SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2021-04-30 12:11:34	PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (lien direct)	The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets.	Tool Threat
	2021-04-29 21:15:08	CVE-2021-29468 (lien direct)	Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.	Tool Vulnerability
	2021-04-29 16:28:56	Developer Training Checklist: 5 Best Practices (lien direct)	The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production. But the developer role is already stretched so thin and many developers don???t have a background in security. How can you get developers up to speed on security measures in an engaging manner that doesn???t add too much extra work? And how can you ensure that your developers are successfully implementing the security learnings? Leveraging findings from a recent Enterprise Strategy Group report, Modern Application Development Security, and tips from our Director of Development Enablement, Fletcher Heisler, we were able to establish a list of best practices to follow when training developers in security. Make security training a real requirement. Developers are very busy. If they???re not required to take secure coding training, it???s highly unlikely that they will. So, make it part of their goals. And to ensure that they???re paying attention to the trainings, consider adding knowledge checks. ﾂ? Make sure the training is relevant and engaging. As Fletcher states in Four Fundamentals of Education The Sticks, use training tool like Security Labs that ???bring magic, adventure, and exploration back to security so that developers can actually explore when something goes wrong.??? And make sure the examples are relevant to the developer???s day-to-day work. The more realistic, the more serious they take the training. ﾂ? Measure the effectiveness of the training. Don???t just assume that developer training is working, track it. To ensure that your developers are implementing the learnings from their security training, you should track both issue introduction and continuous improvement metrics for both scrum teams and individual developers. By keeping track of these metrics, you can tailor future security trainings toward areas of weakness. [As you can see in the chart below from Enterprise Strategy Group, only 41 percent of organizations are tracking the continuous improvement of development teams.]ﾂ? ﾂ? ??? ﾂ? Offer a mix of training types. Not everyone learns the same way. Some developers might prefer instructor-led courses while others might like on-demand courses or hands-on training tools. It???s also important to keep in mind that developers likely have different levels of security knowledge. A new developer might need an introductory course to secure code training while a more experienced developer might benefit from a more technical course. ﾂ? Implement a security champions program. Many organizations benefit from implementing a security champions program. To start a security champions program, select interested volunteers from each development team and give them extra tools and training needed to be security experts on their scrum teams. They???ll be able to pass along their additional security skills to peers on their team.	Tool
	2021-04-29 01:39:41	US Government Taking Creative Steps to Counter Cyberthreats (lien direct)	An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it	Hack Tool
	2021-04-27 17:24:00	Anomali Cyber Watch: HabitsRAT Targeting Linux and Windows Servers, Lazarus Group Targetting South Korean Orgs, Multiple Zero-Days and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Android Malware, RATs, Phishing, QLocker Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Zero-day Vulnerabilities in SonicWall Email Security Actively Exploited (published: April 21, 2021) US cybersecurity company SonicWall said fixes have been published to resolve three critical issues in its email security solution that are being actively exploited in the wild. The vulnerabilities are tracked as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, impacting SonicWall ES/Hosted Email Security (HES) versions 10.0.1 and above. Analyst Comment: The patches for these vulnerabilities have been issued and should be applied as soon as possible to avoid potential malicious behaviour. SonicWall’s security notice can be found here https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/. It is important that your company has patch-maintenance policies in place. Once a vulnerability has been publicly reported,, threat actors will likely attempt to incorporate the exploitation of the vulnerability into their malicious operations. Patches should be reviewed and applied as soon as possible to prevent potential malicious activity. MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 \| [MITRE ATT&CK] File and Directory Discovery - T1083 Tags: CVE-2021-20021, CVE-2021-20023, CVE-2021-20022 Massive Qlocker Ransomware Attack Uses 7zip to Encrypt QNAP Devices (published: April 21, 2021) The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021. All victims are told to pay 0.01 Bitcoins, which is approximately $557.74, to get a password for their archived files. While the files are being locked, the Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable. Analyst Comment: Attackers are using legitimate tools like 7zip to evade detections by traditional antiviruses. EDR solutions can help tracking suspicious command line arguments and process creations to potentially detect such attacks. Customers should use backup solutions to be able recover encrypted files. MITRE ATT&CK: [MITRE ATT&CK] Credentials in Files - T1081 Tags: Tor, Qlocker, CVE-2020-2509, CVE-2020-36195 Novel Email-Based Campaign Targets Bloomberg Clients with RATs (published: April 21, 2021) A new e-mail-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg's industry-based services. Attacks start in the form of targeted emails to c	Ransomware Malware Tool Vulnerability Threat Medical	Wannacry Wannacry APT 38 APT 28
