What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-14 01:02:26 | L'offre APE \\ d'APE fait de grandes promesses d'intimité Apple\\'s AI Offering Makes Big Privacy Promises (lien direct) |
La garantie de confidentialité d'Apple \\ sur chaque transaction d'IA - qu'elle soit sur l'appareil ou le cloud - est ambitieuse et pourrait influencer les déploiements d'IA dignes de confiance sur l'appareil et dans le cloud, selon les analystes.
Apple\'s guarantee of privacy on every AI transaction -- whether on-device or cloud -- is ambitious and could influence trustworthy AI deployments on device and in the cloud, analysts say. |
Cloud | ||
 |
2024-06-13 18:33:01 | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion (lien direct) | ## Instantané Mandiant a découvert une campagne de cyber-menaces ciblant les instances de la base de données des clients de Snowflake, visant à voler des données et à extorquer les victimes.Snowflake est une entreprise de cloud de données basée sur le cloud computing américain & # 8211;. ## Description Cette campagne, attribuée à un groupe mandiant suit en tant que UNC5537, implique un compromis systématique des instances de flocon de neige en utilisant des informations d'identification des clients volés.Ces informations d'identification ont été principalement acquises via des logiciels malveillants InfoSteller dès 2020. Lire Microsoft \'s [Profil d'outil sur les infostellers] (https://security.microsoft.com 6). Mandiant n'a trouvé aucune preuve que les propres systèmes de Snowflake \\ ont été violés;Au contraire, les violations étaient dues à des informations d'identification des clients compromis.En avril 2024, Mandiant a identifié les enregistrements de la base de données volés à partir d'une instance de flocon de neige, conduisant à une enquête qui a révélé l'utilisation de logiciels malveillants infoséaler pour obtenir des informations d'identification.Une vulnérabilité importante était le manque d'authentification multi-facteurs (MFA) sur les comptes compromis. En mai 2024, Mandiant a identifié une campagne plus large ciblant plusieurs clients de flocon de neige, ce qui a entraîné des notifications à environ 165 organisations.Snowflake a depuis fourni des conseils de détection et de durcissement à ses clients.Les titres de compétences compromis ont été obtenus auprès de VARious Infostalers tels que Vidar, Risepro, Redline, [Lumma] (https://security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20E41C285A56F796EB39F57531AD), Metastealer, et voleur de raton laveur, avec de nombreux années il y a des années et jamais tournés ou sécurisés avec le MFA. UNC5537 a utilisé des VPN et des serveurs privés virtuels (VP) pour accéder et exfiltrer les données des instances de flocon de neige, essayant plus tard de vendre ces données sur les forums cybercriminaux.Le groupe a mis à profit l'utilité des engelures pour la reconnaissance et a utilisé les utilitaires de gestion des bases de données pour une nouvelle exploitation. Le succès de la campagne \\ est attribué à de mauvaises pratiques de gestion et de sécurité des diplômes, tels que le manque de MFA et le non-mise à jour des informations d'identification.Cet incident met en évidence les risques posés par des logiciels malveillants d'infostaler répandus et l'importance des mesures de sécurité robustes pour protéger les entrepôts de données basés sur le cloud.Mandiant prévoit que l'UNC5537 continuera à cibler les plates-formes SaaS en raison de la nature lucrative de ces attaques. ## Détections / requêtes de chasse ** Microsoft Defender pour le point de terminaison ** Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: - * [PWS: win32 / vidar] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=pws:win32 / vidar & menaceID = -2147198594) * - * [Ransom: win32 / vidar] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=ransom:win32/vidar& ;thereatid=-2147235644) * * - [* trojan: win32 / vidar *] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=trojan:win32/vidar.paz!mtb& ;thered=-2147125956) - [* Trojan: Win32 / Risepro *] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojan:win32/RISEPRO&Thereatid=-2147077417) - [* pws: win32 / shisepro *] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=pws:win32/risepro!msr& ;TheRatetid=-2147070426) - [* Trojan: Win32 / Redline *] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojan:win32/redline& ;ther | Spam Malware Tool Vulnerability Threat Cloud | ★★ | |
 |
2024-06-13 18:05:49 | Deux campagnes récentes du Brésil et de la Corée exploitant des services cloud légitimes Two Recent Campaigns from Brazil and Korea Exploiting Legitimate Cloud Services (lien direct) |
> L'exploitation des services cloud est une arme flexible entre les mains des attaquants, si flexible que nous découvrons de nouvelles campagnes abusant quotidiennement des applications légitimes.Que les acteurs de la menace soient motivés par la cybercriminalité ou le cyberespionnage, ils continuent de cibler différents publics dans différentes régions géographiques du monde, exploitant différents services dans différents [& # 8230;]
>The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis. Whether threat actors are driven by cybercrime or cyberespionage, they continue to target different audiences in different geographical regions of the world, exploiting different services in different […] |
Threat Cloud | ★★★ | |
 |
2024-06-13 17:00:00 | Pourquoi la sécurité SaaS est soudainement chaude: courir pour défendre et se conformer Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (lien direct) |
Les cyberattaques récentes de la chaîne d'approvisionnement incitent les réglementations de cybersécurité dans le secteur financier pour resserrer les exigences de conformité, et d'autres industries devraient suivre.De nombreuses entreprises n'ont toujours pas de méthodes efficaces pour gérer les tâches de sécurité et de conformité SaaS et de conformité.Les outils d'évaluation des risques SaaS gratuits sont un moyen facile et pratique de proposer une visibilité et initiale
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don\'t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial |
Tool Cloud | ★★★ | |
 |
2024-06-13 14:23:33 | Les avantages de sécurité méconnus de la migration du cloud The unsung security benefits of cloud migration (lien direct) |
D'une meilleure isolation aux points d'étranglement bien définis, les défenseurs découvrent de plus en plus de prestations de sécurité du cloud.
From better isolation to well-defined choke points, defenders are discovering more and more cloud security benefits. |
Cloud | ★★ | |
 |
2024-06-13 14:00:00 | UNC3944 cible les applications SaaS UNC3944 Targets SaaS Applications (lien direct) |
Introduction
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider," and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse. Active since at least May 2022, UNC3944 has leveraged underground communities like Telegram to acquire tools, services, and support to enhance their operations.
Initially, UNC3944 focused on credential harvesting and SIM swapping attacks in their operations, eventually migrating to ransomware and data theft extortion. However, recently, UNC3944 has shifted to primarily data theft extortion without the use of ransomware. This change in objectives has precipitated an expansion of targeted industries and organizations as evidenced by Mandiant investigations.
Evidence also suggests UNC3944 has occasionally resorted to fearmongering tactics to gain access to victim credentials. These tactics include threats of doxxing personal information, physical harm to victims and their families, and the distribution of compromising material.
