What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-29 13:00:09 | Corée du Nord pour construire des réserves de trésorerie utilisant des ransomwares, jeux vidéo North Korea building cash reserves using ransomware, video games (lien direct) |
Microsoft dit que l'hermite de Kim \\ pivote les derniers outils à mesure qu'il évolue dans le cyberespace un tout nouveau groupe de cybercriminalité que Microsoft lie avec la Corée du Nord trompe des cibles en utilisant de fausses opportunités d'emploi à lancermalware et ransomware, le tout pour un gain financier…
Microsoft says Kim\'s hermit nation is pivoting to latest tools as it evolves in cyberspace A brand-new cybercrime group that Microsoft ties to North Korea is tricking targets using fake job opportunities to launch malware and ransomware, all for financial gain.… |
Ransomware Malware Tool | APT 37 | |
 |
2024-05-29 10:00:00 | Acquisition de données volatiles sur les systèmes Linux à l'aide de FMEM Volatile Data Acquisition on Linux Systems Using fmem (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Memory forensics is a critical aspect of digital forensics, allowing investigators to analyze the volatile memory of a system to uncover evidence of malicious activity, detect hidden malware, and reconstruct system events. In this blog, we\'ll explore the world of memory forensics using two powerful tools: Fmem and LiME. We\'ll delve into the basics of memory forensics, explore the features and capabilities of Fmem and LiME, and provide a step-by-step guide on how to use these tools to analyze a memory dump.
What is Memory Forensics?
Memory forensics involves the analysis of a system\'s volatile memory to extract valuable information about system state, running processes, and network connections. This type of analysis is crucial in incident response, malware analysis, and digital forensics investigations. By analysing memory, investigators can:
1. Detect Hidden Malware and Rootkits:
Memory forensics enables investigators to uncover hidden malware and rootkits that may be actively running in a system\'s memory. Unlike traditional antivirus software that primarily scans the file system, memory forensics tools can identify malicious code and processes that attempt to evade detection by residing solely in memory.
2. Identify Malicious Processes and Network Connections:
By analyzing the contents of a system\'s memory, forensic analysts can identify suspicious processes and network connections. This includes processes that may be performing malicious activities such as data exfiltration, privilege escalation, or network reconnaissance. Identifying these malicious entities is crucial for understanding the scope and impact of a security incident.
3. Reconstruct System Events and Timelines:
Memory forensics allows investigators to reconstruct the sequence of events that occurred on a system leading up to and during a security incident. By analyzing memory artifacts such as process creation timestamps, network connection logs, and registry modifications stored in memory, investigators can create a detailed timeline of activities, which aids in understanding the tactics and techniques employed by attackers.
4. Extract Sensitive Data:
Volatile data, such as passwords, encryption keys, and other sensitive information, may be present in a system\'s memory during normal operation. Memory forensics tools can extract this data from memory dumps, providing valuable evidence for digital investigations. This information can be crucial for understanding how attackers gained access to sensitive resources and for mitigating potential security risks.
Using fmem for Memory Capture:
fmem is a kernel module that creates a virtual device, /dev/fmem, which allows direct access to the physical memory of a system. This module is particularly useful for acquiring memory dumps of a compromised system, even if the system is protected by Secure Boot or has disabled the ability to read physical memory directly.
Follow these steps to capture memory using fmem: Download the fmem source code from the official repository or package manager. The same can be found here.
Once cloned into the repository, change directory to fmem using cd command. You can use ls command to list the contents of the directory.
Compile and install fmem on the target Linux system:
Once you are i |
Malware Tool | ||
 |
2024-05-29 07:00:00 | Picotron, la nouvelle station de travail 8-bit pour créer des jeux et des outils (lien direct) | Picotron est une nouvelle workstation 8-bit conçue pour la création de jeux et d'outils. Similaire à Pico-8 mais plus flexible, elle offre un environnement de développement complet et personnalisable, avec un affichage et une capacité de stockage étendus. Découvrez ses fonctionnalités uniques et sa compatibilité avec Pico-8. | Tool | ||
 |
2024-05-28 19:40:48 | ShrinkLocker: transformer le bitlocker en ransomware ShrinkLocker: Turning BitLocker into Ransomware (lien direct) |
#### Géolocations ciblées
- Mexique
- Indonésie
- Jordan
## Instantané
Des chercheurs de Kapersky ont identifié un incident dans lequel les attaquants se sont déployés et un script de base visuel avancé (VBScript) qui a profité du bitlocker pour le cryptage de fichiers non autorisé.
## Description
Bitlocker a été initialement conçu pour protéger les données contre le vol ou l'exposition lorsque les appareils sont perdus, volés ou mal éliminés.Cependant, les attaquants ont découvert comment exploiter cette fonctionnalité à des fins malveillantes.Les chercheurs de Kapersky ont détecté ce script et ses versions modifiées au Mexique, en Indonésie et en Jordanie.
Initialement, le script utilise Windows Management Instrumentation (WMI) pour collecter des informations sur le système d'exploitation (OS).Il vérifie le domaine et la version du système d'exploitation actuels, se terminant s'il rencontre certaines conditions, telles que les anciennes versions Windows comme XP ou Vista.
Le script effectue des opérations de redimensionnement du disque uniquement sur des disques fixes pour éviter les outils de détection sur les lecteurs de réseau.Pour Windows Server 2008 et 2012, il rétrécit les partitions non-Boot, crée de nouvelles partitions, les formats et réinstalle les fichiers de démarrage à l'aide de DiskPart et BCDBoot.Pour d'autres versions Windows, des opérations similaires sont exécutées avec du code adapté à la compatibilité.
Les entrées de registre sont ajoutées par le script, qui vérifie si les outils de chiffrement BitLocker Drive sont actifs et démarre le service de cryptage BitLocker Drive s'il ne s'exécute pas déjà.Le script désactive et supprime ensuite les protecteurs de bitlocker par défaut, les remplaçant par un mot de passe numérique pour éviter la récupération des clés.