	2021-04-27 13:29:38	Adobe Releases Open Source Anomaly Detection Tool "OSAS" (lien direct)	Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop' (OSAS), a new tool designed to help security teams discover anomalies in datasets.	Tool
	2021-04-27 11:57:14	Security Vulnerabilities in Cellebrite (lien direct)	Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is riddled with vulnerabilities. (The one example he gives is that it uses FFmpeg DLLs from 2012, and have not been patched with the 100+ security updates since then.) …we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed...	Tool
	2021-04-27 10:00:00	Priority on people - An argument against the excessive use of Cybersecurity technology (lien direct)	Introduction Despite what many advertisements and salespeople would like you to think, you don’t need to (and in many cases shouldn’t) spend a fortune on security tools to achieve a robust cybersecurity program. Some tools are essential, such as a ticketing tool or Security Information and Event Management (SIEM) system, but the best security programs are built off the employees that run the business. Without their support and understanding, even the most secure system or software suite could be brought tumbling down with little effort. Every member of an organization with access to computers or data is a potential source of compromise and a potential source of system failure. Almost every component, system, or workflow, down to the fundamental building blocks of society, rely on the fair and accurate participation of those involved in it. Accordingly, any deviance, whether intentional or not, from this set state can cause significant issues to arise. It is vital that the security team realize that the purpose of security is, foremost, to promote the ability of the business to do business. Excessively complex or costly security measures that do not serve the needs of the organization or support it in its mission are worse than no security at all. Staff over software One of the first categories of people to focus on is your security (or IT) staff. Some technology requires specific skills, knowledge, or time, any one of which your team may lack. Without first considering the available resources needed to implement, use, or even maintain any given software solution, you would be missing a critical component in the evaluation process. Any software or tool is only as good as the person using it, regardless of how expensive or cutting edge it may be. Each software implemented, outside of the standard ‘install and forget’ type, requires planning, reviews, training, and maintenance to be effective. Given the state of most IT and Cybersecurity teams, there is likely not enough hours to go around to properly execute the necessary tasks needed to meet the above requirements. Implementation and maintenance requirements will vary based on the type of software, but it will always be present and should be factored into the overall cost of the solution being considered. The second category is, of course, the employees of the organization. Not all tools will solely reside in the domain of the IT or Security teams and may be rolled out to broad swathes of the organization. As anyone who works in cybersecurity knows, we walk a careful line between security and functionality. The software we pick, therefore, must be secure enough without being overly complex or burdensome. Any solution must be ‘right-sized’ to the institution, both in cost and effectiveness, but also in adoptability. If staff refuse to, or are unable to, use the new tool it serves very little purpose in the overall mission of security. Instead of prioritizing software, it is recommended to focus first on user training on key security issues and on the acceptable use of technology. Part of this training should include active testing such as phishing campaigns or other social engineering endeavors. Focusing on employee training has been seen to lead to a far higher return security-wise when compared to equivalent software solutions. When to use software To be clear, it is not being argued that organizations shouldn’t use any software. In order to have a fully mature and functional security program, there are several critical components that any organization should adopt. Specific requirements will vary per organization, industry, and regulatory requirements, but a general list of ‘must-haves’ is: SIEM software End-point protection software Vulnerability scanning software Mobile Device Management (MDM) software (as needed) Backup software Encryption te	Tool Guideline
	2021-04-26 03:38:20	How to Test and Improve Your Domain\'s Email Security? (lien direct)	No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result,	Tool
	2021-04-23 11:00:00	Now for AI\'s Latest Trick: Writing Computer Code (lien direct)	Programs such as GPT-3 can compose convincing text. Some people are using the tool to automate software development and hunt for bugs.	Tool
	2021-04-22 15:47:16	Cellebrite \'s forensics tool affected by arbitrary code execution issue (lien direct)	Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie Marlinspike, the creator of the popular encrypted messaging app Signal, announced that Cellebrite mobile forensics tools developed by Cellebrite are affected by multiple vulnerabilities that could be exploited to achieve arbitrary code execution. Cellebrite develops […]	Tool
	2021-04-22 15:46:00	How AIOps can help IT developers manage applications (lien direct)	IBM's new OEM Application Resource Management offers a tool to improve applications by using automation.	Tool
