What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-05 20:34:57 | Crypto-Hijacking Campaign Leverages New Golang RAT (lien direct) | Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users. | Tool | ||
 |
2021-01-05 14:34:10 | Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th) (lien direct) | [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] | Tool | ||
 |
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2021-01-05 04:59:54 | Ransomware Attacks Linked to Chinese Cyberspies (lien direct) | China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. | Ransomware Tool | APT 27 APT 27 | |
 |
2021-01-01 10:59:21 | GKE Auditor – Detect Google Kubernetes Engine Misconfigurations (lien direct) |  GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.
The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.
Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation
git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh
Usage
The tool has to be built by running the build.sh script first.
Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.
|
Tool | Uber | |
 |
2020-12-30 16:01:41 | Google Docs bug could have allowed hackers to hijack screenshots (lien direct) | Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by […] | Tool | ||
|
2020-12-29 11:31:47 | (Déjà vu) CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365 (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments. The tool was developed to […] | Tool | ||
|
2020-12-29 03:21:53 | A Google Docs Bug Could Have Allowed Hackers See Your Private Documents (lien direct) | Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. | Tool Vulnerability | ||
 |
2020-12-28 12:48:46 | CISA releases Azure, Microsoft 365 malicious activity detection tool (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. [...] | Tool | ||
|
2020-12-25 23:53:44 | CrowdStrike releases free Azure tool to review assigned privileges (lien direct) | CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike that threat actors attempted to read CrowdStrike’s emails by using a compromised Microsoft Azure reseller’s account. “Specifically, they […] | Tool Threat | ||
|
2020-12-25 14:08:50 | CrowdStrike releases free Azure security tool after failed hack (lien direct) | Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. [...] | Hack Tool Threat Guideline | ||
 |
2020-12-22 11:00:01 | Five ways technology is helping get the COVID-19 vaccine from the manufacturer to the doctor\'s office (lien direct) | Pharma companies are using every tool in the digital transformation toolbox to make and deliver billions of doses safely and quickly. | Tool | ||
|
2020-12-20 09:55:11 | New Windows 10 tool lets you group your taskbar shortcuts (lien direct) | A new Windows 10 utility called TaskbarGroups lets you group shortcuts on the taskbar so they can easily be launched without taking up a lot of space. [...] | Tool | ||
|
2020-12-18 12:26:17 | All-source intelligence: reshaping an old tool for future challenges (lien direct) | An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source intelligence discipline could serve the purpose. Today's society hinges on technologies and they will have most likely an ever-increasing clout in […] | Tool | ★★★★ | |
 |
2020-12-17 15:00:00 | Anomali December Release: The Need for Speed (lien direct) | We are happy to announce the Anomali Quarterly Release for December 2020. For our product and engineering teams to deliver this latest set of features and enhancements, they worked closely with our customers with a particular eye to further improving the speed of threat intelligence operations. As organizations mature in their threat intelligence programs and seek to leverage ever-larger quantities of threat intelligence inputs and security telemetry data, the need for capabilities that enhance the efficiency of threat intelligence and SOC analysts becomes paramount. So we worked (and will continue to work) to reduce friction in the moment-to-moment workday of our users and add velocity to overall workflows in a way that improves their organizations’ overall security posture. Examples of enhancements in this latest release include:
Pre-Built Themed Dashboards
The addition of pre-customized, themed dashboards allow analysts to quickly focus on new and relevant intelligence investigations about specific events impacting their organizations. Anomali Threat Research analysts applied their expertise to aid in the design and development of these dashboards for real-world investigation scenarios. Now available via the Anomali ThreatStream threat intelligence platform (TIP), new dashboard themes include COVID-19 indicators of compromise (IOC’s), relevant global cyberthreat activities, and a view to vulnerabilities and exploits that adversaries are using to compromise your systems and data.
Figure 1 - Example Covid-19 IOCs focused dashboard
Figure 2 - Example Global Threat Activity dashboard
Flexible MITRE ATT&CK Framework Coverage — With this new capability, threat intelligence analysts can configure their security coverage levels for each technique in the framework. This allows them to align their work more precisely with targeted organizational security response strategies, which removes friction and increases the speed of overall workflows.
