What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-17 20:46:21 | New firefighting tool delivers water directly to blazing EV batteries (lien direct) | Technique uses less water to bring battery temps down to normal. | Tool | ||
 |
2021-11-17 19:15:08 | CVE-2021-0096 (lien direct) | Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | Tool | ||
|
2021-11-17 19:15:08 | CVE-2021-33089 (lien direct) | Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | Tool | ||
|
2021-11-17 19:15:08 | CVE-2021-33090 (lien direct) | Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | Tool | ||
 |
2021-11-16 20:48:00 | macOS Monterey includes an absolute gem of a feature for those looking to up their efficiency game (lien direct) | With macOS Monterey comes a tool that can help you create user friendly, repeatable actions to help optimize your daily life in numerous ways. | Tool | ||
 |
2021-11-16 17:34:00 | Anomali Cyber Watch: REvil Affiliates Arrested, Electronics Retail Giant Hit By Ransomware, Robinhood Breach, Zero Day In Palo Alto Security Appliance and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data breach, Data leak, Malspam, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
(published: November 8, 2021)
US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert about advanced persistent threat (APT) actors exploiting vulnerability in self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. PaloAlto, Microsoft & Lumen Technologies did a joint effort to track, analyse and mitigate this threat. The attack deployed a webshell and created a registry key for persistence. The actor leveraged leased infrastructure in the US to scan hundreds of organizations and compromised at least nine global organizations across technology, defense, healthcare and education industries.
Analyst Comment: This actor has used some unique techniques in these attacks including: a blockchain based legitimate remote control application, and credential stealing tool which hooks specific functions from the LSASS process. It’s important to make sure your EDR solution is configured to and supports detecting such advanced techniques in order to detect such attacks.
MITRE ATT&CK: [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Credentials in Files - T1081 | [MITRE ATT&CK] Brute Force - T1110 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hooking - T1179 | [MITRE ATT&CK] Registry Run Keys / Startup Folder - T1060 | [MITRE ATT&CK] Pass the Hash - T1075
Tags: Threat Group 3390, APT27, TG-3390, Emissary Panda, WildFire, NGLite backdoor, Cobalt Strike, Godzilla, PwDump, beacon, ChinaChopper, CVE-2021-40539, Healthcare, Military, North America, China
REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom
(published: November 9, 2021)
A 22 year old Ukranian national named Yaroslav Vasinskyi, has been charged with conducting ransomware attacks by the U.S Department of Justice (DOJ). These attacks include t |
Ransomware Data Breach Malware Tool Vulnerability Threat Medical | APT 38 APT 27 APT 1 | |
|
2021-11-16 14:00:00 | How Nobl9\'s new tool could help developers tame technical debt (lien direct) | Commentary: Tech debt is a major hurdle to developer productivity. Nobl9's new Hydrogen is here to help. | Tool | ||
 |
2021-11-16 13:16:47 | BlackMatter Uses New Custom Data Exfiltration Tool (lien direct) | FortiGuard Labs is aware that a BlackMatter ransomware affiliate started to use a new custom data exfiltration tool called "Exmatter". The tool is used to steal specific file types from predetermined directories and upload them to an attacker's server. This process happens before the ransomware is deployed to the victim's network.Why is this Significant?This is significant because Exmatter appears to target specific file types which the attacker thinks are valuable so it can steal them as quickly as possible. That allows the attacker to spend less time on the network before deploying the BlackMatter ransomware.What File Types is Exmatter Designed to Steal?According to security vendor Symantec, files with the following file extensions on the compromised machine are targeted by Exmatter: .doc.docx.xls.xlsx.pdf.msg.png.ppt.pptx.sda.sdm.sdw.csv.xlsm.zip.json.config.ts.cs.js.asp.pstAre There Multiple Versions of Exmatter?According to the security vendor, there are at least four versions of Exmatter that were used by a BlackMatter affiliate. Newer versions include additional file extensions to steal, as well as specific strings in file names that Exmatter excludes from the exfiltration targets. One directory target was shortened so that Exmatter can search for more files for exfiltration. Also SFTP server details used for uploading the stolen data were updated with Webdav to serve as a backup in case the SFTP transmission did not work.What is the Significance of the Updates Made to Exmatter?It is significant because the attacker used lessons learned from the networks of previous victims to update Exmatter to make data exfiltration more efficient and effective against future victims.What does FortiGuard Labs Know About BlackMatter Ransomware?BlackMatter ransomware is a fairly new Ransomware-as-a-Service (RaaS) and was discovered in late July 2021. The group posted ads on hacking forums recruiting affiliates and asking to buy access to compromised corporate networks to deploy ransomware. FortiGuard Labs has previously released two Threat Signals on BlackMatter ransomware. See the Appendix for a link to the Threat Signal, "Meet BlackMatter: Yet Another RaaS in the Wild" and to the Threat Signal, "Joint CyberSecurity Advisory on BlackMatter Ransomware (AA21-291A)."What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against Exmatter:MSIL/Agent.7AAD!trW32/Crypt!trPossibleThreatAll Network IOC's related to this threat are blocked by the FortiGuard WebFiltering Client. | Ransomware Tool Threat | ||