This blog post aims to spotlight UNC3944\'s attacks against SaaS applications, providing insights into the group\'s evolving TTPs in line with its shifting mission objectives.
Tactics, Techniques, and Procedures (TTPs)
Figure 1: UNC3944 attack lifecycle
Mandiant has observed UNC3944 in multiple engagements leveraging social engineering techniques against corporate help desks to gain initial access to existing privileged accounts. Mandiant has analyzed several forensic recordings of these call center attacks, and of the observed r |
Ransomware Tool Threat Cloud | ★★★ | |
 |
2024-06-13 12:53:58 | Navigation des étapes de la maturité de l'AppSec: un guide tactique pour la gestion des risques Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management (lien direct) |
Dans le paysage numérique en évolution rapide, la maturité du programme de sécurité des applications (APPSEC) d'une organisation n'est pas seulement bénéfique;Il est impératif de la résilience à grande échelle et réduisant l'accumulation de la dette de sécurité.Étant donné que les logiciels sont de plus en plus centraux des opérations commerciales, la nécessité de programmes APPSEC robustes n'a jamais été aussi critique.Voici un guide pour comprendre les différentes étapes de la maturité de l'AppSec et comment évoluer à travers eux pour une gestion efficace des risques.
Pourquoi la maturité de l'application est importante pour la gestion des risques maximisés
La maturité de l'APPSEC fait référence au niveau de sophistication et d'efficacité de l'approche d'une organisation pour sécuriser leurs applications.Il comprend les outils et les processus en place et la culture et l'état d'esprit envers la sécurité au sein de l'organisation.
Alors que les entreprises continuent d'intégrer des technologies plus sophistiquées telles que l'intelligence artificielle (IA) et les services cloud dans leurs processus de développement, la complexité, le risque et…
In the rapidly evolving digital landscape, the maturity of an organization\'s Application Security (AppSec) program is not just beneficial; it\'s imperative for resilience at scale and reducing security debt accumulation. Since software is increasingly central to business operations, the need for robust AppSec programs has never been more critical. Here\'s a guide to understanding the various stages of AppSec maturity and how to evolve through them for effective risk management. Why AppSec Maturity Matters for Maximized Risk Management AppSec maturity refers to the level of sophistication and effectiveness of an organization\'s approach to securing their applications. It includes the tools and processes in place and the culture and mindset towards security within the organization. As companies continue to integrate more sophisticated technologies such as artificial intelligence (AI) and cloud services into their development processes, the complexity, risk, and… |
Tool Cloud | ★★ | |
 |
2024-06-13 12:00:46 | Gestion de la posture de sécurité SaaS de renforcement avec une architecture de confiance zéro Bolster SaaS Security Posture Management with Zero Trust Architecture (lien direct) |
Selon le rapport de la sécurité de l'état de la SAAS de 2023 d'Appomni \\, 79% des organisations ont signalé un incident de sécurité SaaS au cours de la période précédente de 12 mois.Alors que les entreprises stockent et traitent progressivement des données plus sensibles dans les applications SaaS, il n'est pas surprenant que la sécurité de ces applications soit plus importante.Solutions de service de sécurité (SSE) avec [& # 8230;] 
According to AppOmni\'s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period. As enterprises incrementally store and process more sensitive data in SaaS applications, it is no surprise that the security of these applications has come into greater focus. Security Service Edge (SSE) solutions with […] |
Cloud | ★★ | |
 |
2024-06-13 11:53:03 | Sécurité applicative : Lancement de nouvelles fonctionnalités offrant aux entreprises une visibilité complète " du code au cloud " et l\'analyse des risques cloud natifs (lien direct) | Une réduction du " bruit " de plus de 80 % grâce à la consolidation, la corrélation, la hiérarchisation et la gestion des risques, tout cela rendu possible grâce à une visibilité complète du code au cloud, et l'intégration d'informations d'exécution directement fournies par les CSP (Cloud Service Providers) Checkmarx, leader de la sécurité des applications cloud-natives, a lancé Checkmarx Application Security Posture Management (ASPM) et Cloud Insights pour fournir aux organisations une visibilité inédite (...) - Produits | Cloud | ★★ | |
 |
2024-06-13 08:07:02 | Cloud public : le PaaS croît, AWS décroît (lien direct) | IDC entérine la baisse de la part d'AWS sur le marché mondial du cloud public. | Cloud | ★★ | |
|
2024-06-13 07:37:15 | Suprema reçoit la certification internationale de la sécurité et de la protection des données du cloud Suprema Receives International Cloud Security and Data Protection Certification (lien direct) |
a acquis la certification de sécurité du cloud \\ 'CSA Star \' et a renouvelé les certifications ISO27001 et ISO27701 et prêt à présenter le service mondial du cloud Suprema, un leader mondial de solutions de sécurité basées sur l'IA, a acquis la certification internationale du système de sécurité du cloud standard \\ 'CSA Star (sécurité, fiducie, assurance, risque) niveau 2 \' publié par la CSA (Cloud Security Alliance), et a renouvelé à la fois l'ISO / IEC 27001 (sécurité de l'informationSystème de gestion) et ISO / IEC 27701 (informations de confidentialité (...)