	2021-04-22 14:30:52	How to get real-time network statistics for your Linux servers with Guider (lien direct)	Jack Wallen introduces you to a tool that will help you to better troubleshoot network issues on Linux servers.	Tool
	2021-04-22 12:43:02	Reporting Live From Collision Conference 2021: Part One! (lien direct)	This week, Collision (virtually) kicked off its annual conference, bringing together creatives, builders, influencers, innovators, and other great minds to cover some of the hottest topics in business and technology. Known as ???America???s fastest-growing tech conference,??? this year Collision featured over 450 speakers with more than 100 hours of content to consume across the three-day event. With a sizable group of 40,000-plus attendees to entertain, the team behind Collision came prepared with a packed schedule. The lineup included speakers from some brand heavy-hitters ??? Amazon, Twitter, TikTok, and PayPal to name a few ??? as well as our very own Chris Wysopal representing the application security (AppSec) space for Veracode! AI, AI??ｦOh! Chris first led a hodgepodge of talent from security and tech to moderate Collision???s AI, AI??ｦ Oh!: AI, Security and Privacy in Online Society session. For this roundtable, Chris was joined by Jeff Moss of DEF CON, Jordan Fisher of Standard Cognition, Katie Moussouris of Luta Security, Alexander Vindman of Lawfare, Gary Harbison of Bayer, and Window Snyder of Thistle Technologies. The topic at hand? Just how major the impacts of AI and machine learning are on all industries today, and the risks this technology can bring if left unchecked. The roundtable dug into important issues like allocating organizational resources to security, privacy, and transparency to monitor AI, as well as what can go wrong when companies don???t quite get it right. Chris kicked off the conversation by asking, how can we have technology figure out exactly what algorithms are doing so that we know when something is going awry, and who is to blame when it does? Gary Harbison brought up the idea of self-driving cars, which take data from their environment and make decisions in the moment. At some point, if there is a decision made by the algorithm that pits the safety of the driver against a pedestrian, who is to blame and what is the ramification? Gary followed up that we as an industry need to think this through sooner rather than later. Another risky implication of this technology, the group suggested, is that in cases where AI is used to track consumer behavior, such a tool can quickly become an invasion of privacy. Window Snyder noted that implementing security (and being able to measure it) is a critical first step. She posed the question, how are we going to measure efficacy and improvements in security around AI technologies so that we can see what is actually providing value to consumers? ???Consumers will feel understandably uncomfortable knowing that a brand is tracking what they do inside of a store, and they may feel like they???re being watched everywhere they go,??? she said. Window went on to explain that, if we want to create a trust between technology companies and the people we???re observing, we need to make sure that we???re creating clear business requirements and metrics, reducing the scope and time for tracking, and doing as much as possible to reduce the granularity of the data that is collected. Another important step, she says, is that when you build a mechanism to collect data, you also need to build a mechanism to remove it after extracting as much granularity as possible. Doing so tells consumers that the technology was built with their privacy in mind.ﾂ? There???s an economic and geopolitical aspect to the risks of AI te	Tool
	2021-04-22 00:00:00	Travailler à domicile: une année en revue les entreprises sont obligées de permettre à leurs employés de travailler à distance, la surface d'attaque devient plus large. Working From Home: A Year in ReviewAs companies are obliged to allow their employees to work remotely, the attack surface becomes broader.Read More (lien direct)	Cyber Trends, Risks and the Global PandemicAs we mark a year of working from home through the global pandemic, this is a good time to discuss and delve into the IT changes and trends in our day-to-day work environment and their implications for user privacy, corporate cyber security and cyber insurance.Â The 3 main categories of software and applications that saw a significant increase in usage over the past year include:Video Conferencing and online communication platformsVPNs and Remote Desktop (RDP) softwaresTwo Factor (2FA) and Multiple Factor Authentication (MFA) applicationsWorking from home has increased the usage of the aforementioned technologies as well as other similar applications, broadened the attack surface and provided new opportunities for various malicious actors as there are more external-internal connections compared to the past, meaning more types of services to keep track of and monitor. This also implies a heavier traffic load due to video streaming, database connections and more.Â âEasier communication, but at what cost?Away from our colleagues and offices, employees have had to adapt quickly to various methods of online communication and meetings in order to keep things running, whether itâs Zoom, Webex, Microsoft Teams, Google meet or any other platform, co-workers are now able to chat, share video and documents easily from computers and phones. Right from the start of the pandemic, Zoom solidified itself as the dominant platform for video conferencing with an increase of 67% in usage between January and the middle of March 2020. By April 2020 it already had more than 300 million daily Zoom meeting participants in comparison to 10 million meeting participants in December 2019.