What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-16 10:00:00 | Renforcement de la cybersécurité: multiplication de force et efficacité de sécurité Strengthening Cybersecurity: Force multiplication and security efficiency (lien direct) |
In the ever-evolving landscape of cybersecurity, the battle between defenders and attackers has historically been marked by an asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage. These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication. Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures. Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI. AI\'s malicious deployment is exemplified in the following quote from their research: "...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains." Furthermore, the report highlights: "Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks." As threat actors continue to employ asymmetrical strategies to render organizations\' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar. Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, | Tool Vulnerability Threat Studies Prediction | ChatGPT | ★★★ |
 |
2023-10-16 07:29:59 | Navigation du cyber-risque: ce qu'il faut rechercher dans la couverture de la cyber-assurance Navigating Cyber Risk: What to Look for in Cyber Insurance Coverage (lien direct) |
Modern threats like phishing, ransomware and data breaches cast a dark cloud over businesses across sectors. For most bad actors, the goal of an attack is financial. As Proofpoint noted in the 2023 State of the Phish report, 30% of businesses that endured a successful attack experienced a direct monetary loss, such as a fraudulent invoice, wire transfer or payroll redirection. That is an increase of 76% year over year. A cyber insurance policy can protect you from the financial losses caused by cybersecurity incidents and data breaches. And when businesses pair cyber insurance with the prowess of Proofpoint solutions, they can build a formidable defense strategy. In this blog, we\'ll go over some best practices for choosing and managing you cyber insurance policy so you can protect yourself from risk. Actions that cyber criminals monetize Our research for the latest State of the Phish report shows that the three most common consequences of a cyber attack are: Data breach (44%) Ransomware infection (43%) Account compromise (36%) Notably, cyber criminals can monetize all these actions. Most common results of successful phishing attacks. (Source: 2023 State of the Phish report from Proofpoint.) Just one cybersecurity incident can cost tens of thousands of dollars. So, it\'s easy to understand why insurers see these incidents as too costly to cover in their general liability policies. But with cyber insurance, your business has a tool to help manage risk. Why cyber insurance can be a vital financial safety net While firewalls and endpoint protections remain vital, the truth is that a level of residual risk always exists. No matter how fortified your security is, breaches can happen due to ingenious adversaries, human error or just unfortunate circumstances. This is where cyber insurance comes to the rescue. It is the safety net that catches your business when your defenses fall short. It can help you cover costs like ransomware payments, legal fees, and costs associated with crisis management and revenue loss. In the graphic below, we can see how often cyber insurance covered losses from ransomware attacks among those surveyed for our 2023 State of the Phish report. Nearly three-quarters (73%) of businesses with cyber insurance policies said their insurers paid at least some of their ransomware-related losses. (Source: 2023 State of the Phish report from Proofpoint.) Cyber insurance best practices Now that we\'ve covered why cyber insurance can be a vital financial safety net, let\'s look at some essential best practices for cyber insurance. These measures can help your business become more effective at managing cybersecurity risks. Find an expert and ask for support and guidance. Specialized brokers are your allies in the intricate world of cyber insurance. Insurers vary in risk appetite, claim acceptance rates and expertise. Brokers have an in-depth grasp of this landscape, and they will assess your options meticulously. They will help ensure that the policy you choose is the right fit for your industry, size, risk profile and more. Be prepared for a rigorous assessment. Today, insurers want more insight into your company\'s security protocols and controls before they issue a cyber insurance policy. So preparedness is key. Be ready to provide evidence, like external audits, penetration test results and compliance certifications to insurers. If you implement access controls that insurers deem vital, such as multifactor authentication (MFA) and privileged access management (PAM), it may help to reduce your premiums. Closely examine coverage scope. Coverage specifics vary globally. But you will find that most cyber insurance policies cover a portion of losses from ransomware attacks and expenses linked to crisis responses. You need to have a thorough understanding of the breach scenarios your policy does or does not cover. Take note of any exclusions. Also, be sure to scrutinize services like breach investigation support, legal | Ransomware Tool Threat Guideline Cloud | ★★★ | |
 |
2023-10-13 22:43:54 | Dakar F. Dexray v2.33 (lien direct) |
Même en 2023, Dexray semble fournir de la valeur aux praticiens du DFIR.Je suis toujours très humilié par des ajouts non sollicités au code Dexray, car cela signifie que l'outil est toujours en vie, malgré le fait qu'il a été écrit en archaïque (par & # 8230; Continuer la lecture & # 8594;
Even in 2023 Dexray seems to be delivering value to DFIR practitioners. I am always very humbled by unsolicited additions to Dexray code, because it means the tool is still alive, despite the fact it was written in archaic (by … Continue reading → |
Tool | ★★★ | |
 |
2023-10-13 17:23:00 | Les chercheurs dévoilent le nouvel ensemble d'outils de Todckat \\ Researchers Unveil ToddyCat\\'s New Set of Tools for Data Exfiltration (lien direct) |
L'acteur avancé de menace persistante (APT) connue sous le nom de Toddycat a été lié à un nouvel ensemble d'outils malveillants conçus pour l'exfiltration de données, offrant un aperçu plus profond de la tactique et des capacités de l'équipe de piratage.
Les résultats proviennent de Kaspersky, qui a d'abord mis en lumière l'adversaire l'année dernière, le liant aux attaques contre des entités de haut niveau en Europe et en Asie pour près de trois
The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew\'s tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three |
Tool Threat | ★★ | |
|
2023-10-13 08:01:34 | Un aperçu des modèles d'apprentissage automatique en point de preuve automatise An Overview of Machine Learning Models in Proofpoint Automate (lien direct) |
Did you know that, based on IDC\'s research, 39% of businesses say that improving operational efficiency is the top primary business objective for using artificial intelligence (AI)? At Proofpoint, there is tremendous interest in augmenting our product portfolio with AI and machine learning (ML) to produce benefits for our customers. In fact, today many of our Intelligent Compliance customers use our AI/ML technology to improve their operational efficiency and mitigate their compliance risk. When they report back to us about their quantitative and qualitative benefits, their results are impressive. In this blog, we\'ll give you an overview of why highly regulated firms choose the Proofpoint Intelligent Compliance platform. And then we\'ll go into details about how ML works in several solutions in the Intelligent Compliance product family. Proofpoint Intelligent Compliance is a comprehensive solution Our Intelligent Compliance platform offers a way for businesses to stay protected and compliant in a dynamic, virtual environment. It provides them with: AI-driven data visibility Information control Records retention and oversight Robust e-discovery capabilities (built-in and advanced) to satisfy requirements set by corporate mandates and regulatory bodies The platform includes these solutions: Proofpoint Archive Proofpoint Automate Proofpoint Capture Proofpoint Discover Proofpoint Patrol Proofpoint Supervision Proofpoint Track A must-have for highly regulated firms The Proofpoint Intelligent Compliance platform can benefit businesses in highly regulated industries. For example, financial services firms that are doing business in the U.S. must follow rules about supervision and monitoring set out by the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC). Many of these firms now use Proofpoint Supervision technology to enable regulatory compliance with FINRA and the SEC. And Proofpoint Automate and Proofpoint Supervision work together to help these businesses supervise their digital communications. Reducing false positives with ML models Automate makes a big impact with helping businesses to reduce false positives. These are flagged, archived items, like email messages, which turn out to be of low or no risk after a review. They are a significant problem for companies that need to supervise digital communications. Automate uses ML models with Supervision to reduce false positives from supervisory review queues. This helps customers streamline processes and reduce human fatigue and errors. Teams manage and review much less low-risk content, which means reviewers can focus on real issues. One Proofpoint client reported that after deploying Supervision and Automate, they cut their review queue volume by a third. They reduced their flagged but not reviewed items from nearly 30 days to about 14 days out, which is now within their internal service-level agreements. Automate provides ML models and the tools to build ML models trained on your data to help reduce false positives. You have the option to: Build your own models Work with Proofpoint professional services to develop customized models Start with any of the models included with Automate The models that come with Automate are Low-Risk Content Model (LRCM), Disclaimer Detection Model or Customer Complaints Model. Let\'s take a closer look at the first one-LRCM. What does the LRCM do? You can use LRCM to remove low-risk content in two different ways-through exclusion detection or Auto-Clear. For sender and subject line exclusion detection, the model will make suggestions that an administrator can review, accept or decline. (See Figure 1.) Figure 1. Proofpoint Automate uses exclusion detection to surface subject line suggestions to add to the Supervision policy. If the administrator accepts the subject line, that line is added to the Supervision policy. Subsequent messages with the respective subject line will not be ev | Tool | ★★ | |
 |
2023-10-13 03:47:17 | Une analyse d'une webcontent de safari iOS dans la fenêtre dans l'exploit de processus GPU An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit (lien direct) |
By Ian Beer
A graph representation of the sandbox escape NSExpression payload
In April this year Google\'s Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.
Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox.
Analysis of this in-the-wild exploit chain reveals the first known case of attackers exploiting the Safari IPC layer to "hop" from WebContent to the GPU process, adding an extra link to the exploit chain (CVE-2023-32409).
On the surface this is a positive sign: clear evidence that the renderer sandbox was hardened sufficiently that (in this isolated case at least) the attackers needed to bundle an additional, separate exploit. Project Zero has long advocated for attack-surface reduction as an effective tool for improving security and this would seem like a clear win for that approach.
On the other hand, upon deeper inspection, things aren\'t quite so rosy. Retroactively sandboxing code which was never designed with compartmentalization in mind is rarely simple to do effectively. In this case the exploit targeted a very basic buffer overflow vulnerability in unused IPC support code for a disabled feature - effectively new attack surface which exists only because of the introduced sandbox. A simple fuzzer targeting the IPC layer would likely have found this vulnerability in seconds.
|
Tool Vulnerability Threat | ★★ | |
 |
2023-10-12 21:17:00 | AppDome annonce des outils d'évaluation des attaques dans l'économie numérique \\'s Mobile XDR Appdome Announces Attack Evaluation Tools in Digital Economy\\'s Mobile XDR (lien direct) |
By Ian Beer
A graph representation of the sandbox escape NSExpression payload
In April this year Google\'s Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.
Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox.
Analysis of this in-the-wild exploit chain reveals the first known case of attackers exploiting the Safari IPC layer to "hop" from WebContent to the GPU process, adding an extra link to the exploit chain (CVE-2023-32409).
On the surface this is a positive sign: clear evidence that the renderer sandbox was hardened sufficiently that (in this isolated case at least) the attackers needed to bundle an additional, separate exploit. Project Zero has long advocated for attack-surface reduction as an effective tool for improving security and this would seem like a clear win for that approach.
On the other hand, upon deeper inspection, things aren\'t quite so rosy. Retroactively sandboxing code which was never designed with compartmentalization in mind is rarely simple to do effectively. In this case the exploit targeted a very basic buffer overflow vulnerability in unused IPC support code for a disabled feature - effectively new attack surface which exists only because of the introduced sandbox. A simple fuzzer targeting the IPC layer would likely have found this vulnerability in seconds.
|
Tool | ★★ | |
 |
2023-10-12 19:15:00 | Logiciel de progrès confronté à des dizaines de recours collectifs, enquête SEC à la suite de l'incident de Moveit Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident (lien direct) |
La société derrière un outil de transfert de fichiers populaire fait face à des dizaines de poursuites et d'enquêtes par plusieurs agences américaines à la suite de l'exploitation d'une vulnérabilité critique en mai.Progress Software & # 8211;L'entreprise qui possède l'outil de transfert de fichiers Moveit & # 8211;a déclaré ses résultats trimestriels cette semaine et a fourni une ventilation détaillée des coûts
The company behind a popular file transfer tool is facing dozens of lawsuits and investigations by several U.S. agencies following the exploitation of a critical vulnerability in May. Progress Software – the company that owns the MOVEit file transfer tool – reported its quarterly earnings this week and provided a detailed breakdown of the costs |
Tool Vulnerability | ★★ | |
 |
2023-10-12 17:51:58 | Semperis élargit l'outil d'analyse du chemin d'attaque du druide forestier pour se prémunir contre les attaques d'identification ENTRA Semperis Expands Forest Druid Attack Path Analysis Tool to Guard Against Entra ID Attacks (lien direct) |
La nouvelle capacité étend le support multi-directory pour les druides forestiers pour aider les défenseurs de cybersécurité à fermer rapidement les voies d'attaque risquées vers les actifs de niveau 0 dans les environnements d'identité hybride
-
revues de produits
New capability extends multi-directory support for Forest Druid to help cybersecurity defenders rapidly close risky attack paths to Tier 0 assets across hybrid identity environments - Product Reviews |
Tool | ★★★ | |
|
2023-10-12 10:52:45 | Une journée dans la vie d'un analyste de cybersécurité A Day in the Life of a Cybersecurity Analyst (lien direct) |
The day-to-day experience of cybersecurity professionals can vary widely, even though we face similar threats and have many of the same tools at our disposal. In this post, I\'d like to shine a light on what a typical day looks like for a business information security analyst in the world of cybersecurity-a role I know well. Getting started in cybersecurity I\'m a musician-a bagpiper. It\'s a strange one, I know, but that\'s how I started my career. For a couple of years after leaving school, I taught and performed pipe music. But after finishing my music diploma, I knew that there were only so many hours in the week, and only so many people to teach. So, perhaps I should learn another skill, too. It was my dad who suggested cybersecurity. From the outside, it looked interesting and seemed like an industry on the up and up. So I applied for a cybersecurity course at Robert Gordon University in Aberdeen, Scotland. At that time, I didn\'t have much technical knowledge. However, after a chance meeting with the head of the cybersecurity course on a university open day, I felt it was an area I could potentially break into. Within a few weeks, I had signed up for a five-year course with the option of a placement after the second year. Fast-forward to today, and here I am two years into the job, and I\'ve just finished my third year at university. My work placement transitioned into a full-time role, which I still balance with my full-time studies. What does a “normal” day look like for a cybersecurity analyst? No two days are ever the same. It\'s typical for people new to this role to ask, “What are my tasks?” The honest answer is that they\'re hard to define. It depends on what\'s going on in the business at that time, and who you know and work with regularly. While we have great security tools in place to flag suspicious activity, a lot of the time I\'m dealing with situations where I must trust my gut instincts. A task I have grown into managing in my current role is the security training program and phishing simulations across the company. Just yesterday, I issued approvals for a new training campaign that we\'re running for our operations team in Iraq. We aim to carry out targeted team training quarterly in shorter bites, 20 minutes here and there, to try to keep people engaged more than once a year. I\'ll usually spend part of my day managing our external support teams and service providers, too. I manage our security exceptions process, which involves vetting and approving requests from the business. For me, it\'s a case of making sure we have the right information from our users, asking the “Why?” to their wants, and finding out if there are more secure alternatives for providing a solution. Indicator of compromise (IOC) checks are an ongoing task. We\'re part of a service organisation forum, so we often gather and share important information with our industry peers. We have a shared spreadsheet that\'s automatically tracked, and we always receive possible indicators internally from our ever-growing network of security champions. I just need to make sure that our email security and firewall security are ticked off, blocked and managed. Measuring success Being part of the service organisation forum means that we are constantly sharing information with our peers. It allows us to compare the results of our training programs over time to see how we trend against each other. We also look back at how we have performed in these areas internally over the last few years to make sure we\'re always improving. We\'re also passionate about data governance. We want to ensure that our users not only understand risk but also how to appropriately manage company and client data. We want to always use best practices and build an internal security culture from the ground up. There\'s that saying, “You\'re only as good as your weakest player.” When it comes to cybersecurity issues, an organization is like a football team. You have 40,000 employees-and if just one of them doesn\'t know what | Tool Prediction | ★★★ | |
|
2023-10-12 10:00:00 | L'évolution des attaques de phishing The evolution of phishing attacks (lien direct) |
A practical guide to phishing and best practices to avoid falling victim. Introduction Over the past several years, remote and hybrid work has quickly gained popularity amongst those seeking a to reduce the amount of time on the road or an improved work/life balance. To accomplish this, users are often working from multiple devices, some of which may be company issued, but others may be privately owned. Cyberattackers have leveraged this trend to bypass traditional security controls using social engineering, with phishing attacks being a favored tactic. In fact, the FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email. This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access. Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a | Ransomware Malware Tool Threat Prediction | ★★★ | |
 |
2023-10-12 09:45:41 | Métiers IT – Développeur web : définition, formation, salaire (lien direct) | Le développeur web est en charge de la conception de sites et applications web. Il contrôle la fiabilité et les performances des fonctionnalités mises en oeuvre. Il maîtrise les outils et les langages du développement web. | Tool | ★★★ | |
|
2023-10-12 09:27:20 | J'ai été frappé par les ransomwares-temps quoi?Étapes pour gérer les conséquences I\\'ve Been Hit by Ransomware-Now What? Steps for Dealing with the Aftermath (lien direct) |
