 2023)
In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe.
Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives.
MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | |
Ransomware Malware Tool Vulnerability Threat Medical | ★ | |
 |
2023-03-07 16:01:57 | Utilisation de l'analyse de la mémoire pour détecter les logiciels malveillants nullifiants EDR Using Memory Analysis to Detect EDR-Nullifying Malware (lien direct) |
> Dans le paysage de cybersécurité en constante évolution, les acteurs de la menace sont obligés d'évoluer et de modifier continuellement les tactiques, les techniques et les procédures (TTP) qu'ils utilisent pour lancer et maintenir les attaques avec succès.Ils modifient continuellement leurs logiciels malveillants et leurs méthodes d'exécution de commande pour échapper à la détection.Les attaquants dans ces cas tentent d'obtenir une longueur d'avance sur le logiciel de sécurité au niveau le plus élémentaire.Cependant, certaines techniques adoptent une approche différente, en visant plus dans la pile et en prenant directement des logiciels de sécurité.Les méthodes les plus effrontées consistent à tirer parti de divers outils qui terminent directement ou d'arrêt du logiciel de sécurité.En cas de succès, cette méthode est efficace pour donner un règne sans attaquant sur un système.Cependant, il est au coût potentiel d'alerter les utilisateurs ou les administrateurs que le logiciel a cessé de signaler de manière inattendue ou a été éteint.Qu'en est-il d'une technique qui vole un peu plus sous le radar?En novembre 2022, Trend Micro a publié un [& # 8230;]
>In the ever-changing cybersecurity landscape, threat actors are forced to evolve and continually modify the tactics, techniques, and procedures (TTPs) they employ to launch and sustain attacks successfully. They are continually modifying their malware and command-execution methods to evade detection. The attackers in these cases are attempting to get a step ahead of security software at the most basic level. However, some techniques take a different approach, aiming further up the stack and directly taking on security software. The most brazen methods involve leveraging various tools that directly terminate or shutdown security software. If successful, this method is effective at giving an attacker free reign on a system. However, it comes at the potential cost of alerting users or administrators that the software unexpectedly stopped reporting or was shut off. What about a technique that potentially flies a bit more under the radar? In November 2022, Trend Micro published a […] |
Malware Tool Threat Prediction | ★★★ | |
|
2023-03-07 13:15:00 | Just 10% of Firms Can Resolve Cloud Threats in an Hour (lien direct) | Tool bloat is making it harder to detect and contain attacks | Tool Cloud | ★★ | |
|
2023-03-07 00:46:00 | Machine Learning Improves Prediction of Exploited Vulnerabilities (lien direct) | The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching. | Tool | ★★★★ | |
 |
2023-03-07 00:00:00 | Un atelier de cyber-gamme passionnant à Bath Spa University, Dubaï An Exciting Cyber Range Workshop at Bath Spa University, Dubai (lien direct) |
En mars, Cyber Skills a été heureux d'organiser un atelier passionnant à Bath Spa University, Dubaï, axé sur la cyber-gamme et l'importance des compétences en cybersécurité.Le Dr Thomas Newe et le Dr Kashif Naseer Qureshi, tous deux de l'Université de Limerick, ont fourni une discussion fascinante sur la façon de vous assurer que vous avez une longueur d'avance sur les attaquants potentiels dans ce monde en constante évolution de la cyber-menace et des logiciels malveillants.L'atelier de deux heures a aidé les participants à en savoir plus sur le concept de la cyber-gamme à travers des exercices pratiques qui se sont construits sur des outils, des attaques et des scénarios du monde réel.Les sujets clés comprenaient l'analyse des logiciels malveillants potentiels, l'identification des services et l'analyse du protocole.
L'atelier a réuni des étudiants et des professeurs, qui ont montré un grand engagement avec le sujet.Un récent article de blog du département de l'informatique créative de l'Université Bath Spa a capturé la réaction positive à l'atelier, avec l'auteur Iftikhar un Khan disant,
L'atelier en ligne sur la cyber-gamme a été un grand succès et a atteint son objectif de sensibilisation à la cyber-protection.Les orateurs ont pu partager leurs connaissances et leurs expériences, et les participants ont pu apprendre des solutions pratiques pour se protéger contre les cyberattaques.
Tout en fournissant une discussion approfondie de la cyber-gamme, Drs.Newe et Qureshi ont également donné aux participants aux ateliers un aperçu de ces concepts et technologies à travers un environnement simulé.Via une série d'activités interactives, les participants ont pu mieux comprendre comment les concepts et les systèmes de cyber-gamme peuvent être un atout inestimable lors du test et de l'amélioration d'un système de cybersécurité.Des ateliers interactifs bien conçus comme celui-ci sont un outil inestimable dans la lutte continue contre les cyberattaques.