-
nouvelles commerciales
Acquired the cloud security certification \'CSA STAR\' and renewed the ISO27001 & ISO27701 certifications and ready to showcase global cloud service Suprema, a global leader of AI-based security solutions, has acquired the international standard cloud security system certification \'CSA STAR (Security, Trust, Assurance, Risk) Level 2\' issued by the CSA(Cloud Security Alliance), and renewed both the ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information (...) - Business News |
Cloud | ★★ | |
|
2024-06-13 07:25:12 | Thales s\'allie à Google Cloud pour offrir aux organisations des capacités avancées de détection et de réponse aux cyberattaques (lien direct) | Thales et Google Cloud annoncent la signature d'un nouveau partenariat d'envergure visant à offrir aux clients de Thales une plateforme globale de SOC (Centre Opérationnel de Cybersécurité) offrant des capacités avancées de détection et de réponse aux incidents de cybersécurité. Thales a choisi de s'associer à Google Cloud pour renforcer ses capacités de détection et de réponse aux cyberattaques sur les systèmes d'information des organisations. Ces services de nouvelle génération combinent l'expertise de (...) - Business | Cloud | ★★ | |
 |
2024-06-12 16:00:00 | CVE-2024-5906 PRISMA Cloud Calcul: Vulnérabilité de script inter-sites (XSS) stockée dans l'interface Web (gravité: médium) CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: MEDIUM) (lien direct) |
Pas de details / No more details | Vulnerability Cloud | ||
|
2024-06-12 14:00:00 | Aperçu sur les cyber-menaces ciblant les utilisateurs et les entreprises au Brésil Insights on Cyber Threats Targeting Users and Enterprises in Brazil (lien direct) |
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society. Many of the cyber espionage threat actors that are prolific in campaigns across the globe are also active in carrying out attempted intrusions into critical sectors of Brazilian society. Brazil also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. At the same time, the threat landscape in Brazil is shaped by a domestic cybercriminal market, where threat actors coordinate to carry out account takeovers, conduct carding and fraud, deploy banking malware and facilitate other cyber threats targeting Brazilians. The rise of the Global South, with Brazil at the forefront, marks a significant shift in the geopolitical landscape; one that extends into the cyber realm. As Brazil\'s influence grows, so does its digital footprint, making it an increasingly attractive target for cyber threats originating from both global and domestic actors. This blog post brings together Google\'s collective understanding of the Brazilian threat landscape, combining insights from Google\'s Threat Analysis Group (TAG) and Mandiant\'s frontline intelligence. As Brazil\'s economic and geopolitical role in global affairs continues to rise, threat actors from an array of motivations will further seek opportunities to exploit the digital infrastructure that Brazilians rely upon across all aspects of society. By sharing our global perspective, we hope to enable greater resiliency in mitigating these threats. Google uses the results of our research to improve the safety and security of our products, making them secure by default. Chrome OS has built-in and proactive security to protect from ransomware, and there have been no reported ransomware attacks ever on any business, education, or consumer Chrome OS device. Google security teams continuously monitor for new threat activity, and all identified websites and domains are added to Safe Browsing to protect users from further exploitation. We deploy and constantly update Android detections to protect users\' devices and prevent malicious actors from publishing malware to the Google Play Store. We send targeted Gmail and Workspace users government-backed attacker alerts, notifying them of the activity and encouraging potential targets to enable Enhanced Safe Browsing for Chrome and ensure that all devices are updated. Cyber Espionage Operations Targeting Brazil Brazil\'s status as a globally influential power and the largest economy in South America have drawn attention from c |
Ransomware Spam Malware Tool Vulnerability Threat Mobile Medical Cloud Technical | APT 28 | ★★ |
 |
2024-06-12 13:59:54 | Les entreprises \\ 'Les échecs de la sécurité du cloud sont \\' concernant \\ '- à mesure que les menaces AI accélèrent Businesses\\' cloud security fails are \\'concerning\\' - as AI threats accelerate (lien direct) |
Pas assez d'organisations effectuent des audits réguliers pour s'assurer que leur environnement cloud est sécurisé.
Not enough organizations are conducting regular audits to ensure their cloud environments are secured. |
Cloud | ★★★ | |
|
2024-06-12 13:24:00 | Classement Top Malware - mai 2024 : le botnet Phorpiex déclenche une frénésie de phishing, LockBit3 reprend la main (lien direct) | Les chercheurs ont découvert une campagne de diffusion de ransomware orchestrée par le botnet Phorpiex qui cible des millions d'utilisateurs par le biais d'e-mails de phishing ; De son côté, le groupe de ransomware Lockbit3 a repris du service après une courte interruption et représente un tiers des attaques par ransomware enregistrées Check Point® Software Technologies Ltd., l'un des principaux fournisseurs de plateformes de cybersécurité alimentées par l'IA et hébergées dans le cloud, a publié son (...) - Malwares | Ransomware Malware Cloud | ★★ | |
|
2024-06-12 08:41:43 | Oracle se taille une part du gâteau OpenAI (lien direct) | OpenAI a négocié une extension de capacité sur le cloud d'Oracle, en complément à Azure. | Cloud | ★★ | |
|
2024-06-12 07:21:22 | Sysdig et Mend.io accélérent la livraison de logiciels sécurisés (lien direct) | Sysdig, leader de la sécurité cloud alimentée par l'analyse en temps réel d'exécution et Mend.io, un leader dans le domaine de la sécurité des applications d'entreprise dévoilent une solution commune destinée à aider les développeurs et les équipes de sécurité à accélérer la livraison de logiciels sécurisés, du développement au déploiement. L'intégration incorpore l'échange d'informations d'exécution et de contexte de propriété d'application entre Sysdig Secure et Mend Container pour fournir aux utilisateurs une (...) - Produits | Cloud | ★★ | |
|
2024-06-11 22:30:16 | Fortinet prévoit d'acquérir la lacet Fortinet Plans to Acquire Lacework (lien direct) |
La dentelle recherche un acheteur depuis un certain temps.L'accord donne à Fortinet un coup de pouce dans l'espace de sécurité du cloud.
Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space. |
Cloud | ★★ | |
|
2024-06-11 21:31:50 | CheckMarx Application Security Posture Management et Cloud Insights Offrir une visibilité du code à cloud Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility (lien direct) |
Pas de details / No more details | Cloud | ★★★ | |
|
2024-06-11 19:47:45 | APT Attacks Using Cloud Storage (lien direct) | ## Snapshot AhnLab Security Intelligence Center (ASEC) has identified APT attacks utilizing cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. ## Description Threat actors upload malicious scripts, RAT malware strains, and decoy documents to cloud servers to execute various malicious behaviors. The attack process involves distributing EXE and shortcut files disguised as HTML documents, which then decode and execute PowerShell commands to download decoy documents and additional files. The threat actor\'s Dropbox contains various decoy documents, and the malware downloaded from the cloud includes XenoRAT, capable of performing malicious activities and communicating with the C2 server. The threat actor appears to target specific individuals and continuously collect information to distribute tailored malware. The threat actor\'s email addresses and C2 server address were identified during the analysis, and users are advised to be cautious as the malware not only leaks information and downloads additional malware strains but also performs malicious activities such as controlling the affected system. Additionally, users are warned to verify file extensions and formats before running them, as multiple malware strains have been found to utilize shortcut files. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of Information Stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magicti_ta_learndoc) to check attachments to inbound email. - Encourage users to use Microsoft Edge and other web browsers that support [SmartScreen](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-protection-overview?ocid=magicti_ta_learndoc), which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enforce MFA on all accounts, remove users excluded from MFA, and strictly [require MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?ocid=magicti_ta_learndoc) from all devices, in all locations, at all times. - Enable passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA. [Refer to this article](https://learn.microsoft.com/azure/active-directory/authentication/concept-authentication-methods?ocid=magicti_ta_learndoc) for the different authentication methods and features. - For MFA that uses authenticator apps, ensure that the app requires a code to be typed in where possible, as many intrusions where MFA was enable | Ransomware Spam Malware Tool Threat Cloud | ★★★ | |
 |
2024-06-11 17:36:11 | Issue avec le service d'exportation d'importation Amazon EC2 VM Issue with Amazon EC2 VM Import Export Service (lien direct) |
Date de publication: & nbsp; 2024/06/11 10:30 AM PDT
aws & nbsp; est conscient d'un problème avec le cloud Amazon Elastic Compute (Amazon EC2) Import VMService d'exportation (VMIE).Le 12 avril 2024, nous avons abordé ce problème et pouvons confirmer que les nouvelles importations de système d'exploitation Windows ne sont pas affectées.