The following is an excerpt from the Ransomware Survival Guide, our free handbook on preventing, managing and recovering from ransomware threats at every stage of the attack chain. This blog post provides general tips-it is not a substitute for professional cybersecurity and incident response services. The best ransomware strategy is to avoid it in the first place. But increasingly advanced attacks against the software supply chain and end users have shown that even the best-prepared companies can be caught out. Ransomware may not even be the first malware payload to infect your system, because many ransomware gangs now prefer to buy access to targets already infected with Trojans or loader malware. During an attack, you have short-term problems to resolve, like getting computers, phones and networks back online and dealing with ransom demands. But a panicked response won\'t help-and may make things worse. Here are some general steps you can take to contain the threat and start on the road to recovery. Questions to answer during a ransomware attack Before you react to an attack, it\'s important to take a step back and ask questions that will inform your response. Your answers should help network administrators scope the problem, devise an action plan and possibly curtail the spread. Who in your environment is compromised? How widespread are the infections? Is a threat actor actively scouting your environment, exfiltrating data or ready to drop ransomware on other devices? What network permissions do compromised accounts or devices have? Ransomware may have been installed only after attackers had already moved laterally within the network or stolen credentials and other data. What type of attack is it? Is this attack a secondary infection? Did it come from downloaders, remote access Trojans (RATs) or other malware installed on the infected machine or others on the network? Keep in mind that ransomware spreads quickly and is often a byproduct of other threats. If you see one infection, there are probably others that you don\'t see. Proactively look for other issues within your environment. Now as you take action, there are three general step to follow: Step 1: Isolate infected systems The second employees see the ransomware demand or notice something\'s odd-such as suddenly losing access to their own files-they should disconnect from the network and take the infected machine to the IT department. To prepare for this scenario, we recommend that you keep valuable data and systems separated so that a security issue on one system doesn\'t affect other systems. For example, your sensitive research or business data should not reside on the same server and network segment as your email environment. We advise against having employees reboot their system. Only the IT security team should attempt a reboot, and even that will work only in the event that it is “scareware,” or fake ransomware. "Scareware" is malware that appears to be ransomware but isn\'t. It may lock the user\'s screen with a ransom demand and payment instructions, but the data is not actually encrypted. In those scenarios, standard anti-malware tools can help. Knowing the difference isn\'t always easy. Determine the scope of the problem using threat intelligence and external incident responders or forensic analysts when necessary. While all ransomware is bad, some attacks are worse than others. Your response-including whether to pay the ransom-hinges on several factors. Step 2: Call law enforcement Ransomware-like other forms of theft and extortion-is a crime. Nobody has the right to seize devices, networks or data-let alone demand a ransom in exchange for it. Notifying the proper authorities is a necessary first step. Contact local or federal law enforcement right away. Special departments exist specifically to aid cyber crime victims, so do not be afraid to pick up your phone and call them. They are there to help you and may have access to decryption keys or information on payment recovery after | Ransomware Malware Tool Threat | ★★★ | |
|
2023-10-11 22:08:45 | AppDome annonce de nouveaux outils d'évaluation des attaques dans le premier XDR mobile de l'économie numérique \\ Appdome Announces New Attack Evaluation Tools in Digital Economy\\'s First Mobile XDR (lien direct) |
AppDome annonce de nouveaux outils d'évaluation des attaques dans le premier XDR mobile de l'économie numérique
menace-inspect ™, menaces et instantanés font du mobile XDR le bon choix pour les marques du monde
-
revues de produits
Appdome Announces New Attack Evaluation Tools in Digital Economy\'s First Mobile XDR Threat-Inspect™, Threat-Views and Snapshots Make Mobile XDR the Right Choice for Brands Globally - Product Reviews |
Tool | ★★ | |
|
2023-10-11 11:00:00 | Protéger les versions de l'IA 3 outils de sécurité AI / ML en tant que open source Protect AI Releases 3 AI/ML Security Tools as Open Source (lien direct) |
La société a publié NB Defence, ModelsCan et Rebuff, qui détectent les vulnérabilités dans les systèmes d'apprentissage automatique, sur GitHub.
The company released NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, on GitHub. |
Tool Vulnerability | ★★ | |
 |
2023-10-10 18:15:16 | CVE-2023-36720 (lien direct) | Windows Mixe Reality Developer Tools Denial of Service Vulnérabilité
Windows Mixed Reality Developer Tools Denial of Service Vulnerability |
Tool Vulnerability | ||
 |
2023-10-10 15:39:40 | Échelle au-delà ducorp avec les politiques de contrôle d'accès assistées par l'IA Scaling BeyondCorp with AI-Assisted Access Control Policies (lien direct) |
Ayush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software EngineerIn July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists - SpeakACL. This tool, awarded the Gold Prize during Google\'s internal Security & AI Hackathon, allows developers to create or modify security policies using simple English instructions rather than having to learn system-specific syntax or complex security principles. This can save security and product teams hours of time and effort, while helping to protect the information of their users by encouraging the reduction of permitted access by adhering to the principle of least privilege.Access Control Policies in BeyondCorpGoogle requires developers and owners of enterprise applications to define their own access control policies, as described in BeyondCorp: The Access Proxy. We have invested in reducing the difficulty of self-service ACL and ACL test creation to encourage these service owners to define least privilege access control policies. However, it is still challenging to concisely transform their intent into the language acceptable to the access control engine. Additional complexity is added by the variety of engines, and corresponding policy definition languages that target different access control domains (i.e. websites, networks, RPC servers).To adequately implement an access control policy, service developers are expected to learn various policy definition languages and their associated syntax, in addition to sufficiently understanding security concepts. As this takes time away from core developer work, it is not the most efficient use of developer time. A solution was required to remove these challenges so developers can focus on building innovative tools and products.Making it WorkWe built a prototype interface for interactively defining and modifying access control policies for the | Tool Vulnerability | ★★★ | |
|
2023-10-10 10:00:00 | & timide; histoires du SOC: Quishing & # 8211;Combattre les codes QR malveillants intégrés Stories from the SOC: Quishing – Combatting embedded malicious QR codes (lien direct) |
James Rodriguez – Senior Specialist, Cybersecurity
Executive summary
Over the past several months, AT&T Managed Detection and Response (MTDR) security operations center (SOC) analysts have seen an increase in the usage of phishing emails containing malicious QR codes. In a recent example, a customer that was victimized by a phishing attempt provided the AT&T analysts with an email that was circulated to several of its internal users. The analysts reviewed the email and its included attachment, a PDF containing a QR code and an urgent message claiming to be from Microsoft.
When the targeted user scanned the QR code, they were directed to a counterfeit Microsoft login page designed to harvest usernames and passwords. This type of attack is called “quishing.”
Unfortunately, several users fell victim to the attack, and their credentials were compromised. However, our analysts were able to engage with the customer and guide them through the proper remediation steps.
Encouraging targeted users to act quickly and scan the code using their phone (which often is not as secure as the rest of a company’s network) is a standard tactic employed by threat actors. By doing this, they hope to convince the user to act without thinking and forgo proper security practices allowing the threat actor to bypass traditional security measures in place on a company network.
Threat actor tactics
The threat actor used a Windows authentication setup for multi-factor authentication (MFA) to initiate the attack. The targeted users received a phishing email indicating MFA needed to be set up on their account. The email included a PDF attachment with instructions directing them to scan the included QR code, which was malicious.
Once the users scanned the QR code, they were redirected to a fake Microsoft sign-in page on their phone. Here, they entered their legitimate login credentials,which were then stored and made available to the threat actor.
Investigation
Once the customer suspected the email was malicious, they contacted the AT&T team and provided a copy of the PDF file with the included QR code. The team analyzed the file and the QR code (see Image 1) and identified the associated destination as “srvc1[.]info/mcrsft2fasetup/index.html.”
Image 1: PDF file from customer containing malicious QR code
The QR codes associated URL sends the user to a credential harvester masquerading as a Microsoft login page. (See Image 2.)