Une clé de chiffrement unique à 64 caractères est générée à l'aide d'éléments aléatoires et de données spécifiques au système, converti en une chaîne sécurisée et utilisé pour activer BitLocker sur les disques.Les attaquants utilisent le domaine trycloudflare.com pour envoyer des demandes de publication chiffrées avec des informations système et la clé de chiffrement de leur serveur.
Pour couvrir ses pistes, le script se supprime, efface les journaux et modifie les paramètres du système avant de forcer un arrêt.Lors du redémarrage, la victime est confrontée à un écran Bitlocker sans options de récupération, les verrouillant efficacement de leurs données.
## Les références
[ShrinkLocker: transformer Bitlocker en ransomware] (https://securelist.com/ransomware-abuses-bitlocker/112643/).Kapersky (consulté en 2024-05-28)
#### Targeted Geolocations - Mexico - Indonesia - Jordan ## Snapshot Researchers at Kapersky identified an incident where attackers deployed and an advanced Visual Basic Script (VBScript) that took advantage of BitLocker for unauthorized file encryption. ## Description BitLocker was originally designed to protect data from being stolen or exposed when devices are lost, stolen, or improperly disposed of. However, attackers have discovered how to exploit this feature for malicious purposes. Kapersky researchers have detected this script and its modified versions in Mexico, Indonesia, and Jordan. Initially, the script uses Windows Management Instrumentation (WMI) to gather operating system (OS) information. It checks the current domain and OS version, terminating itself if it encounters certain conditions, such as older Windows versions like XP or Vista. The script performs disk resizing operations only on fixed drives to avoid detection tools on network drives. For Windows Server 2008 and 2012, it shrinks non-boot partitions, creates new partitions, formats them, and reinstalls boot files using diskpart and bcdboot. For other Windows versions, similar operations are executed wit |
Threat Ransomware Tool | ||
|
2024-05-28 17:37:40 | Faits saillants hebdomadaires, 28 mai 2024 Weekly OSINT Highlights, 28 May 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a diverse array of sophisticated cyber threats targeting various sectors, including financial institutions, government entities, and academic organizations. The reports highlight a variety of attack types such as banking trojans, stealers, crypto mining malware, ransomware, and remote access trojans (RATs). Attack vectors include malspam campaigns, spear-phishing emails, search engine advertisements, and trojanized software packages. Threat actors range from financially motivated groups like UAC-0006 and Ikaruz Red Team to state-sponsored entities such as the Chinese-linked "Unfading Sea Haze" and the Iranian Void Manticore. These actors employ advanced techniques like fileless malware, DLL sideloading, and custom keyloggers to achieve persistence and data exfiltration. The targets of these attacks are geographically widespread, encompassing North and South America, the South China Sea region, the Philippines, and South Korea, underscoring the global reach and impact of these threats. ## Description 1. **[Metamorfo Banking Trojan Targets North and South America](https://security.microsoft.com/intel-explorer/articles/72f52370)**: Forcepoint reports that the Metamorfo (Casbaneiro) banking trojan spreads through malspam campaigns, using HTML attachments to initiate system metadata collection and steal user data. This malware targets banking users in North and South America by employing PowerShell commands and various persistence mechanisms. 2. **[Unfading Sea Haze Targets South China Sea Military and Government Entities](https://security.microsoft.com/intel-explorer/articles/c95e7fd5)**: Bitdefender Labs identified a Chinese-linked threat actor, "Unfading Sea Haze," using spear-phishing emails and fileless malware to target military and government entities in the South China Sea region. The campaign employs tools like SerialPktdoor and Gh0stRAT to exfiltrate data and maintain persistence. 3. **[Acrid, ScarletStealer, and Sys01 Stealers](https://security.microsoft.com/intel-explorer/articles/8ca39741)**: Kaspersky describes three stealers-Acrid, ScarletStealer, and Sys01-targeting various global regions. These stealers focus on stealing browser data, cryptocurrency wallets, and credentials, posing significant financial risks by exfiltrating sensitive user information. 4. **[REF4578 Crypto Mining Campaign](https://security.microsoft.com/intel-explorer/articles/c2420a77)**: Elastic Security Labs reports on REF4578, an intrusion set leveraging vulnerable drivers to disable EDRs for deploying Monero crypto miners. The campaign\'s GHOSTENGINE module ensures persistence and termination of security agents, targeting systems for crypto mining. 5. **[SmokeLoader Malware Campaign in Ukraine](https://security.microsoft.com/intel-explorer/articles/7bef5f52)**: CERT-UA observed the UAC-0006 threat actor distributing SmokeLoader malware via phishing emails in Ukraine. The campaign downloads additional malware like Taleshot and RMS, targeting remote banking systems and increasing fraud schemes. 6. **[Ikaruz Red Team Targets Philippines with Modified Ransomware](https://security.microsoft.com/intel-explorer/articles/624f5ce1)**: The hacktivist group Ikaruz Red Team uses leaked LockBit 3 ransomware builders to attack Philippine organizations, aligning with other hacktivist groups like Turk Hack Team. The group engages in politically motivated data leaks and destructive actions. 7. **[Grandoreiro Banking Trojan Campaign](https://security.microsoft.com/intel-explorer/articles/bc072613)**: IBM X-Force tracks the Grandoreiro banking trojan, which operates as Malware-as-a-Service (MaaS) and targets over 1500 global banks. The malware uses advanced evasion techniques and spreads through phishing emails, aiming to commit banking fraud worldwide. 8. **[Void Manticore\'s Destructive Wiping Attacks](https://security.microsoft.com/intel-explorer/articles/d5d5c07f)**: Check Point Research analyzes the Iranian threat actor Void Manticore, conducting destructive wip | Threat Ransomware Malware Hack Tool | APT 34 | |
 |
2024-05-28 12:33:03 | Calculatrice de prime de bug-frappez les nombres et optimisez votre VDP Bug Bounty Calculator-Crunch the numbers and optimize your VDP (lien direct) |
> Présentation de la calculatrice de primes de bug d'Initigriti \\!Dans un marché de primes de bogues en expansion rapide, rester compétitif est essentiel.Notre outil gratuit permet aux propriétaires de programmes de primes de bug à fixer des taux de paiement optimaux en toute confiance. Pourquoi avons-nous publié une calculatrice de primes de bogue?Avec la croissance rapide du marché de la prime des insectes, alimenté à la fois par une augmentation de [& # 8230;]
>Introducing Intigriti\'s enhanced Bug Bounty Calculator! In a rapidly expanding bug bounty marketplace, staying competitive is key. Our free-to-use tool empowers bug bounty program owners to set optimal payout rates with confidence. Why have we released a Bug Bounty Calculator? With the rapid growth of the bug bounty marketplace, fueled by both an increase in […] |
Tool | ||
 |
2024-05-28 12:26:54 | L'augmentation des recherches des gestionnaires de mots de passe: comprendre la complexité et les drapeaux rouges de l'escroc The Rise in Searches for Password Managers: Understanding Complexity and Scammer Red Flags (lien direct) |
L'augmentation des recherches des gestionnaires de mots de passe: comprendre la complexité et les drapeaux rouges de l'escroc.