(1)Number of daily Zoom users, December 2019 - April 2020This convenience comes with significant underlying risks to users and corporate networks, as poorly implemented encryption protocols and other security measures can result in unauthorized participants access to otherwise personal or confidential calls. This sort of intrusion, commonly referred to as âZoom Bombingâ, can be at best innocent trolling and cause annoyance but at worst allow access to a malicious actor who can gather sensitive information on the company for espionage purposes(2), harvest participants\' credentials and other PII and leak the callâs content and video as well as use the meeting chat to send phishing links which could escalate to a full-blown ransomware attack on the company\'s network(3). This sort of attack can be carried out by an attacker exploiting vulnerabilities such as (or similar to) CVE-2019-13450(4) which would allow them to forcefully join a meeting.Â âMultiple Factor Authentication - double the safety but not without risksÂ Multiple Factor Authentication (MFA) and Two Factor Authentication (2FA) have been adopted in recent years as an additional security tool to ensure the safety of oneâs accounts and personal information. As previously mentioned, the migration to a remote work routine necessitated a secure and verified method for each employee to access their companyâs assets online on a daily basis. This basic work necessity came with restrictions and guidelines such as remote desktop applications to create a virtual work environment and 2FA applications in an attempt to strengthen the companyâs cybersecurity posture. By May 2020, around 70% of British businesses were already using some type of MFA and a VPN for better cyber security risk management of the changed work environment(5).There are numerous ways by which MFA or 2FA methods can be bypassed, either through brute force (if the requested code is between 4-6 numbers), social engineering or a conventional session management in which attackers use the password reset function. This is due to the fact that 2FA is often not implemented on the systemâs login page after a password reset.VPNs and RDPs - work from anywhere and be attacked from anywhereVi	Ransomware Data Breach Malware Tool Vulnerability		★★★
	2021-04-21 13:12:39	Instagram debuts new tool to stop abusive message salvos made through new accounts (lien direct)	DMs are the next area the firm wants to focus on in controlling abusive behavior.	Tool
	2021-04-20 12:17:02	Why To Codecov Breach? Experts Weigh In (lien direct)	Following media reports that hackers who tampered with a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks belonging to the San…	Tool
	2021-04-20 12:00:04	VMware announces new Anywhere Workspace tool to help businesses make remote work easier (lien direct)	The new platform is a combination of SASE, access control and cloud-native endpoint security that the company said is the only solution of its kind on the market.	Tool
	2021-04-19 19:00:00	How VPNs Are Changing to Manage Zero Trust Network Access (lien direct)	What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […]	Tool
	2021-04-19 13:48:50	Nonprofit provides help to hospitals battling ransomware (lien direct)	The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity.	Ransomware Tool
	2021-04-19 09:05:28	DevSecOps in Practice: How to Embed Security into the DevOps Lifecycle (lien direct)	You???ve heard of DevOps. And by now, you???ve probably also heard of DevSecOps, which extends DevOps principles into the realm of security. In DevSecOps, security breaks out of its ???silo??? and becomes a core part of the DevOps lifecycle. That, at least, is the theory behind DevSecOps. What???s often more challenging for developers to figure out is how to apply DevSecOps in practice. Which tools and processes actually operationalize DevSecOps? Until you can answer that question, DevSecOps will be just another buzzword. To help bridge the gap between theory and practice, let???s walk through what DevSecOps means from a practical perspective, and how to go about embedding it into your development workflows. DevSecOps, defined If you???re familiar with DevOps (which encourages collaboration between developers and IT operations engineers in order to speed application delivery), then the meaning of DevSecOps is easy enough to understand. DevSecOps adds security operations teams into the equation so that they can collaborate seamlessly with developers and IT engineers. DevSecOps places a DevOps spin on basic security concepts. Just as DevOps encourages continuous delivery, DevSecOps is all about continuous security ??? meaning the constant and holistic management of security across the software development lifecycle. Similarly, DevSecOps encourages continuous improvement in the realm of security ??? meaning that no matter how secure you believe your environment is, you should always be looking for ways to improve your security posture even further. DevSecOps in practice These are all great ideas to talk about, and it???s easy to see why they are valuable. Security postures are indeed stronger when developers, IT engineers, and security engineers work together, rather than working in isolation. It???s much easier to optimize security when developers prioritize security with every line of code they write, and when IT engineers think about the security implications of every deployment they push out, rather than viewing security as something that someone else will handle down the line. The big question for teams that want to embrace DevSecOps, though, is how to go about putting these ideas into practice. That???s where things can get tougher. There is no simple methodology that allows you to ???do??? DevSecOps. Nor is there a specific tool that