Image 2: Credential harvester masquerading as login page
AT&T SOC analysts analyzed the credential harvester using a fake email and the Google Chrome Inspector tool to record any outbound connections when clicking the “Sign In” button (see Image 2). Only one network connection was made, which resulted in a 404 HTTP response code to the external domain “logo.clearbit[.]com/email.com.” Research into clearbit[.]com found it is associated with Clearbit B2B Marketing Intelligence, which is listed as a legitimate marketing tool for identifying customers and sales exchanges.
Analysts used open-source intelligence (OSINT) to further research the initial associated domain “srvc1[.]info” but found no additional information as the domain was recently purchased. Further investigation revealed that the owner’s identity was hidden, and there was no additional data available. The customer confirmed that neither the Clearbit nor the srvc1 external domains were known or a part of normal business use within their environment.
Remediation
AT&T SOC analysts worked closely with the customer to identify w |
Tool Threat | ★★★★ | |
 |
2023-10-10 04:42:35 | Infostaler avec un certificat anormal en cours de distribution Infostealer with Abnormal Certificate Being Distributed (lien direct) |
Récemment, il y a eu un taux de distribution élevé de logiciels malveillants en utilisant des certificats anormaux.Les logiciels malveillants se déguisent souvent avec des certificats normaux.Cependant, dans ce cas, les logiciels malveillants ont saisi les informations de certificat au hasard, le nom du sujet et les champs de noms émetteur ayant des chaînes inhabituellement longues.En conséquence, les informations sur le certificat ne sont pas visibles dans les systèmes d'exploitation Windows, et un outil ou une infrastructure spécifique est nécessaire pour inspecter la structure de ces certificats.Bien sûr, ces certificats échouent en vérification de signature depuis ...
Recently, there has been a high distribution rate of malware using abnormal certificates. Malware often disguise themselves with normal certificates. However, in this case, the malware entered the certificate information randomly, with the Subject Name and Issuer Name fields having unusually long strings. As a result, the certificate information is not visible in Windows operating systems, and a specific tool or infrastructure is required to inspect the structure of these certificates. Of course, these certificates fail in signature verification since... |
Malware Tool | ★★★ | |
|
2023-10-09 19:47:00 | Le fonctionnement derrière les logiciels espions mobiles de Predator est \\ 'échelle industrielle \\' Operation Behind Predator Mobile Spyware Is \\'Industrial Scale\\' (lien direct) |
L'Intellexa Alliance utilise une gamme d'outils pour intercepter et renverser les technologies mobiles et Wi-Fi pour déployer ses outils de surveillance, selon une enquête d'Amnesty International et d'autres.
The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others. |
Tool | ★★ | |
 |
2023-10-09 15:21:57 | Dévoilant \\ 'STESIN \\' Alive \\ ': un examen plus approfondi d'une campagne en cours en Asie ciblant les télécommunications et les entités gouvernementales Unveiling \\'Stayin\\' Alive\\': A Closer Look at an Ongoing Campaign in Asia Targeting Telecom and Governmental Entities (lien direct) |
 Faits saillants: Check Point Research a suivi "STESHIN \\ 'Alive", une campagne d'espionnage en cours opérant en Asie, et ciblant principalement l'industrie des télécommunications, ainsi que des organisations gouvernementales.La campagne «Stayin \\ 'Alive» utilisée contre des organisations asiatiques de grande envergure, ciblait initialement des organisations au Vietnam, en Ouzbékistan et au Kazakhstan.Alors que nous effectuons notre analyse, nous avons réalisé que cela faisait partie d'une campagne beaucoup plus large ciblant la région.Les outils observés dans la campagne sont liés à \\ 'Toddycat \' - un acteur affilié chinois opérant dans la région des clients de point de contrôle en utilisant le point final de Check Point Harmony et l'émulation de menace restent protégés contre la campagne détaillée dans ce rapport [& # 8230;]
 Highlights: Check Point Research has been tracking “Stayin\' Alive”, an ongoing espionage campaign operating in Asia, and primarily targeting the Telecom industry, as well as government organizations. The “Stayin\' Alive” campaign used against high-profile Asian organizations, initially targeted organizations in Vietnam, Uzbekistan, and Kazakhstan. As we conducted our analysis, we realized that it is part of a much wider campaign targeting the region. Tools observed in the campaign are linked to \'ToddyCat\'- a Chinese affiliated actor operating in the region Check Point customers using Check Point Harmony Endpoint and Threat Emulation remain protected against the campaign detailed in this report […]
|
Tool Threat | ★★ | |
 |
2023-10-09 14:19:54 | Découvrez l\'adresse IP de vos contacts Telegram facilement avec ce script (lien direct) | Un script permet de trouver l'adresse IP d'un interlocuteur sur Telegram pour résoudre des problèmes réseau ou collaborer. Il faut installer Telegram Desktop et l'outil d'analyse réseau tshark. Le script, destiné à des fins éducatives, doit être utilisé avec l'autorisation de la personne concernée. | Tool | ★★★★ | |
|
2023-10-09 12:30:13 | Rust à métal nu dans Android Bare-metal Rust in Android (lien direct) |
Posted by Andrew Walbran, Android Rust Team
Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (running under Linux), but these are not the only components typically written in memory-unsafe languages. Many security-critical components of an Android system run in a “bare-metal” environment, outside of the Linux kernel, and these are historically written in C. As part of our efforts to harden firmware on Android devices, we are increasingly using Rust in these bare-metal environments too.
To that end, we have rewritten the Android Virtualization Framework\'s protected VM (pVM) firmware in Rust to provide a memory safe foundation for the pVM root of trust. This firmware performs a similar function to a bootloader, and was initially built on top of U-Boot, a widely used open source bootloader. However, U-Boot was not designed with security in a hostile environment in mind, and there have been numerous security vulnerabilities found in it due to out of bounds memory access, integer underflow and memory corruption. Its VirtIO drivers in particular had a number of missing or problematic bounds checks. We fixed the specific issues we found in U-Boot, but by leveraging Rust we can avoid these sorts of memory-safety vulnerabilities in future. The new Rust pVM firmware was released in Android 14.
As part of this effort, we contributed back to the Rust community by using and contributing to existing crates where possible, and publishing a number of new crates as well. For example, for VirtIO in pVM firmware we\'ve spent time fixing bugs and soundness issues in the existing virtio-drivers crate, as well as adding new functionality, and are now helping maintain this crate. We\'ve published crates for making PSCI and other Arm SMCCC calls, and for managing page tables. These are just a start; we plan to release more Rust crates to support bare-metal programming on a range of platforms. These crates are also being used outside of Android, such as in Project Oak and the bare-metal section of our Comprehensive Rust course.