L'équipe de MaxContact a observé une augmentation significative des recherches de ces outils, avec plus de 466 000 recherches chaque mois.
-
opinion
The Rise in Searches for Password Managers: Understanding Complexity and Scammer Red Flags. The team at MaxContact, have observed a significant uptick in searches for these tools, with over 466,000 searches each month. - Opinion |
Tool | ||
 |
2024-05-28 10:59:27 | Déballage statique pour la famille malveillante malveillante basée sur le NSIS Static Unpacking for the Widespread NSIS-based Malicious Packer Family (lien direct) |
> Les packers ou les cryptères sont largement utilisés pour protéger les logiciels malveillants contre la détection et l'analyse statique.Ces outils auxiliaires, grâce à l'utilisation d'algorithmes de compression et de chiffrement, permettent aux cybercriminels de préparer des échantillons uniques de logiciels malveillants pour chaque campagne ou même par victime, ce qui complique le travail des logiciels antivirus.Dans le cas de certains packers, [& # 8230;]
>Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software. In the case of certain packers, […] |
Tool | ||
|
2024-05-28 10:00:00 | L'évolution des cybermenaces à l'ère de l'IA: défis et réponses The Evolution of Cyber Threats in the Age of AI: Challenges and Responses (lien direct) |
"In war, the importance of speed cannot be overstated. Swift and decisive actions often determine the outcome of battles, as delays can provide the enemy with opportunities to exploit weaknesses and gain advantages." - General Patton, "Leadership and Strategy in Warfare," Military Journal, 1945. Cybersecurity has become a battlefield where defenders and attackers engage in a constant struggle, mirroring the dynamics of traditional warfare. In this modern cyber conflict, the emergence of artificial intelligence (AI) has revolutionized the capabilities of traditionally asymmetric cyber attackers and threats, enabling them to pose challenges akin to those posed by near-peer adversaries.[1] This evolution in cyber threats demands a strategic response from organizations leveraging AI to ensure speed and intelligence in countering increasingly sophisticated attacks. AI provides force multiplication factors to both attackers and defenders. To wit, which ever side neglects the use of this new technology does so at its own peril. AI-Driven Evolution of Cyber Threats AI is playing a pivotal role in empowering cyber attackers and bridging the gap towards near-peer status with organizations in terms of cyber threats which, historically have been asymmetric in nature. The advancements in AI technologies have provided attackers with sophisticated tools and techniques that rival the defenses of many organizations. Several key areas highlight how AI is enabling the evolution of cyber threats: Sophisticated Attack Automation: AI-powered tools allow attackers to automate various stages of the attack lifecycle, from reconnaissance to exploitation.[2] This level of automation enables attackers to launch coordinated and sophisticated attacks at scale, putting organizations at risk of facing near-peer level threats in terms of attack complexity and coordination. Adaptive and Evolving Tactics: AI algorithms can analyze data and adapt attack tactics in real-time based on the defender\'s responses.[3] This adaptability makes it challenging for defenders to predict and defend against evolving attack strategies, mirroring the dynamic nature of near-peer adversaries who constantly adjust their tactics to overcome defenses. AI-Driven Social Engineering: AI algorithms can analyze vast amounts of data to craft highly convincing social engineering attacks, such as phishing emails or messages.[4] These AI-driven social engineering techniques exploit human vulnerabilities effectively, making it difficult for organizations to defend against such personalized and convincing attacks. AI-Powered Malware: Malware developers leverage AI to create sophisticated and polymorphic malware that can evade detection by traditional security solutions.[5] This level of sophistication in malware design and evasion techniques puts organizations at risk of facing near-peer level threats in terms of malware sophistication and stealthiness. AI-Enhanced Targeting: AI algorithms can analyze large datasets to identify specific targets within organizations, such as high-value assets or individuals with sensitive information.[6] This targeted approach allows attackers to focus their efforts on critical areas, increasing the effectiveness of their attacks and approaching the level of precision seen in near-peer threat actor operations. The combination of these AI-driven capabilities empowers cyber attackers to launch sophisticated, automated, and adaptive attacks that challenge organizations in ways previously seen only with near-peer adversaries in nation state attacks and warfare. Today, a single person, harnessing the power of AI can create a veritable army and provides force multiplication to the attackers. This puts organizations at an even greater defensive disadvantage than in years prior to the introduction of AI. AI\'s Role in Defenders\' Responses "Defense is not just about fortifying positions but also about reac | Threat Malware Tool Conference Prediction Vulnerability | ||
 |
2024-05-28 03:07:33 | Mesurer l'efficacité des outils de surveillance de l'intégrité des fichiers Measuring the Effectiveness of File Integrity Monitoring Tools (lien direct) |
Un incident de sécurité peut être le résultat d'un seul changement non autorisé.Quelques-uns peuvent dire que \\ 'un changement est sans conséquence, ne transpire pas les petites choses. \' Mais en ce qui concerne la sécurité des infrastructures, le détail est d'une importance capitale!Un seul édition à un élément de ligne unique peut avoir un effet négatif sur un fichier entier ou un système d'exploitation.Il est essentiel d'être informé de tout changement de fichier non autorisé et d'être informé avec la hâte.Et alors que certains peuvent opter pour un outil de sécurité tout-en-un pour répondre à cette exigence, la meilleure approche consiste à déployer une surveillance dédiée à l'intégrité des fichiers (FIM) ...