 |
2021-11-11 17:00:01 | Google debuts ClusterFuzzLite security tool for CI, CD workflows (lien direct) | The fuzzing solution is set to bolster software supply chain security. | Tool | ||
|
2021-11-11 16:04:21 | How to tame cloud infrastructure sprawl with open source CloudQuery (lien direct) | Commentary: The cloud makes infrastructure sprawl easier and worse than ever. Here's an open source tool to help you keep it in control. | Tool | ||
|
2021-11-11 15:42:13 | How to easily transfer files between computers with croc (lien direct) | If you're looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job. | Tool | ||
|
2021-11-10 16:53:37 | Unity purchases Weta Digital\'s visual-effects tool suite for $1.6 billion (lien direct) | Major deal continues the slow merging of movie-creation and game-creation tools. | Tool | ||
 |
2021-11-10 16:07:38 | RPC Firewall Dubbed \'Ransomware Kill Switch\' Released to Open Source (lien direct) | Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the 'ransomware kill switch' – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. | Ransomware Tool | ||
|
2021-11-10 16:00:00 | Anomali Cyber Watch: GitLab Vulnerability Exploited In The Wild, Mekotio Banking Trojan Returns, Microsoft Exchange Vulnerabilities Exploited Again and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Babuk, Braktooth, Linux, Gamaredon, Magecart and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
(published: November 5, 2021)
A proof-of-concept (PoC) tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. On Thursday, CISA urged manufacturers, vendors and developers to patch or employ workarounds. On Monday, the University of Singapore researchers updated their table of affected devices, after the chipset vendors Airoha, Mediatek and Samsung reported that some of their devices are vulnerable.
Analyst Comment: Users are urged to patch or employ workarounds as soon as possible.
Tags: Bluetooth, BrakTooth, Exploit, Vulnerability
CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
(published: November 4, 2021)
Researchers at SentinelOne have identified a vulnerability in the TIPC Module, part of the Linux Kernel. The Transparent Inter-Process Communication (TIPC) module is a protocol that is used for cluster-wide operation and is packaged as part of most major Linux distributions. The vulnerability, designated as “CVE-2021-43267”, is a heap overflow vulnerability that could be exploited to execute code within the kernel.
Analyst Comment: TIPC users should ensure their Linux kernel version is not between 5.10-rc1 and 5.15.
Tags: Linux, TIPC, Vulnerabiltity
Ukraine Links Members Of Gamaredon Hacker Group To Russian FSB
(published: November 4, 2021)
The Ukrainian Secret Service claims to have identified five members of the threat group, Gamaredon. The group, who Ukraine are claiming to be operated by the Russian Federal Security Service (FSB), are believed to be behind over 5,000 attacks against Ukraine. These attacks usually consist of malicious documents and using a template injection vulnerability, the group has targeted government, public and private entities.
Analyst Comment: Users should be careful that a file is sent via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. Users should be careful when viewing documents that ask for macros to be enabled.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204
Tags: Gamaredon, Malicious Documents, Russia, Ukraine, Template Injection
|
Ransomware Data Breach Malware Tool Vulnerability Threat | ||
 |
2021-11-10 09:27:57 | Shadow IT Makes People More Vulnerable to Phishing, (Wed, Nov 10th) (lien direct) | Shadow IT is a real problem in many organizations. Behind this term, we speak about pieces of hardware or software that are installed by users without the approval of the IT department. In many cases, shadow IT is used because internal IT teams are not able to provide tools in time. Think about a user who needs to safely exchange files with partners and no tool is available. A change request will be created to deploy one but, with the lack of (time|money|resources), the project will take time. Unfortunately, the user needs the tool now, so an alternative path will be used like a cloud file sharing service. | Tool | ||
 |
2021-11-10 00:08:40 | 14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution.