Figure 3 - Analysts can tune security coverage for each Mitre Attack technique
Faster Investigations
To continue making threat analysts’ lives easier and more productive, we’ve added a Threat Card feature that allows users to gain deeper insights into threats without having to navigate to additional pages, and have also improved collaboration in active investigations by introducing visibility and access controls. Analysts will be able to mark their Investigations until completed as “Private,” and optionally increase the visibility to their workgroups or their organization. While users are editing their Investigation, it can be locked so that other team members do not duplicate efforts. Threat analysts also now have greater control over the UI via added mouse functionality, the type of utility that helps them move more quickly through an investigation.
Figure 4 - Active investigations benefit from Threat Cards and privacy controls
Faster Finished Intelligence
Anomali ThreatStream now offers multiple default templates for the creation of finished intelligence products, giving analysts the ability to apply their organizations’ branding to reports and then distribute them directly from ThreatStream to all relevant stakeholders. This added feature gives analysts a more simplified, intuitive and faster way to format and distribute insights and findings they’ve developed.
 |
Tool Threat Guideline | ||
 |
2020-12-17 12:29:01 | This \'off the shelf\' Tor backdoor malware is now a firm favorite with ransomware operators (lien direct) | SystemBC is making its mark as a popular tool used in high-profile ransomware campaigns. | Ransomware Malware Tool | ||
|
2020-12-17 06:39:54 | Phobos launches Orbital, a tool for finding attack pathways and entry points into your network (lien direct) | After months of work, teasing, and planning, Phobos Orbital is out of beta and available for trials. | Tool | ||
 |
2020-12-16 17:40:00 | Attackers Leverage IMAP to Infiltrate Email Accounts (lien direct) | Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP. | Tool | ||
 |
2020-12-16 13:00:00 | Cops Are Getting a New Tool For Family-Tree Sleuthing (lien direct) | Verogen's push into public crime labs with genetic genealogy may help solve more cold cases, but it raises concerns about DNA data collection. | Tool | ||
|
2020-12-15 11:23:36 | Microsoft vs Google: Forms apps for surveys, polls and quizzes (lien direct) | Collecting and organising data has never been easier. But which forms-creation tool should you use? | Tool | ||
 |
2020-12-14 17:37:06 | Comprehensive Guide on Autopsy Tool (Windows) (lien direct) | Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence. The forensic investigation that is carried out on the disk image is displayed here. The results obtained here are of help to investigate and locate relevant information. This tool is used by law enforcement agencies, local... Continue reading → | Tool | ||
 |
2020-12-14 11:00:00 | How secured are touchless solutions? (lien direct) |
This blog was written by an independent guest blogger.
Image Source: TMC
Touchless solutions have risen to the forefront this year because of the latest pandemic that has reshaped the way we work and live. When social distance policies were placed in motion, borders closed, establishments paused operations, and businesses moved online operating amid lockdown.
Touchless technologies had to be put in place almost everywhere to preserve human touch. It has ceased to be just an option since it is now a necessity in the new normal.
And much as the dreaded physical epidemic that subjected the world to the pandemic, computer hackers have exploited the vulnerability of individuals, institutions, and networks amid the height of the crisis. Here are a number of them:
Cyber attacks against Internet-exposed RDP ports soared from 3 million to 4.5 million between January and March 2020.
Increase in attempted security breaches after March to unexpected remote working setup without comprehensive security planning.
Increase in phishing attacks linked to COVID-19 by 667%.
DDoS attacks accounted for 45% of the recorded security threats, and 43% of those were password login attacks. The remainder is malware attacks, web threats, fraudulent DNS queries against client DNS servers, and unclassified attacks.
Corporate ransomware attacks are up, as in the case of attacks against Honda in June 2020 and severe outages triggered by cyber assaults against Garmin in July 2020. It has been confirmed that the attackers came from the Russian organization, Evil Corp.
Canon suffered a ransomware assault by the Maze ransomware gang in August, where 10 TB (terabytes) of data were taken, private databases, and the like.
Deployment of data mining malware such as remote access Trojan, data thieves, spyware, and banking Trojans with COVID-19 linked information as bait.