A security incident can be the result of a single unauthorised change. A few may say, \'one change is inconsequential, don\'t sweat the small stuff.\' But when it comes to infrastructure security, the detail is of paramount importance! Just a single edit to a single line item can have a negative effect on an entire file or operating system. It\'s essential to be made aware of any unauthorised file change and to be made aware with haste. And whilst some may opt for an all-in-one security tool to meet this requirement, the best approach is to rollout a dedicated File Integrity Monitoring (FIM)... |
Tool | ||
|
2024-05-27 03:30:55 | Comment les criminels tirent parti de l'IA pour créer des escroqueries convaincantes How Criminals Are Leveraging AI to Create Convincing Scams (lien direct) |
Les outils d'IA génératifs comme Chatgpt et Google Bard sont parmi les technologies les plus excitantes du monde.Ils ont déjà commencé à révolutionner la productivité, à suralimenter la créativité et à faire du monde un meilleur endroit.Mais comme pour toute nouvelle technologie, l'IA générative a provoqué de nouveaux risques - ou, plutôt, aggravant les anciens risques.Mis à part le potentiel très discuté "Ai apocalypse" qui a dominé les gros titres ces derniers mois, l'IA génératrice a un impact négatif plus immédiat: créer des escroqueries de phishing convaincantes.Les cybercriminels créent des escroqueries beaucoup plus sophistiquées avec une IA générative que ...
Generative AI tools like ChatGPT and Google Bard are some of the most exciting technologies in the world. They have already begun to revolutionize productivity, supercharge creativity, and make the world a better place. But as with any new technology, generative AI has brought about new risks-or, rather, made old risks worse. Aside from the much-discussed potential " AI apocalypse" that has dominated headlines in recent months, generative AI has a more immediate negative impact: creating convincing phishing scams. Cybercriminals create far more sophisticated scams with generative AI than... |
Tool | ChatGPT | |
 |
2024-05-26 22:24:17 | Cyberattaque : rétablissement progressif pour la Ville de Saint-Nazaire (lien direct) | Un mois et demi après la cyberattaque, la remise en route des outils numériques de la Ville de Saint-Nazaire et de l'Agglomération se fait progressivement. ZATAZ a été poser quelques questions à Lockbit, l'instigateur de cette malveillance !... | Tool | ||
|
2024-05-24 18:42:00 | (Déjà vu) Les pirates chinois se cachent sur les réseaux militaires et gouvernementaux pendant 6 ans Chinese hackers hide on military and govt networks for 6 years (lien direct) |
#### Targeted Industries - Government Agencies & Services ## Snapshot A previously unknown threat actor, Bitdefender Labs designated as "Unfading Sea Haze", has been targeting military and government entities in the South China Sea region since 2018, undetected until recently. Bitdefender researchers link its operations to Chinese geopolitical interests. ## Description "Unfading Sea Haze" attacks start with spear-phishing emails containing malicious ZIP archives and LNK files, deploying fileless malware via MSBuild. This fileless malware, named \'SerialPktdoor,\' serves as a backdoor program that provides the attackers with remote control over the compromised system. Additionally, the attackers employ scheduled tasks, local administrator account manipulation, and commercial Remote Monitoring and Management (RMM) tools like the Itarian RMM to gain a foothold on the compromised network. Once access is established, Unfading Sea Haze utilizes various tools such as a custom keylogger, info-stealer targeting data stored in web browsers, and Gh0stRAT malware variants to capture keystrokes, steal information, and maintain persistence. The threat actor also utilizes tools like Ps2dllLoader, \'SharpJSHandler,\' and a custom tool for monitoring and exfiltrating data from breached systems. More recent attacks have shown a shift to using the curl utility and the FTP protocol for data exfiltration, along with dynamically generated credentials that are changed frequently. ## Recommendations Recommendations to protect against Information stealers Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magicti_ta_learndoc) to check attachments to inbound email. - Encourage users to use Microsoft Edge and other web browsers that support [SmartScreen](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-protection-overview?ocid=magicti_ta_learndoc), which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enforce MFA on all accounts, remove users excluded from MFA, and strictly [require MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?ocid=magicti_ta_learndoc) from all devices, in all locations, at all times. - Enable passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA. [Refer to this article](https://learn.microsoft.com/azure/active-directory/authentication/concept-authenticati | Threat Ransomware Spam Malware Tool Commercial | ||
|
2024-05-24 17:17:36 | Longe de lune en utilisant un jeu de chars malveillant pour infecter les appareils Moonstone Sleet using malicious tank game to infect devices (lien direct) |
## Snapshot Since February 2024, Microsoft has observed Moonstone Sleet infecting devices using a malicious tank game called DeTankWar. In some cases, after gaining initial access via the tank game, Moonstone Sleet conducted lateral movement and extensive exfiltration of data from impacted organizations. The actor has shared the DeTankWar malware extensively via social media and through directly contacting organizations in the gaming, education, and software development sectors, suggesting the actor is putting intense effort behind this campaign. Customers can use Microsoft Defender XDR to detect activity related to this threat actor in their environments. Microsoft Defender for Endpoint detects many components of this activity, such as *Moonstone Sleet actor activity detected*, and Microsoft Defender Antivirus detects the malware execution with behavioral signatures. ## Activity Overview Since February 2024, Microsoft observed Moonstone Sleet infecting devices using a malicious tank game it developed. Moonstone Sleet sent the game to targets through messaging platforms such as LinkedIn and Telegram, phishing emails, and also spoofed the website of a well-known game maker to act as a download site. Once the ZIP file is downloaded, multiple malicious DLLs included in it are run upon launch of the game leading to connection to command-and-control (C2) infrastructure using Moonstone Sleet\'s YouieLoad, which is decrypted from one of the DLLs and in some cases subsequent hands-on-keyboard activity. Observed targets include employees of blockchain, trading, game development, and technology companies, as well as academics. These targets are globally located. #### Attack chain **Initial access** Moonstone Sleet often approaches its targets either through messaging platforms or by email. We have observed the threat actor presenting itself as a game developer seeking either investment or developer support. In these emails, Moonstone Sleet masquerades as a legitimate blockchain company or uses fake companies. Moonstone Sleet presents DeTankWar as a nonfungible token (NFT)-enabled, play-to-earn game available on Windows, Mac, and Linux.  *Figure 1. Example of a Moonstone Sleet DeTankWar spear phishing email* To bolster its superficial legitimacy, Moonstone Sleet has created a robust public campaign that includes the websites *detankwar\[.\]com* and *defitankzone\[.\]com*, Twitter accounts for the personas it uses to approach targets, and the game itself, which is alternately referred to as DeTankWar, DeFiTankWar, TankWarsZone, and DeTankLand.   *Figures 2 and 3. DeTankWar Twitter accounts*   *Figures 4 and 5. Pages from the DeTankWar website* In mid-March, Microsoft observed a homoglyph domain created by Moonstone Sleet to spoof a well-known game developer. This website offered a page on DeTankWar with both a download link and a link to the @detankwar1 X (Twitter) account.  *Figure 6. Elements on the page for DeTankWar on spoofed website* **Launch** Visitors to the DeTankWar website are prompted to download a compressed ZIP archive. When the user launches the game, the malicious payload *delfi-tank-unity.exe* or *DeTankWar.exe* also launches. The payload is cu | Threat Malware Tool | ||
|
2024-05-24 01:09:17 | Rapport de CrimeWare: Acred, Scarletsaler et SYS01 Stealers Crimeware Report: Acrid, ScarletStealer, and Sys01 Stealers (lien direct) |
## Snapshot Kaspersky security researchers provide details on three distinct stealers: Acrid, ScarletStealer, and Sys01. These stealers exhibit varying levels of sophistication and global targeting, with specific geographic concentrations for each. ## Description Acrid is a new stealer that was found in December 2023. It is written in C++ for the 32-bit system and uses the "Heaven\'s Gate" technique to bypass certain security controls. ScarletStealer is a rather unique stealer as most of its stealing functionality is contained in other binaries that it downloads. ScarletStealer victims are mostly located in Brazil, Turkey, Indonesia, Algeria, Egypt, India, Vietnam, the USA, South Africa and Portugal. Sys01 (also known as “Album Stealer” or “S1deload Stealer”) is a relatively unknown stealer that has been around since at least 2022. Victims of this campaign were found all over the world, but most of them were located in Algeria. The stealer is distributed through a long chain of downloaders, where the last one is the Penguish downloader, and signed with a digital certificate. Unlike previous publicly disclosed versions of Sys01, the latest version of the stealer has split functionality. It now specifically steals Facebook-related data and sends stolen browser data to the C2. All three stealers have the typical functionality one might expect from a stealer, such as stealing browser data, stealing local cryptocurrency wallets, stealing files with specific names, and stealing credentials from installed applications. The danger posed by stealers lies in the consequences. This malware steals passwords and other sensitive information, which later can be used for further malicious activities causing great financial losses among other things. ## Microsoft Analysis In recent years, Microsoft has tracked the growing risk that infostealers pose to enterprise security. Infostealers are commodity malware used to steal information from a target device and send it to the threat actor. The popularity of this class of malware led to the emergence of an infostealer ecosystem and a new class of threat actors who leveraged these capabilities to conduct their attacks. Infostealers are advertised as a malware as a service (MaaS) offering – a business model where the developers lease the infostealer payload to distributers for a fee. Information stealers are versatile and can be distributed in various forms including through phishing email campaigns, malvertising, and trojanized software, games and tools. Typically, once the user downloads and launches the malicious payload, it establishes command and control (C2) connections with suspicious domains. Once infected, the infostealer attempts to collect and ultimately exfiltrate information from the system including files, browsers, internet-facing devices and applications to the C2 servers. ## Detections ### Microsoft Defender for Endpoint Alerts with the following titles in the security center can indicate threat activity on your network. These alerts, however, can be triggered by unrelated threat activity. - Information stealing malware activity - An executable loaded an unexpected dll - DLL search order hijack - Possible S1deload stealer activity ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use Microsoft Defender for Office 365 for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learn | Threat Ransomware Spam Malware Tool | ★★ | |
 |
2024-05-23 21:56:44 | Saisir le contrôle du cockpit de sécurité du cloud Seizing Control of the Cloud Security Cockpit (lien direct) |
Tout comme un tableau de bord de l'avion, les configurations sont la façon dont nous contrôlons les applications cloud et les outils SaaS.Il est également le point d'entrée pour trop de menaces de sécurité.Voici quelques idées pour rendre le processus de configuration plus sécurisé.
Much like an airplane's dashboard, configurations are the way we control cloud applications and SaaS tools. It's also the entry point for too many security threats. Here are some ideas for making the configuration process more secure. |
Cloud Tool | ★★ | |
|
2024-05-23 20:38:07 | MIT Brothers chargé d'exploiter Ethereum pour voler 25 millions de dollars MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million (lien direct) |
Les deux diplômés du MIT ont découvert une faille dans un outil de trading commun contre la blockchain Ethereum.Est-ce que cela prétend les problèmes à venir pour la crypto-monnaie?
The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency? |
Tool | ★★★ | |
 |
2024-05-23 19:20:00 | Nouvelles frontières, anciennes tactiques: le groupe d'espionnage chinois cible les gouvernements Afrique et Caraïbes New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts (lien direct) |
L'acteur de menace lié à la Chine connue sous le nom de Panda Sharp a élargi son ciblage pour inclure des organisations gouvernementales en Afrique et dans les Caraïbes dans le cadre d'une campagne de cyber-espionnage en cours.