Lorsque & nbsp; en utilisant le service VIE EC2 pour importer une machine virtuelle à l'aide de Windows OS, les clients peuvent éventuellement utiliser leur propre fichier de réponse Sysprep.Avant le 12 avril 2024, le service EC2 Vmie avait un problème où, si un client importait une machine virtuelle utilisant le système d'exploitation Windows à utiliser comme AMI ou instance, une copie de sauvegarde identique du fichier de réponse serait créée sans que les données sensibles ne soient supprimées siinclus dans le fichier.Ce fichier de sauvegarde n'est accessible qu'aux utilisateurs de Windows à instance qui avaient la permission d'accéder au fichier de réponse fourni par le client.
pour & nbsp; clients qui ont utilisé le service EC2 Vmie de cette manière, nous vous recommandons de vérifier un nom de fichier se terminant par .vMimport dans les emplacements suivants, qui sont associés à sysprep:
C: \
C: \ Windows \ Panther \
C: \ Windows \ Panther \ Union \
C: \ Windows \ System32 \
C: \ Windows \ System32 \ Sysprep \ Panther \ Unettend \
Une fois & nbsp; vous identifiez le fichier .vMimport, limitez l'accès aux comptes d'utilisateurs nécessaires ou supprimez complètement le fichier de sauvegarde sur l'instance EC2 importée ou les instances lancées à partir d'un AMI affecté.La réalisation de l'une ou l'autre de ces actions n'affectera pas la fonctionnalité de l'instance EC2.Étant donné que les nouvelles instances EC2 lancées à l'aide d'une AMI affectée seront affectées par ce numéro, nous recommandons aux clients de supprimer l'AMI affecté et de créer un nouveau AMI à l'aide du service EC2 VM Import Export (VIE) pour réimportant la machine virtuelle ou utilisez le EC2 EC2API / Console pour créer un nouvel AMI à partir de l'instance EC2 où le correctif a été appliqué.
Non & nbsp; l'action est requise pour les utilisateurs qui avaient étendu l'accès au fichier de réponse sysprep avant d'utiliser le service EC2 Vmie pour importer le système d'exploitation Windows ou qui a utilisé le service EC2 Vmie après le 12 avril 2024, pour importer Windows OS avec / sans sysprep SysprepRéponse le fichier dans n'importe quelle région AWS.
we & nbsp; tiendons à remercier les laboratoires immersifs d'avoir divulgué de manière responsable ce problème à Aws.
Des questions ou des préoccupations liées à la sécurité peuvent être portées à notre attention via aws-security@amazon.com .
Publication Date: 2024/06/11 10:30 AM PDT AWS is aware of an issue with the Amazon Elastic Compute Cloud (Amazon EC2) VM Import Export Service (VMIE). On April 12, 2024, we addressed this issue and can confirm new Windows OS imports are not affected. When using the EC2 VMIE service to import a VM using Windows OS, customers can optionally use their own Sysprep answer file. Before April 12, 2024, the EC2 VMIE service had an issue where, if a customer imported a VM using Windows OS to use as an AMI or instance, then an identical b |
Cloud | ||
|
2024-06-11 16:05:31 | Vérifier le logiciel simplifie la sécurité des applications cloud avec les WAFAA alimentés par AI Check Point Software Simplifies Cloud Application Security with AI-Powered WAFaaS (lien direct) |
Vérifier le logiciel Point simplifie la sécurité des applications cloud avec les wafaas alimentés par AI
Le nouveau CloudGuard WAF-AS-A-SERVICE propose une solution évolutive entièrement gérée et autonomisant les entreprises pour naviguer dans le monde numérique avec confiance et résilience
-
revues de produits
Check Point Software Simplifies Cloud Application Security with AI-Powered WAFaaS The New CloudGuard WAF-as-a-Service offers a fully managed, scalable solution empowering businesses to navigate the digital world with confidence and resilience - Product Reviews |
Cloud | ★★ | |
|
2024-06-11 16:00:05 | Cisco simplifie la sécurité du cloud avec l'insertion de service AWS Cloud WAN Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion (lien direct) |
Découvrez comment Cisco Cloud Security s'intègre à AWS Cloud Wan 
Learn how Cisco cloud security integrates with AWS Cloud WAN |
Cloud | ★★ | |
|
2024-06-11 15:40:00 | Apple lance un calcul de cloud privé pour le traitement d'IA centré sur la confidentialité Apple Launches Private Cloud Compute for Privacy-Centric AI Processing (lien direct) |
Apple a annoncé le lancement d'un "système d'intelligence cloud révolutionnaire" appelée Private Cloud Compute (PCC) conçue pour le traitement des tâches d'intelligence artificielle (AI) d'une manière préservant de la confidentialité dans le cloud.
Le géant de la technologie a décrit le PCC comme "l'architecture de sécurité la plus avancée jamais déployée pour le calcul de Cloud AI à grande échelle".