Growing amounts of fake news or misinformation are circulating quickly among the public. In a cybercrime survey, around 30% of the countries that participated attested to the spread of false COVID-19 information. Other cyberattacks included fraud via mobile text messages.
3 Examples why we need secured touchless solutions
Despite these attacks, there is still no doubt that the need for more touchless tech is urgent. How can touchless solutions be integrated into the workplace, schools, public utilities, and the like without compromising our security?
1.Opt to use personal instead of shared devices.
We need cloud-based software, storage, and other solutions if we go touchless. Using cloud-based software on p |
Ransomware Malware Tool Vulnerability | ||
 |
2020-12-14 07:55:17 | US treasury and commerce departments targeted in cyber attack (lien direct) | All federal civilian agencies are told to switch off a network tool exploited by 'malicious actors'. | Tool | ||
|
2020-12-13 10:30:00 | Hands on with Windows 10\'s built-in Pktmon network monitor (lien direct) | With the Windows 10 October 2018 update release, Microsoft had quietly added a built-in command-line network packet sniffer called Pktmon to Windows 10. Since then, Microsoft has added a few more features to the tool that make it much easier to use. [...] | Tool | ||
 |
2020-12-11 00:00:00 | FireEye Red Team Tool Breach (lien direct) | Cybersecurity vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. Read more on how to protect against these tools by potential adversaries.
|
Tool | ||
|
2020-12-10 09:47:27 | Hackers can use WinZip insecure server connection to drop malware (lien direct) | The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. [...] | Malware Tool | ||
 |
2020-12-10 08:03:00 | FireEye breach explained: How worried should you be? (lien direct) | Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Tool | ||
|
2020-12-09 20:59:57 | Google open-sources Atheris, a tool for finding security bugs in Python code (lien direct) | Atheris helps developers find bugs in Python-based codebases using a technique called fuzzing. | Tool | ||
 |
2020-12-09 16:34:28 | Is Your Language of Choice a Major Flaw Offender? (lien direct) |  In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API improves the time to remediate 50 percent of security flaws by about 17 days, or that C++ and PHP languages have an alarmingly high number of severe security flaws and need greater attention?
It???s not enough to simply stay on top of the biggest flaw offenders and the latest trends. If you want to improve the quality of your code, you need to take that information and apply it to the tools, processes, and languages that you use every day. Knowing these trends in application security before you sit down to code means you???re prepared to fix them quickly or ??? even better ??? prevent them altogether.
This year???s edition of SOSS comes equipped with a standalone report and an interactive heat map to help you do just that; our Flaw Frequency by Language infosheet explores vulnerability trends in various common languages to highlight everyday risks so that you can get ahead of them. This breakdown of the data, which includes information from 130,000 application scans, tells us which languages tend to house the most critical flaws:
 ???
If C++, PHP, .Net, or Java are your languages of choice, take note ??? they???re prone to some of the riskiest vulnerabilities around. In fact, a whopping 59 percent of C++ applications have high and very high-severity flaws, with PHP coming in at a close second place.
 ???
The worm map above is a visual representation of just how prevalent certain flaws are in the languages they impact the most. You can see that (despite being in second place) PHP has a high frequency of risky flaws like Cross-Site Scripting (XSS), cryptographic issues, directory traversal, and information leakage exploits. Another interesting note; you can tell from this worm map that Python and JavaScript are quite similar when it comes to flaw frequency, with fewer occurrences of those high-risk flaws.
 ???