"La campagne adopte Cobalt Strike Beacon comme charge utile, permettant des fonctionnalités de porte dérobée comme la communication C2 et l'exécution des commandes tout en minimisant l'exposition de leurs outils personnalisés", Check Point
The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point |
Threat Tool | ★★★ | |
|
2024-05-23 16:44:00 | Vos sauvegardes SaaS sont-elles aussi sécurisées que vos données de production? Are Your SaaS Backups as Secure as Your Production Data? (lien direct) |
Les conversations sur la sécurité des données ont tendance à diverger en trois threads principaux:
Comment protéger les données que nous stockons sur notre site sur site ou notre infrastructure cloud?
Quelles stratégies et outils ou plateformes peuvent-ils sauvegarder et restaurer de manière fiable les données?
Que nous coûterait toutes ces données, et à quelle vitesse pourrions-nous le récupérer?
Tous sont des conversations valides et nécessaires pour les organisations technologiques de toutes formes
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are valid and necessary conversations for technology organizations of all shapes |
Cloud Tool | ★★★ | |
|
2024-05-23 13:00:02 | La campagne d'espionnage chinoise s'étend pour cibler l'Afrique et les Caraïbes Chinese Espionage Campaign Expands to Target Africa and The Caribbean (lien direct) |
> La recherche sur les points de contrôle (RCR) voit une campagne de cyber-espionnage en cours se concentre sur le ciblage des organisations gouvernementales en Afrique et dans les Caraïbes.Attribué à un acteur de menace chinois Sharp Dragon (anciennement Sharp Panda), la campagne adopte Cobalt Strike Beacon en tant que charge utile, permettant des fonctionnalités de porte dérobée telles que la communication C2 et l'exécution des commandes tout en minimisant l'exposition de leurs outils personnalisés.Cette approche raffinée suggère une compréhension plus profonde de leurs cibles.Les principales constatations de Dragon Sharp \\ (anciennement appelées opérations de panda pointues) se poursuivent, élargissant maintenant leur objectif vers de nouvelles régions & # 8211;L'Afrique et les Caraïbes.Sharp Dragon utilise des entités gouvernementales de confiance pour infecter de nouvelles [& # 8230;]
>Check Point Research (CPR) sees an ongoing cyber espionage campaign focuses on targeting governmental organizations in Africa and the Caribbean. Attributed to a Chinese threat actor Sharp Dragon (formerly Sharp Panda), the campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools. This refined approach suggests a deeper understanding of their targets. Key Findings Sharp Dragon\'s (formerly referred to as Sharp Panda) operations continues, expanding their focus now to new regions – Africa and the Caribbean. Sharp Dragon utilizes trusted government entities to infect new […] |
Threat Tool | ★★ | |
|
2024-05-23 10:00:00 | La Chine APT a volé des secrets géopolitiques du Moyen-Orient, Afrique et amp; AMP;Asie China APT Stole Geopolitical Secrets From Middle East, Africa & Asia (lien direct) |
L'une des plus grandes opérations d'espionnage de la Chine doit son succès aux bogues de longue date de Microsoft Exchange, aux outils open source et aux vieux logiciels malveillants.
One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware. |
Malware Tool | ★★★ | |
 |
2024-05-23 09:30:00 | Présentation de NIMFilt: un outil d'ingénierie inverse pour les binaires compilés NIM Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries (lien direct) |
Disponible à la fois en tant que plugin IDA et un script Python, NIMFilt aide à des binaires ingénieurs inverses compilés avec le compilateur de langage de programmation NIM en démamlant les noms de package et de fonction, et en appliquant des structures aux chaînes
Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings |
Tool | ||
 |
2024-05-23 08:02:17 | Proofpoint vs sécurité anormale: une entreprise Fortune 500 explique pourquoi on est meilleur Proofpoint vs. Abnormal Security: A Fortune 500 Company Explains Why One Is Better (lien direct) |
Businesses that choose Proofpoint tend to stay with us. In fact, while many start by using our email threat detection tools, over time they often consolidate their other cybersecurity tools with us. They end up using Proofpoint for their other attack surfaces, like identity threats and information protection. But what happens if they\'re forced to adopt Abnormal Security by senior management? That\'s what happened to the Fortune 500 financial services corporation discussed in this blog post. They wanted to share their story but requested anonymity. As a customer of both Proofpoint and Abnormal, they have some key insights about what makes Proofpoint stand out from the competition. A defense-in-depth approach An existing Microsoft 365 E5 customer, the company deployed a defense-in-depth security approach because the native and Microsoft Defender email security capabilities were not good enough to detect and block phishing, malware and ransomware. They also used CrowdStrike and complemented these tools with Proofpoint Threat Protection. Proofpoint ensured that they could detect and block more sophisticated email threats like: Socially engineered attacks Business email compromise (BEC) Advanced credential phishing By combining Microsoft, Proofpoint and CrowdStrike, the customer had powerful email security. It could detect and block email threats and automate remediation across its offices worldwide. And it had a strong continuous detection model (predelivery, post-delivery and click-time) throughout its entire email delivery flow. End-to-end protection is why 87% of Fortune 100 companies trust Proofpoint to protect their people and business. Because the customer\'s senior executive management team truly believed in the defense-in-depth approach, it decided to add Abnormal Security as an additional layer of defense. Abnormal is an API-based, post-delivery, remediation-only tool that\'s positioned as easy to use. Featuring behavioral AI, it\'s sold as a “set it and forget it” tool that can detect and remediate email threats faster while improving operational efficiency. The company soon integrated Abnormal with its existing Microsoft 365 APIs so that Abnormal could receive emails from Microsoft. At the same time, the customer deactivated automated remediation in Proofpoint Threat Response Auto-Pull. The Abnormal tool was now in charge of analyzing emails post-delivery. “We were told it would be \'set it and forget it\' with Abnormal but found it couldn\'t be further from the truth.” - IT director, data security, Fortune 500 financial services company A head-to-head comparison: Proofpoint vs. Abnormal Once they started using Abnormal, the cybersecurity team watched what it could do and assessed how the company\'s new defense-in-depth approach was going. Here\'s what they observed. Predelivery efficacy: Proofpoint wins Unlike Proofpoint, Abnormal does not provide any predelivery detection or analysis capabilities; it has a 0% predelivery efficacy rate. Compare that to Proofpoint predelivery detection, which stops known and emerging threats before they are delivered to users\' inboxes. This prevents users from engaging with threats and reduces the downstream burden on security teams. Proofpoint uses a multilayered detection stack to accurately identify and catch the widest array of threats. Our broad set of detection technology means that we can apply the right technique for the right threat. This includes QR code scams, URL-based threats and BEC attacks. By combining our existing attachment defense with our new predelivery hold and sandboxing of suspicious messages with URLs, Proofpoint ensures that fewer malicious URLs and dangerous payloads are delivered to users\' inboxes. This includes QR codes or any malicious files that are attached to emails. And thanks to our new predelivery large language model (L | Threat Ransomware Malware Tool | ★★★ | |
 |
2024-05-22 19:27:49 | La FCC pousse de nouvelles exigences de divulgation pour l'IA dans les publicités politiques FCC pushes new disclosure requirements for AI in political ads (lien direct) |
> La proposition intervient alors que les campagnes et les super PAC ont cherché à tirer parti des outils d'IA génératifs dans les annonces d'attaque ce cycle électoral.