In March, Cyber Skills was pleased to host an exciting workshop at Bath Spa University, Dubai, focused on the cyber range and the importance of cyber security skills. Dr. Thomas Newe and Dr. Kashif Naseer Qureshi, both of University of Limerick, provided a fascinating discussion about how to make sure you are one step ahead of potential attackers in this constantly evolving world of cyber threat and malware. The two-hour workshop supported participants to learn about the concept of the cyber range through hands-on exercises that built upon real-world tools, attacks, and scenarios. Key topics included the analysis of potential malware, service identification, and protocol analysis. The workshop was attended by both students and faculty, who showed great engagement with the topic. A recent blog post from the Bath Spa University Creative Computing Department captured the positive reaction to the workshop, with author Iftikhar A Khan saying, The online workshop on the Cyber Range was a great success and achieved its objective of creating awareness about cyber protection. The speakers were able to share their knowledge and experiences, and the attendees were able to learn practical solutions for protecting against cyber-attacks. While providing an in-depth discussion of the cyber range, Drs. Newe and Qureshi also gave the workshop participants a first-hand look at these concepts and technologies through a simulated environment. Via a series of interactive activities, attendees were able to gain a deeper insight into how cyber range concepts and systems can be an invaluable asset when testing and improving a cyber security system. Well-designed, interactive workshops such as this are an invaluable tool in the ongoing fight against cyber-attacks. |
Malware Tool Threat | ★★ | |
|
2023-03-06 19:15:10 | CVE-2023-23939 (lien direct) | Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | Tool Vulnerability | ||
 |
2023-03-06 11:00:00 | What is firewall optimization? (lien direct) | Firewall optimization (also known as firewall analysis) is the process of analyzing and adjusting the configuration and policy set of a firewall to improve performance and security. This process involves reviewing and corelating log data and device configurations, identifying potential vulnerabilities and weaknesses, and providing recommendations for remediation. Performing these processes is complex, which is why tools like firewall analyzers are useful. They offer automation, visualization, and alerting to provide recommendations that can be used to reduce the risk of attack. What is the business impact of firewall optimization? Firewall optimization is important because it can help organizations improve their overall security, performance, and compliance, while also reducing costs and improving decision-making. This can ultimately contribute to better overall business performance. Firewall optimization can have a positive impact on a business's overall network security and performance. Some of the key benefits include: Improved security: Analyze configurations and log data to identify potential vulnerabilities and threats in the network and provide recommendations for remediation. This can help to reduce the risk of successful cyber-attacks and data breaches. Better performance: Improve overall network performance by identifying and addressing bottlenecks and inefficiencies in the firewall configuration. This can result in faster network speeds, more reliable connectivity, and better overall performance. Compliance: Comply with relevant regulations and standards, such as PCI DSS and HIPAA, by providing regular compliance reports and identifying potential compliance issues. Cost savings: By identifying and addressing inefficiencies and bottlenecks in the firewall configuration, firewall optimization can also help reduce costs associated with network maintenance and troubleshooting. Improved decision-making: Have a better understanding of the network security posture and the capabilities of the firewall. This allows organizations to make more informed decisions about their security strategy, and to better allocate resources for security initiatives. How is firewall optimization different from firewall management? Firewall optimization uses software tools like a firewall analyzer to find weaknesses and vulnerabilities in network attached devices. The inspection includes analyzing configurations and log data from security devices, such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). The primary features of a firewall optimization include: Log analysis: Review log data to understand utilization trends over time and recommend ways to enhance the performance of the firewall without compromising security. Configuration analysis and compliance reporting: Review running configurations of firewall devices regularly and include features for generating reports that show compliance with relevant regulations and standards, such as PCI DSS and HIPAA. Security analytics: Analytics capabilities allow users to visualize and analyze data from firewalls. This can help to identify trends and patterns that may indicate potential security threats. Alerting: Alerting features that notify users when potential threats or vulnerabilities are detected. Integration with other tools: Some firewall analyzers can be integrated with other security tools, such as vulnerability scanners or | Tool Vulnerability | ★★★ | |