Further breaking down flaw frequency by language, our interactive heat map is a helpful tool for understanding just how risky some of these exploits can be in your languages of choice. Simply click through the vulnerabilities to see the data, gain insight into why these flaws are so dangerous, and learn how to prepare yourself for tackling |
Tool Vulnerability | ★★★ | |
 |
2020-12-08 21:00:00 | Accès non autorisé aux outils d'équipe rouge de FireEye Unauthorized Access of FireEye Red Team Tools (lien direct) |
Présentation
Un adversaire très sophistiqué parrainé par l'État a volé des outils d'équipe rouge Fireeye.Parce que nous pensons qu'un adversaire possède ces outils, et nous ne savons pas si l'attaquant a l'intention d'utiliser les outils volés eux-mêmes ou de les divulguer publiquement, Fireeye publie des centaines de contre-mesures avec ce billet de blog pour permettre à la communauté de sécurité plus large de se protéger contre les centainesces outils.Nous avons incorporé les contre-mesures de nos produits FireEye et avons partagé ces contre-mesures avec des partenaires, les agences gouvernementales limitent considérablement la capacité du mauvais acteur
Overview A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools. We have incorporated the countermeasures in our FireEye products-and shared these countermeasures with partners, government agencies-to significantly limit the ability of the bad actor |
Tool | ★★★★ | |
 |
2020-12-08 19:00:16 | The Remote-Work Transition Shifts Demand for Cyber Skills (lien direct) | According to Cyberseek, an interactive mapping tool that tracks the current state of the security job market, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000). | Tool | ||
 |
2020-12-08 14:13:34 | Coronavirus vaccine side-effect tracker vulnerable to manipulation (lien direct) | A new smartphone tool which can track live side-effect of those vaccinated with the new American coronavirus vaccine is thought to be vulnerable to manipulation. This has raised concerns that malicious actors could access the tools system in order to undermine confidence in the shots, according to both federal and state health officials. The text-messaging […] | Tool | ||
|
2020-12-07 21:32:00 | California Launches COVID-19 CA Notify App, Anomali Reminds Consumers to Remain Vigilant When Participating in Digital Contact Tracing (lien direct) | When it comes to COVID-19, everyone wants to do their part to help the world win the battle against the virus. At Anomali, we are doing everything in our power to contribute to the cause. Our global workforce is personally committed to stopping the spread of the virus and we’ve shifted to a remote-work model that allows all of our employees to remain safe in their homes, as much as possible. We’ve also committed to standing on the frontlines of the second battle raging, the COVID-19 cyberwar. Within the first few days of the start of the pandemic, Anomali Threat Research identified a dozen nefarious groups that had launched malicious email phishing campaigns that used lures themed around COVID-19. By the end of March, our research crew had detected more than 6,000 indicators of compromise (IOCs) about cyberattacks taking place. In the threat intelligence field, an IOC is evidence that an attack is taking place. Download: Anomali infographic detailing COVID-19 pandemic cyberattacks and threat actors To help speed progress in the fight to stop the spread of the virus, many government organizations have partnered with Apple, Google, and other smartphone providers to enable digital contact tracing and exposure alerting. Anyone who opts-in can utilize their devices’ Bluetooth capability to receive an alert when they come into contact with someone who has either tested positive or been exposed to COVID-19. Designed to be anonymous and fully confidential, most agencies using these technologies promise that no personal information or location data will be captured or stored by them. All data is supposed to be kept on users’ devices. Anyone who receives an alert can then take the proper steps to quarantine and get tested. Today, the State of California became the latest to announce a contact tracing and alerting app, CA Notify. Read: Governor Newsom Announces Statewide Expansion of CA Notify, a Smart Phone Tool Designed to Slow the Spread of COVID-19 Anomali applauds government agencies and consumers who turn to every means available to help end the pandemic. We are optimistic that mobile contact tracing apps may help. We acknowledge that the struggle against COVID-19 is an urgent one. We also want to make sure the world understands that when it comes to online activities, security demands vigilance, and consideration. In June, we detected the existence of fake contact tracing apps designed to infect smartphones that used the Android operating system. Although the attack did not happen in the United States, it is worth knowing that anyone who downloaded one of these apps made themselves vulnerable to having banking credentials or other personal information stolen and subjected their device to remote surveillance. Read: Anomali Threat Research Detects Fake COVID-19 Contact Tracing Apps Spreading Malware If you decide to participate in digital contact tracing and alerting, remember that cybercriminals are lurking. Make sure that any apps you download are genuine, and only engage with apps that are present on official platforms such as the Apple App Store and Google Play Store. Don’t, under any circumstances, click on links in emails or text messages urging you to download apps from random sources. With the news that vaccines are on the way, the world is headed into 2021 hopeful that COVID-19 can be brought under control and eventually eradicated. We encourage everyone to do their part to bring this devastating period to an end while remaining vigilant in the face of cybe | Tool Threat | ||
|
2020-12-07 13:15:28 | zANTI – Android Wireless Hacking Tool Free Download (lien direct) |  zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.
