What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-08 10:00:00 | Happy 20th Birthday TaoSecurity Blog (lien direct) |  Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you BloggerBlogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.StatisticsIn my 15 year post I included some statistics, so here are a few, current as of the evening of 7 January: I think it's cool to see almost 29 million "all time" views, but that's not the whole story.Here are the so-called "all time" statistics: It turns out that Blogger only started capturing these numbers in January 2011. That means I've had almost 29 million views in the last 12 years. I don't know what happened on 20 April 2022, when I had almost 1.5 million views?Top Ten Posts Since January 2011 |
Ransomware Studies Guideline | Solardwinds | ★★ |
 |
2022-12-14 17:43:30 | Why Managed Threat Hunting Should Top Every CISO\'s Holiday Wish List (lien direct) | With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the […] | Threat Guideline | Solardwinds | ★★ |
 |
2021-10-05 18:28:00 | Anomali Cyber Watch: New APT ChamelGang, FoggyWeb, VMWare Vulnerability Exploited and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, FoggyWeb, Google Chrome Bugs, Hydra Malware, NOBELIUM and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google Just Patched These Two Chrome Zero-day Bugs That Are Under Attack Right Now
(published: October 1, 2021)
Google has warned users of Google Chrome to update to version 94.0.4606.71, due to two new zero-days that are currently being exploited in the wild. This marks the second update in a month due to actively exploited zero-day flaws. The first of these common vulnerabilities and exposures (CVEs), CVE-2021-37975, is a high severity flaw in the V8 JavaScript engine, which has been notoriously difficult to protect and could allow attackers to create malware that is resistant to hardware mitigations.
Analyst Comment: Users and organizations are recommended to regularly check for and apply updates to the software applications they use, especially web browsers that are increasingly used for a variety of tasks. Organizations can leverage the capabilities of Anomali Threatstream to rapidly get information about new CVEs that need to be mitigated through their vulnerability management program.
Tags: CVE-2021-37975, CVE-2021-37976, chrome, zero-day
Hydra Malware Targets Customers of Germany's Second Largest Bank
(published: October 1, 2021)
A new campaign leveraging the Hydra banking trojan has been discovered by researchers. The malware containing an Android application impersonates the legitimate application for Germany's largest bank, Commerzbank. While Hydra has been seen for a number of years, this new campaign incorporates many new features, including abuse of the android accessibility features and permissions which give the application the ability to stay running and hidden with basically full administrator privileges over a victim's phone. It appears to be initially spread via a website that imitates the official Commerzbank website. Once installed it can spread via bulk SMS messages to a user's contacts.
Analyst Comment: Applications, particularly banking applications, should only be installed from trusted and verified sources and reviewed for suspicious permissions they request. Similarly, emails and websites should be verified before using.
Tags: Banking and Finance, EU, Hydra, trojan
New APT ChamelGang Targets Russian Energy, Aviation Orgs
(published: October 1, 2021)
A new Advanced Persistent Threat (APT) group dubbed “ChamelGang” has been identified to be targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at Positive Technologies have been tracking the group since March 2017, and have observed that they have attacked targets in 10 countries so far. The group has been able to hi |
Ransomware Malware Tool Vulnerability Threat Guideline | Solardwinds Solardwinds APT 27 | |
|
2021-05-26 17:20:00 | Threat Intelligence Platforms Help Organizations Overcome Key Security Hurdles (lien direct) | Dealing with Big Data, Providing Context, Integration, and Fast Understanding of New Threats are Among the Benefits Threat Intelligence Platforms or TIPs Provide When industry analysts survey most security professionals these days, the common consensus is that it’s now harder to manage security operations than ever before. For example, a recent Enterprise Strategy Group (ESG) research study showed that some 63 percent of security pros say that the job is tougher today than it was just two years ago. While there's no doubt that the variety and volume of threats keep on growing by the year, the question is whether or not it’s the complexity of the security problems that have risen precipitously, or whether something else is going on. I'd argue that it's mostly the latter, in that it’s not so much that the complexity has grown tremendously over this time so much as the “awareness” of already latent complexity has become more apparent. As the breadth of technologies and data available to modern cybersecurity organizations continues to proliferate, security strategists are finally getting enough visibility into their environments to start discovering gaps that have existed all along. But knowing where the deficiencies exist doesn’t always equate to being able to address them. These same security folks are also struggling to wrap their arms around what is possible to achieve by using the array of tools in their arsenals and the vast quantities of information available. Years ago in the security world, the common mantra was that security organizations “don't know what they don't know” and this was due to deficiencies in monitoring and threat intelligence capabilities. Nowadays the opposite is true. They're flooded with data and they're starting to get a better sense of what they don't fully know or understand about adversarial activities in their environments. But this dawning self-awareness can be quite nerve-wracking as they ask themselves, “Now that I