 |
2023-03-06 04:18:49 | Stop Working in Silos: Integrating with APIs (lien direct) | Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many capabilities of a good tool can be broadened with the use of an Application Programming Interface (API) “Application Programming Interface” sounds like it's going to be an ominously complicated topic, but it's something you should take notice of when... | Tool | ★★ | |
|
2023-03-06 00:15:10 | CVE-2023-22344 (lien direct) | Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | Tool Vulnerability Cloud | ||
|
2023-03-03 19:09:13 | Online travel giant says it was not compromised through recently-discovered vulnerability (lien direct) |  Online travel agency giant Booking.com said Friday that it was not compromised through a vulnerability on the platform that was recently discovered by researchers. Several publications on Thursday reported that researchers from Salt Security said they found several critical security flaws on Booking.com and its sister company Kayak. The flaws involved the tool that allows [… |
Tool Vulnerability | ★★★ | |
|
2023-03-02 23:06:00 | CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds (lien direct) | The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. | Tool | ★★★ | |
|
2023-03-02 20:11:34 | Biden-Harris Administration Announces National Cybersecurity Strategy (lien direct) | oday, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society. - Opinion | Tool | ★★ | |
|
2023-03-02 04:15:11 | CVE-2023-26053 (lien direct) | Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue. | Tool | ||
|
2023-03-02 02:15:41 | CVE-2023-0196 (lien direct) | NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | Tool | ||
|
2023-03-02 00:00:00 | La Cyber Security Academy est de retour pour 2023 - en ligne, gratuite et aucune connaissance préalable requise The Cyber Security Academy is Back for 2023 - Online, Free and No Prior Knowledge Required (lien direct) |
Thecyber Security Academy est de retour pour une autre année!Rejoignez-nous en ligne pour notre académie de cybersécurité gratuite de 5 jours.Ceci est ouvert aux étudiants de 16e et 5e et 5e année âgés de 16 ans ou plus.Convient aux étudiants débutants et avancés.
Quand: du lundi 12 au vendredi 16 juin 2023
Heure: 11h00 à 15h00
Où: en ligne
Sans coût
Enregistrez votre intérêt sur www.cyberfutures.ie/cyberacademy/
Les étudiants qui terminent le cours reçoivent un badge numérique.
Qui dispense le cours? La Cyber Security Academy andcyberfutures est des initiatives de Cyerskills Andcyber Ireland.Le cours sera dispensé par des professeurs du projet Cyberskills avec le soutien en laboratoire des étudiants de recherche ATCYBERSKILLS \\ 'Partner Institutes, Munster Technological University, University of Limerick et Technological University Dublin.
Pourquoi participer au cours? L'objectif global de l'Académie à encourager un intérêt et une sensibilisation à la sécurité de la sécurité par le biais de la formation technique.Vous n'avez pas besoin d'avoir un niveau de connaissances techniques, car les exercices sont conçus pour accueillir à la fois les débutants complets et les étudiants ayant des connaissances techniques existantes.La cybersécurité fait partie de la vie quotidienne et des affaires, et si vous poursuivez un choix universitaire menant à la cybersécurité ou non, nous espérons que vous apprécierez ce cours et qu'il vous servira bien dans le futur.
Opportunités en Irlande. Le secteur de la cybersécurité a employé 7 350 * personnes en Irlande en 2022. Ce nombre augmente tout le temps à mesure que les entreprises cherchent à se protéger et à répondre aux cyber-menaces en cours.Cela signifie également qu'il y a une pénurie de compétences.L'industrie de la cybersécurité travaille avec des établissements universitaires en Irlande pour faire face à cette pénurie de compétences et s'assurer qu'il y aura une nouvelle génération de professionnels formés capables d'empêcher et de répondre aux attaques contre les affaires et la société bien dans le futur.
Sujets abordés à l'académie
La cryptographycrycryptographie fait partie intégrante de notre monde en ligne.Les achats en ligne, la banque et la communication reposent tous sur la cryptographie pour travailler efficacement.Dans le cadre de ce cours, vous apprendrez comment fonctionne cette cryptographie et comment vous pouvez configurer le chiffrement pour protéger tous vos propres messages et communications.
Le piratage éthique du piratage est légalement pénétré par les ordinateurs et les appareils pour tester les défenses d'une organisation.Dans le cadre de ce cours, vous développerez l'état d'esprit des pirates éthiques en apprenant les principes fondamentaux de la programmation en ligne de commande, des cadres d'attaque, des tests de pénétration et plus encore.
Capture-the-FLAG EXERCICAPTURE-the-Flag est un environnement amusant et sûr pour apprendre ce que font les pirates et les outils qu'ils utilisent.C'est l'occasion de pratiquer les compétences que vous acquériez de l'Académie alors que vous faites face à une série de défis amusants, de plus en plus difficile, alors que vous essayez de gagner le plus de points.Plutôt qu'une course, ce style de gameplay encourage le temps à aborder les défis de manière nouvelle et intéressante.
