What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-13 11:00:00 | AlienApps and plug-ins combined into one framework (lien direct) |
The heart of any detection and response solution is the ability to collect events from the environment, perform corrective response actions, and integrate with customer workflows. Today, we’re proud to announce the launch of a complete redesign of the user interface for these third party integrations. We’ve updated our design to make it easier for customers to find the integrations they need, centralize the configuration of them, and identify any operational problems with the integrations.
What exactly have we done?
Previously, we’ve had two types of integrations with other security and IT products - plug-ins and AlienApps. Plug-ins were basic data collection tools used to collect, normalize, and enhance event logs from your environment. AlienApps performed a variety of functions including collection of event data via API polling, requesting third party response actions such as blocking dangerous internet destinations, and sending notifications to ticketing systems such as Jira or ServiceNow®.
Now, we’ve streamlined the entire process by combining plug-ins and AlienApps into one framework. We have also simplified finding the right tool by combining redundant or overlapping ones. For example, some products previously had different plugins for handling different log formats. We’ve collapsed all these into one for the sake of simplicity, without any functional changes in event handling.
From a practical perspective, all AlienApps provide one or more of the following capabilities:
Data Collection - capable of collecting events from your environment, including processing syslog messages, retrieving from log aggregation services (such as CloudWatch Logs, or an S3 bucket) and polling API’s.
Response - will help your security team “do things” - or, as we say, orchestrate the response - by taking action to investigate or respond to threats. Examples include things like querying an agent for additional host telemetry, adding an IP or domain to a block list, or disabling a cloud service account.
Notification - help the SOC team be more productive by sending data to third party services and applications such as Jira, ServiceNow, or Box Notes. The most common use case here is opening a case in your existing workflow.
Head over to “Data Sources>Alien Apps” for a look at the new GUI. The apps currently in use will be shown on this page, along with some useful graphs about application use. If any of the apps have configuration errors, you’ll see a red bar along with information about what needs to be fixed. See figure 1.
To add new integrations to a USM deployment, click “available apps” and search for the vendor. This will reveal all the apps available for that vendor. Note that there can be more than one app per vendor - there is one for every product or product line, depending on how that vendor organizes their products. See figure 2 for an example.
Using Response and Notification Actions
Nothing has changed about how AlienApp response actions work. If you haven’t tried them before, manual response actions can be taken in the event or alarm view by clicking on an individual event or alarm, then clicking “Select Action”. This will bring up a series of dialogs asking you to select the AlienApp you’d like to use, along with other relevant information such as the IP address or host, and any fields needed such as the case name if you are opening a ticket. Once everything is configured, simply click “run” and the response action will be initiated |
Tool Threat | ||
 |
2020-08-09 13:00:00 | A British AI Tool to Predict Violent Crime Is Too Flawed to Use (lien direct) | A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate. | Tool | ||
 |
2020-08-08 07:00:08 | DEF CON: New tool brings back \'domain fronting\' as \'domain hiding\' (lien direct) | After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding." | Tool | ||
 |
2020-08-06 15:32:17 | IBM creates an open source tool to simplify API documentation (lien direct) | OpenAPI Comment Parser for developers aims to make good API documentation easy to write and read. | Tool | ||
 |
2020-08-03 16:45:00 | DHS Urges \'Highest Priority\' Attention on Old Chinese Malware Threat (lien direct) | "Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008. | Malware Tool Threat | ||
 |
2020-08-03 16:00:27 | How Employing Encryption for Data Security Changed History (lien direct) | Human history is full of examples of encryption playing pivotal roles in war, competition and transitions of power. Throughout recorded time, people have employed encryption as a tactical tool to keep information private. That data could involve military campaigns, plots to overthrow political leaders or political dealings. In some cases, the use of encryption actually resulted […] | Tool Guideline | ||
|
2020-08-03 15:00:08 | BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks (lien direct) | One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone. | Malware Tool | ||
|
2020-08-03 15:00:06 | BlackBerry releases new security tool for reverse-engineering PE files (lien direct) | BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files. | Malware Tool | ||
|