you can deploy or a particular role that you can add to your team. Instead, operationalizing DevSecOps means building holistic combinations of processes and tools that make it possible to integrate security into DevOps workflows. While the best approach to this will vary from team to team, the following are some general best practices for implementing DevSecOps. Scanning early and often One basic step toward implementing DevSecOps is to ensure that you perform security tests and audits at the beginning of the software delivery pipeline. You don???t want to wait until code is written and built to start testing it for flaws (and you certainly don???t want to let it get into production before testing it). Instead, you should be scanning code as it is written, by integrating security tooling directly into your IDEs if possible. Importantly, security scanning should continue as code ???flows??? down the pipeline. You should scan your test builds and application release candidates before deployment. Security monitoring and auditing should also continue once code is in production. Automation Automation is a founding principle of DevOps, and it???s just as important to DevSecOps. Automation not only makes processes faster and more efficient, but also helps reduce friction between the different stakeholders in DevSecOps	Tool	Uber	★★★
	2021-04-16 20:07:24	Backdoored developer tool that stole credentials escaped notice for 3 months (lien direct)	AWS credentials and private repository tokens could allow self-perpetuating attacks.	Tool
	2021-04-16 10:44:37	Popular Codecov code coverage tool hacked to steal dev credentials (lien direct)	Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment. [...]	Tool Threat
	2021-04-16 10:00:00	Considerations for performing IoMT Risk Assessments (lien direct)	What are Internet of Medical Things (IoMT) products? Internet of Medical Things (IoMT) products refer to a combination of medical applications and devices connected to healthcare information technology systems through an online computer network or a wireless network. IoMT devices rely heavily on biosensors, critical in detecting an individual's tissue, respiratory, and blood characteristics. Non-bio sensors are also used to measure other patient characteristics such as heart and muscle electrical activity, motion, and body temperature. IoMT product classifications One needs to gain insight into what makes a device a medical device. In the U.S., the sale of medical devices is regulated by the Food and Drug Administration (FDA). As required by the FDA, medical devices are classified as being Class I, Class II, or Class III based on the risk posed by the device. Therefore, one must understand the risk level of a medical device and its intended use and indications of use. IoMT layers and the threat-driven approach to security Like IoT, IoMT has several layers, including the business, application, application, middleware, network, and perception layers. Notably, the perception layer in IoMT is tasked with the transfer of medical data acquired from sensors to the network layer. Medical things types that fall under the perception layer can be classified as: wearable (muscle activity sensors, pressure and temperature sensors, smartwatches); implantable (implantable cardioverter defibrillators (ICD); swallowable (camera capsule); ambient (vibration and motion sensors), and; stationary devices (surgical devices, CT scan). Likewise, IoMT devices are subject to attacks based on their architecture or application. That is, IoMT devices can suffer layer-specific attacks. While hackers can target any layer for an attack, they typically focus on either the perception or network layer attacks. Perception layer attacks focus on devices that acquire data from sensors. Hackers use perception layer attacks to defeat the device administrator's ability to track the sensor and discover that it has been cloned or otherwise tampered with. Conversely, at the network layer, IoMT devices can be subject to DoS attacks, Rogue access, Man-in-the-Middle (MiTM), replay, and Eavesdropping. Common IoMT vulnerabilities arise from the challenges experienced during IoMT device development, such as the lack of a threat-driven approach to security. The threat-driven approach to security corresponds to modeling the relationship between threats, the risk to the asset, and the security controls that should govern them. For example, Bluetooth Low Energy (BLE) technology, whose applications range from home entertainment to healthcare, is associated with many threats such as network communication decryption, replay attacks, and Man-in-the-Middle attacks. Primary considerations in performing IoMT Risk Assessments Threat modeling is the tool best fitted for addressing perception and network-layer threats. Cybersecurity practitioners commonly use the STRIDE threat modeling technique to help solve IoMT-related security challenges at both layers. STRIDE is a threat model suitably fitted for helping cybersecurity practitioners identify and analyze threats in an IoMT environment. More specifically, STRIDE is the most adept tool for answering the question 'what can go wrong in the IoMT environment that can adversely affect patient safety?' The STRIDE model allows cybersecurity practitioners to determine what threat is a violation of a desirable property for an IoMT system. Desirable properties preserve privacy, data protection and contribute to the security of an IoMT asset. Desirable properties align with the STRIDE model as illustrated below:	Tool Threat
	2021-04-16 02:47:55	Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (lien direct)	Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world.	Hack Tool
	2021-04-15 21:39:18	Popular software development tool Docker gets Apple M1 support (lien direct)	Another one of the most popular development tools now supports the M1.	Tool