PCC coïncide avec l'arrivée de la nouvelle IA générative (
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that\'s designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI ( |
Cloud | ★★★ | |
|
2024-06-11 15:02:18 | Protéger vos applications dans le cloud avec NetSkope et AWS Safeguard Your Apps in the Cloud with Netskope and AWS (lien direct) |
> Co-écrit par Muhammad Abid, Fan Gu et Darshan Karanth offrent une protection complète de bout en bout avec une plate-forme de NetSkope One et une insertion de service WAN Cloud dans notre dernier article de blog, nous avons discuté de la façon dont les clients peuvent accélérer la transformation du cloud avec Nettskope Borderless SD SD SD-Wan et AWS Cloud Wan Intégration.Cette intégration au niveau du réseau permet aux clients d'automatiser l'accès à la charge de travail depuis [& # 8230;]
>Co-authored by Muhammad Abid, Fan Gu, and Darshan Karanth Provide complete end-to-end protection with Netskope One Platform and AWS Cloud WAN Service Insertion In our last blog post, we discussed how customers can accelerate cloud transformation with Netskope Borderless SD-WAN and AWS Cloud WAN integration. This network-level integration allows customers to automate workload access from […] |
Cloud | ★★ | |
 |
2024-06-11 14:51:31 | CloudGuard Network Security s'intègre à l'insertion de service Cloud WAN AWS au lancement pour améliorer l'efficacité opérationnelle des équipes de sécurité du cloud CloudGuard Network Security integrates with AWS Cloud WAN Service Insertion at launch to improve the operational efficiency of cloud security teams (lien direct) |
> Dans le paysage en constante évolution de la sécurité du cloud, rester en avance sur les menaces est la priorité absolue pour les équipes de sécurité informatique.Cependant, pour de nombreuses organisations qui connaissent une pénurie d'ingénieurs de sécurité et une surcharge de tâches de sécurité, il est souvent aussi important d'améliorer les équipes de sécurité \\ 'efficacité opérationnelle.(Dans une récente enquête, 76% des répondants ont déclaré que leur organisation était actuellement confrontée à une pénurie de talents de cybersécurité.) Des milliers de clients AWS choisissent d'améliorer leur sécurité AWS avec la sécurité du réseau CloudGuard, et Check Point est heureux d'annoncer que CloudGuardLa sécurité du réseau est un partenaire d'intégration de AWS Cloud WAN [& # 8230;]
>In the ever-evolving landscape of cloud security, staying ahead of threats is the top priority for IT security teams. However, for many organizations experiencing a shortage in security engineers and an overload of security tasks, it is often as important to improve security teams\' operational efficiency. (In a recent survey, 76% of respondents said their organization is currently facing a shortage of cyber security talent.) Thousands of AWS customers choose to enhance their AWS security with Check Point CloudGuard Network Security, and Check Point is happy to announce that CloudGuard Network Security is an integration partner of AWS Cloud WAN […] |
Cloud | ★★★ | |
|
2024-06-11 13:27:38 | Sentinelone a annoncé le lancement de Sintilarity Cloud Workload Security pour des conteneurs sans serveur SentinelOne announced the launch of Singularity Cloud Workload Security for Serverless Containers (lien direct) |
Sentinelone transforme la sécurité du cloud pour les clients AWS
Les nouveaux produits offrent une protection axée sur l'IA pour les ressources sans serveur exécutées dans AWS Fargate
-
revues de produits
SentinelOne transforms cloud security for AWS customers New products deliver AI-driven protection for serverless resources running in AWS Fargate - Product Reviews |
Cloud | ★★ | |
|
2024-06-11 12:22:00 | Snowflake Breach expose 165 clients \\ 'Données dans la campagne d'extorsion en cours Snowflake Breach Exposes 165 Customers\\' Data in Ongoing Extortion Campaign (lien direct) |
Jusqu'à 165 clients de Snowflake auraient eu leurs informations potentiellement exposées dans le cadre d'une campagne en cours conçue pour faciliter le vol de données et l'extorsion, ce qui indique que l'opération a des implications plus larges qu'on ne le pensait précédemment.
Mandiant appartenant à Google, qui aide la plate-forme d'entreposage des données cloud dans ses efforts de réponse aux incidents, suit le suivi
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the cloud data warehousing platform in its incident response efforts, is tracking the |
Cloud | ★★★ | |
|
2024-06-11 12:07:49 | CheckMarx a publié CheckMarx Application Security Posture Management (ASPM) et Cloud Insights Checkmarx has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights (lien direct) |
La gestion de la posture de sécurité des applications CheckMarx et les informations sur le cloud offrent aux entreprises les entreprises à la visibilité et à l'analyse du risque d'applications natifs du cloud
De nouvelles capacités puissantes réduisent le «bruit» de plus de 80% avec la consolidation, la corrélation, la priorité et la gestion des risques qui tirent parti de la visibilité du code au cloud, incorporant des informations d'exécution directement des fournisseurs de cloud
-
revues de produits
New Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-cloud Visibility and Analysis of Cloud-native AppSec Risk Powerful new capabilities reduce “noise” by more than 80% with consolidation, correlation, prioritization and risk management that leverage visibility from code to cloud, incorporating runtime insights directly from cloud providers - Product Reviews |
Cloud | ★★ | |
 |
2024-06-11 08:48:05 | Le stockage pur confirme la violation des données après le piratage du compte de flocon de neige Pure Storage confirms data breach after Snowflake account hack (lien direct) |
Pure Storage, l'un des principaux fournisseurs de systèmes et de services de stockage cloud, a confirmé lundi que les attaquants avaient violé son espace de travail de flocon de neige et ont eu accès à ce que l'entreprise décrit comme des informations de télémétrie [...]
Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [...] |
Data Breach Hack Cloud | ★★★ | |
 |
2024-06-11 00:44:51 | Attaques aptes utilisant le stockage cloud APT Attacks Using Cloud Storage (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a partagé des cas d'attaques dans lesquels les acteurs de la menace utilisent des services de cloud telsEn tant que Google Drive, OneDrive et Dropbox pour collecter des informations utilisateur ou distribuer des logiciels malveillants.[1] [2] [3] & # 160; Les acteurs de la menace télécharge principalement des scripts malveillants, des souches de logiciels malveillants de rat et des documents de leurre sur les serveurs cloud pour effectuer des attaques.Les fichiers téléchargés fonctionnent systématiquement et effectuent divers comportements malveillants.Le processus du premier fichier de distribution à l'exécution des logiciels malveillants de rat est le suivant: dans tel ...
AhnLab SEcurity intelligence Center (ASEC) has been sharing cases of attacks in which threat actors utilize cloud services such as Google Drive, OneDrive, and Dropbox to collect user information or distribute malware. [1][2][3] The threat actors mainly upload malicious scripts, RAT malware strains, and decoy documents onto the cloud servers to perform attacks. The uploaded files work systematically and perform various malicious behaviors. The process from the first distribution file to the execution of RAT malware is as follows: In such... |
Malware Threat Cloud | ★★ | |
|
2024-06-10 21:47:00 | Les comptes de nuages de flocons de neige ont été abattus par des problèmes d'identification rampants Snowflake Cloud Accounts Felled by Rampant Credential Issues (lien direct) |
Un acteur de menace a accédé aux données appartenant à au moins 165 organisations utilisant des informations d'identification valides à leurs comptes de flocon de neige, grâce à aucune MFA et à une mauvaise hygiène de mot de passe.
A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene. |
Threat Cloud | ★★★ | |
 |
2024-06-10 21:44:37 | Le rapport du groupe Tolly met en évidence Slashnext \\'s Gen Ai Powered Email Security Prowess The Tolly Group Report Highlights SlashNext\\'s Gen AI-Powered Email Security Prowess (lien direct) |
> Dans le paysage en constante évolution des cyber-états, le courrier électronique reste une cible principale pour les acteurs malveillants, avec des compromis par courrier électronique de zéro heure (BEC) et des attaques de phishing avancées posant des risques importants pour les organisations.Une récente étude indépendante du groupe Tolly, commandée par Slashnext, met en évidence la solution de sécurité par e-mail de cloud (ICE) alimentée par la société, démontrant sa supérieure [& # 8230;]
Le post Le rapport du groupe Tolly met en évidence Slashnext \'s Gen's Gen's Gen'sLes prouesses de sécurité par e-mail à Ai-Email sont apparues pour la première fois sur slashnext .