2020-08-03 11:00:00 | (Déjà vu) Digital signatures security explained (lien direct) | This blog was written by an independent guest blogger. Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the security value of digital signatures, why they matter, and their relationship to encryption. We thought we'd do the same. In this article, we'll give you a refresher course on how digital signatures work, why they are important for security, and what the future holds. How do digital signatures work? Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message. This "message" could be an email, a credit card transaction, or a digital document. Digital signatures create a virtual "fingerprint" that is completely unique to a person (or other entity), and can therefore be used not just to protect the contents of messages, but also to ensure that they were written by who they claim to have been. At a deeper level, digital signatures work by applying a hash function to a message. In most cases, a user's private key will be used to create a "hash," which is a fixed-length string of numbers and letters. The way in which hash functions work means that this string is totally unique to the message being hashed. In addition, hash functions are also one-way functions — a computed hash cannot be reversed to find other files that may generate the same hash value. The most popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5). The importance of digital signatures The value of digital signatures has been long recognized, but recent events have meant that they are being deployed at an unprecedented rate. This is because digital signatures afford the ability for users to securely communicate when working remotely – which more than half of US workers did even before the pandemic – without the need for a permanent, sustained encrypted connection. More specifically, digital signatures allow three factors about a message to be verified: Authentication. Because, in most implementations, digital signatures are created using the sender's private encryption key, it is possible to verify the identity of the message source. Data Integrity. Because hash functions produce a digital signature by looking at the entirety of a particular message, if any part of the message changes, so does the hash function. This means that if a message is intercepted in transit and changed, the digital certificate verification performed by the recipient fails. This means that the recipient has an easy way to check if data security has been breached. | Tool | ||
|
2020-08-03 11:00:00 | Digital signatures 101: A powerful and underused cybersecurity ally (lien direct) | This blog was written by an independent guest blogger. Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the value of digital signatures, why they matter, and their relationship to encryption. We thought we'd do the same. In this article, we'll give you a refresher course on how digital signatures work, why they are important, and what the future holds. How do digital signatures work? Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message. This "message" could be an email, a credit card transaction, or a digital document. Digital signatures create a virtual "fingerprint" that is completely unique to a person (or other entity), and can therefore be used not just to protect the contents of messages, but also to ensure that they were written by who they claim to have been. At a deeper level, digital signatures work by applying a hash function to a message. In most cases, a user's private key will be used to create a "hash," which is a fixed-length string of numbers and letters. The way in which hash functions work means that this string is totally unique to the message being hashed. In addition, hash functions are also one-way functions — a computed hash cannot be reversed to find other files that may generate the same hash value. The most popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5). The importance of digital signatures The value of digital signatures has been long recognized, but recent events have meant that they are being deployed at an unprecedented rate. This is because digital signatures afford the ability for users to securely communicate when working remotely – which more than half of US workers did even before the pandemic – without the need for a permanent, sustained encrypted connection. More specifically, digital signatures allow three factors about a message to be verified: Authentication. Because, in most implementations, digital signatures are created using the sender's private encryption key, it is possible to verify the identity of the message source. Data Integrity. Because hash functions produce a digital signature by looking at the entirety of a particular message, if any part of the message changes, so does the hash function. This means that if a message is intercepted in transit and changed, the digital certificate verification performed by the recipient fails. This means that the recipient has an easy way to check if data security has been breached. | Tool | ||
 |
2020-08-03 10:06:32 | New Data Reveals How AppSec Is Adapting to New Development Realities (lien direct) |  In today???s fast-paced world, companies are racing to bring new, innovative software to market first. In order to keep up with the speed of innovation, many organizations are shifting toward DevSecOps. DevSecOps brings security to the front of the software development lifecycle (SDLC), allowing for both fast deployments and secure applications.
Even though DevSecOps is able to meet the needs of both developers and security professionals, the teams are laser-focused on their own metrics and objectives, making it a challenge to align. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices and most developers lack secure code training.
Veracode recently sponsored Enterprise Strategy Group???s (ESG) research on modern developers and security professionals in North America to better understand the dynamic between the roles and to find ways to bridge the gap. The main objectives of the research were to: ツ?ツ?
Examine the buying intentions of application security (AppSec) teams and developers regarding application security solutions. Gauge buyer preferences for different types of vendors??? application security solutions.
Determine the extent to which security teams understand modern development and deployment practices, and where security controls are required to mitigate risk.
Understand the trigger points influencing application security investments and how decision-makers are prioritizing and timing purchasing decisions.