	2021-04-15 12:18:29	Outpost24 report finds Top 10 US Credit Unions all have web application issues (lien direct)	A report released this week by Outpost24, that examined the security posture of web applications amongst the Top 10 US Credit Unions, has revealed that they all have security issues. Using Outpost24's attack surface discovery tool called Scout, Outpost24 was able to analyse each Credit Union's public-facing web security environments against the seven most common attack vectors […]	Tool		★★★★
	2021-04-15 11:13:33	DNI\'s Annual Threat Assessment (lien direct)	The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity. Authoritarian and illiberal regimes around the world will increasingly exploit digital tools to surveil their citizens, control free expression, and censor and manipulate information to maintain control over their populations. ...	Tool Threat
	2021-04-14 10:00:00	Phishing towards failed trust (lien direct)	This blog was written by an independent guest blogger. Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link. These techniques are so effective, that even the most experienced people have gotten fooled, not only by phishing tests, but also by real scams. As social engineers, it is easy to play on people’s vulnerabilities; their fears, hopes, and dreams. Fears, such as those used in scams against the elderly; hopes, such as those used against the optimistically trusting; and dreams, such as those used against the wistfully romantic. However, with any security practice, we have to temper our thrill of victory, that is, the adrenaline rush of the “gotcha” moment when a person falls for our brilliantly crafted phishing test, with the reality of our true purpose, which is to educate, and build trust. With that in mind, we must ask ourselves, when have we gone too far? For example, according to a report that was published at the height of the pandemic, Covid-related scams rose to an all-time high. The cybercriminals have been hard at work, trying to capitalize on our fears, and our desires to seek information, and more recently, our desire to become vaccinated. Has your organization used the pandemic in any recent phishing exercises? How effective were they? Was the “hit” rate high? More importantly, did the people who failed the test thank you for showing them the error of their ways? I doubt it. I am not stating this merely to make enemies in the security community. As a 20+ year veteran in the industry, I too understand the struggles and the frustrations of building a security culture in an organization. However, let’s look to the legal profession for a moment to try to understand why Covid-based phishing exercises are simply wrong. The problem at hand is one of our freedom to act recklessly. If we look to the landmark U.S. Supreme Court case of Schenck v. United States, we are met with the famous quote about how freedom of speech does not give one the right to “Yell ‘Fire!’ in a crowded theater”. In a later case, Rochin v. California, the phrase “Shocks the conscience” became part of legal doctrine. An action is understood to "shock the conscience" if it is "grossly unjust to the observer." Contrary to helping an already stressed staff, does a Covid-based phishing exercise succeed in anything other than violating the senses, as well as bordering on a cavalier abuse of our “expertise”? There are so many ways to educate	Tool
	2021-04-13 10:00:00	Piratage de la technologie opérationnelle pour la défense: leçons apprises de l'infrastructure de contrôle des compteurs intelligents en équipe d'OT Red Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure (lien direct)	Les incidents de sécurité très médiatisés au cours de la dernière décennie ont apporté un examen minutieux à la cybersécurité pour la technologie opérationnelle (OT).Cependant, il existe une perception continue entre les organisations d'infrastructures critiques que les réseaux OT sont isolés de réseaux publics tels que Internet.Dans l'expérience de mandiant, le concept d'un \\ 'Air Gap \' séparant les actifs des réseaux externes est rarement vrai dans la pratique. En 2018, nous avons publié un article de blog présentant les outils et techniques qui Temp.veles utilisé pendant l'incident de Triton pour traverser un compromis externe des informations High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks-such as the Internet. In Mandiant\'s experience, the concept of an \'air gap\' separating OT assets from external networks rarely holds true in practice. In 2018, we released a blog post presenting the tools and techniques that TEMP.Veles used during the TRITON incident to traverse from an external compromise of the information	Tool Industrial		★★★★
	2021-04-12 12:00:03	Oracle adds employee experience product to its HCM suite (lien direct)	Citing the growing importance of worker happiness, Oracle's HR suite is adding Oracle Journeys, a workflow tool tailored to individuals.	Tool
	2021-04-09 19:05:56	Microsoft unveils 64-bit version of OneDrive (lien direct)	Compatible with the 64-bit version of Windows, the new flavor of Microsoft's file backup and syncing tool will better handle large files.	Tool
	2021-04-09 16:55:31	CISA Releases Tool to Detect Microsoft 365 Compromise (lien direct)	The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.	Tool
	2021-04-09 12:41:09	(Déjà vu) CISA releases post-compromise tool Aviary to review Microsoft 365 (lien direct)	CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA) has released a Splunk-based dashboard, dubbed Aviary, that could be used by administrators in the post-compromise analysis of Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments. […]	Tool