The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, |
Tool Guideline | ||
 |
2021-11-09 15:52:51 | Security Tool Guts: How Much Should Customers See? (lien direct) | Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools' algorithms. | Tool | ||
|
2021-11-08 21:44:35 | How to download a Windows 10 ISO file without using the Media Creation Tool (lien direct) | It is possible to download a Windows 10 ISO file directly from Microsoft without using their tool first, but they don't make it easy. This how-to shows you the elaborate procedure. | Tool | ||
|
2021-11-08 18:15:09 | CVE-2021-24701 (lien direct) | The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Tool | ||
|
2021-11-05 23:15:08 | CVE-2021-41228 (lien direct) | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | Tool | ||
 |
2021-11-05 17:22:00 | DOD Licenses Data Carver (lien direct) | Digital forensics tool that salvages previously unrecoverable content can now be licensed from DC3 | Tool | ||
|
2021-11-05 17:00:57 | BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released (lien direct) | CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution. | Tool | ||
|
2021-11-05 14:58:45 | Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available. | Tool | ★★★ | |
 |
2021-11-04 23:07:34 | CISA recommends vendors to fix BrakTooth issues after the release of PoC tool (lien direct) | CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November […] | Tool | ||
 |
2021-11-04 15:15:31 | CISA urges vendors to patch BrakTooth bugs after exploits release (lien direct) | Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. [...] | Tool | ||
|
2021-11-03 15:14:53 | Google Docs gets a new insert tool to make life even easier (lien direct) | Google has added a new feature to Docs that makes inserting certain items and objects incredibly efficient. | Tool | ||
|
2021-11-02 19:15:58 | Starlink nightmare: Moving service location a few feet delays orders until 2023 (lien direct) | PSA: Using Starlink website map tool sends preorderers to "back of the line." | Tool | ||
|
2021-11-02 18:15:08 | CVE-2021-41232 (lien direct) | Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use. | Tool Vulnerability | ||
|
2021-11-02 15:00:00 | Anomali Cyber Watch: Russian Intelligence Targets IT Providers, Malspam Abuses Squid Games, Another npm Library Compromise, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data leak, Critical services, Money laundering, Phishing, Ransomware, and Supply-chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BlackMatter: New Data Exfiltration Tool Used in Attacks
(published: November 1, 2021)
Symantec researchers have discovered a custom data exfiltration tool, dubbed Exmatter, being used by the BlackMatter ransomware group. The same group has also been responsible for the Darkside ransomware - the variant that led to the May 2021 Colonial Pipeline outage. Exmatter is compiled as a .NET executable and obfuscated. This tool is designed to steal sensitive data and upload it to an attacker-controlled server prior to deployment of the ransomware as fast as possible. The speed is achieved via multiple filtering mechanisms: directory exclusion list, filetype whitelist, excluding files under 1,024 bytes, excluding files with certain attributes, and filename string exclusion list. Exmatter is being actively developed as three newer versions were found in the wild.
Analyst Comment: Exmatter exfiltration tool by BlackMatter is following two custom data exfiltration tools linked to the LockBit ransomware operation. Attackers try to narrow down data sources to only those deemed most profitable or business-critical to speed up the whole exfiltration process. It makes it even more crucial for defenders to be prepared to quickly stop any detected exfiltration operation.
MITRE ATT&CK: [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048
Tags: Exmatter, BlackMatter, Darkside, Ransomware, Exfiltration, Data loss prevention
Iran Says Israel, U.S. Likely Behind Cyberattack on Gas Stations
(published: October 31, 2021)
Iranian General Gholamreza Jalali, head of Iran’s passive defense organization, went to state-run television to blame Israel and the U.S. for an October 26, 2021 cyberattack that paralyzed gasoline stations across the country. The attack on the fuel distribution chain in Iran forced the shutdown of a network of filling stations. The incident disabled government-issued electronic cards providing subsidies that tens of millions of Iranians use to purchase fuel at discounted prices. Jalali said the attack bore similarities to cyber strikes on Iran’s rail network and the Shahid Rajaee port. The latest attack displayed a message reading "cyberattack 64411" on gas pumps when people tried to use their subsidy cards. Similarly, in July 2021, attackers targeting Iranian railroad prompted victims to call 64411, the phone number for the office of Supreme Leader Ali Khamenei.