Gain insight into the dynamics between development teams and security teams with respect to the deployment and management of application security solutions.
The research shows that AppSec scans are widely used across organizations, and ??? in most cases ??? organizations are happy with the current state of their programs. But, the research also supports the misalignment between developers and security professionals, reinforcing the lack of security training for developers and promoting the need for security tools to be further integrated and automated into existing developer processes. Here are some of the key findings:
Most organization believe their AppSec programs are effective.
When asked to rate the efficacy of their organizations??? AppSec program on a scale of zero to 10, zero being ???we continually have security issues??? and 10 being ???we feel confident in the efficacy and efficiency of our program,??? 69 percent of organizations rated their programs as an eight or higher. And, not only are organizations pleased with the current state of their AppSec programs, but also a sizeable 71 percent are using their scans on more than half of their codebase. These numbers are reassuring; but, despite AppSec tool usage, 81 percent of organizations are still experiencing exploits.
When digging further, we found one major reason for the exploits ??ヲ more than 85 percent of respondents admitted to releasing vulnerable code to production due to time constraints. When asked who makes the decision to push code to production, the answer varied from development managers to security professionals, or both.
Developers do not have the tools and training needed to be successful. ツ?
Arguably one of the most shocking findings from the research ??? only 15 percent of organizations reported that all of their development teams are participating in formal security training. And developers??? top challenges were identified as the ability to mitigate code issues and the lack of integration between AppSec tools and vendor tools. Given that developers are involved in the decision to push code live at more than 68 p |
Tool | ★★★ | |
 |
2020-07-31 16:55:30 | Microsoft PowerToys update fixes launcher, adds color picker (lien direct) | Microsoft today updated the Windows 10 PowerToys toolset with a new Color Picker utility that adds a system-wide tool to help you pick colors from anywhere on your screen and copy them to your clipboard. [...] | Tool | ★★★★★ | |
|
2020-07-31 12:00:02 | How to create your first data story in Tableau (lien direct) | The Story feature in Tableau can be a useful data visualization tool when you are drilling down on a dataset from general to specific. This tutorial shows you the basics. | Tool | ||
 |
2020-07-31 09:58:51 | Got MDM? You still need mobile security (lien direct) | It is common practice for businesses to implement some kind of central tool to manage smartphones and tablets. Normally, this is done through solutions referred to as mobile device management (MDM), which can ensure mobile devices are configured properly for business use. MDMs can also be used to mandate certain built-in device security settings, such […] | Tool | ||
|
2020-07-31 09:25:00 | \'Hidden Property Abusing\' Allows Attacks on Node.js Applications (lien direct) | A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities. | Tool | ||
|
2020-07-30 19:01:56 | KDE archive tool flaw let hackers take over Linux accounts (lien direct) | A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...] | Tool Vulnerability | ||
|
2020-07-30 18:54:50 | AI-powered tool aims to help reduce bias and racially charged language on websites (lien direct) | 22% of more than 500,000 business websites contain some form of racial and gender bias, according to UserWay. | Tool | ||
|
2020-07-30 10:25:39 | Announcing Veracode Security Labs Community Edition (lien direct) |  We recently partnered with Enterprise Strategy Group (ESG) to survey software development and security professionals about modern application development and how applications are tested for security. The soon-to-be-announced survey found that 53% of organizations provide security training for developers less than once a year, which is woefully inadequate for the rapid pace of change in software development. At the same time, 41% say that it???s up to security analysts to educate developers to try to prevent them from introducing significant security issues. So, where???s the disconnect?
Communication breakdowns and misaligned training priorities between security and development teams are part of the problem. As developers are being asked to ???Shift Left??? to take on more responsibility for secure code earlier in the software development lifecycle, it???s increasingly more important for developers to get the training they need to not just create world-class applications ??? ones that have security designed in from the beginning.
Enterprise-grade tools for all developers
Veracode Security Labs Enterprise Edition is perfect for engineering teams, but we wanted every individual developer to have access to the same quality of training, from casual hobbyists to professionals interested in improving their secure coding skills. I???m excited to announce Veracode Security Labs Community Edition, where developers worldwide can hack and patch real applications to learn the latest tactics and security best practices with guidance while exploring actual code on their own time; and it???s free!