	2021-04-08 17:39:27	CISA releases tool to review Microsoft 365 post-compromise activity (lien direct)	The Cybersecurity and Infrastructure Security Agency (CISA) has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments. [...]	Tool
	2021-04-07 13:00:00	Robin launches Office Pass to help companies address 15% employee bounce rate as offices reopen (lien direct)	Research from Robin shows that employees want flexibility in their workspaces and the software maker has a new tool to help companies reshape their offices to meet the new normal of hybrid work.	Tool
	2021-04-07 06:00:00	Android malware infects wannabe Netflix thieves via WhatsApp (lien direct)	Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages. [...]	Malware Tool
	2021-04-06 19:15:14	CVE-2021-21423 (lien direct)	`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the "main" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the "main" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch.	Tool
	2021-04-06 16:57:00	Anomali Cyber Watch: APT Groups, Data Breach, Malspam, and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT10, Charming Kitten, China, Cycldek, Hancitor, Malspam, North Korea, Phishing, TA453, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence The Leap of a Cycldek-Related Threat Actor (published: April 5, 2021) A new sophisticated Chinese campaign was observed between June 2020 and January 2021, targeting government, military and other critical industries in Vietnam, and, to lesser extent, in Central Asia and Thailand. This threat actor uses a "DLL side-loading triad" previously mastered by another Chinese group, LuckyMouse: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. But the code origins of the new malware used on different stages of this campaign point to a different Chinese-speaking group, Cycldek. Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). MITRE ATT&CK: [MITRE ATT&CK] DLL Side-Loading - T1073 \| [MITRE ATT&CK] File Deletion - T1107 Tags: Chinese-speaking, Cycldek-related Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool (published: April 1, 2021) Hancitor is an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe or TA511. Initial infection includes target clicking malspam, then clicking on a link in an opened Google Docs page, and finally clicking to enable macros in the downloaded Word document. In recent months, this actor began using a network ping tool to help enumerate the Active Directory (AD) environment of infected hosts. It generates approximately 1.5 GB of Internet Control Message Protocol (ICMP) traffic. Analyst Comment: Organizations should use email security solutions to block malicious/spam emails. All email attachments should be scanned for malware before they reach the user's inbox. IPS rules need to be configured properly to identify any reconnaissance attempts e.g. port scan to get early indication of potential breach. MITRE ATT&CK: [MITRE ATT&CK] Remote System Discovery - T1018 \| [MITRE ATT&CK] Remote Access Tools - T1219 \| [MITRE ATT&CK] Rundll32 - T1085 \| [MITRE ATT&CK] Standard Application Layer Protocol - T1071 \| [MITRE ATT&CK] System Information Discovery - T1082 Tags: Hancitor, Malspam, Cobalt Strike	Malware Tool Vulnerability Threat Conference	APT 35 APT 10
	2021-04-06 09:32:33	This service allows checking if your mobile is included in the Facebook leak (lien direct)	Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant. The […]	Tool
	2021-04-06 07:20:39	(Déjà vu) Experts found critical flaws in Rockwell FactoryTalk AssetCentre (lien direct)	Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The American provider of industrial automation Rockwell Automation on Thursday informed customers that it has patched nine critical vulnerabilities in its FactoryTalk AssetCentre product. FactoryTalk AssetCentre provides customers with a centralized tool for securing, managing, versioning, […]	Tool
	2021-04-05 18:28:38	Adult content from hundreds of OnlyFans creators leaked online (lien direct)	After a shared Google Drive was posted online containing the private videos and images from many OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. [...]	Tool
	2021-04-03 12:39:48	Activision warns of Call of Duty Cheat tool used to deliver RAT (lien direct)	The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that […]	Tool Threat
	2021-04-02 23:49:52	How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection (lien direct)	Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios.	Tool
	2021-04-02 11:00:05	Malware Hidden in Call of Duty Cheating Software (lien direct)	News article: Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times. They have also been seen advertised in YouTube videos, where instructions were provided on how gamers can run the “cheats” on their devices, and the report says that “comments [on the videos] seemingly indicate people had downloaded and attempted to use the tool.”...	Tool
	2021-04-01 15:22:17	Secure Coding Urban Myths and Their Realities (lien direct)	???Science and technology revolutionize our lives, but memory, tradition, and myth frame our response.??? ??? Author Arthur M. Schlesinger Urban myths rely on their communities of origin to thrive and survive. Perpetuated by offhand anecdotes, sensational news stories, and friend-of-a-friend legends, urban myths about secure coding are no different; as developers share tidbits of information around common struggles and issues in application security, those conundrums quickly become myths that can make secure coding seem daunting. Schlesinger???s quote is even more important today as so much of the world is powered by modern applications, yet at the same time myths clouding the development community often frame how developers respond to (or avoid) issues with their code. The reality is clear: when you take ownership over your code and rally around