Training engineers
Many engineers have been positively surprised by how p |
Tool Vulnerability | ★★ | |
|
2023-10-09 10:00:00 | Mois de sensibilisation à la cybersécurité: Habitudes scolaires pour vous protéger, vous et votre famille, Cybersecurity Awareness Month: School habits to protect you and your family (lien direct) |
Retour à l'école est le moment idéal pour se souvenir des meilleures pratiques de base de la cybersécurité pour vous protéger, vous et votre famille.Ceux-ci ne surprennent que quiconque a été parent depuis quelques années, mais ce qui pourrait vous surprendre, c'est à quelle vitesse les choses changent, ce qui peut augmenter votre risque de donner accès aux cybercriminels.C'est principalement autour de toutes les applications, et même des micro-applications, qui fournissent le plus souvent les niveaux de sécurité les plus bas. applications, applications, applications, tout a une application. Les écoles travaillent dur pour moderniser, améliorer la communication, rationaliser l'apprentissage, etc.Pour ce faire, de nombreuses écoles utilisent des applications.L'utilisation d'applications mobiles, en particulier pour les téléphones, est un effort pour démocratiser l'accès à l'information, car vous ne devez pas utiliser un ordinateur ou un Wi-Fi pour accéder à ces applications.Tout ce dont vous avez besoin est un appareil mobile. La bonne nouvelle consiste à utiliser ces applications pour consommer des informations est généralement sûre.Vous pouvez voir les notes, la fréquentation, les annonces scolaires, etc., et parce qu'elle est principalement à sens unique et ndash;partager des informations avec vous & ndash;vous & rsquo; est généralement sûr.Voir la note sur les mots de passe ci-dessous, mais sur ce front, vous pouvez vous détendre. La mauvaise nouvelle, ou zone de danger, est lorsque vous entrez des informations dans cette application.Cela commence à devenir plus compliqué parce que les menaces de sécurité commencent à avoir des niveaux.Voici comment y penser: Assurez-vous que l'application que vous utilisez est légitime.Des choses comme les codes QR (ces boîtes sur lesquelles vous pointez votre appareil photo, et un site Web lance) et les e-mails sont souvent comment vous avez dit d'obtenir une application.Les deux outils et ndash;Codes QR et e-mail & ndash;peut être truqué.Si vous cliquez et suivez, vous pouvez vous retrouver dans un endroit dangereux.Au lieu de cela, vous devez vérifier l'emplacement que vous visitez est authentique.Parfois, ce n'est pas facile. La meilleure façon de vous assurer que vous êtes au bon endroit n'est pas d'utiliser des codes QR ou de suivre les liens électroniques qui sont ouverts afin que vous puissiez voir l'URL .Il vaut mieux entrer l'adresse URL directement dans votre navigateur, garantissant qu'il suit les conventions normales (les écoles utilisent généralement .edu, .gov, etc.).Les applications commerciales auront des URL .com;Vous devriez également être en mesure de rechercher le nom de l'application en ligne pour confirmer l'adresse. ne pas utiliser le même mot de passe que vous utilisez pour des choses importantes.Même si l'application semble légitime, créez un mot de passe que vous utilisez pour les choses scolaires.Vous voulez que ce soit différent parce que s'il y a une brèche, les méchants sont en association de votre nom à un mot de passe que vous utilisez pour votre carte bancaire, votre carte de crédit ou même votre e-mail. Don & rsquo; t n'entrez pas d'informations personnelles sur vous ou votre enfant. Si elle est requise pour l'école, l'école doit avoir vos informations en auto-peuplées (déjà remplies).C'est leur responsabilité.De nombreuses applications vous permettent de faire plus pour personnaliser des informations sur votre enfant et votre famille, et nous vous exhortons à considérer ce que vous êtes prêt à partager.Le dicton est ce qui est partagé sur Internet sur Internet.Il existe des nuances et des moyens de supprimer les informations, mais généralement, en particulier aux États-Unis, où les lois sur la confidentialité sont toujours en développement, il est sûr de supposer que c'est le cas. Cela signifie que vous ne souhaitez pas joindre aucune infor | Tool | ★★ | |
|
2023-10-08 18:00:00 | Les mainteneurs mettent en garde contre la vulnérabilité affectant l'outil de source ouverte fondamentale Maintainers warn of vulnerability affecting foundational open-source tool (lien direct) |
Les mainteneurs d'un outil open source populaire qui sert de support fondamental pour de nombreux protocoles de réseau comme SSL, TLS, HTTP, FTP, SMTP avertissent deux vulnérabilités qui seront annoncées la semaine prochaine.Les problèmes Centre de Curl, un outil de ligne de commande open source qui, selon les chercheurs, est largement utilisé par les développeurs et le système
The maintainers of a popular open source tool that serves as a foundational support for many network protocols like SSL, TLS, HTTP, FTP, SMTP are warning of two vulnerabilities that will be announced this coming week. The issues center on curl, an open-source command-line tool that researchers said is used widely by developers and system |
Tool Vulnerability | ★★★ | |
|
2023-10-06 19:59:00 | RIT est la première université à recevoir le soutien du Google Cybersecurity Clinics Fund RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund (lien direct) |
Les mainteneurs d'un outil open source populaire qui sert de support fondamental pour de nombreux protocoles de réseau comme SSL, TLS, HTTP, FTP, SMTP avertissent deux vulnérabilités qui seront annoncées la semaine prochaine.Les problèmes Centre de Curl, un outil de ligne de commande open source qui, selon les chercheurs, est largement utilisé par les développeurs et le système
The maintainers of a popular open source tool that serves as a foundational support for many network protocols like SSL, TLS, HTTP, FTP, SMTP are warning of two vulnerabilities that will be announced this coming week. The issues center on curl, an open-source command-line tool that researchers said is used widely by developers and system |
Ransomware Tool | ★★ | |
|
2023-10-06 15:51:00 | Un nouvel outil d'OS vous indique qui a accès à quelles données New OS Tool Tells You Who Has Access to What Data (lien direct) |
Assurer que les données sensibles restent confidentielles, protégées contre l'accès non autorisé et conforme aux réglementations de confidentialité des données sont primordiales.Les violations de données entraînent des dommages financiers et de réputation, mais entraînent également des conséquences juridiques.Par conséquent, des mesures de sécurité d'accès aux données robustes sont essentielles pour protéger les actifs d'une organisation, maintenir la confiance des clients et répondre aux exigences réglementaires.
UN
Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization\'s assets, maintain customer trust, and meet regulatory requirements. A |
Tool | ★★★ | |
|
2023-10-06 14:15:12 | CVE-2023-42445 (lien direct) | Gradle est un outil de construction en mettant l'accent sur l'automatisation de la construction et la prise en charge du développement multi-langues.Dans certains cas, lorsque Gradle analyse les fichiers XML, la résolution des entités externes XML n'est pas désactivée.Combiné avec une attaque XXE hors bande (OOB-XXE), le simple d'analyse XML peut conduire à l'exfiltration de fichiers texte locaux sur un serveur distant.Gradle analyse les fichiers XML à plusieurs fins.La plupart du temps, les fichiers XML Gradle parses qu'il ont générés ou étaient déjà présents localement.Seuls les descripteurs XML IVY et les fichiers Maven POM peuvent être récupérés à partir de référentiels distants et analysés par Gradle.Dans Gradle 7.6.3 et 8.4, la résolution des entités externes XML a été désactivée pour tous les cas d'utilisation pour se protéger contre cette vulnérabilité.Gradle refusera désormais d'analyser les fichiers XML qui ont des entités externes XML.
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities. |
Tool | ||
|
2023-10-06 14:08:16 | Certains méta-employés et agents de sécurité ont piraté des comptes d'utilisateurs Some Meta Employees and Security Guards Hacked User Accounts (lien direct) |
> Par deeba ahmed
Les personnes licenciées comprenaient des agents de sécurité sur le contrat qui travaillaient pour Meta et pouvaient accéder à un outil interne pour les employés.
Ceci est un article de HackRead.com Lire le post original: Certains méta-employés etLes gardes de sécurité ont piraté des comptes d'utilisateurs
>By Deeba Ahmed The fired individuals included on-contract security guards who worked for Meta and could access an internal tool for employees. This is a post from HackRead.com Read the original post: Some Meta Employees and Security Guards Hacked User Accounts |
Tool | ★★★ | |
|
2023-10-06 08:54:04 | " Utiliser l\'IA pour combattre les cyberattaques " (lien direct) | " Utiliser l'IA pour combattre les cyberattaques " Pour Olivier Dedieu, Directeur technique et co-fondateur de Jalios, l'IA générative permet aux entreprises de limiter les risques de fuite de données à condition d'entretenir une gouvernance forte et d'utiliser des outils souverains. - Points de Vue | Tool | ★★ | |
 |
2023-10-06 07:52:00 | IBM s'appuie sur l'IA pour les services de sécurité gérés IBM leans into AI for managed security services (lien direct) |
IBM déploie les services gérés basés sur l'IA qui promettent d'aider les équipes de réseau et d'opérations de sécurité plus rapidement et efficacement à répondre aux cyber-menaces d'entreprise. Géré par le groupe IBM Consulting, la détection et la réponse des menaces(TDR) Les services offrant des promesses promettent une surveillance, une enquête et une correction automatisées des alertes de sécurité des outils de sécurité existants ainsi que du cloud, des systèmes de technologie sur site et de la technologie opérationnelle en utilisant le réseau d'entreprise.Les Services peuvent intégrer des informations de plus de 15 outils de gestion de la sécurité et de gestion des incidents (SIEM) et plusieurs packages de détection et de réponse de la détection et de réponse de réseau tiers, par exemple. Pour lire cet article en entier, veuillez cliquer ici
IBM is rolling out AI-based managed services that promise to help network and security operations teams more quickly and effectively respond to enterprise cyber threats.Managed by the IBM Consulting group, the Threat Detection and Response (TDR) Services offering promises 24x7 monitoring, investigation, and automated remediation of security alerts from existing security tools as well as cloud, on-premises, and operational technology systems utilizing the enterprise network. The services can integrate information from more than 15 security event and incident management (SIEM) tools and multiple third-party endpoint and network detection and response packages, for example.To read this article in full, please click here |
Tool Threat | ★★ | |
 |
2023-10-06 03:20:54 | Top outils de test de pénétration de la cybersécurité pour 2023 (triée sur le volet) Top Cybersecurity Penetration Testing Tools for 2023 (Handpicked) (lien direct) |
Introduction: Pourquoi les outils de test de pénétration sont-ils indispensables?Dans un paysage numérique chargé de cyber-menaces en évolution, la question n'est pas
Introduction: Why Are Penetration Testing Tools Indispensable? In a digital landscape fraught with evolving cyber threats, the question is no |
Tool | ★★★★ | |
|
2023-10-05 21:14:00 | Exploite de l'annulation de l'EDR / XDR avec ces contre-mesures Quash EDR/XDR Exploits With These Countermeasures (lien direct) |
Avec des outils et des groupes de pirates en train d'échapper aux défenses, l'élargissement de la cybersécurité au-delà de la sécurité des points finaux devient cruciale.