With Veracode Security Labs Community Edition, you now have the tools you need to close any gaps in security knowledge that are holding you back. It???s a module that fits within the Veracode Developer Training product family, featuring tools and robust programs built with interactivity in mind so that developers can get their hands on a practical training tool at a moment???s notice.
Here are the differences between the Community Edition and Enterprise Edition:
 ???
While the Enterprise Edition has features that support the efforts of development teams with full compliance-based curricula, rollout strategies, and progress reporting, the Community Edition offers selected topics and one-off labs for individuals who are looking to strengthen their security knowledge. Though there are differences that enable scalability for organizations and teams, the benefits for individual developers remain the same:
The ability to exploit and remediate real-world vulnerabilities to learn what to look for in insecure code.
Fast and relevant remediation guidance in the context of the most popular programming languages.
Easy and fun hands-on training that provides professional growth.
Improved security knowledge while building confidence through interactive trial and error.
When you practice breaking and fixing real applications using real vulnerabilities, you become a sharper, more efficient developer ??? especially with a variety of challenges to choose from as you go. We plan to expand the number of labs and challenges over time but initially, the Community Edition will cover topics ranging from beginner to advanced, including:
|
Hack Tool Vulnerability | ★★★★ | |
|
2020-07-29 14:00:05 | New tool detects shadow admin accounts in AWS and Azure environments (lien direct) | CyberArk releases new SkyArk tool for scanning AWS and Azure infrastructure for misconfigured accounts. | Tool | ||
 |
2020-07-27 14:50:13 | SharpHose – Asynchronous Password Spraying Tool (lien direct) |  SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. The tool takes into consideration the domain password policy, including fine-grained password policies, in an attempt to avoid account lockouts.
Read the rest of SharpHose – Asynchronous Password Spraying Tool now! Only available at Darknet.
|
Tool | ||
 |
2020-07-27 00:00:00 | (Déjà vu) Cyber Black Swansgaining Visibility dans les événements de queue lors de la gestion des portefeuilles de cyber-assurance. Cyber Black SwansGaining visibility into tail events when managing cyber insurance portfolios.Read More (lien direct) |
Gaining visibility into tail events when managing cyber insurance portfoliosâIn March 2011, a powerful earthquake hit off the coast of TÅhoku, Japan, generating a devastating tsunami that overwhelmed all flood defenses. Up until then, scientists did not expect an earthquake in that region beyond magnitude eight but this specific event exceeded all accepted scientific predictions and expectations with a magnitude nine. The event was unanticipated, caused major financial impact, and called upon scientists to review their understanding of subduction zones. Events like this have come to be known as black swans. Cyber is a relatively new peril in the insurance landscape; companies have limited experience in underwriting and modeling the risk, and the risk itself has evolved in line with the advances of technology. Moreover, cyber insurance is still a developing market:scope of coverage is not very consistent, and policy terms are evolving rapidly. Against this backdrop, the industry is still interrogating itself about what a cyber black swan might look like, and how much it would cost.Black swans were first discussed by Nassim Nicholas Taleb in his 2001 book Fooled by Randomness, which aptly concerned financial events. His definition was based on three main characteristics: unexpected; causing a major impact; and most importantly, explainable, event hough only in hindsight. Black swans are particularly undesirable events in the financial sector. Actuaries and exposure managers aim to avoid black swans, or to put it another way avoid unexpected volatility of losses. To be prepared for this kind of occurrence is key not only for an insurance companyâs survival but also for its success.Insurance professionals need to be as proficient at understanding cyber risk as they are with other types of risk. The need stems mainly from three forces at play. Firstly, the risk already resides in insurance companiesâ books in a non-affirmative form, for example claims from cyber events could affect property and casualty policies. Secondly, cyber insurance buyers are becoming more sophisticated and demanding coverage fit for their risk management needs, including limits commensurate with the potential loss. Lastly, since economies with high insurance penetration recover more quickly after a catastrophe, insurance companies have an important role to play in enhancing resilience to large cyber events in the economies where they operate.