>In the ever-evolving landscape of cyberthreats, email remains a prime target for malicious actors, with zero-hour Business Email Compromise (BEC) and advanced phishing attacks posing significant risks to organizations. A recent independent study by The Tolly Group, commissioned by SlashNext, highlights the company’s Gen AI powered Integrated Cloud Email Security (ICES) solution, demonstrating its superior […] The post The Tolly Group Report Highlights SlashNext\'s Gen AI-Powered Email Security Prowess first appeared on SlashNext. |
Studies Cloud | ★★★ | |
 |
2024-06-10 17:42:23 | Jusqu'à 165 sociétés \\ 'potentiellement exposés \\' dans les attaques liées à la flocon de neige, dit mandiant As many as 165 companies \\'potentially exposed\\' in Snowflake-related attacks, Mandiant says (lien direct) |
L'impact de l'opération ciblant les clients du géant du stockage cloud continue de croître.
The impact of the operation targeting customers of the cloud storage giant continues to grow. |
Cloud | ★★★ | |
|
2024-06-10 16:50:00 | Azure Service Tags Vulnérabilité: Microsoft met en garde contre les abus potentiels par les pirates Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (lien direct) |
Microsoft met en garde contre les abus potentiels des étiquettes de service Azure par des acteurs malveillants pour forger les demandes d'un service de confiance et contourner les règles de pare-feu, leur permettant ainsi d'obtenir un accès non autorisé aux ressources cloud.
"Ce cas met en évidence un risque inhérent à l'utilisation de balises de service comme mécanisme unique pour vérifier le trafic réseau entrant", le Microsoft Security Response Center (
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center ( |
Vulnerability Cloud | ★★★ | |
|
2024-06-10 15:56:38 | La demande de réseau a changé, ici \\ comment suivre le rythme Network Demand Has Changed, Here\\'s How to Keep Pace (lien direct) |
> Ce blog fait partie de la série en cours «i & # 38; o perspectives», qui présente des informations d'experts de l'industrie sur l'impact des menaces actuelles, du réseautage et d'autres tendances de cybersécurité.Dans le paysage commercial d'aujourd'hui, l'innovation numérique implacable des cinq dernières années, dirigée par un passage au travail hybride et à l'adoption de l'application cloud généralisée, les performances élevées du réseau à [& # 8230;]
>This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends. In today’s business landscape, the relentless digital innovation of the past five years-driven by a shift to hybrid working and widespread cloud app adoption-has elevated network performance to […] |
Cloud | ★★★ | |
 |
2024-06-10 14:33:10 | LendingTree confirme que les services cloud attaquent une filiale potentiellement affectée LendingTree confirms that cloud services attack potentially affected subsidiary (lien direct) |
Pas de details / No more details | Cloud | ★★★ | |
|
2024-06-10 14:00:00 | UNC5537 cible les instances des clients de Snowflake pour le vol de données et l'extorsion UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion (lien direct) |
Introduction Through the course of our incident response engagements and threat intelligence collections, Mandiant has identified a threat campaign targeting Snowflake customer database instances with the intent of data theft and extortion. Snowflake is a multi-cloud data warehousing platform used to store and analyze large amounts of structured and unstructured data. Mandiant tracks this cluster of activity as UNC5537, a financially motivated threat actor suspected to have stolen a significant volume of records from Snowflake customer environments. UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims. Mandiant\'s investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake\'s enterprise environment. Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials. In April 2024, Mandiant received threat intelligence on database records that were subsequently determined to have originated from a victim\'s Snowflake instance. Mandiant notified the victim, who then engaged Mandiant to investigate suspected data theft involving their Snowflake instance. During this investigation, Mandiant determined that the organization\'s Snowflake instance had been compromised by a threat actor using credentials previously stolen via infostealer malware. The threat actor used these stolen credentials to access the customer\'s Snowflake instance and ultimately exfiltrate valuable data. At the time of the compromise, the account did not have multi-factor authentication (MFA) enabled. On May 22, 2024 upon obtaining additional intelligence identifying a broader campaign targeting additional Snowflake customer instances, Mandiant immediately contacted Snowflake and began notifying potential victims through our Victim Notification Program. To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organizations. Snowflake\'s Customer Support has been directly engaged with these customers to ensure the safety of their accounts and data. Mandiant and Snowflake have been conducting a joint investigation into this ongoing threat campaign and coordinating with relevant law enforcement agencies. On May 30, 2024, Snowflake published detailed detection and hardening guidance to Snowflake customers. | Malware Tool Threat Legislation Cloud | ★★ | |
 |
2024-06-10 13:00:00 | Ajout d'une plate-forme de sécurité native de nuage avancée à AI à la tissu de sécurité Fortinet Adding an Advanced AI-Powered Cloud Native Security Platform to the Fortinet Security Fabric (lien direct) |
Fortinet intègrera la plate-forme CNAPP en dentelle avec notre portefeuille Sase Unified, qui se concentre sur l'accès sécurisé et la sécurité du cloud, et qui fait partie de la plate-forme de tissu de sécurité Fortinet, formant la plate-forme de cybersécurité AI la plus complète et la plus complète qui offre un accès sécurisé pourLes utilisateurs, les appareils et les points de terminaison permettent une protection profondément dans le cloud hybride et offre une couverture complète et intégrée, quel que soit le lieu où résident vos applications.