know, what should I do?” It can be daunting to make that jump from understanding to taking action—this is the process that many organizations struggle with when we talk about “operationalizing” threat intelligence. For security operations, it’s not enough to just know about an adversary via various threat feeds and other sources. To take action, threat intelligence needs to be deployed in real-time so that security tools and personnel can actually leverage it to run investigations, detect the presence of threats in their networks, respond faster, and continuously improve their security architectures. But there are many significant hurdles in running security operations that stand in the way of achieving those goals. This is where a robust threat intelligence platform (TIP) can add significant value to the security ecosystem. TIPs help security operations teams tackle some of the greatest hurdles. Big Data Conundrum with Threat Intelligence Platforms The first challenge is that the sheer volume of threat intelligence made available to security teams has become a big data problem, one that can't be solved by just filtering out the feeds that are in use, which would defeat the purpose of acquiring varied and relevant feeds in the first place. Organizations don't want to ingest millions or billions of evolving threat indicators into their security information and event manager (SIEM), which would be cost-prohibitive but also lead to the creation of unmanageable levels of false positives. This is where Anomali comes in, with a TIP doing the work on the front end, interesting and pre-curated threat “matches” can be integrated directly into your SIEM. These matches prese | Tool Threat Guideline | Solardwinds Solardwinds | |
 |
2020-12-18 13:00:20 | Sunburst: connecting the dots in the DNS requests (lien direct) | We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. | Guideline | Solardwinds | |
 |
2020-12-14 10:04:46 | US govt, FireEye breached after SolarWinds supply-chain attack (lien direct) | SolarWinds's Orion IT monitoring and management software has been used in a supply chain attack leading to the breach of government and high-profile companies using a malware dubbed SUNBURST or Solorigate. [...] | Malware Guideline | Solardwinds | |
 |
2017-05-11 13:00:00 | What Got CISOs Here, Won\'t Get CISOs There (lien direct) |
A common theme at security conferences for many years was the common complaint that security departments lacked a voice at the table. CISOs were sometimes treated as second-class C-levelers, and were often not represented at the board.
(Un)Luckily, in recent years, the rise of nation-state hacking, large breaches, data dumps, and financial penalties has put security under the spotlight for many organisations.
Finally, the recognition and visibility that so many security departments have craved for so long here.
But with this, come a new set of challenges.
Dealing with a newer, and more senior set of stakeholders requires security teams to add new tools to their proverbial utility belt to be able to communicate and educate more effectively. Convincing a CEO that cyber-pathogens they read about on an in-flight magazine is nothing to worry about requires a different tack than when dealing with an auditor.
Perhaps one of the bigger challenges that presents itself to security teams is fending off the snake-oil salesmen that have been attracted by 'cyber' security and want to make a quick profit. While these types often lack the skills or expertise to improve security, they do present themselves as well-polished and well-spoken and are often well-versed in tactics needed to gain the ear of a senior stakeholder.
While all these distractions and attacks can't be thwarted, there are some strategies that CISOs and security teams can adopt to position themselves better and prevent this:
Here are five non-security tips to help security teams:
1. Put toothpicks in your data
Security historically has presented data in a rather statistical manner. But merely stating how many suspicious emails your spam filter caught is akin to describing your umbrella by the number of raindrops it stops.
The debate to find the ideal security metrics has raged on for many years without showing any signs of slowing down. One way to look at the problem is by asking how the existing data could be presented in a way that is aligned to the target audience expectations.
For example, research has found that when you tell people that what they are eating or drinking is a high-end product, they won't just say that it tastes better than a cheaper product — their brains will actually experience it as better. This was proven by two Dutch pranksters who snuck into a large food-industry expo in Houten, The Netherlands. The pranksters served McDonalds food cut into pieces with toothpicks on trays, telling attendees it was an organic product.
Tasters described the samples as tasting very rich, and very pure.
Try presenting data differently with some toothpicks and see how it changes perceptions.
2. Reframing
Security on its own has little meaning. Many businesses will judge security teams and their effectiveness based on how they feel about it.
Most will tend to frame risk based on how they have perceived it in the past. Although this isn't wrong in some cases, at other times, particularly where experience is tied to a negative perception, these habits need to be changed - or reframed.
In this regard, there are two areas that a CISO can focus on to reframe.
The first aspect is around framing context correctly and involves framing something that seems undesirable, and showing the benefits in another context. For example, Rudolph's red nose was an anomaly that made him stick out from the other reindeers. But the red nose saved all the reindeer on a dark and stormy night.
Similarly, many security controls may seem undesirable in some situations, can become a great asset given the right con |
Guideline | Solardwinds |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