your team???s security efforts to squash these myths, your apps carry far less risk than before. And once you recognize these myths for what they are, you have the power to reframe how you approach similar challenges in the future. Popular myths in programming So what are some of the common urban myths in software development? They can range from the security of open source code to relying solely on developer tools and why PHP is considered a ???dying language??? ??? did you know 80% of all websites built on known programming languages are powered by PHP? Some of today???s heavyweights like Etsy, Facebook, and Wikipedia were built on PHP, and PHP-based publishing platforms like WordPress and Drupal are still extremely popular. It isn???t going anywhere anytime soon. Maybe you???ve also heard the urban myth that fixing flaws in your open source code is too time-consuming? Myth busted: almost 75 percent of known vulnerabilities in open source code are fixable with a simple library update to patch the exploits. Even better, tools like Veracode Software Composition Analysis provide immediate and actionable guidance to help you remediate flaws in your open source code before they add risk to your organization. Or, perhaps you???ve seen comments on Reddit that your favorite developer tool is all you need to secure your code, but security features in basic developer tools typically lack the comprehensiveness required for ample coverage. In reality, you need the right testing types in the right places throughout your SDLC, ensuring coverage for your CI/CD pipeline and giving you peace of mind while you work. ﾂ? ??? We???ve only scratched the surface when it comes to urban myths about secure coding! To learn more about some of these common conundrums (and their realities), download our eBook: 6 Urban Myths About Secure Coding.	Tool
	2021-03-31 17:23:10	How to use Google\'s Password Checkup tool (lien direct)	Google offers a password checking service that will check all of your Chrome-saved passwords for weaknesses and against known breaches. Jack Wallen shows you how to use this tool.	Tool
	2021-03-31 14:33:43	Electric vehicle company announces first open charging platform (lien direct)	EVPassport unveiled a tool that helps drivers find charger locations and click directly through to start a charging session without having to download an additional app or create a separate account.	Tool
	2021-03-30 17:07:00	Anomali Cyber Watch: Malware, Phishing, Ransomware and More. (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackKingdom, Chrome Extensions, Microsoft, REvil, PurpleFox, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google removes privacy-focused ClearURLs Chrome extension (published: March 24, 2021) Researchers at Cato Networks have discovered two dozen malicious Google Chrome browser extensions and 40 associated malicious domains that were previously unidentified. Some extensions were found to steal users’ names and passwords, whilst others were stealing financial data. Spoofed extensions posing as legitimate ones were common, amongst them a fake ‘Postman’ extension harvesting companies API credentials to target company applications. The security vendor discovered the extensions on networks belonging to hundreds of its customers and found that they were not being flagged as malicious by endpoint protection tools and threat intelligence systems. Malicious extensions have been previously used in malicious campaigns, in 2020 researchers from Awake Security discovered over 100 malicious extensions engaged in a global campaign to steal credentials, take screenshots, and carry out other malicious activity. It was estimated that there were at least 32 million downloads of the malicious extensions. Analyst Comment: This story illustrates the complexities of using modern life as Google is a monolithic corporation that is integrated into everyone’s daily lives, both personal and business. Whilst many may find it difficult to do much without Google, the cost of using this software can often be your own privacy. Users should be aware that Google’s policies and usage of your data is not malicious and is perfectly legal but you are giving up your information. If something is free, you are the product. Tags: Google, Chrome, browser extension, privacy, Firefox, ClearURL Purple Fox Malware Targets Windows Machines With New Worm Capabilities (published: March 24, 2021) Purple Fox, which first appeared in 2018, is an active malware campaign that targeted victims through phishing and exploit kits, it required user interaction or some kind of third-party tool to infect Windows machines. However, the attackers behind the campaign have now upped their game and added new functionality that can brute force its way into victims' systems on its own, according to new research from Guardicore Labs. The researchers identified a new infection vector through Server Message Block (SMB) password brute force and the addition of a rootkit, allowing the actors to hide the malware on a machine making it more difficult to detect and remove. Purple Fox is believed to have compromised around 3,000 servers, the vast majority of which were old versions of Windows Server IIS version 7.5. It was very active in Spring and Summer 2020 before going quiet and then ramping up activity in early 2021. Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). MITRE ATT&CK:	Ransomware Malware Tool Vulnerability Threat
	2021-03-30 15:59:00	CyberPanel makes one-click installing of web-hosted apps and services simple (lien direct)	If you're looking for a replacement for cPanel, CyberPanel might be exactly what you need. Jack Wallen shows you how easy this tool is to deploy.	Tool		★★★★★

Last update at: 2024-07-14 01:08:17
See our sources.

To see everything: Our RSS (filtrered)