This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.
Features of zANTI Android Wireless Hacking Tool
This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward.
Read the rest of zANTI – Android Wireless Hacking Tool Free Download now! Only available at Darknet.
|
Tool | ||
|
2020-12-05 13:56:20 | How to hide unwanted driver updates in Windows 10 (lien direct) | Almost every month, the Windows Update catalogue is updated with unwanted drivers prepared by OEMs and driver vendors. Fortunately, Microsoft allows users to hide or pause specific driver updates using a tool called "Show or hide updates troubleshooter". [...] | Tool | ||
|
2020-12-04 15:48:12 | Nmap for Pentester: Output Format Scan (lien direct) | Nmap which is also known as Network Mapper is one of the best open-source and the handiest tool that is widely used for security auditing and network scanning by pentesters. It also provides an additional feature where the results of a network scan can be recorded in various formats. Table of Contents Introduction- Scan Output... Continue reading → | Tool | ||
|
2020-12-03 20:02:20 | Intel unveils machine programming tool to detect bugs in code (lien direct) | ControlFlag is a new tool that can autonomously detect errors in code. | Tool | ||
|
2020-12-03 12:00:00 | Two cybersecurity hygiene actions to improve your digital life in 2021 (lien direct) | This blog was written by an independent guest blogger. It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual. According to a University of Maryland study, Hackers attack every 39 seconds, on average 2,244 times a day. It may be even higher now that more of us are working remotely because of Covid19 and the attack surface has greatly expanded in numbers and vulnerability. Clearly, with the plethora of breaches, spams, and ransomware we already experienced in 2020, we need to be better prepared in 2021. What are a couple of cybersecurity hygiene action upgrades that will improve outcomes in 2021? #1 Passwords Poor passwords have always been viewed as the low hanging fruit for hackers as the easiest way into the crown jewels of data. Yet, many still use common passwords such as #132456 #password, or birthdays that pose little barriers to letting the bad guys access your accounts, In fact, a UK National Cyber Security Centre 2019 survey analysis discovered that 23.2 million victim accounts from all parts of the world used 123456 as a password. Another 7.8 million data breach victims chose a 12345678 password. More than 3.5 million people globally picked up the word "password" to protect access to their sensitive information. Now that we have all become creatures of social media, hackers can use social engineering tactics by exploring your social media accounts that often highlight pet names (quite often used as passwords - I admit I have been guilty of that too) or other identifiable items that may give clues to passwords and interests. What is particularly alarming is that there are algorithmic programs that can also utilize public social sites and marketing information to “guess” passwords. Actions: remedies are easy to get beyond that bad habit of using easy passwords to crack. Do not use default passwords on your devices and when you do create passwords make them complicated. Consider making them long or using phrases with letters, numbers and characters. Also, do not use the same password for multiple accounts. Make it difficult for hackers to get in with one try. Make their challenges more difficult by using multifactor or biometric authentication such as a fingerprint, facial recognition, or texts to verify it is you when you sign in. And if you want to make things less stressful on your memory (we all forget our passwords), consider using a security token and/or password manager. The bottom line is that secure passwords are a basic step to stronger cyber hygiene. #2 Phishing Phishing is the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization or a website you may frequent. Usually the phishing malware comes via email attachments but can also be web-based. According to an analysis by Webroot, 46,000 new phishing sites are created every day and 1.385 million new, unique phishing sites are created each month. At a more granular level, the firm Wandera says that a new phishing site launches every 20 seconds. Advances in technologies have made it easier for hackers to phish. They can use readily available digital graphics, apply social engineering data, and a vast array of phishing tools, including some automated by machine learning. Phishing is often accompanied by ransomware and a tactic for hackers is to target leadership a | Ransomware Data Breach Malware Tool Vulnerability Threat Guideline | ||
|
2020-12-03 09:40:55 | CI/CD With Veracode Docker Images (lien direct) |  On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it easy to include the current version of Veracode tools in your automation workflow.