âThe Footprint of a Cyber EventAn effective solution for cyber risk management allows practitioners to identify drivers of lossârisks in the portfolio that are most likely to contribute to an event. Solutions need to properly capture the correlation within a portfolio, in order to distinguish which risks will be affected, and to what extent those risks will incur serious financial loss. For natural hazards, correlation is determined by geographic proximity. For example, in an earthquake, the most affected properties will be the ones closest to the epicenter. In cyber, geographic proximity is not enough because events propagate through computer connections.To better illustrate the problem, letâs consider a major bug in a very popular technology. For example, the type of vulnerability that might allow remote code execution, that is the ability for a malicious threat actor to take control of a server or any other endpoint. Millions of businesses, all around the world, are potentially at risk. A campaign exploiting this type of vulnerability will start with the specific aim of maximizing the return for the threat actors involved, meaning an initial target will be identified based on the industry sector and country the attack is most likely to succeed in. All these factors can be modeled, using a combination of game theory and cyber security knowledgeâhowever, pinpointing exactly which company will be targeted first is a challenge.Often in such cases, several companies are targeted as starting points for the cyber event. Each of these initial | Ransomware Tool Vulnerability Threat | ★★★ | |
|
2020-07-23 10:55:51 | Remove unwanted Windows 10 apps with this new open source tool (lien direct) | A new standalone utility named Bloatbox has been released that allows Windows 10 users to debloat the operating system by removing unwanted preinstalled apps. [...] | Tool | ||
|
2020-07-22 20:14:24 | How to use the new Vivaldi Notes tool (lien direct) | The developers of Vivaldi have released a new version that includes a much-improved Notes tool. Jack Wallen explains. | Tool | ||
|
2020-07-20 11:12:35 | Windows 10 Store \'wsreset\' tool lets attackers bypass antivirus (lien direct) | A technique that exploits Windows 10 Microsoft Store called 'wsreset.exe' can delete files to bypass antivirus protection on a host without being detected. [...] | Tool | ||
|
2020-07-17 19:20:04 | AI tool lets startups determine the value of their e-commerce business in 24 hours for free (lien direct) | Valuation was developed by the co-founder of VC firm Clearbanc, who spent six years on the Canadian version of "Shark Tank." | Tool | ||
|
2020-07-17 13:54:15 | Microsoft releases open-source Linux version of Procmon tool (lien direct) | Microsoft has ported the popular Sysinternals Procmon utility to Linux so that users can monitor running processes' activity. [...] | Tool | ||
 |
2020-07-16 19:17:10 | Forensic Investigation: Ghiro for Image Analysis (lien direct) | In this article, we will learn how we can use the Ghiro image analysis tool in forensic investigation. Ghiro is a digital image forensic tool. Which is fully automated and opensource. Table of Content What is Ghiro? Features of Ghiro Setup the Ghiro Working on case with Ghiro What is Ghiro? It is developed by... Continue reading → | Tool | ||
|
2020-07-16 14:44:01 | How to recover files from an inaccessible memory card with Disk Drill (lien direct) | If you find you have a memory card that can't be accessed, fear not--that data might not be completely lost. With the help of a tool like Disk Drill, you could save those files. | Tool | ||
 |
2020-07-16 14:40:00 | CAPA: Identifiez automatiquement les capacités de logiciels malveillants capa: Automatically Identify Malware Capabilities (lien direct) |
capa est le nouvel outil open source de l'équipe Flare \\ pour analyser les programmes malveillants.Notre outil fournit un cadre pour que la communauté puisse encoder, reconnaître et partager des comportements que nous avons vus dans les logiciels malveillants.Quel que soit votre parcours, lorsque vous utilisez CAPA, vous invoquez des décennies d'expérience cumulative d'ingénierie inverse pour comprendre ce qu'un programme fait.Dans cet article, vous apprendrez comment fonctionne CAPA, comment installer et utiliser l'outil, et pourquoi vous devez l'intégrer dans votre flux de travail de triage à partir d'aujourd'hui.