With tools and hacker groups constantly evading defenses, expanding cybersecurity beyond endpoint security becomes crucial. |
Tool | ★★★ | |
|
2023-10-05 21:08:00 | Microsoft: les attaques de ransomwares opérationnelles humaines ont triplé au cours de l'année dernière Microsoft: Human-operated ransomware attacks tripled over past year (lien direct) |
Les attaques de ransomwares opérationnelles humaines ont augmenté de plus de 200% depuis septembre 2022, selon des chercheurs de Microsoft, qui ont averti qu'il pourrait représenter un changement dans la cybercriminalité souterraine.Les attaques axées sur l'human
Human-operated ransomware attacks are up more than 200% since September 2022, according to researchers from Microsoft, who warned that it could represent a shift in the cybercrime underground. Human-operated attacks typically involve the active abuse of remote monitoring and management tools that allow hackers to leave behind less evidence - as opposed to automated attacks |
Ransomware Tool | ★★ | |
|
2023-10-05 18:15:12 | CVE-2023-44387 (lien direct) | Gradle est un outil de construction en mettant l'accent sur l'automatisation de la construction et la prise en charge du développement multi-langues.Lors de la copie ou de l'archivage des fichiers Symliend, Gradle les résout mais applique les autorisations du Symlien lui-même au lieu des autorisations du fichier lié au fichier résultant.Cela conduit à des fichiers ayant trop d'autorisations étant donné que les liens symboliques sont généralement lisibles dans le monde et inscriptibles.S'il est peu probable que cela se traduit par une vulnérabilité directe pour la construction touchée, il peut ouvrir des vecteurs d'attaque selon l'endroit où les artefacts de construction finissent par être copiés ou non archivés.Dans les versions 7.6.3, 8.4 et plus, Gradle utilisera désormais correctement les autorisations du fichier pointées par le Symlien pour définir les autorisations du fichier copié ou archivé.
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file. |
Tool Vulnerability | ||
|
2023-10-05 10:00:00 | Gartner a prédit que les API seraient le vecteur d'attaque n ° 1 - deux ans plus tard, est-ce vrai? Gartner predicted APIs would be the #1 attack vector - Two years later, is it true? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue. This shift has led to a massive proliferation in APIs, with businesses relying on hundreds or even thousands of APIs to provide their technology offerings, enhance their products, and leverage data from various sources. However, with this growth, businesses have opened the door to increased risk. In 2021, Gartner predicted that APIs would become the top attack vector. Now, two years and a number of notable breaches via APIs later, it’s hard (or rather, impossible) to dispute this. The security trends shaping the API landscape One of the biggest threat vectors when it comes to APIs is that they are notoriously hard to secure. The API ecosystem is constantly evolving, with enterprises producing huge numbers of APIs in a way that’s outpacing the maturity of network and application security tools. Many new APIs are created on emerging platforms and architectures and hosted on various cloud environments. This makes traditional security measures like web application firewalls and API gateways ineffective as they can’t meet the unique security requirements of APIs. For bad actors, the lack of available security measures for APIs means that they are easier to compromise than other technologies that rely on traditional (and secure) architectures and environments. Given that so many businesses have made such a large investment in their API ecosystem and have made APIs so core to their operations, an attack on an API can actually be quite impactful. As such, if a cybercriminal gets access to an API that handles sensitive data, they could make quite a bit of financial and reputational damage. At the same time, many businesses have limited visibility into their API inventory. This means there could be numerous unmanaged and “invisible” APIs within a company’s environment, and these make it increasingly difficult for security teams to understand the full scope of the attack surface, see where sensitive data is exposed, and properly align protections to prevent misuse and attacks. In light of these trends, it’s no surprise then that Salt Security recently reported a 400% increase in API attacks in the few months leading to December 2022. Unfortunately, ensuring that APIs are secured with authentication mechanisms is not enough to deter bad actors. Data shows that 78% of these attacks came from seemingly legitimate users who somehow were able to maliciously achieve proper authentication. At a more granular level, 94% of the report’s respondents had a security issue with their production APIs in the last year. A significant 41% cited vulnerabilities, and 40% noted that they had authentication problems. In addition, 31% experienced sensitive data exposure or a privacy incident — and with the average cost of a data breach currently at $4.45 million, this poses a significant financial risk. Relatedly, 17% of respondents experie | Data Breach Tool Threat Cloud | ★★ | |
|
2023-10-04 21:15:10 | CVE-2023-43805 (lien direct) | Nexkey est une fourche de Misskey, une plate-forme de médias sociaux open source et décentralisée.Avant la version 12.121.9, la validation incomplète de l'URL peut permettre aux utilisateurs de contourner l'authentification pour accéder au tableau de bord de la file d'attente du travail.La version 12.121.9 contient un correctif pour ce problème.En tant que solution de contournement, il peut être possible d'éviter cela en bloquant l'accès à l'aide d'outils tels que CloudFlare \'s WAF.
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare\'s WAF. |
Tool | ||
|
2023-10-04 20:39:00 | Les chercheurs relient DragOnegg Android Spyware à LightSpy iOS Surveillanceware Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware (lien direct) |
De nouvelles découvertes ont identifié des connexions entre un logiciel espion Android appelé DragOnegg etUn autre outil sophistiqué modulaire de surveillance iOS nommé LightSpy.
DragOnegg, aux côtés de Wyrmspy (aka AndroidControl),a été divulgué pour la première fois par Lookout en juillet 2023 comme une souche de logiciels malveillants capables de collecter des données sensibles à partir d'appareils Android.Il a été attribué au groupe national chinois Apt41.