Why Docker?
Providing official Docker images addresses customer feedback we???ve received regarding the use of Veracode tools in a pipeline. Without using a Docker image, a customer???s script must download the tool each time to the CI/CD runner, adding time to each run, or a customer must implement their own caching mechanism to avoid redownloading the tool every time. Also, any dependencies required by the Veracode tool, including the Java runtime or Python, must be installed on the local machine, potentially raising issues of version compatibility. Last, some continuous integration pipelines, including AWS CloudStar and TravisCI, require external testing tools to be integrated via containers.
The Veracode Docker images address these concerns. Docker automatically provides caching and makes it easy to always use the latest version available. Also, the Docker image contains any dependencies required by the Veracode tool. Last, the Docker images are supported by Veracode, addressing concerns from customers about having to write their own image or rely on a community-provided one.
Securing Docker images
The Veracode Docker image was originally designed and built by Veracode???s product security team for internal use in pipelines by Veracode development teams. The team has done the following to ensure the images are secure:
The Docker images are built and published to DockerHub via continuous delivery pipelines that include the most current version of each included tool and scan the images for vulnerabilities.
Each image is run with a de-privileged local user to avoid privilege escalation.
The underlying tools are developed with a secure SDLC and are tested with Veracode Static Analysis and Veracode Software Composition Analysis in their own development pipelines.
The images are based on well-known and widely used base images.
Only the prerequisites absolutely needed for downloading the tools in the images are included.
Usage examples
Here are a few samples using the images in continuous integration workflows.
GitLab examples
These examples are drawn from a single workflow that uses all three containers in different stages. (You can see the project in which the workflow is published here.)
Pipeline Scan
Pipeline Scan Static Analysis:
image: veracode/pipeline-scan:latest
stage: Security_Scan
only:
- development
script:
|
Tool | ★★★ | |
|
2020-12-02 15:44:59 | Microsoft Revamps \'Invasive\' M365 Feature After Privacy Backlash (lien direct) | The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts. | Tool | ||
|
2020-12-02 14:41:45 | Productivity Score: Microsoft limits features of new tool following \'workplace surveillance\' concerns (lien direct) | Productivity Score will no longer identify how individual users interact with Microsoft 365 apps. | Tool | ||
|
2020-12-01 03:00:00 | Windows 10 20H2 update fixes broken in-place upgrade feature (lien direct) | Microsoft has released a new cumulative update for Windows 10 20H2 that fixes a bug preventing users from performing in-place upgrades with the Microsoft Media Creation Tool (MCT). [...] | Tool | ★★★★★ | |
|
2020-11-25 17:21:06 | Is 2FA by SMS a bad idea? (lien direct) | Two-factor authentication is ubiquitous and it's a really valuable tool to protect systems and data assets. But with increasing reliance on home working and remote access in the current pandemic, what mechanism should we choose? It's very common these days for SMS messages to be used for two-factor authentication – many cloud service providers use […] | Tool | ||
 |
2020-11-23 21:07:15 | Massive Increase in Global IP Address Visibility (lien direct) | We've had an amazing year here at Team Cymru – the revenue from our commercial offerings has enabled us to invest heavily in community services, through which we support the global IT Security community. We've added more teammates and more no-cost tools and services. This brief post outlines the specific new tool we've been working [...] | Tool | ||
|
2020-11-19 20:35:55 | How to use the new Google Calendar event add tool (lien direct) | Google Calendar has a new event add interface and Jack Wallen is here to show you how easy and efficient it is to use. | Tool | ||
|
2020-11-19 19:00:00 | VBA purgalicious: obscurcissement macro avec purge de VBA Purgalicious VBA: Macro Obfuscation With VBA Purging (lien direct) |
Les documents de bureau malveillants restent une technique préférée pour chaque type d'acteur de menace, des Teamers Red aux groupes FIN en passant par APTS.Dans cet article de blog, nous discuterons de "Purging VBA", une technique que nous avons de plus en plus observée dans la nature et c'était d'abord Documé publiquement par Didier Stevens en février 2020 .Nous expliquerons comment VBA Purging fonctionne avec les documents Microsoft Office au format binaire de fichiers composés (CFBF), partagez certaines opportunités de détection et de chasse et introduire un nouvel outil créé par l'équipe rouge de Mandiant \\: officepurge .