Comment se joindre à nous qui prennent maintenant des expressions d'intérêt pour le cours.Pour vous inscrire, veuillez vous rendre sur www.cyberfutures.ie/cyberacademy/we sera ensuite en contact pour finaliser les places sur le parcours.
* État du secteur de la cybersécurité en Irlande 2022, Cyber Skills and Cyber Ireland
The Cyber Security Academy is back for another year! Join us online for our 5-day FREE Cyber Security Academy. This is open to all 4th and 5th year students aged 16 years or above. Suitable for beginner and advanced students. When: Monday 12th to Friday 16th June 2023 Time: |
Tool Technical | ★★ | |
|
2023-03-01 11:59:44 | 8 ways to secure Chrome browser for Google Workspace users (lien direct) | Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices.  This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy.  Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection |
Ransomware Malware Tool Threat Guideline Cloud | ★★★ | |
|
2023-02-28 19:43:18 | White House faces deeply skeptical Congress as it advocates for controversial surveillance tool (lien direct) | >Section 702 of the Foreign Intelligence Surveillance Act, which expires in December, is in perhaps its most precarious position yet. | Tool | ★★ | |
 |
2023-02-28 19:29:00 | New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises (lien direct) | A new post-exploitation framework called EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. "It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool," CYFIRMA said in a new report. Some of the notable features include establishing a reverse shell | Ransomware Tool | ★★★★ | |
 |
2023-02-28 16:30:00 | Perspectives mandiantes de la Munich Cyber Security Conference 2023 Mandiant Perspectives from the Munich Cyber Security Conference 2023 (lien direct) |
Les cyber-capacités sont un outil de plus en plus important de Statecraft avec les opérations d'aujourd'hui reflétant de plus en plus les ambitions stratégiques et géopolitiques des sponsors gouvernementaux.Il est essentiel de connecter les défenseurs et les décideurs du réseau.
La Conférence de cybersécurité de Munich (MCSC) fournit donc un échange de bienvenue pour discuter des défis naissants auxquels la communauté de la cybersécurité est confrontée.La vice-présidente de l'intelligence mandiante Sandra Joyce et Google Cloud Ciso Phil Venables ont pris la parole lors de l'événement de cette année.
Ce billet de blog décrit les plats à retenir de MCSC 2023 et comment mandiant, maintenant une pièce
Cyber capabilities are an increasingly important tool of statecraft with today\'s operations increasingly reflecting the strategic and geopolitical ambitions of government sponsors. This makes it essential to connect network defenders and policymakers. The Munich Cyber Security Conference (MCSC), therefore, provides a welcome exchange to discuss nascent challenges facing the cyber security community. Both Mandiant Intelligence VP Sandra Joyce, and Google Cloud CISO Phil Venables spoke at this year\'s event. This blog post outlines key takeaways from MCSC 2023 and how Mandiant, now a part |
Tool Cloud Conference | ★★ | |
|
2023-02-28 16:15:00 | Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, DLL sideloading, Infostealers, Phishing, Social engineering, and Tunneling. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
WinorDLL64: A Backdoor From The Vast Lazarus Arsenal?
(published: February 23, 2023)
When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group.
Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations.
MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery | |
Ransomware Malware Tool Threat Medical Medical Cloud | APT 38 | ★ |
 |
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
 |
2023-02-28 12:25:03 | SAST Tools: How to Integrate and Scale Security Workflows in the SDLC (lien direct) | Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC). In this post, we'll walk through examples of how easily you can work with Veracode's SAST tools for first-party and third-party code scanning when using Azure DevOps and Visual Studio – and the different plugins available. Ticket Follow Up Let's start where all developers' workdays begin: the ticketing system. In this scenario, it's the Azure DevOps Workboard, and the idea is that you have run a SAST policy scan. A Veracode policy scan effectively tests at the integration or systems level. Through integration, the tool can automatically generate security bug tickets inside of Azure DevOps based on scan results. From the ticket… | Tool | ★★★ | |
|
2023-02-27 15:34:00 | PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks (lien direct) | The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy | Tool Prediction | ★★★ | |
|
2023-02-27 11:00:00 | Integrating Cybersecurity in UX design (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Image Source: Pexels Integrating Cybersecurity in UX design The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere. Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX. Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this. How are UX and Cybersecurity related? One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration. In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data. Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought. How can you plan effectively? As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole. Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences. | Tool Medical | ★★ | |
 |
2023-02-24 00:00:00 | Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool (lien direct) | Trend Micro's Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. | Tool Prediction | ★★★ | |
|
2023-02-23 23:30:05 | Suspected Russian NLBrute malware boss extradited to US (lien direct) | Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire.… | Malware Tool | ★★★ | |
|
2023-02-23 21:57:12 | Russian accused of developing password-cracking tool extradited to US (lien direct) |  A 28-year-old Russian malware developer was extradited to the U.S. where he could face up to 47 years in federal prison for allegedly creating and selling a malicious password-cracking tool. Dariy Pankov, also known as “dpxaker,” developed what the Department of Justice called “powerful” password-cracking program that he marketed and sold to other cybercriminals for a [… |
Malware Tool | ★★ | |
|
2023-02-23 21:30:23 | Popular IBM file transfer tool vulnerable to cyberattacks, CISA says (lien direct) |  A vulnerability in the IBM Aspera Faspex file transfer tool is actively being exploited by malicious hackers, CISA says |
Tool Vulnerability | ★★ | |
|
2023-02-23 19:02:13 | Hackers use ChatGPT phishing websites to infect users with malware (lien direct) |  Cyble says cybercriminals are setting up phishing websites that mimic the branding of ChatGPT, an AI tool that has exploded in popularity |
Malware Tool | ChatGPT | ★★★ |
|
2023-02-23 17:17:00 | Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (lien direct) | A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine. | Malware Tool Medical | APT 38 | ★ |
 |
2023-02-23 12:59:09 | Russian Accused of Developing NLBrute Malware Extradited to US (lien direct) | >A Russian malware developer behind the NLBrute brute-forcing tool has been extradited to the United States from Georgia. | Malware Tool | ★★ | |
 |
2023-02-23 12:36:04 | Russian malware dev behind NLBrute hacking tool extradited to US (lien direct) | A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. [...] | Malware Tool | ★★★ | |
|
2023-02-23 11:00:00 | Stories from the SOC - The case for human response actions (lien direct) | Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.
Executive summary
As we move towards more automation, we should remember the risk of over-automating, or at least make a conscious decision to accept the risks. This is especially important in automating response actions, which left unchecked could wreak havoc with day-to-day business operations.
Investigation
The alarm
One evening after normal business hours, an alarm came in indicating a software package attempting to execute on a server was auto-mitigated by SentinelOne. The software package was behaving in a way that was taken as attempting to evade detection by the SentinelOne agent and therefore rated as “Malicious” by the SentinelOne Artificial Intelligence logic. Since the server on which the software package was attempting to execute had a “Protect” policy applied, the auto-mitigation steps for a dynamically detected “Malicious” rating included killing and quarantining the process.
A “policy” setting in SentinelOne is the defined level of automated response activity the endpoint detection and response tool (EDR) has permission to perform for each grouping of assets. Whereas a “Detect” policy will create an alert that can be managed for post-investigation response actions, a policy setting of “Protect” will take automated response actions. The intrusion level of those automated response actions can be customized, but they all perform an automated action without a person looking at the situation first.
The below image is for an alarm for malware which ended up being process automation software
but nonetheless was automitigated (process killed) by SentinelOne as shown in the log excerpt below.
The business impact
The next morning, with business hours back in full swing, the customer reached out to us concerned about the result of the automated response action. The customer stated that the software package is a critical part of their business infrastructure and should never be stopped from executing. The software had been running on that same server the prior several months, since entering SOC monitoring.
The customer questioned why after several months with the SentinelOne agent running on the server did the agent suddenly believe the software package was malicious. We were not able the answer the question specifically since the decision-making behind identifying and rating a process as “Malicious” versus “Suspicious” or benign is a proprietary logic.
What we could state is that any EDR solution worth its price will continually update indicator of compromise (IOC) signatures. Any worthwhile EDR solution will also include not only static detection but also behavior-based dynamic detection. In the case of SentinelOne, there is the pre-execution behavior analysis that allows for process termination pre-execution as well. And of course, any software package run on a server is subject to updates for security, efficiency, or product feature upgrades.
Taken as a whole, it means any endpoint being protected is a very dynamic battleground with the potential for an updated software package that did not trigger IOC rules yesterday triggering tehm today. Or a non-updated software package may suddenly be identified as potently malicious due to updated machine learning IOC behavior analysis. Remember when |
Malware Tool | ★★★ | |
|
2023-02-23 10:30:19 | WinorDLL64: A backdoor from the vast Lazarus arsenal? (lien direct) | >The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group | Tool | APT 38 | ★★ |
To see everything:
Our RSS (filtrered)