Problème
Les analystes efficaces peuvent rapidement comprendre et hiérarchiser les fichiers inconnus dans
capa is the FLARE team\'s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we\'ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow starting today. Problem Effective analysts can quickly understand and prioritize unknown files in |
Malware Tool | ★★★★ | |
|
2020-07-16 10:20:38 | Scammers hacked Twitter and hijacked accounts using admin tool (lien direct) | Hackers were able to hijack dozens of high-profile Twitter accounts on Wednesday after gaining access to internal user administration tools and systems. [...] | Tool | ||
|
2020-07-15 14:17:38 | How to create a Kubernetes ReplicaSet (lien direct) | If you're looking to maintain a stable set of Kubernetes replica pods running at any given time, the tool you need is ReplicaSets. Find out how to use this handy feature. | Tool | Uber | |
|
2020-07-15 11:35:00 | A Quick Guide to Using the ONG-C2M2 Model (lien direct) | The Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2) can help oil and natural gas (ONG) organizations evaluate their cybersecurity programs and make improvements. These tools allow owners and operators in the electricity and ONG sectors to assess their cybersecurity capabilities. Additionally, the tool can inform individuals on how to address their needs […] | Tool | ||
|
2020-07-13 21:57:16 | New AgeLocker Ransomware uses Googler\'s utility to encrypt files (lien direct) | A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files. [...] | Ransomware Tool | ★★★★ | |
|
2020-07-13 11:01:27 | Windows 10\'s Feedback Hub: A forum for political trolls, spammers (lien direct) | When Microsoft made the Feedback Hub universal app available to Windows 10 Insiders in March 2016 and generally available two months later, the plan was for the app to be the perfect tool for users to report issues and share suggestions on how to improve Windows experience for all customers. [...] | Tool | ||
|
2020-07-11 11:26:47 | How to enable Windows 10\'s hidden features using Mach2 (lien direct) | Windows 10 builds contain many hidden features that are used by Microsoft to debug code or test applications that have not been officially released yet. A new tool has been released that enables you to find and enable these hidden features in Windows 10. [...] | Tool | ||
|
2020-07-10 15:48:20 | Stop surveying and start doing: Just because you have the tool doesn\'t mean you should use it (lien direct) | Technology has made surveys too easy to execute while organizational culture makes it too hard to do anything with the results. | Tool | ||
|
2020-07-09 09:00:09 | Forter Smart Routing prevents the 10% revenue loss merchants face from falsely declined payments (lien direct) | With pre-authentication fraud detection, dynamic 3DS, smart routing, and recovery of declines, the automated tool streamlines successful transactions. | Tool | ||
|
2020-07-08 14:47:31 | How to use the Android 10 Google Pixel Styles feature (lien direct) | Android 10 on the Google Pixel phone includes a feature that allows you to customize the style of the UI. Learn how to use this tool that could end up being available on all Android 11 phones. | Tool | ||
|
2020-07-08 11:18:32 | 6000 F5 Devices At Risk of CyberAttack Once Again (lien direct) | It has been revealed by security firm, CRITICALSTART, that mitigation of the severely critical security flaw in F5 Networks’ BIG-IP tool can be bypassed. This leaves another 6,000 F5 devices exposed to an attack once again. Source: Computer Business Review | Tool | ||
|
2020-07-08 08:15:00 | Zero Trust security model explained: what is Zero Trust? (lien direct) | This blog was written by a third party author What is Zero Trust? Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed. The protocols for a Zero Trust network ensure very specific rules are in place to govern the amount of access granted, and are based upon the type of user, location, and other variables. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default. If the connection can be verified, it will be subject to a restrictive policy for the duration of its network access. Zero Trust networks operate under the least-privilege principle, in which all programs, processes, devices or users are limited to the minimum privileges required to carry out their functions. Access rights don’t need to be too restrictive; privileges can range from full access to no rights at all, depending on the circumstances. Think of it like the government or military’s “need-to-know” policy. It’s essential to make the distinction that Zero Trust is not a technology and more of a holistic approach to network security. However, achieving ZTA in today’s threat landscape does require some form of automation, especially in support of a dynamic policy, authorization and authentication. Automated technology is an essential tool for obtaining access, scanning and assessing threats, adapting to behavior changes, and continually re-evaluating confidence in communications. Where did Zero Trust begin? The concept of Zero Trust is largely credited to Forrester Research analyst John Kindervag, who published a paper outlining the framework in 2010. Shortly after the paper’s publishing, Google began adopting the process, and soon, the tech world caught on. Why is Zero Trust so important today? As the work from home (WFH) model is