Fortinet will integrate the Lacework CNAPP platform with our Unified SASE portfolio, which focuses on secure access and cloud security, and which is part of the Fortinet Security Fabric platform, forming the most comprehensive, full stack AI-driven cybersecurity platform that delivers secure access for users, devices, and endpoints, enables protection deep into the hybrid cloud, and offers comprehensive and integrated coverage regardless of where your applications reside. |
Cloud | ★★ | |
|
2024-06-10 12:00:47 | Cisco s'appuie sur le mouvement CNApp pour sécuriser et protéger la succession de demande native du cloud Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate (lien direct) |
Enterprise Strategy Group Report identifie les exigences cruciales pour la sécurité évolutive, la visibilité multi -oud et le vrai «shift gauche» devsecops 
Enterprise Strategy Group Report Identifies Crucial Requirements for Scalable Security, Multicloud Visibility, and True “Shift Left” DevSecOps |
Cloud | ★★★ | |
 |
2024-06-10 10:00:00 | OT Cybersecurity: sauvegarde notre infrastructure OT Cybersecurity: Safeguard Our Infrastracture (lien direct) |
What is Operational Technology? Operational Technology (OT) is the backbone of our modern world as we know it today. Think about the daily operations of a factory, the precise control of our power grids, and even the supply of clean water to our homes. All of these modern capabilities are made possible and efficient due to OT systems. Unlike Information Technology (IT), which revolves around systems that process and store data, OT focuses on the physical machinery and processes which drive key industries including manufacturing, energy, and transportation. Each component of an OT system serves a critical purpose in ensuring the continuity of industrial operations. OT systems are typically made up of: Programmable Logic Controllers (PLCs): Devices that control industrial processes through execution of programmed instructions. Human-Machine Interfaces (HMIs): Interfaces that allow human users to interact with the control system Sensors and Actuators: Devices that monitor the physical environment through collection of data, and then perform actions according to input from the physical environment. The various subsets of OT system types include Industrial Control Systems (ICS), which manage factory equipment; Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control industrial operations; and Distributed Control Systems (DCS), which automate processes. These systems are essential for keeping our modern infrastructure up and running. It is imperative that measures are taken to secure the availability of our OT systems, as an interruption to these systems would be disruptive to our day to day lives, and potentially catastrophic. To put things into perspective, can you imagine what your day would look like if your power grid went down for a prolonged period? What if the supply of clean water to your home was disrupted, are you ready for the chaos that will ensue? Both of these examples as well as other OT security incidents has the potential to cause loss of human life. In this blog, we\'ll discuss the importance of securing OT systems, best practices to align with, as well as challenges faced when safeguarding these indispensable systems. The Convergence of IT and OT Traditionally, OT environments were intended to be contained within their own highly secured network, without the ability to communicate externally. Today, the boundary between IT and OT is increasingly blurred with modern industrial operations relying on the convergence of IT and OT to enhance efficiency, optimize performance, and reduce costs. Additionally, the rise of adding network connectivity to devices and appliances that were traditionally not connected to the internet has further accelerated this convergence. This shift to network connectivity dependency has introduced the terms “Internet of Things (IOT) and “Industrial Internet of Things” (IIOT), which has brought numerous benefits but also introduced significant cybersecurity concerns. Cybersecurity of OT Systems As opposed to IT Security which focuses on the protection and integrity of data, OT cybersecurity prioritizes the availability of OT systems as a cyber attack on these systems is certain to disrupt business operations, cause physical damage, and endanger public safety. Security Concerns around OT Systems OT systems were designed with a specific purpose in mind and were not originally thought of as traditional computers as we know it, therefore security aspects of the design were not a first thought. As a result, the only security that many of these systems have is due to bolted-on security due to security as an afterthought. Also, many of the standard security best practices are often not conducted on this equipment due a multitude of factors such as the difficulty of patching OT systems, accommodating downtime hours on these critical systems that need to always be available. As a result, OT systems are | Vulnerability Patching Industrial Cloud | ★★★ | |
|
2024-06-10 07:42:47 | Tenable acquiert DSPM Eureka Security (lien direct) | Tenable acquiert DSPM Eureka Security Le CNAPP unifié de Tenable assurera une protection complète de l'infrastructure, des charges de travail, des identités et des données pour une clientèle en croissance rapide dans le domaine de la sécurité du cloud. - Business | Cloud | ★★ | |
 |
2024-06-09 06:11:00 | Tenable pour acquérir la sécurité Eureka;Ajouter la gestion de la posture de sécurité des données à sa plate-forme de sécurité cloud Tenable to acquire Eureka Security; add data security posture management to its cloud security platform (lien direct) |
Le fournisseur de gestion de l'exposition Tenable a annoncé qu'il avait signé un accord définitif pour acquérir Eureka Security, vendeur de ...
Exposure management vendor Tenable announced that it has signed a definitive agreement to acquire Eureka Security, vendor of... |
Cloud | ★★ | |
|
2024-06-07 19:53:27 | Water Sigbin utilise des techniques d'obscurcissement avancées dans les dernières attaques exploitant les vulnérabilités Oracle Weblogic Water Sigbin Employs Advanced Obfuscation Techniques in Latest Attacks Exploiting Oracle WebLogic Vulnerabilities (lien direct) |
## Snapshot Trend Micro has discovered that Water Sigbin, a China-based threat actor also known as the 8220 Gang, has been exploiting vulnerabilities in Oracle WebLogic servers to deploy cryptocurrency-mining malware. The group has adopted new techniques to conceal its activities, such as hexadecimal encoding of URLs and using HTTP over port 443 for stealthy payload delivery. ## Description Water Sigbin has been actively exploiting vulnerabilities in Oracle WebLogic server, specifically [CVE-2017-3506](https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2017-3506/overview) and [CVE-2023-21839](https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2023-21839/overview), to deploy cryptocurrency-mining malware. The group employs fileless attacks using .NET reflection techniques in PowerShell scripts, allowing the malware code to run solely in memory, evading disk-based detection mechanisms. The threat actor\'s exploitation of CVE-2023-21839 involved the deployment of shell scripts in Linux and a PowerShell script in Windows, showcasing obfuscation techniques and the use of HTTP over port 443 for stealthy communication. The PowerShell script "bin.ps1" and the subsequent "microsoft\_office365.bat" script both contain obfuscated code and instructions for executing malicious activities, demonstrating the threat actor\'s sophisticated tactics to evade detection and execute their malicious payload. ### Additional Analysis Active since at least 2017, Water Sigbin focuses on cryptocurrency-mining malware in cloud-based environments and Linux servers. For example, in 2023, [Ahnlab Security Emergency response Center (ASEC) discovered that Water Sigbin was using the Log4Shell](https://security.microsoft.com/intel-explorer/articles/11512be5) vulnerability to install CoinMiner in VMware Horizon servers. Water Sigbin\'s malicious activity highlights several key trends Microsoft has been tracking in recent years, including cryptojacking, threats to Linux (GNU/Linux OS), and recent attack trends in the malicious use of Powershell. - Microsoft