Sur
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On |
Malware Tool | APT 41 APT 41 | ★★★ |
|
2023-10-04 10:00:00 | Le rôle de l'automatisation dans l'atténuation des risques de cybersécurité The role of automation in mitigating cybersecurity risks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cyberattacks are on the rise around the globe. Recent data suggest that there are 2,200 cyberattacks every day and that the average cost of a data breach is $9.44 million. Of those cyberattacks, 92% are delivered via email in the form of malware and phishing. In 2022 alone, businesses reported 255 million phishing attacks with an average cost of $4.91 million. The sheer scale of cyberattacks today means that human intervention simply isn’t adequate. Instead, cybersecurity specialists must incorporate automation within their wider cybersecurity strategy. Automation can reduce the risk of human error, flag potential threats, and guard against security fatigue. Pros and cons of automation Businesses around the globe use automation to speed up their operational efficiency, decrease risk, and reduce workplace fatigue. This is particularly important in a field like cybersecurity, where constant vigilance and critical thinking are necessary to avoid costly data breaches. However, automation isn’t a silver bullet that eradicates the risk of a cyberattack. Even cutting-edge systems still need to be monitored and updated regularly. Failing to maintain systems may result in flawed security protocols or accidental shutdowns due to false threat detections. That said, the pros of automation far outweigh the cons. An effective automation program can free up staff and boost employee morale. When folks aren’t constantly stressed about threat detection, they can focus on fine-tuning threat intelligence and re-training employees. This minimizes the risk of security fatigue, which may otherwise lead to: Reduced attention during security training Unsafe password practices Ignored software updates Risky behavior online Mitigating security fatigue is in every IT department’s best interest, as failing to adhere to compliance regulations due to fatigue can be extremely costly. Reducing the risk of human error Human error accounts for 88% of all data breaches. This troubling statistic highlights the vulnerability that employees pose and the importance of proper training in the workplace. Data collected by researchers from the University of Stanford found that: 45% of employees cite distraction as the reason why they fell victim to a phishing scam 57% of employees are more likely to be distracted when working from home 43% of respondents say they are most likely to open phishing emails that look legitimate Cloud-based automation systems can reduce the risk of human error and back up existing documents and data. This can help employees limit distraction and ensure that businesses remain operational following a breach. Automated threat detection software shuts down servers following a breach, but employees can still access important files when working on the cloud. Companies looking to reduce the risk of human error can invest | Data Breach Malware Tool Vulnerability Threat | ★★ | |
 |
2023-10-04 07:30:06 | Le groupe de Lazarus de la Corée du Nord améliore ses principaux logiciels malveillants North Korea\\'s Lazarus Group upgrades its main malware (lien direct) |
Lightningcan échappe aux outils Infosec de manière nouvelle et intéressante Le groupe Lazare, le gang de cybercrimes lié au gouvernement nord-coréen, a été nommé auteur d'une attaque contre une entreprise aérospatiale espagnole, en utilisant unNouveau dangereux nouveau logiciel malveillant.…
LightningCan evades infosec tools in new and interesting ways The Lazarus Group, the cybercrime gang linked to the North Korean government, has been named as the perpetrator of an attack against a Spanish aerospace firm, using a dangerous new piece of malware.… |
Malware Tool | APT 38 | ★★ |
|
2023-10-04 06:00:00 | Arrêt de cybersécurité du mois & # 8211;Phishing du code QR Cybersecurity Stop of the Month – QR Code Phishing (lien direct) |
This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain-reconnaissance and initial compromise-in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The first two steps of the attack chain: reconnaissance and initial compromise. In our past installments, we have covered supplier compromise, EvilProxy, SocGholish and e-signature phishing. All of these are examples of threats we regularly detect for our customers before they\'re delivered to users. In this post, we explore a recent detection of a phishing attack in which the URL was encoded into a QR code. We\'ll also explore the mechanisms employed by our AI-driven detection stack that ultimately prevented the email from reaching the inbox of its intended target. The scenario Phishing, especially credential phishing, is today\'s top threat. Bad actors constantly devise new methods and tools to gain authenticated access to users\' accounts. This illicit entry often results in financial loss, data breaches and supplier account compromise that leads to further attacks. We recently detected a phishing attack hidden behind a QR code at an agriculture company with more than 16,000 employees. Fortunately, our Aegis platform detected the threats and broke the attack chain. In this scenario, a bad actor crafted a phishing lure purporting to contain completed documentation about the target\'s wages. Instead of including a link for the target to click, the bad actor included a QR code instructing the recipient to scan with their mobile phone\'s camera to review the documentation. Once scanned, a fake SharePoint login screen prompts the user to provide credentials. QR Code phishing represents a new and challenging threat. It moves the attack channel from the protected email environment to the user\'s mobile device, which is often less secure. With QR codes, the URL isn\'t exposed within the body of the email. This approach renders most email security scans ineffective. What\'s more, decoding QR codes using image recognition or optical character recognition (OCR) quickly becomes resource intensive and difficult to scale. The Threat: How did the attack happen? Here is a closer look at how the recent attack unfolded: 1. The deceptive message: An email claiming to contain employee payroll information sent from the organization\'s human resources department. Malicious email blocked by Proofpoint before it was delivered to the user\'s mailbox. (Note: For safety, we replaced the malicious QR code with one linking to Proofpoint.com. The rest of the message is a redacted screenshot of the original.) 2. QR Code Attack Sequence: The recipient is instructed to scan the QR code with their mobile device. Typical QR Code Attack Sequence for Phishing. 3. SharePoint phishing lure: Once the user decodes the URL, a fake SharePoint login screen tries to fool the recipient into entering credentials. Decoded QR code redirecting to an example SharePoint phishing page. Detection: How did Proofpoint detect the attack? QR Code phishing threats are challenging to detect. First, the phishing URL isn\'t easy to extract and scan from the QR code. And most benign email signatures contain logos, links to social media outlets embedded within images and even QR codes pointing to legitimate websites. So the presence of a QR code by itself isn\'t a sure sign of phishing . We employ an advanced blend of signals and layers of analysis to distinguish between weaponized and benign QR codes. We analyze and profile: The sender The sender\'s patterns The relationship of the sender and recipient based on past communication Those clues help identify suspicious senders and whether they are acting in a way that deviates from an established | Tool Threat Cloud | ★★ | |
|
2023-10-04 04:00:00 | Les libertés mondiales sur Internet ont encore chuté l'année dernière alors que la menace de l'IA se profile Global internet freedoms fell again last year as the threat of AI looms (lien direct) |
Internet était moins gratuit et ouvert aux utilisateurs du monde entier l'année dernière, a déclaré mercredi l'organisation de défense des droits humains, une trajectoire qui a le potentiel de s'aggraver si des outils d'intelligence artificielle sont utilisés de manière antidémocratique.Le 13e rapport annuel sur le rapport annuel de l'organisation est un classement mondial d'enquête
The internet was less free and open for users around the world last year, the human rights advocacy organization Freedom House said Wednesday - a trajectory that has the potential to worsen if artificial intelligence tools are used in undemocratic ways. The organization\'s 13th annual Freedom on the Net report is a worldwide survey ranking |
Tool Threat | ★★★ | |
 |