Analyst Comment: Iran has not provided evidence behind the attribution, so |
Ransomware Malware Tool Threat Guideline | APT 29 APT 29 | |
|
2021-11-02 11:22:35 | BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool (lien direct) | The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports. | Ransomware Tool | ||
|
2021-11-01 15:21:34 | Check out Drafts on macOS: It\'s a multi-purpose text editor that does it all (lien direct) | Every once in a while, you come across a tool that is so useful, you can't believe you worked so long without it. Drafts, for macOS, is one such tool. | Tool | ||
|
2021-11-01 10:08:00 | BlackMatter Group Speeds Up Data Theft with New Tool (lien direct) | Exmatter delivers custom exfiltration to accelerate ransomware attacks | Ransomware Tool | ||
 |
2021-10-31 17:43:10 | Powercat for Pentester (lien direct) | Introduction Powercat is a simple network utility used to perform low-level network communication operations. The tool is an implementation of the well-known Netcat in Powershell. Traditional anti-viruses are known to allow Powercat to execute. The installed size of the utility is 68 KB. The portability and platform independence of the | Tool | ||
|
2021-10-31 13:40:35 | Video: Phishing ZIP With Malformed Filename, (Sun, Oct 31st) (lien direct) | This is a video for my diary entry "Phishing ZIP With Malformed Filename", where I show how to use my zipdump.py tool to visualize the special characters inside malformed filenames. | Tool | ||
 |
2021-10-29 14:31:12 | Software Composition Analysis Mitigates Systemic Risk in the Popular NPM Repository (lien direct) | Chris Wysopal, Veracode Chief Technology Officer and Co-Founder, recently sat down to discuss the open source supply chain attack on the popular npm repository. Below is the transcript and corresponding video of his reaction. Just a few days ago, we saw a classic open source supply chain attack where someone modified a JavaScript library, UA-Parser-JS, which is in the npm repository. The attackers modified the library to include password stealers and crypto miners so that the applications of anyone who downloaded that version would be compromised. With an attack like this, the applications that are using this library with this code are going to be running that code with the privileges that they have, wherever they're deployed. In this case, it was malicious code that was planted. I'm sure it was done in such a way that everyone using those libraries is going to become vulnerable. If it's password-stealing code, it's going to grab the passwords and send them to the attackers. In the case of crypto miners, it's going to suck up resources and CPU time and send the money to the attacker's wallets. It's important if you're using any kind of open source – which 99 percent of people building applications are – to use an open source software composition analysis (SCA) tool. What that can do is determine what open source you're using. Veracode SCA does this. Another important thing to do is make sure the vulnerability database that your SCA tool uses is current and up to date. At Veracode, we scan all the open source repos every single night. When this malicious code was inserted, we detected it right away. All of our customers were alerted that if they're using this version of the code, they need to update to the non-vulnerable version immediately. Veracode's recent State of Software Security: Open Source Edition report shows that 79 percent of the open source libraries that developers include are set it and forget it, which means they include it once and they never update it. But the updates tend to be relatively straightforward. In fact, 92 percent of open source flaws can be fixed with an update. And 69 percent of updates are a minor version change or less. It is really important to have good and timely information about the vulnerabilities in the libraries you're using and a good process for updating the libraries … hopefully in a very automated manner. That way you're updating these libraries without any manual effort, probably in minutes or hours instead of months. That could be the difference between an attacker compromising you or not. This is why it's so important to stay on top of all the known vulnerabilities in the open source libraries you're using as part of your application, because when you include that third-party code, your application is likely to become vulnerable to those same problems. Don't fall victim to an open source attack. Learn how Veracode Software Composition Analysis can protect your code. Want to stay up to date on the latest Veracode news? Sign up for our monthly newsletter. | Tool Vulnerability | ||
 |
2021-10-28 17:20:00 | CIA sought revenge against Julian Assange over hacking tool leaks, court hears (lien direct) | Pas de details / No more details | Tool | ||
 |