adopted by more organizations to meet the demand of a reshaped economy, scores of endpoints are originating from outside of the protected corporate perimeter. The challenge of managing these connections is increasing dramatically — and protecting personal, financial, and customer data is paramount. The network and workplace of the future, where more remote connections are the norm rather than the exception, has arrived faster than anyone imagined. Architectures like Zero Trust are a critical component for enabling secure, adaptable, and agile networks and systems. What are the core principles of Zero Trust? One of the primary strategies necessary for successful zero trust implementation is network segmentation. Separating your network into smaller networks ensures devices, servers, and services containing sensitive data are isolated from the rest of the network. This process keeps a potential attacker contained within the network segment they’ve accessed. Further, micro-segmentation is crucial, as it adds another preventative layer in reducing lateral network movement. Much like network segmentation, the foundations of Zero Trust include other facets of robust security hygiene: Application of authentication and encryption for all communications independent of location, performed at the application layer closest to the asset in the network Following comprehensive vulnerability and patch management procedures Continuous monitoring of device and application state to identify and address security vulnerabilities as needed, or act on their access privileges accordingly Controlling and monitoring all traffic as access is provided — to improve security posture and create, adjust and enforce policy How do I implement the Zero Trust model? | Tool Vulnerability Threat | ||
|
2020-07-07 13:00:00 | Configuration d'un domaine Windows pour analyser dynamiquement un outil de mouvement latéral obscurci Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool (lien direct) |
Nous avons récemment rencontré un grand échantillon de logiciels malveillants obscurcis qui a offert plusieurs défis d'analyse intéressants.Il a utilisé la virtualisation qui nous a empêchés de produire un vidage de mémoire entièrement désobfusé pour une analyse statique.L'analyse statiquement d'un grand échantillon virtualisé peut prendre de plusieurs jours à plusieurs semaines.Le contournement de cette étape chronophage a présenté une opportunité de collaboration entre l'équipe d'ingénierie inverse de Flare et l'équipe de conseil Mandiant qui a finalement économisé de nombreuses heures d'ingénierie inverse difficile.
Nous avons soupçonné que l'échantillon était un mouvement latéral
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboration between the FLARE reverse engineering team and the Mandiant consulting team which ultimately saved many hours of difficult reverse engineering. We suspected the sample to be a lateral movement |
Malware Tool | ★★★★ | |
|
2020-07-06 15:05:01 | How to use virtual desktops on Chrome OS (lien direct) | Learn how to make your Chromebook a more efficient and productive tool with the help of virtual desktops. | Tool | ||
|
2020-07-03 11:16:00 | 5 tips to take your Gmail use to the next level (lien direct) | Google's mail product may be the single most powerful tool in the world for productivity … if you know the power tips. Here are some ways to enhance your Gmail usage. | Tool | ||
|
2020-07-02 17:48:08 | Malwarebytes AdwCleaner now removes malware from the command line (lien direct) | The popular AdwCleaner tool from Malwarebytes is about to get even more popular as it now can be used entirely from the command line. [...] | Malware Tool | ||
|
2020-07-02 15:23:00 | Windows 10 background image tool can be abused to download malware (lien direct) | A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system without raising the alarm. [...] | Malware Tool | ||
|
2020-07-02 09:44:33 | GoldenSpy backdoor installed by tax software gets remotely removed (lien direct) | As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. [...] | Tool | ★★ | |
|
2020-06-30 10:24:03 | Microsoft Teams is different on desktop, iOS and Android: Here\'s what you need to know (lien direct) | Microsoft is rapidly evolving its Teams app on iOS and Android, as the collaboration tool embraces firstline and other mobile workers. | Tool | ||
|
2020-06-29 11:35:39 | Microsoft Word to get Bing-powered plagiarism checker (lien direct) | Microsoft announced that the similarity checker tool bundled with the AI-powered Microsoft Editor writing virtual assistant will also be available within Microsoft Word, the company's word processor. [...] | Tool | ||
|
2020-06-29 11:12:44 | Study Tool OneClass Accidentally Exposes Millions of Records (lien direct) | Researchers at vpnMentor say that an improperly-secured online database belonging to OneClass has left the private information of more than a million students exposed. The tool lets students share class notes and study guides. vpnMentor researchers discovered the database while performing a series of routine Internet scans and estimates that the exposed OneClass database included nearly […] | Tool | ||
|
2020-06-27 18:37:23 | Microsoft quietly created a Windows 10 File Recovery tool, how to use (lien direct) | Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone. [...] | Tool |
To see everything:
Our RSS (filtrered)