has tracked the growing risk that [cryptojacking](https://security.microsoft.com/intel-explorer/articles/6a3e5fd2)– a type of cyberattack that uses computing power to mine cryptocurrency – poses to targeted organizations. In cloud environments, cryptojacking takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse. - [Threats to Linux (GNU/Linux OS) have made OSINT headlines](https://security.microsoft.com/intel-explorer/articles/ccbece59) in recent months as threat actors continue to evolve attack techniques and increasingly prioritize Linux-based targets. Microsoft has been tracking trends across recent reporting of Linux malware across the security community. These trends include: exploiting misconfigurations or previous service versions, targeting service 1-day vulnerabilities, and ransomware and cryptocurrency mining. - From cybercrime to nation-state groups, threat actors have long used Windows PowerShell to assist in their malicious activities. Read more here about Microsoft\'s most frequent observations and how to protect against the [Malicious use of Powershell.](https://security.microsoft.com/intel-explorer/articles/3973dbaa) ## Detections/Hunting Queries ### Microsoft Defender for Endpoint The following alerts might indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity and are not monitored in the status cards provided with this report - **PowerShell execution phase detections** - PowerShell created possible reverse TCP shell - Suspicious process executed PowerShell command - Suspicious PowerShell download or encoded command execution - Suspiciously named files launched u | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
|
2024-06-07 13:26:42 | Crowdsstrike remporte la plupart des catégories de tout vendeur au SC Awards Europe 2024 CrowdStrike Wins Most Categories of Any Vendor at SC Awards Europe 2024 (lien direct) |
Crowdsstrike remporte la plupart des catégories de tout vendeur au SC Awards Europe 2024
La plate-forme Falcon valide en outre la position en tant que plate-forme de consolidation de Cybersecurity \\ de choix;remporte la meilleure sécurité du cloud, le point de terminaison, l'IA, les renseignements sur les menaces et la réponse aux incidents
-
nouvelles commerciales
CrowdStrike Wins Most Categories of Any Vendor at SC Awards Europe 2024 The Falcon platform further validates position as cybersecurity\'s consolidation platform of choice; wins Best Cloud Security, Endpoint, AI, Threat Intelligence and Incident Response - Business News |
Threat Cloud | ★★ | |
|
2024-06-07 13:00:16 | Réponse d'urgence: une histoire de déploiement rapide de l'harmonie Emergency Response: A Harmony SASE Rapid Deployment Story (lien direct) |
> L'un des principaux avantages de Check Point Harmony Sase est notre accent sur la fourniture d'un déploiement rapide qui permet à nos clients d'établir un réseau cloud sécurisé et des utilisateurs à bord en moins d'une heure.Bien sûr, le déploiement rapide est un terme relatif en fonction de la taille de votre entreprise.Les startups et les petites entreprises peuvent être opérationnelles extrêmement rapidement.Cependant, si vous êtes une entreprise avec 6 000 employés répartis sur plusieurs emplacements géographiques dans le monde, les enjeux sont plus élevés et les choses prennent donc un peu plus de temps.Même ainsi, avec Harmony Sase, une entreprise de taille moyenne peut toujours à bord de leurs utilisateurs [& # 8230;]
>One of the main advantages of Check Point Harmony SASE is our focus on providing fast deployment that allows our customers to establish a secure cloud network and onboard users in less than an hour. Of course, fast deployment is a relative term depending on the size of your company. Startups and small businesses can get up and running extremely fast. However, if you\'re a company with 6,000 employees spread across multiple geographic locations worldwide, the stakes are higher and therefore things take a little more time. Even so, with Harmony SASE a mid-sized enterprise can still onboard their users […] |
Cloud | ★★ | |
|
2024-06-07 12:00:56 | Sécurité, le cloud et l'IA: construire des résultats puissants tout en simplifiant votre expérience Security, the cloud, and AI: building powerful outcomes while simplifying your experience (lien direct) |
Lisez comment Cisco Security Cloud Control Control priorise la consolidation des outils et la simplification de la politique de sécurité sans compromettre votre défense.
Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense. |
Tool Cloud | ★★ | |
|
2024-06-07 11:14:10 | Allianz Trade migre son SI vers le Serverless (lien direct) | Spécialisée dans l'assurance crédit, la filiale du groupe Allianz est repartie d'une feuille blanche pour rebâtir un système d'information morcelé. Parmi les axes forts de ce vaste programme figurent le Cloud First et le Serverless. | Cloud | ★★ | |
 |
2024-06-07 06:47:56 | Arrêt de cybersécurité du mois: les attaques d'identité du PDG Cybersecurity Stop of the Month: CEO Impersonation Attacks (lien direct) |
This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Uncovering BEC and supply chain attacks (June 2023) Defending against EvilProxy phishing and cloud account takeover (July 2023) Detecting and analyzing a SocGholish Attack (August 2023) Preventing eSignature phishing (September 2023) QR code scams and phishing (October 2023) Telephone-oriented attack delivery sequence (November 2023) Using behavioral AI to squash payroll diversion (December 2023) Multifactor authentication manipulation (January 2024) Preventing supply chain compromise (February 2024) Detecting multilayered malicious QR code attacks (March 2024) Defeating malicious application creation attacks (April 2024) Stopping supply chain impersonation attacks (May 2024) In this post, we continue to explore the topic of impersonation tactics, examining how threat actors use them to get information for financial gain. Background Last year, the Federal Trade Commission (FTC) received more than 330,000 reports of business impersonation scams and nearly 160,000 reports of government impersonation scams. This represents about half of all the fraud reported directly to the FTC. The financial losses due to email impersonation scams are staggering. They topped $1.1 billion in 2023, which was more than three times the amount reported in 2020. Financial fraud is a serious issue-and it\'s on the rise. In 2023, consumers reported losing more than $10 billion to fraud. This is the first time that losses reached that benchmark, and it\'s a 14% increase from 2022. The most common reports were imposter scams. This category saw significant increases in reports from the business and government sectors. The scenario Proofpoint recently detected a threat actor\'s message to the financial controller of a Dutch financial institution, which is known for its expertise in commercial risk. In this attack, the threat actor pretended to be the company\'s CEO-a tactic that\'s known as CEO fraud. In these attacks, the goal is to exploit the recipient\'s trust to get them to perform a specific action. The threat: How did the attack happen? The attacker emailed the Dutch financial company\'s controller, asking that two payments be sent to London. The email demanded that payments be made “today” to create a sense of urgency. To help make the message seem credible, the attacker claimed to have access to the IBAN and SWIFT codes. Original email from the threat actor. The same email translated into English. Detection: How did Proofpoint prevent this attack? Proofpoint has the industry\'s first predelivery threat detection engine that uses semantic analysis to understand message intent. Powered by a large language (LLM) model engine, it stops advanced email threats before they\'re delivered to users\' inboxes. That\'s what stopped this malicious message from reaching the financial controller\'s inbox. Pre-delivery protection is so critical because, based on Proofpoint\'s telemetry across more than 230,000 organizations around the world, post-delivery detections are frequently too late. Nearly one in seven malicious URL clicks occur within one minute of the email\'s arrival, and more than one-third of BEC replies happen in less than five minutes. These narrow timeframes, du | Tool Threat Cloud Commercial | ★★★ |
To see everything:
Our RSS (filtrered)