2021-10-28 13:00:00 | Protecting your device information with Private Set Membership (lien direct) | Posted by Kevin Yeo and Sarvar Patel, Private Computing Team At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into our products. Over the past few years, we've utilized innovations in cryptographic research to keep your personal information private by design and secure by default. As part of this, we launched Password Checkup, which protects account credentials by notifying you if an entered username and password are known to have been compromised in a prior data breach. Using cryptographic techniques, Password Checkup can do this without revealing your credentials to anyone, including Google. Today, Password Checkup protects users across many platforms including Android, Chrome and Google Password Manager.Another example is Private Join and Compute, an open source protocol which enables organizations to work together and draw insights from confidential data sets. Two parties are able to encrypt their data sets, join them, and compute statistics over the joint data. By leveraging secure multi-party computation, Private Join and Compute is designed to ensure that the plaintext data sets are concealed from all parties.In this post, we introduce the next iteration of our research, Private Set Membership, as well as its open-source availability. At a high level, Private Set Membership considers the scenario in which Google holds a database of items, and user devices need to contact Google to check whether a specific item is found in the database. As an example, users may want to check membership of a computer program on a block list consisting of known malicious software before executing the program. Often, the set's contents and the queried items are sensitive, so we designed Private Set Membership to perform this task while preserving the privacy of our users. Protecting your device information during enrollmentBeginning in Chrome 94, Private Set Membership will enable Chrome OS devices to complete the enrollment process in a privacy-preserving manner. Device enrollment is an integral part of the out-of-box experience that welcomes you when getting started with a Chrome OS device. The device enrollment process requires checking membership of device information in encrypted Google databases, including checking if a device is enterprise enrolled or determining if a device was pre-packaged with a license. The correct end state of your Chrome OS device is determined using the results of these membership checks.During the enrollment process, we protect your Chrome OS devices by ensuring no information ever leaves the device that may be decrypted by anyone else when using Private Set Membership. Google will never learn any device information and devices will not learn any unnecessary information about other devices. To our knowledge, this is the first instance of advanced cryptographic tools being leveraged to protect device information during the enrollment process.A deeper look at Private Set MembershipPrivate Set Membership is built upon two cryptographic tools:Homomorphic encryption is a powerful cryptographic tool that enables computation over encrypted data without the need f | Tool | ||
|
2021-10-27 19:58:37 | (Déjà vu) Avast released a free decryptor for Babuk ransomware (lien direct) | Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Babuk is […] | Ransomware Tool | ||
|
2021-10-27 14:35:13 | Free decryptor released for Atom Silo and LockFile ransomware (lien direct) | Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free, without having to pay a ransom. [...] | Ransomware Tool | ||
|
2021-10-27 13:31:24 | No longer in preview, Microsoft Azure Purview is ready to help govern your data (lien direct) | Microsoft's data classification tool is now out of preview. We talked to Microsoft's Mike Flasko about its future. | Tool | ||
|
2021-10-27 11:52:12 | Babuk ransomware decryptor released to recover files for free (lien direct) | Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. [...] | Ransomware Tool | ★★★★ | |
 |
2021-10-27 09:30:06 | Wslink: Unique and undocumented malicious loader that runs as a server (lien direct) | There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor | Tool Threat | ||
|
2021-10-25 05:49:34 | Emsisoft created a free decryptor for past victims of the BlackMatter ransomware (lien direct) | Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware. The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted […] | Ransomware Tool Vulnerability | ||
|
2021-10-24 23:55:50 | NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia (lien direct) | The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021.
The University of Toronto's Citizen Lab, which publicized the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and |
Tool | ||
|
2021-10-24 08:15:32 | Phishing ZIP With Malformed Filename, (Sun, Oct 24th) (lien direct) | The output of my zipdump.py tool analyzing diary entry "Reader Malware: ZIP/HTML Phish" ZIP file is a bit strange: | Tool | ||
|
2021-10-23 09:25:31 | Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks (lien direct) | Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in |
Tool Threat | ||
|
2021-10-22 22:05:14 | Facebook SSRF Dashboard allows hunting SSRF vulnerabilities (lien direct) | Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web security vulnerability that allows an attacker […] | Tool Vulnerability | ||
|
2021-10-22 14:41:38 | Facebook Introduces New Tool for Finding SSRF Vulnerabilities (lien direct) | Facebook on Thursday announced a new tool designed to help security researchers hunt for Server-Side Request Forgery (SSRF) vulnerabilities. | Tool | ||
|
2021-10-22 14:12:12 | After Nation-State Hackers, Cybercriminals Also Add Sliver Pentest Tool to Arsenal (lien direct) | The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint. | Tool | ||
|
2021-10-21 19:31:40 | TA551 Shifts Tactics to Install Sliver Red-Teaming Tool (lien direct) | A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. | Ransomware Tool Threat Guideline |
To see everything:
Our RSS (filtrered)