2023-10-04 00:00:00 | Rapport WatchGuard Threat Lab : le volume de malwares ciblant les endpoints diminue malgré des campagnes de plus en plus étendues (lien direct) | Paris, le 4 octobre 2023 - WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, annonce les conclusions de son dernier rapport sur la sécurité Internet qui présente les grandes tendances en matière de malwares et de menaces pour la sécurité des réseaux et des endpoints, analysées par les chercheurs du Threat Lab de WatchGuard. Les principales conclusions de l\'étude font notamment apparaître les tendances suivantes : 95 % des malwares arrivent désormais via des connexions chiffrées, le volume de malwares ciblant les endpoints diminue malgré des campagnes de plus en plus étendues, la détection des ransomwares est sur le déclin malgré une augmentation des attaques par double extorsion, les vulnérabilités logiciElles plus anciensnes restrent des cibles populaires couler les exploits des acteurs malveillants modernes. Corey Nachreiner, chef de la sécurité Chez Watchguard explique: "Les Donn & eacute; es Analys & eacute; es par notre menace laboryre de notre dernier rapport soulignent les fluctuations des attaques par malware avancé et l\'évolution continue des cybermenaces à multiples facettes. Pour les combattre efficacement, il faut une vigilance constante et une approche de sécurité multicouche. Il n\'existe pas de stratégie unique utilisée par les acteurs malveillants lors de leurs attaques et certaines menaces présentent souvent des niveaux de risque variables selon les périodes de l\'année. Les entreprises doivent rester continuellement en alerte pour surveiller ces menaces et utiliser une approche de sécurité unifiée, qui peut être administrée efficacement par des fournisseurs de services managés, afin de garantir une défense optimale ". Le dernier rapport sur la sécurité d\'Internet basé sur les données du deuxième trimestre 2023 présente, entre autres, les résultats notables suivants : 95 % des malwares se dissimulent derrière le chiffrement. La plupart des malwares se cachent derrière le chiffrement SSL/TLS utilisé par des sites web sécurisés. Les entreprises qui n\'inspectent pas le trafic SSL/TLS au niveau du périmètre du réseau passent probablement à côté de la plupart des malwares. En outre, les malwares de type " zero day " sont tombés à 11 % du nombre total de détections, un niveau historiquement bas. Cependant, si l\'on examine les malwares transmis par des connexions chiffrées, la part des détections esquivées passe à 66 %, ce qui indique que les malwares sophistiqués sont diffusés principalement par le biais du chiffrement. Le volume total de malwares ciblant les endpoints est en légère baisse, malgré une augmentation des campagnes de grande envergure. Au deuxième trimestre, la détection des malwares a connu une légère baisse de 8 % par rapport au trimestre précédent. Cependant, les attaques de malwares ciblant les endpoints détectées par 10 à 50 systèmes ou par 100 systèmes ou plus ont augmenté en volume de respectivement 22 % et 21 %. L\'augmentation des détections sur un plus grand nombre de machines indique que les campagnes étendues de malware ont augmenté entre le premier et le deuxième trimestre 2023. Les attaques à double extorsion par des groupes de ransomware ont augmenté de 72 % par rapport au trimestre dernier, le Threat Lab ayant recensé 13 nouveaux groupes d\'extorsion. Cependant, l\'augmentation des attaques par double extorsion intervient alors que les détections de ransomware sur les endpoints ont chuté de 21 % et | Ransomware Malware Tool Threat | ★★★ | |
|
2023-10-03 21:35:00 | Amazon met en garde contre le problème \\ 'shelltorch \\' affectant le code lié aux modèles d'IA Amazon warns of \\'ShellTorch\\' issue affecting code related to AI models (lien direct) |
Amazon avertit les utilisateurs d'une vulnérabilité affectant TorchServe - un outil utilisé par certaines des plus grandes entreprises du monde \\ pour construire des modèles d'intelligence artificielle dans leurs entreprises.Le géant de la technologie a publié un avis Lundi sur le bogue, CVE-2023-43654et a exhorté les clients à mettre à jour la dernière version de Torchserve dans le but de
Amazon is warning users of a vulnerability affecting TorchServe - a tool used by some of the world\'s biggest companies in building artificial intelligence models into their businesses. The tech giant published an advisory on Monday about the bug, CVE-2023-43654, and urged customers to update to the latest version of TorchServe in an effort to |
Tool Vulnerability | ★★ | |
|
2023-10-03 13:08:00 | Les pirates ont vu des bogues exploitant dans les navigateurs et l'outil de transfert de fichiers populaire Hackers seen exploiting bugs in browsers and popular file transfer tool (lien direct) |
Une vulnérabilité affectant un outil largement utilisé intégré dans les navigateurs Web et un bogue séparé dans un outil de transfert de fichiers populaire sont exploités par des pirates, selon des responsables gouvernementaux et des experts en cybersécurité.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a averti lundi que les pirates exploitent CVE-2023-5217 - Une vulnérabilitéaffectant le chrome de Google \\
A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by hackers, according to both government officials and cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 - a vulnerability affecting Google\'s Chrome |
Tool Vulnerability | ★★★ | |
|
2023-10-03 10:00:00 | Renforcement de la cybersécurité pour les petites et moyennes entreprises: l'importance de l'orchestration de sécurité, de l'automatisation et de la réponse (SOAR) Strengthening Cybersecurity for small and medium-sized businesses: The importance of Security Orchestration, Automation, and Response (SOAR) (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction: Dans le paysage des menaces de plus en plus complexe d'aujourd'hui, les petites et moyennes entreprises (PME) sont confrontées à des défis importants pour protéger leurs actifs et leur réputation contre les cyber-menaces.Nous explorerons les avantages de Soar, son rôle dans l'amélioration des opérations de sécurité et sa capacité à atténuer les risques, à rationaliser la réponse aux incidents et à protéger les actifs commerciaux précieux. Le défi en hausse de la cybersécurité pour les PME: Les PME rencontrent souvent des contraintes de ressources, des budgets limités et une pénurie de professionnels de la cybersécurité qualifiés.Les cybercriminels reconnaissent ces vulnérabilités et ciblent activement les PME, cherchant à exploiter les faiblesses de leurs défenses en matière de sécurité.Une cyberattaque réussie peut entraîner des pertes financières, des dommages de réputation et même des perturbations commerciales.Il est crucial pour les PME d'adopter des stratégies de cybersécurité robustes qui permettent une détection, une réponse et une atténuation efficaces des incidents. Entrez Soar: rationalisation des opérations de sécurité: Les plates-formes Soar permettent aux PME d'automatiser et d'orchestrer leurs opérations de sécurité, réunissant les personnes, les processus et la technologie pour améliorer leur posture de cybersécurité.Voici les principales raisons pour lesquelles Soar est vital pour les PME: Amélioration de la détection et de la réponse des menaces Soar permet l'intégration de divers outils de sécurité, de centraliser les événements de sécurité et les alertes dans une seule console.En automatisant l'analyse et la corrélation de ces alertes, les PME peuvent détecter et répondre aux menaces potentielles en temps réel.Avec SOAR, les équipes de sécurité peuvent étudier efficacement les incidents, les alertes de triage et les actions de réponse orchestrées, la réduction des temps de réponse et la minimisation de l'impact des incidents de sécurité. Efficacité améliorée et optimisation des ressources Les PME sont souvent confrontées à des limitations de ressources, ce qui rend difficile de maintenir les capacités de surveillance et de réponse de la sécurité 24 heures sur 24.Soar aide à atténuer ce fardeau en automatisant des tâches de routine et répétitives, libérant du personnel de sécurité pour se concentrer sur des activités plus stratégiques.En rationalisant les workflows, Soar améliore l'efficacité opérationnelle et optimise l'utilisation des ressources, même avec le personnel et les budgets limités. Réponse et atténuation des incidents efficaces Les plates-formes SOAR permettent aux SMB de développer des manuels de réponse de réponse aux incidents standardisés et automatisés.Ces livres de jeu définissent des actions de réponse prédéfinies en fonction du type et de la gravité des incidents de sécurité.Avec la réponse automatisée des incidents, les PME peuvent contenir rapidement des menaces, atténuer les risques et minimiser les dommages potentiels causés par les cyberattaques.Cette capacité est cruciale pour empêcher les violations de dégénérer et de sauvegarder les actifs commerciaux. Évolutivité et adaptabilité Les PME subissent souvent une croissance et l'évolution des besoins de sécurité.Soar fournit l'évolutivité en s'intégrant à un large éventail d'outils et de technologies de sécurité.À mesure que la PME se développe, la plate-forme SOAR peut accueillir de nouveaux systèmes et s'adapter aux exigences de sécurité changeantes, assurant une protection et une flexibilité continue | Tool Vulnerability Threat | ★★★ | |
|
2023-10-03 07:35:08 | Microsoft Defender \\ 'Enfin \\' arrête de signaler le navigateur TOR comme logiciel malveillant Microsoft Defender \\'finally\\' stops flagging Tor Browser as malware (lien direct) |
juste parce que vous êtes paranoïaque… nous sommes sûrs que vous serez heureux de savoir que Microsoft Defender a cessé de briser par erreur la dernière version du navigateur Tor.L'outil antivirus avait signalé et mis en quarantaine le programme Core Tor.exe de l'application en tant que Troie, ce qui a provoqué le fonctionnement du logiciel comme vous le souhaitez.…
Just because you\'re paranoid… We\'re sure you\'ll be pleased to know Microsoft Defender has stopped mistakenly breaking the latest version of Tor Browser. The antivirus tool had flagged and quarantined the application\'s core tor.exe program as a trojan, causing the software to stop working as desired.… |
Malware Tool | ★★★ | |
|
2023-10-02 20:15:10 | CVE-2023-43890 (lien direct) | Netis N3MV2-V1.0.1.865 a été découvert qu'il contenait une vulnérabilité d'injection de commande dans la page des outils de diagnostic.Cette vulnérabilité est exploitée via une demande HTTP fabriquée.
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. |
Tool Vulnerability | ||
|
2023-10-02 16:45:20 | NetworkMiner 2.8.1: dévoiler de nouvelles capacités en médecine légale du réseau NetworkMiner 2.8.1: Unveiling New Capabilities in Network Forensics (lien direct) |
Introduction excitée pour le réseau médico-légal?Tu devrais être!Aujourd'hui marque la sortie de NetworkMiner 2.8.1, et il est rempli de nouveaux
Introduction Excited about network forensics? You should be! Today marks the release of NetworkMiner 2.8.1, and it’s packed with new |
Tool Technical | ★★★ | |
 |
2023-10-02 15:00:00 | Bunnyloader malware cible les navigateurs et la crypto-monnaie BunnyLoader Malware Targets Browsers and Cryptocurrency (lien direct) |
Codé en C / C ++, l'outil est un chargeur sans fichier qui mène des activités malveillantes en mémoire
Coded in C/C++, the tool is a fileless loader that conducts malicious activities in memory |
Malware Tool | ★★ |
To see everything:
