What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-23 17:15:14 | CVE-2022-33127 (lien direct) | The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | Tool | ||
 |
2022-06-23 14:27:35 | Security Orchestration: Beware of the Hidden Financial Costs (lien direct) | Among the many improvements in cybersecurity technology and tools we've seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) solutions broadened to include automation and orchestration capabilities to accelerate threat detection and response. | Tool Threat | ★★★★★ | |
 |
2022-06-23 12:00:00 | Anomali Launches Differentiated Cloud-Native XDR SaaS Solution with Support from AWS SaaS Factory (lien direct) | Click here for more information on AWS Partner Network blog. By Ranjith Raman, Sr. Partner Solutions Architect – AWS By Oded Rosenmann, Global Practice Lead, SaaS Partners – AWS Organizations are increasingly looking for new ways to defend themselves against cyber threats, fraud, and ransomware attacks. Many enterprises and government agencies turn to cyber security solutions that provide efficient and effective detection and response capabilities to proactively prevent attackers from breaching their networks and applications. To help organizations overcome these challenges, Anomali, a leader in intelligence-driven cybersecurity solutions, has recently launched its Cloud-Native extended detection and response (XDR) solution, The Anomali Platform. Building upon its leadership position in the cyber threat intelligence space, The Anomali Platform provides customers with a new dimension of security visibility across all log telemetry from endpoints to the cloud. The Anomali Platform provides precision detection and optimized response capabilities that extends across their entire security infrastructure. With the support of AWS SaaS Factory, Anomali has built the Anomali Cloud-Native XDR offering as a software-as-a-services (SaaS) solution that helps improve organizational efficiencies, providing security teams with the tools and insights needed to detect relevant threats, make informed decisions, and respond effectively. “The AWS SaaS Factory team was instrumental in helping us identify appropriate service options aligned with our enterprise customer requirements. Working with the team, we saved months of engineering efforts to build a powerful platform that meets our current needs and allows us to scale.” Mark Alba, Chief Product Officer, Anomali Mark Alba, Chief Product Officer, Anomali The cloud-native XDR solution is fueled by big data management, machine learning, and the world’s largest repository of global intelligence. With the new SaaS model, The Anomali Platform can be easily integrated with existing security infrastructures, enabling CIOs, CISOs, and other business leaders to optimize their overall security investments and create more efficient and effective detection and response programs that proactively address advanced cyber threats. The SaaS Factory team spoke with Mark Alba, Chief Product Officer at Anomali, to learn more about Anomali Cloud-Native XDR SaaS, the value its new solution brings to customers, and the key lessons learned from the journey to SaaS on AWS. Check out the new Anomali Cloud-Native XDR SaaS solution >> Q&A with Anomali AWS SaaS Factory: Mark, thank you for taking the time to speak with us today. Could you share a bit about your background and role at Anomali? Mark Alba: My name is Mark Alba, and I’m the Chief Product Officer at Anomali. I’ve been with Anomali since April 2020 and am responsible for product management, user experience, threat research, and technology incubator functions. My background includes over 20 years of experience building, managing, and marketing disruptive products and services. I brought to market the security industry’s first fully-integrated applian | Ransomware Tool Threat Guideline | ||
 |
2022-06-23 10:00:00 | All you need to know about data security and its benefits for small businesses (lien direct) | This blog was written by an independent guest blogger. Cyberthreats don't affect only large enterprises and governments – they can also affect small businesses. According to research, nearly half of small businesses have experienced a cyberattack, and 69% are concerned about future attacks. Small businesses should be aware of cyber security statistics and take tangible steps to protect their businesses against cyberattacks. Employee records, customer information, loyalty schemes, transactions, and data collection are critical pieces of information that businesses need to protect. This is to prevent third parties from using the information for fraudulent purposes, such as phishing scams and identity theft. It's crucial to safeguard your company from cyberattacks, but some business owners are unsure how to do it. This article is intended to help small business owners navigate the realm of cyber threats and fortify their data security. The benefits of data security for small businesses are also discussed. Data security Data security is the practice of keeping data safe from unauthorized access or corruption. Data protection entails safeguarding not only your company's data but also that of your customers and vendors. Data encryption, hashing, tokenization, and key management are data security strategies that safeguard data across all applications and platforms. Small firms, unfortunately, appear to be a much easier target for hackers, as their security systems are typically less advanced than those of a medium or large company. Despite this fact, most small business owners believe they are not vulnerable to a data breach. Why data security? To secure their essential assets, organizations all over the world are investing extensively in information technology (IT) cyber security capabilities. Every business has to protect its brand, intellectual capital, and customer information. It also needs to provide controls for essential infrastructure. However, incident detection and response have three fundamental elements: people, processes, and technology. Cyber security problems and their effect on small businesses Security risks faced by small businesses? Small businesses may not have the operational know-how or employees to protect their IT systems and networks appropriately. Small firms confront a variety of cyber security challenges, including: Attacks by phishers: Phishing refers to a type of social engineering attack that is frequently used to obtain personal data from users; such data includes login credentials and credit card details. Malware attack: Malware attacks are common cyberattacks in which malware (usually malicious software) performs unauthorized actions on the victim's system. Ransomware: Ransomware is a sort of crypt | Ransomware Malware Tool Threat | Satori | |
 |
2022-06-23 06:52:14 | FLOSS 2.0 Has Been Released, (Thu, Jun 23rd) (lien direct) | When you have to deal with malware in your day job, for research purposes, or just for fun, one of the key points is to have a lab ready to be launched. Your sandbox must be properly protected and isolated to detonate your samples in a safe way but it must also be fulfilled with tools, and scripts.&#;x26;#;xc2;&#;x26;#;xa0;This toolbox is yours and will be based on your preferred tools but starting from zero is hard, that&#;x26;#;39;s why there are specific Linux distributions built for this purpose. The one that I use in FOR610 and for my daily investigations is REMnux[1], created and maintained by Lenny Zeltser[2]. This environment offers tons of tools that help to perform all the malware analysis steps from static analysis up to code reversing and debugging. | Malware Tool | ||
 |
2022-06-23 03:08:07 | NSO Confirms Pegasus Spyware Used by at least 5 European Countries (lien direct) | The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. | Tool | ||
|
2022-06-23 03:07:58 | Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation (lien direct) | When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report. The survey report, | Tool | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 | |
|
2022-06-22 13:17:05 | Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain (lien direct) | Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark. | Tool | ||
|
2022-06-22 13:00:00 | RSA 2022: Cyber Attacks Continue to Come in Ever-Shifting Waves (lien direct) | Supply chains, trust, and the Internet itself remain prime targets. When Russia launched wide-ranging cyber-attacks while its army invaded Ukraine, it also deployed waves of wiper malware to destroy data. The first wave targeted the data on the disks. As Ukraine fortified its defenses in that area, the second wave left the data on the disks alone and went after the metadata. The third wave bypassed the two previous targets and attacked the file systems. As depicted in global news and during sessions of the RSA conference, this was a very methodical and effective approach designed to inflict maximum amounts of damage, and it reflects the methodical, often relentless, attack approaches shaping the threat landscape. In particular, as organizations fortify their defenses, adversaries will continue to focus on trust to gain access, using your partners, your vendors, and your employees against you. What does this mean for enterprise users? As we discussed in our previous post on cyber threats, organizations must find new and novel defenses against adversaries who increasingly shift tactics. As adversaries become more nuanced, we must understand their moves and motivations to try to get one step ahead of them. Let’s Recap: Several high-profile security incidents in the recent past altogether grimly encapsulate the myriad challenges companies now face. NotPetya, the most expensive cyber incident in history, demonstrated how attackers are masquerading their efforts. NotPetya targeted a tax software company in Ukraine in 2017. At first, the effort appeared to be ransomware. However, its intent was purely destructive as it was designed to inflict damage as quickly and effectively as possible. The C Cleaner attack, a few months later, demonstrated how complex and patient actors who were focused on IP level threats had become. The targets were system administrative tools that, if compromised, already had an increased level of access. C Cleaner showed that all software supply chain attacks aren’t created equal. It’s dependent on the level of access of the systems and the users that you’re compromising. Some 3 million versions of the compromised C Cleaner software were downloaded. However, only 50 of the downloaded software received additional payloads. This was an adversary that was willing to compromise more than 3 million systems to just get a foothold into 50. This gives you a clear idea of the challenges that we face as enterprises from these types of sophisticated actors. Attackers are also being more flagrant and doing a better job of covering their tracks. In the past, nation states focused on covert activities. Olympic Destroyer, which targeted the 2018 Olympics in South Korea, showed how attacks are now being brought to the public eye. False flags, tactics applied to deceive or misguide attribution attempts, were also put into Olympic Destroyer. Six months after the attack, it was attributed to multiple different nations, because such care had been put into throwing off attribution. More recently, VPN Filter/Cyber Blink demonstrated how adversaries are targeting different types of equipment. While attacks have historically focused on office equipment, these incidents shifted to home routers, in tandem with the increase in remote work. At home, people often use combination modem routers. These devices challenge detection capabilities. A foothold into home routers also allows actors to analyze all traffic moving in and out of the network. It’s incredibly difficult to detect an attack. You have to treat a home Wi-Fi like a public Wi-Fi at a coffee shop. Threat actors are targeting the foundational infrastructure of the internet as well. Sea T | Malware Tool Threat | NotPetya NotPetya | |
 |
2022-06-22 00:00:00 | Azure vs. AWS Developer Tools (lien direct) | Both AWS and Azure developer tools provide key efficiencies in your DevOps environment, learn the comparison between tools, any overlap, and use cases for both. | Tool | ||
 |
2022-06-21 21:44:58 | Viva Goals helps teams align around priorities and helps management communicate (lien direct) | >Remote and hybrid work makes it more important than ever to track what people are getting done rather than the hours they work: Microsoft's new tool for setting and tracking goals might help | Tool | ||
 |
2022-06-21 20:57:06 | China-Linked ToddyCat APT Pioneers Novel Spyware (lien direct) | ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says. | Tool | ||
|
2022-06-21 20:52:55 | Asana: Project management software review (lien direct) | >Asana is a leading project management tool with the potential to transform business processes for teams of all sizes. Learn the best features, pricing and more in this review. | Tool Guideline | ||
 |
2022-06-21 16:30:00 | (Déjà vu) New ToddyCat APT targets MS Exchange servers in Europe, Asia (lien direct) | The APT actor would be utilizing two formerly unknown tools Kaspersky called 'Samurai backdoor' and 'Ninja Trojan' respectively. | Tool | ||
|
2022-06-21 15:46:00 | Acronis Cyber Protect Home Office: More than just a backup solution (lien direct) | >The number of cybersecurity protection tools on the market is staggering, which makes it challenging to decide which to use. Acronis has one tool that stands out in the pack. Read on to see if this tool is right for you. | Tool | ||
|
2022-06-21 15:03:00 | Anomali Cyber Watch: GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool, DragonForce Malaysia OpsPatuk / OpsIndia and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT35, CrescentImp, Follina, Gallium, Phosphorous, and Sandworm. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Update: The Phish Goes On - 5 Million Stolen Credentials and Counting
(published: June 16, 2022)
PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads.
Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204
Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo
F5 Labs Investigates MaliBot
(published: June 15, 2022)
F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services.
Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options.
MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204
Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES
Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa
(published: June 15, 2022)
On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | Yahoo APT 35 | |
 |
2022-06-21 14:44:06 | Adobe Acrobat may block antivirus tools from monitoring PDF files (lien direct) | Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. [...] | Tool | ||
 |
2022-06-21 13:28:00 | APT actor ToddyCat hits government and military targets in Europe and Asia (lien direct) | Researchers from Kaspersky Lab have published an analysis of a previously undocumented advanced persistent threat (APT) group that they have dubbed ToddyCat.The threat actor, which has targeted high-profile organizations in Asia and Europe, often breaks into organizations by hacking into internet-facing Microsoft Exchange servers, following up with a multi-stage infection chain that deploys two custom malware programs."We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'," the researchers said.To read this article in full, please click here | Malware Tool Threat | ||
 |
2022-06-21 12:57:12 | Hack with \'goodfaith\' – A tool to automate and scale good faith hacking (lien direct) | Pas de details / No more details | Tool | ||
 |
2022-06-21 10:00:37 | APT ToddyCat (lien direct) | ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'. | Tool | ||
|
2022-06-21 10:00:00 | The three core strengths of USM Anywhere (lien direct) | This blog was written by an independent guest blogger. USM Anywhere is the ideal solution for small and mid-sized businesses that need multiple high-quality security tools in a single, unified package. There’s no reason large, global enterprises should have a monopoly on top cybersecurity technology. Solutions like USM Anywhere give smaller organizations access to security tools that are both effective and affordable. USM Anywhere offers a centralized solution for monitoring networks and devices for security threats. It secures devices operating on-premises, remotely, and in the cloud. By combining multiple security tools into a single, streamlined interface, USM Anywhere gives smaller organizations a competitive solution for obtaining best-in-class security outcomes. Castra's extensive experience working with USM Anywhere has given us unique insight into the value it represents. There is a clear difference in security returns and outcomes between USM Anywhere users and those that put their faith in proprietary solutions developed by managed security service providers. This is especially true for organizations with less than 1000 employees, where management is under considerable pressure to justify security expenditures. Three ways USM Anywhere outperforms USM Anywhere furnishes organizations with essential security capabilities right out of the box. It is a full-featured security information and event management platform that enables analysts to discover assets, assess vulnerabilities, detect threats, and respond to security incidents. It features built-in and customizable compliance reporting capabilities, as well as behavioral monitoring capabilities. These features, along with the platform’s uniquely integrated architecture, provide valuable benefits to security-conscious organizations: 1. Automated log management USM Anywhere enables analysts to automate log collection and event data from data sources throughout the IT environment. With the right configuration, analysts can receive normalized logs enriched with appropriate data and retain them in a compliant storage solution. This eliminates the need for costly and time-consuming manual log aggregation, significantly improving the productivity of every employee-hour spent on security tasks. Improved logging efficiency gives security teams more time to spend on strategic, high-value initiatives that generate significant returns. 2. Cloud platform API integration USM Anywhere integrates with the most popular cloud and productivity platforms, including Office 365 and Amazon AWS. With the Office 365 Management API, analysts can monitor user and administrator activities throughout the entire Microsoft environment. This makes it easy for analysts to detect anomalies like users logging in from unfamiliar territories, changing mailbox privileges, or sending sensitive data outside the organization. The CloudWatch and CloudTrail APIs allow analysts to monitor AWS environments and review log activity within the cloud. Gain real-time visibility into asset creation, security group configurations, and S3 access control changes directly through an intuitive, unified SIEM interface. 3. Orchestrated response capabilities Analysts need accurate, real-time data on suspicious activities so they can categorize attacks and orchestrate a coherent response. USM Anywhere gives analysts access to full details about attack methods, strategies, and response guidance. AlienApps™ users can extend USM Anywhere capabilities to third-party security and management platforms, allowing analysts to initiate and orchestrate comprehensive event response from within the USM Anywhere user interface. This allows Castra analysts to automate the integration of Palo Alto Cortex XDR capabilit | Tool Threat | ||
 |
2022-06-21 06:00:00 | Version 2.0 FLOSS Version 2.0 (lien direct) |
Le solveur de chaîne par évasion (Floss) a soutenu les analystes pour extraire des chaînes cachées des échantillons de logiciels malveillants depuis de nombreuses années maintenant.Au cours des derniers mois, nous avons ajouté de nouvelles fonctionnalités et amélioré les performances de l'outil.Dans cet article de blog, nous partagerons de nouvelles fonctionnalités et améliorations passionnantes, notamment une nouvelle technique de déobfuscation de chaîne, une utilisation simplifiée des outils et une sortie de résultats beaucoup plus rapide.Nous avons également mis à jour le logo de soie dentaire:
 Rappel: les chaînes d'extraits de fil de malware
analyse du fil des programmes compilés, identifie les fonctions qui peuvent décoder les données et désobfumate automatiquement
The FLARE Obfuscated String Solver (FLOSS) has been supporting analysts to extract hidden strings from malware samples for many years now. Over the last few months, we\'ve added new functionality and improved the tool\'s performance. In this blog post we will share exciting new features and improvements including a new string deobfuscation technique, simplified tool usage, and much faster result output. We\'ve also updated the FLOSS logo:  Reminder: FLOSS extracts strings from malware
FLOSS analyzes compiled programs, identifies functions that may decode data, and automatically deobfuscates |
Malware Tool | ★★★ | |
|
2022-06-20 11:25:52 | Windows 10 and Windows 11 downloads blocked in Russia (lien direct) | People in Russia can no longer download Windows 10 and Windows 11 ISOs and installation tools from Microsoft, with no reason for the block provided by the company. [...] | Tool | ||
|
2022-06-20 11:15:09 | CVE-2022-1824 (lien direct) | An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee. | Tool Vulnerability | ★★★★ | |
|
2022-06-20 11:15:09 | CVE-2022-1823 (lien direct) | Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file. | Tool Vulnerability | ★★★ | |
 |
2022-06-17 20:19:14 | BSidesSF 2022 Writeups: Tutorial Challenges (Shurdles, Loadit, Polyglot, NFT) (lien direct) | Hey folks, This is my (Ron's / iagox86's) author writeups for the BSides San Francisco 2022 CTF. You can get the full source code for everything on github. Most have either a Dockerfile or instructions on how to run locally. Enjoy! Here are the four BSidesSF CTF blogs: shurdles1/2/3, loadit1/2/3, polyglot, and not-for-taking mod_ctfauth, refreshing turtle, guessme loca, reallyprettymundane Shurdles - Shellcode Hurdles The Shurdles challenges are loosely based on a challenge from last year, Hurdles, as well as a Holiday Hack Challenge 2021 challenge I wrote called Shellcode Primer. It uses a tool I wrote called Mandrake to instrument shellcode to tell the user what's going on. It's helpful for debugging, but even more helpful as a teaching tool! The difference between this and the Holiday Hack version was that this time, I didn't bother to sandbox it, so you could pop a shell and inspect the box. I'm curious if folks did that.. probably they couldn't damage anything, and there's no intellectual property to steal. :) I'm not going to write up the solutions, but I did include solutions in the repository. Although I don't work for Counter Hack anymore, a MUCH bigger version of this challenge that I wrote is included in the SANS NetWars version launching this year. It covers a huge amount, including how to write bind- and reverse-shell shellcode from scratch. It's super cool! Unfortunately, I don't think SANS is doing hybrid events anymore, but if you find yourself at a SANS event be sure to check out NetWars! Loadit - Learning how to use LD_PRELOAD I wanted to make a few challenges that can be solved with LD_PRELOAD, which is where loadit came from! These are designed to be tutorial-style, so I think the solutions mostly speak for themselves. One interesting tidbit is that the third loadit challenge requires some state to be kept - rand() needs to return several different values. I had a few folks ask me about that, so I'll show off my solution here: #include int rand(void) { int answers[] = { 20, 22, 12, 34, 56, 67 }; static int count = 0; return answers[count++]; } // Just for laziness unsigned int sleep(unsigned int seconds) { return 0; } I use the static variable type to keep track of how many times rand() has been called. When you declare something as static inside a function, it means that the variable is initialized the first time the function is called, but changes are maintained as if it's a global variable (at least conceptually - in reality, it's initialized when the program is loaded, even if the function is never called). Ironically, this solution actually has an overflow - the 7th time and onwards rand() is called, it will start manipulating random memory. Luckily, we know that'll never happen. :) | Hack Tool | ★★★★ | |
|
2022-06-17 12:09:54 | (Déjà vu) Check Point vs Palo Alto: Compare EDR software (lien direct) | >Check Point and Palo Alto are EDR tools that help your organization manage cybersecurity risk. But which EDR tool is best for your business? | Tool | ||
 |
2022-06-17 09:23:15 | (Déjà vu) Several Data-Stealing Apps Remain on Google Play Store According to Cybersecurity Researchers (lien direct) | Cybersecurity researchers from Dr. Web claim to have spotted numerous apps on the Google Play Store in May with adware and information-stealing malware built in. According to the report, the most dangerous of these apps features spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time passwords […] | Malware Tool | ||
|
2022-06-16 18:00:00 | Cybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data (lien direct) | Most dangerous are spyware tools capable of stealing information from other apps' notifications | Tool | ||
 |
2022-06-16 12:24:02 | (Déjà vu) Want to block two billion known breached passwords from being used at your company? It\'s easy with Specops Password Policy tools (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Specops. Thanks to the great team there for their support! With the help of live attack data, Specops Software’s Breached Password Protection can detect over 2 billion known breached passwords in your Active Directory. Using the Specops database, you can block commonly used … Continue reading "Want to block two billion known breached passwords from being used at your company? It’s easy with Specops Password Policy tools" | Tool | ||
|
2022-06-16 11:28:00 | BrandPost: 4 Multi-Cloud Misconceptions that Put Organizations at Risk (lien direct) | What makes cloud computing appealing is also a reason to worry. It is easy to access your cloud environment anywhere with internet access, but that also means it's easy for cybercriminals and digital adversaries to access it.With the explosion of data over the past 10 years, the adoption of 5G, and the global nature of business, embracing a multi-cloud strategy is almost non-negotiable. But there's an overlooked factor in this shift that a lot of organizations still underestimate today. And that's cybersecurity.Traditional security strategies and tools intended to protect on-premises networks simply don't work when defending in the cloud. Instead, design and implement a comprehensive security solution that can protect against an expanding array of threats and increasingly sophisticated attacks targeting multi-cloud environments.To read this article in full, please click here | Tool Threat | ||
|
2022-06-16 10:00:00 | API security: 12 essential best practices to keep your data & APIs safe (lien direct) | This blog was written by an independent guest blogger. If you don’t think API security is that important, think again. Last year, 91% of organizations had an API security incident. The proliferation of SOAP and REST APIs makes it easy for organizations to tailor their application ecosystems. But, APIs also hold the keys to all of a company’s data. And as data-centric projects become more in demand, it increases the likelihood of a target API attack campaign. Experts agree that organizations that keep their API ecosystem open should also take steps to prevent ransomware attacks and protect data from unauthorized users. Here is a list of 12 tips to help protect your API ecosystem and avoid unnecessary security risks. Encryption The best place to start when it comes to any cybersecurity protocol is encryption. Encryption converts all of your protected information into code that can only be read by users with the appropriate credentials. Without the encryption key, unauthorized users cannot access encrypted data. This ensures that sensitive information stays far from prying eyes. In today’s digital business environment, everything you do should be encrypted. Using a VPN and Tor together runs your network connection through a secured server. Encrypting connections at every stage can help prevent unwanted attacks. Customer-facing activities, vendor and third-party applications, and internal communications should all be protected with TLS encryption or higher. Authentication Authentication means validating that a user or a machine is being truthful about their identity. Identifying each user that accesses your APIs is crucial so that only authorized users can see your company’s most sensitive information. There are many ways to authenticate API users: HTTP basic authentication API authentication key configuration IdP server tokens OAuth & OpenID Connect A great API has the ability to delegate authentication protocols. Delegating authorizations and authentication of APIs to an IdP can help make better use of resources and keep your API more secure. OAuth 2 is what prevents people from having to recall from memory thousands of passwords for numerous accounts across the internet and allows users to connect via trusted credentials through another provider (like when you use Facebook, Apple, or Google to log in or create an account online). This concept is also applied to API security with IdP tokens. Instead of users inputting their credentials, they access the API with a token provided by a third-party server. Plus, you can leverage the OpenId Connect standard by adding an identity layer on top of OAuth. Audit, log, and version Without adequate API monitoring, there is no way organizations can stop insidious attacks. Teams should continuously monitor the API and have an organized and repeatable troubleshooting process in place. It’s also important that companies audit and log data on the server and turn it into resources in case of an incident. A monitoring dashboard can help track API consumption and enhance monitoring practices. And don’t forget to add the version on all APIs and depreciate them when appropriate. Stay private Organizations should be overly cautious when it comes to vulnerabilities and privacy since data is one of the most valuable and sought-after business commodities. Ensu | Ransomware Tool | ||
|
2022-06-16 05:46:07 | Houdini is Back Delivered Through a JavaScript Dropper, (Thu, Jun 16th) (lien direct) | Houdini is a very old RAT that was discovered years ago. The first mention I found back is from 2013! Houdini is a simple remote access tool written in Visual Basic Script. The script is not very interesting because it is non-obfuscated and has just been adapted to use a new C2 server (%%ip:194.5.97.17%%:4040). | Tool | ||
|
2022-06-15 19:15:11 | CVE-2022-31044 (lien direct) | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | Tool | ||
|
2022-06-15 02:00:00 | How to mitigate Active Directory attacks that use the KrbRelayUp toolset (lien direct) | Those of you with on-premises Active Directory (AD) need to be aware of a new way to abuse Kerberos in your network. KrbRelayUp is a bundle of tools that streamlines the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn. Attackers use the toolset to impersonate an administrator via resource-based constrained delegation and execute code on a device's system account.Pure Azure AD environments are safe from this attack, but hybrid AD networks with both on-premises AD and Azure AD will be at risk. If an attacker compromises an Azure virtual machine that is synchronized with on-premises active directory, the attacker will gain system privileges on the virtual machine and be able to make more advances inside the network.To read this article in full, please click here | Tool | ||
|
2022-06-14 21:15:16 | CVE-2022-31050 (lien direct) | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | Tool | ||
|
2022-06-14 15:15:00 | Anomali Cyber Watch: Symbiote Linux Backdoor is Hard to Detect, Aoqin Dragon Comes through Fake Removable Devices, China-Sponsored Groups Proxy through Compromised Routers, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Hooking, Ransomware, Stealthiness, Vulnerabilities, and Web skimming. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat
(published: June 9, 2022)
Intezer and BlackBerry researchers described a new, previously unknown malware family dubbed Symbiote. It is a very stealthy Linux backdoor and credential stealer that has been targeting financial and other sectors in Brazil since November 2021. Symbiote is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD before any other SOs. It uses hardcoded lists to hide associated processes and files, and affects the way ldd displays lists of SOs to remove itself from it. Additionally, Symbiote uses three methods to hide its network traffic. For TCP, Symbiote hides traffic related to some high-numbered ports and/or certain IP addresses using two techniques: (1) hooking fopen and fopen64 and passing a scribbed file content for /proc/net/tcp that lists current TCP sockets, and (2) hooking extended Berkeley Packet Filter (eBPF) code to hide certain network traffic from packet capture tools. For UDP, Symbiote hooks two libpcap functions filtering out packets containing certain domains and fixing the packet count. All these evasion measures can lead to Symbiote being hidden during a live forensic investigation.
Analyst Comment: Defenders are advised to use network telemetry to detect anomalous DNS requests associated with Symbiote exfiltration attempts. Security solutions could be deployed as statically linked executables so they don’t expose themselves to this kind of compromise by calling for additional libraries.
MITRE ATT&CK: [MITRE ATT&CK] Hijack Execution Flow - T1574 | [MITRE ATT&CK] Hide Artifacts - T1564 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048 | [MITRE ATT&CK] Data Staged - T1074
Tags: Symbiote, target-region:Latin America, Brazil, target-country:BR, Financial, Linux, Berkeley Packet Filter, eBPF, LD_PRELOAD, Exfiltration over DNS, dnscat2
Alert (AA22-158A). People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
(published: June 8, 2022)
Several US federal agencies issued a special Cybersecurity Advisory regarding China-sponsored activities concentrating on two aspects: compromise of unpatched network devices and threats to IT and telecom. Attackers compromise unpatched network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, to serve as “hop points” to obfuscate their China-based IP addresses in preparation and during the next intrusion. Similarly, routers in IT and Telecom companies are targeted for initial access by China-sponsored groups, this time using open-source router specific software frameworks, RouterSploit and RouterScan.
Analyst Comment: When planning your company |
Ransomware Malware Tool Vulnerability Threat Guideline | CCleaner | |
 |
2022-06-14 12:00:00 | SBOM in Action: finding vulnerabilities with a Software Bill of Materials (lien direct) | Posted by Brandon Lum and Oliver Chang, Google Open Source Security TeamThe past year has seen an industry-wide effort to embrace Software Bills of Materials (SBOMs)-a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for software became popular as a way to understand what's in the software we all consume. The guiding idea is that it's impossible to judge the risks of particular software without knowing all of its components-including those produced by others. This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework, which requires SBOM information to be available for software. But now that the industry is making progress on methods to generate and share SBOMs, what do we do with them?Generating an SBOM is only one half of the story. Once an SBOM is available for a given piece of software, it needs to be mapped onto a list of known vulnerabilities to know which components could pose a threat. By connecting these two sources of information, consumers will know not just what's in what's in their software, but also its risks and whether they need to remediate any issues.In this blog post, we demonstrate the process of taking an SBOM from a large and critical project-Kubernetes-and using an open source tool to identify the vulnerabilities it contains. Our example's success shows that we don't need to wait for SBOM generation to reach full maturity before we begin mapping SBOMs to common vulnerability databases. With just a few updates from SBOM creators to address current limitations in connecting the two sources of data, this process is poised to become easily within reach of the average software consumer. OSV: Connecting SBOMs to vulnerabilitiesThe following example uses Kubernetes, a major project that makes its SBOM available using the Software Package Data Exchange (SPDX) format-an international open standard (ISO) for communicating SBOM information. The same idea should apply to any project that makes its SBOM available, and for projects that don't, you can generate your own SBOM using the same bom tool Kubernetes created.We have chosen to map the SBOM to the Open Source Vulnerabilities (OSV) database, which describes vulnerabilities in a format that was specifically designed to map to open source package versions or commit hashes. The OSV database excels here as it provides a standardized format and aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., Github Advisory Database (GHSA), Global Security Database (GSD)).To connect the SBOM to the database, we'll use the SPDX spdx-to-osv tool. This open source tool takes in an SPDX SBOM document, queries the OSV database of vulnerabilities, and returns an enumeration of vulnerabilities present in the software's declared components.Example: Kubernetes' SBOMThe first step is to download Kubernetes' SBOM, which is publicly available and contains information on the project, dependencies, versions, and | Tool Vulnerability | Uber | |
 |
2022-06-14 09:00:24 | An Autopsy on a Zombie In-the-Wild 0-day (lien direct) | Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here. In the 2020 Year in Review of 0-days exploited in the wild, I wrote how 25% of all 0-days detected and disclosed as exploited in-the-wild in 2020 were variants of previously disclosed vulnerabilities. Almost halfway through 2022 and it seems like we’re seeing a similar trend. Attackers don’t need novel bugs to effectively exploit users with 0-days, but instead can use vulnerabilities closely related to previously disclosed ones. This blog focuses on just one example from this year because it’s a little bit different from other variants that we’ve discussed before. Most variants we’ve discussed previously exist due to incomplete patching. But in this case, the variant was completely patched when the vulnerability was initially reported in 2013. However, the variant was reintroduced 3 years later during large refactoring efforts. The vulnerability then continued to exist for 5 years until it was fixed as an in-the-wild 0-day in January 2022.Getting Started In the case of CVE-2022-22620 I had two pieces of information to help me figure out the vulnerability: the patch (thanks to Apple for sharing with me!) and the description from the security bulletin stating that the vulnerability is a use-after-free. The primary change in the patch was to change the type of the second argument (stateObject) to the function FrameLoader::loadInSameDocument from a raw pointer, SerializedScriptValue* to a reference-counted pointer, RefPtr. trunk/Source/WebCore/loader/FrameLoader.cpp | Tool Vulnerability Patching | ||
 |
2022-06-14 00:00:00 | XDR vs SOAR: Finding the Right Tool for the Job (lien direct) | XDR vs SOAR: Finding the Right Tool for the JobIn the search for the right solution to support, extend, and empower your SOC, here’s what to know when evaluating XDR vs SOAR. | Tool | ||
 |
2022-06-13 18:30:20 | Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability (lien direct) | >Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). Nation-state actors […] | Tool Vulnerability | ||
|
2022-06-13 16:46:00 | Malware Intelligence Dashboards (lien direct) | Anomali Threat Research has released two, Malware Intelligence focused dashboards to assist cybersecurity and cyber threat intelligence professionals in organizing IOCs and strategic intelligence on relevant threats. These two dashboards are titled:
Malware Intelligence - Ransomware
Malware Intelligence - Remote Access Tools and Trojans
Ransomware and remote access tools and trojans are malware types used by threat actors spanning all levels of sophistication, from cybercriminal to advanced persistent threat to nation-state. Ransomware threat actors continue to be highly active and generate significant amounts of illicit funds, and learning more about how these threat actors operate can assist in taking proactive measures against such attacks.
Remote access tools are persistently abused by threat actors for malicious purposes. Knowing which tools the actors use and how they are used is important when making cybersecurity decisions to protect against this malware type; among numerous other variables.
These Malware Intelligence dashboards help amalgamate relevant information into a centralized location to assist in providing crucial contextual information in addition to the most recent IOCs made available through commercial and open-source threat feeds that users manage on ThreatStream.
Dashboards in ThreatStream provide a quick, digestible and timely source of key metrics on threat intelligence indicators. In ThreatStream you can access a number of different dashboard types: standard dashboards available out of the box; themed dashboards developed by the Anomali Threat Research Team; custom dashboards defined by by you; and specialized dashboards to support our Intelligence Initiatives or Lens+ specific data. From this month we greatly improve how an individual user can organize their dashboard views, enabling them to easily hide or show any dashboards available to them. Users show or hide any of the standard dashboards, as well as up to 10 other dashboards at any time. Management and ordering is now simplified so users can drag and drop visible dashboards to reorder according to priority and preference.
Key Capabilities
Users can now granularly manage their dashboards from across their organization and supplementary sources
Dashboards can be drawn from a library created by / visible to the user
Users can show / hide any standard ThreatStream dashboards
User can develop up to 10 custom dashboards for display.
Users will be able to drag and drop to edit the dashboard order and specify the user’s default dashboard (from April).
Customers can still avail of the Custom and ATR themed dashboards as previously
Benefits
Easy management of the rich set of dashboards available in ThreatStream
Quickly and easily access the right insights at the right time, in the right display order
Note: This screen now uses our new user interface design style - we hope you like it!
Malware Intelligence - Ransomware
Pulls OSINT and primary intelligence feeds related to ransomware samples, actors who use ransomware, and TTPs associated with known ransomware families, among others, and displays the data in 10 widgets.
Observables, IOCs, and threat models related to ransomware.
Malware Intelligence - Remote Access Tools and Trojans
Pulls OSINT and primary intelligence feeds related to remote access tool and trojan samples, actors who use these tools and trojans, and TTPs associated with known remote access tool and trojan families, among others, and displays the data in 10 widgets.
|
Ransomware Malware Tool Threat | ||
|
2022-06-13 16:16:26 | API Security: Best Tools and Resources (lien direct) | Every organisation is facing a multitude of security challenges. These range from getting the basics right, like ensuring the correct firewall is in place, to higher-level challenges, such as API security and data privacy. One of the greatest challenges facing organizations these days is a comprehensive approach to API security. With an expanding number […] | Tool | ||
 |
2022-06-13 12:40:35 | PingPull RAT Activity Observed in New in the Wild Attacks (GALLIUM APT) (lien direct) | FortiGuard Labs is aware of a newly discovered in-the-wild remote access tool (RAT) used by GALLIUM APT, called PingPull. GALLIUM has targeted telecommunication, financial and governmental verticals, specifically in Africa, Europe and Southeast Asia in the past.GALLIUM was first detailed by CyberReason and Microsoft in 2019 in an operation targeting telecom providers stealing call detail records (CDR) that contain transactional information of SMS messages, sent and received phone calls, timestamps and other records. GALLIUM uses various off the shelf tools, and modified open source tools and malware to attack organizations for various campaigns. PingPull was observed by Palo Alto Networks in this latest campaign. Usage of the China Chopper webshell is commonly associated with this APT group as well.Powered by the CTABecause of our partnership in the Cyber Threat Alliance alongside other trusted partner organizations, Fortinet customers were protected in advance of this announcement.What is PingPull?PingPull is a remote access trojan (RAT). What makes PingPull novel is the usage of ICMP (Internet Control Message Protocol) which is not a typical TCP/UDP packet, that allows the threat actor to evade detection as it is not often monitored for anomalous activity. PingPull can also leverage HTTPS and TCP as well for further evasion. PingPull has been observed to install itself as a service for persistence. Besides containing typical RAT functionality, PingPull allows for a reverse shell further adding insult to injury. Previous RATs used by GALLIUM were modified versions of Poison Ivy and Gh0st Rat.Who is GALLIUM?GALLIUM is an APT group attributed to the Chinese government. The modus operandi of this group is to use various off the shelf tools to eventually compromise an organization via the utilization of stolen certificates to ultimately perform lateral movement within. Due to non-standardized APT naming conventions, GALLIUM is also known as Operation Soft Cell (CyberReason).What is the Status of Coverage?FortiGuard customers are protected against PingPull RAT by the following (AV) signatures:W32/PossibleThreatW64/Agent.BGA!trAll known URIs are blocked by the WebFiltering Client. | Malware Tool Threat | ||
|
2022-06-13 10:28:07 | Russian hackers start targeting Ukraine with Follina exploits (lien direct) | Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...] | Tool Vulnerability | ||
|
2022-06-13 10:00:00 | DevSecOps deploy and operate processes (lien direct) | In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production.
The traditional handoff of an application is siloed where developers send installation instructions to IT, IT provisions the physical hardware and installs the application, and security scans the application after it is up and running. A missed instruction could cause inconsistency between environments. A system might not be scanned by security leaving the application vulnerable to attack. DevSecOps focus is to incorporate security practices by leveraging the security capabilities within infrastructure as code (IaC), blue/green deployments, and application security scanning before end-users are transitioned to the system.
Infrastructure as Code
IaC starts with a platform like Ansible, Chef, or Terraform that can connect to the cloud service provider’s (AWS, Azure, Google Cloud) Application Programming Interface (API) and programmatically tells it exactly what infrastructure to provision for the application. DevOps teams consult with developers, IT and security to build configuration files with all of the requirements that describe what the cloud service provider needs to provision for the application. Below are some of the more critical areas that DevSecOps covers using IaC.
Capacity planning - This includes rules around autoscaling laterally (automatically adding servers to handle additional demand, elastically) and scaling up (increasing the performance of the infrastructure like adding more RAM or CPU). Elasticity from autoscaling helps prevent non-malicious or malicious Denial of Service incidents.
Separation of duty – While IaC helps break down silos, developers, IT, and security still have direct responsibility for certain tasks even when they are automated. Accidentally deploying the application is avoided by making specific steps of the deploy process responsible to a specific team and cannot be bypassed.
Principal of least privilege – Applications have the minimum set of permissions required to operate and IaC ensures consistency even during the automated scaling up and down of resources to match demand. The fewer the privileges, the more protection systems have from application vulnerabilities and malicious attacks.
Network segmentation – Applications and infrastructure are organized and separated based on the business system security requirements. Segmentation protects business systems from malicious software that can hop from one system to the next, otherwise known as lateral movement in an environment.
Encryption (at rest and in transit) – Hardware, cloud service providers and operating systems have encryption capabilities built into their systems and platforms. Using the built-in capabilities or obtaining 3rd party encryption software protects the data where it is stored. Using TLS certificates for secured web communication between the client and business system protects data in transit. Encryption is a requirement for adhering with industry related compliance and standards criteria.
Secured (hardened) image templates – Security and IT develop the baseline operating system configuration and then create image templates that can be reused as part of autoscaling. As requirements change and patches are released, the baseline image is updated and redeployed.
Antivirus and vulnerability management tools – These tools are updated frequently to keep up with the dynamic security landscape. Instead of installing these tools in the baseline image, consider installing the tools t |
Tool Vulnerability Guideline | ||
|
2022-06-12 19:39:36 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks (lien direct) | The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " | Malware Tool Threat | ||
|
2022-06-10 17:44:17 | Overhaul your SEO with this automation tool (lien direct) | >WordLift SEO Tool for Google Sheets is a cost-effective and beginner-friendly SEO tool that quickly identifies opportunities to improve the way you create content. | Tool | ||
|
2022-06-10 15:48:57 | Don\'t worry about losing data, thanks to this budget-friendly tool (lien direct) | Never worry about lost or corrupted files ever again. MiniTool Power Data Recovery Personal is an affordable solution that can help you recover data from any source. | Tool |
To see everything:
Our RSS (filtrered)