Format de fichier MS-OVBA
Avant de plonger dans la purge VBA, c'est
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. We will explain how VBA purging works with Microsoft Office documents in Compound File Binary Format (CFBF), share some detection and hunting opportunities, and introduce a new tool created by Mandiant\'s Red Team: OfficePurge. MS-OVBA File Format Before diving into VBA Purging, it is |
Tool Threat Technical | ★★★★ | |
|
2020-11-19 16:23:50 | Healthcare Orgs: What You Need to Know About TrickBot and Ryuk (lien direct) |  In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, ?????ヲcredible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,??? which they shared as a warning of potential ransomware attacks.
In the report, the agencies found that threat actors are targeting the HPH Sector using TrickBot and BazarLoader malware efforts, which can result in the disruption of healthcare services, the initiation of ransomware attacks, and the theft of sensitive data. As noted in the advisory, these security issues are even more difficult to handle and remediate during the COVID-19 pandemic; something healthcare providers should take that into consideration when determining how much to invest in their cybersecurity efforts.ツ?
The FBI first began tracking TrickBot modules in early 2019 as it was used by cyberattackers to go after large corporations. According to the report, ?????ヲTrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.???
What makes it so dangerous? Researchers found that TrickBot developers created a tool called anchor_dns which uses a single-byte X0R cipher to obfuscate communications and, once de-obfuscated, is discoverable in DNS request traffic. When the malware is successfully executed, TrickBot is copied as an executable file and the copy is placed into one of the following directories:
C:\Windows\
C:\Windows\SysWOW64\
C:\Users\[Username]\AppData\Roaming\
From there, the executable file downloads modules from command and control servers (C2s) and places them into the host???s %APPDATA% or %PROGRAMDATA% directory. Every 15 minutes, the malware runs scheduled tasks on the victim???s machine for persistence, and after successful execution, anchor_dns deploys more malicious .bat scripts and implements self-deletion techniques through commands. The report notes that an open source tracker for TrickBot C2 servers is located here.
BazarLoader and Ryuk ransomware
CISA, FBI, and HHS note in the advisory report that around early 2020, threat actors believed to be associated with TrickBot began executing BazarLoader and BazarBackdoor attacks to infect targeted networks.
???The loader and backdoor work closely together to achieve infection and communicate with the same C2 infrastructure,??? the report says. ???Campaigns using Bazar represent a new technique for cybercriminals to infect and monetize networks and have increasingly led to the deployment of ransomware, including Ryuk. BazarLoader has become one of the most commonly used vectors for ransomware deployment.???
BazarLoader malware usually comes from phishing emails, the advisory says, with a link to a Google Drive document or another file hosting service housing what looks like a PDF file but is really an executable. The emails often appear personal with recipient or employer names in the subject l |
Ransomware Malware Tool Threat Patching | ★★★ | |
|
2020-11-18 13:06:19 | DNScat2: Application Layer C&C (lien direct) | In today's world, IT infrastructure and network security devices are becoming more and more secure and hence, ports like 53 (DNS) is used as a communication channel between a client and a C2 server. In highly restricted environments, DNS always resolves domains. So, to serve our penetration testing purpose we might require a tool that... Continue reading → | Tool | ||
|
2020-11-18 12:59:41 | Zoom: These new features will prevent trolls and meeting-crashers (lien direct) | Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links. | Tool | ||
 |
2020-11-18 12:35:28 | Experts Reacted On The News That Vulnerabilities Discovered In Cisco Security Manager “Relatively Easy To Exploit” (lien direct) | Cisco has published advisories for three vulnerabilities in Cisco Security Manager, a tool used to manage Cisco devices. The vulnerabilities were recently discovered and disclosed by security researcher Florian Hauser of… The ISBuzz Post: This Post Experts Reacted On The News That Vulnerabilities Discovered In Cisco Security Manager “Relatively Easy To Exploit” | Tool |
To see everything:
Our RSS (filtrered)