>The proposal comes as campaigns and super PACs have sought to leverage generative AI tools in attack ads this election cycle. |
Tool | ★★★ | |
 |
2024-05-22 16:40:47 | Les meilleurs services de protection contre le vol d'identité et de surveillance du crédit de 2024 The best identity theft protection and credit monitoring services of 2024 (lien direct) |
Les meilleurs services de vol d'identité et de surveillance du crédit offrent des outils antivirus, la surveillance des médias sociaux, les alertes et l'assistance en cas de problème.
The best identity theft and credit monitoring services offer antivirus tools, social media monitoring, alerts, and assistance if something goes wrong. |
Tool | ★★★ | |
|
2024-05-22 16:31:26 | Grandoreiro Banking Trojan Resurfaces dans Global Campaign Grandoreiro Banking Trojan Resurfaces in Global Campaign (lien direct) |
## Instantané Depuis mars 2024, IBM X-Force a suivi des campagnes de phishing à grande échelle distribuant le cheval de Troie bancaire Grandoreiro, considéré comme un logiciel malveillant en tant que service (MAAS). Lisez la rédaction de Microsoft \\ sur Grandoreiro [ici] (https://security.microsoft.com/intel-explorer/articles/f07d1d16). ## Description Grandoreiro a connu des mises à jour importantes, notamment le décryptage amélioré des chaînes et un nouvel algorithme générateur de domaine (DGA).Le malware exploite également les clients Microsoft Outlook sur les hôtes infectés pour diffuser des e-mails de phishing. Historiquement, les campagnes ont été principalement limitées à l'Amérique latine, à l'Espagne et au Portugal.Mais la dernière variante est conçue pour cibler spécifiquement plus de 1500 banques mondiales, permettant aux attaquants de commettre une fraude bancaire dans plus de 60 pays, élargissant la portée du malware à des régions comme l'Amérique centrale et du Sud, l'Afrique, l'Europe et l'Indo-Pacifique.Selon IBM, les logiciels malveillants évolués et le ciblage élargi peuvent être en réponse à des mesures d'application de la loi contre Grandoreiro. La chaîne d'infection de Grandoreiro \\ commence par un chargeur personnalisé, qui vérifie si la victime est une cible légitime et non un chercheur ou dans un bac à sable.Il rassemble des données de base de la victime, l'envoie au serveur de commandement et de contrôle (C2) et télécharge le Trojan.La variante récente du Malware \\ comprend un mécanisme de décryptage de chaîne retravaillé, en utilisant un processus complexe et en plusieurs étapes impliquant le cryptage Base64 et AES. Le Troie profil les victimes pour adapter les attaques, ciblant des applications bancaires spécifiques et des portefeuilles de crypto-monnaie.Son algorithme DGA avancé génère plusieurs domaines C2 quotidiennement, améliorant sa résilience.Grandoreiro peut exécuter un large éventail de commandes, de la télécommande et de la gestion des fichiers aux campagnes de spam de keylogging et d'Outlook.Cette capacité à envoyer des e-mails de phishing des clients Infected Outlook contribue à sa propagation. ## Microsoft Intelligence En plus de suivre l'activité de Grandoreiro en Europe, en Afrique et en Amérique latine, Microsoft Threat Intelligence a observé un ciblage de Grandoreiro aux États-Unis. ## Détections ** Microsoft Defender Antivirus ** Microsoft Defender Antivirus détecte les composants de menace comme le FOLlowing malware: - * [Trojanspy: Win32 / Grandoreiro] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojanspy:win32/grandoreiro& ;TheRatid=-2147235291) * - * [Trojan: Win32 / Grandoreiro] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojan:win32/Grandoreiro.MBJr!Mtb& ;heterid=-2147060695) * - * [Trojandownloader: VBS / Grandoreiro] (https://www.microsoft.com/en-us/wdssi/Therets/Malware-encyClopedia-Description?name=trojandownOader:win32/grandoreiro.zy!SMS& ;Thereatid=-2147059024) * - * [Trojan: Win64 / Grandoreiro] (https://www.microsoft.com/en-us/wdsi/Therets/Malware-encyClopedia-dercription?name=trojan:win64/grandoreiro.psye!mtb& ;theatid=-2147128454)* - * [Comportement: win32 / Grandoreiro] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=behavior:win32/grandoreiro.f & menaceId = -2147139055) * - * [Spyware: win32 / Grandoreiro] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encycopedia-dercription?naME = Spyware: Win32 / Grandoreiro! Mclg & menaceID = 325649) * ** Microsoft Defender pour le point de terminaison ** Les alertes avec les titres suivants dans le centre de sécurité peuvent indiquer une activité de menace sur votre réseau: - * Activité possible de Grandoreiro * ## Recommandations Microsoft recommande les atténuations sui | Threat Spam Malware Tool Legislation | ★★ | |
|
2024-05-22 15:53:10 | Snowflake & apos; s signaux d'investissement anvilogiques changent dans le marché SIEM Snowflake's Anvilogic Investment Signals Changes in SIEM Market (lien direct) |
Venant dans les talons de Cisco Buying Splunk, Palo Alto Networks acquérant IBM & APOS; s Qradar et Logrhythm fusionnant avec EXABEAM, l'investissement de Snowflake & apos; de Snowflake met en évidence la pression du marché en cours pour améliorer les outils SOC.
Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools. |
Tool | ★★★ | |
|
2024-05-22 15:21:21 | Bad Karma, No Justice: Void Manticore Destructive Activities in Israel (lien direct) | #### Géolocations ciblées - Israël ## Instantané Check Point Research a publié une analyse de l'acteur de menace iranien Void Manticore, l'acteur Microsoft suit en tant que Storm-0842.Affilié au ministère des Intelligences et de la Sécurité (MOIS), le vide Manticore effectue des attaques d'essuyage destructrices combinées à des opérations d'influence.L'acteur de menace exploite plusieurs personnages en ligne, les plus importants d'entre eux étant la justice de la patrie pour des attaques en Albanie et au Karma pour des attaques menées en Israël. ## Description Il y a des chevauchements clairs entre les cibles de vide manticore et de marminé marqué (aka Storm-0861), avec des indications de remise systématique des cibles entre ces deux groupes lorsqu'ils décident de mener des activités destructrices contre les victimes existantes de Manticore marqué.Les procédures de transfert documentées entre ces groupes suggèrent un niveau de planification cohérent et permettent à un accès vide de manticore à un ensemble plus large d'objectifs, facilité par leurs homologues \\ 'avancés.Les postes de collaboration ont annulé Manticore en tant qu'acteur exceptionnellement dangereux dans le paysage des menaces iraniennes. Void Manticore utilise cinq méthodes différentes pour mener des opérations perturbatrices contre ses victimes.Cela comprend plusieurs essuie-glaces personnalisés pour Windows et Linux, ainsi que la suppression manuelle de fichiers et de lecteurs partagés.Dans leurs dernières attaques, Void Manticore a utilisé un essuie-glace personnalisé appelé Bibi Wiper, faisant référence au surnom du Premier ministre d'Israël, Benjamin Netanyahu.L'essorage a été déployé dans plusieurs campagnes contre plusieurs entités en Israël et dispose de variantes pour Linux et Windows. ## Analyse Microsoft Microsoft Threat Intelligence Tracks void Manticore comme [Storm-0842] (https://security.microsoft.com/intel-profiles/0c1349b0f2bd0e545d4f741eeae18dd89888d3c0fbf99540b7cf623ff5bb2bf5) ministère du renseignement et de la sécurité (MOIS).Depuis 2022, Microsoft a observé plusieurs cas où Storm-0842 a déployé un outil destructeur dans un environnement précédemment compromis par [Storm-0861] (https://security.microsoft.com 8DE00), un autre groupe avec des liens avecLes Mois. Depuis 2022, Microsoft a observé que la majorité des opérations impliquant Storm-0842 ont affecté les organisations en [Albanie] (https://security.microsoft.com/intel-explorer/articles/5491ec4b) et en Israël.En particulier, Microsoft a observé des opérateurs associés à Storm-0842 de manière opportuniste [déploiez l'essuie-glace de Bibi en réponse à la guerre d'Israël-Hamas.] (Https://security.microsoft.com/intel-explorer/articles/cf205f30) ## Détections Microsoft Defender Antivirus détecte plusieurs variantes (Windows et Linux) de l'essuie-glace Bibi comme le malware suivant: - [DOS: WIN32 / WPRBLIGHTRE] (https://www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description?name=dos:win32/wprblightre.b!dha& ;theratid=-2147072872)(Les fenêtres) - [dos: lINUX / WPRBLIGHTRE] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=dos:linux/wprblightre.a& ;threatid = -2147072991) (Linux) ## Recommandations Microsoft recommande les atténuations suivantes pour réduire l'impact de cette menace. - Lisez notre [Ransomware en tant que blog de service] (https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-udentSanding-the-cybercrim-gig-ecoony-and-Comment-protect-vous-soi / # défendant-against-ransomware) pour des conseils sur le développement d'une posture de sécurité holistique pour prévenir les ransomwares, y compris l'hygiène des informations d'identification et les recommandations de durcissement. - Allumez [Protection en cloud-étirement] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-lock-at-first-sigh | Threat Ransomware Malware Tool | APT 34 | ★★★ |
 |
2024-05-22 14:20:38 | ALERTE NOUVELLES: AI Spera intègre son outil de renseignement Criminal IP \\ 'Criminal Ip dans AWS Marketplace News alert: AI SPERA integrates its \\'Criminal IP\\' threat intelligence tool into AWS Marketplace (lien direct) |
> Torrance, Californie, 22 mai 2024, CyberNewswire & # 8212;AI Spera, un leader des solutions de renseignement cyber-menace (CTI), a annoncé aujourd'hui que son moteur de recherche propriétaire, IP criminel , est maintenant disponible sur le AWS Marketplace .
Cette intégration garantit un achat de logiciel efficace & # 8230; (Plus…)
Le post News Alert: Ai Spera intègre son outil de renseignement Criminal ip \\ 'menace dans AWS Marketplace est apparu pour la première fois sur le dernier chien de garde .
>Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace. This integration ensures efficient software procurement … (more…) The post News alert: AI SPERA integrates its \'Criminal IP\' threat intelligence tool into AWS Marketplace first appeared on The Last Watchdog. |
Threat Tool | ★★★ | |
|
2024-05-22 14:18:49 | Pindrop dévoile Pindrop Pindrop Unveils 2024 Voice Intelligence Security Report & Groundbreaking Pulse Deepfake Warranty (lien direct) |
Pindrop dévoile 2024 Rapport de sécurité du renseignement vocal et révolutionnaire Pulse Deepfake Garantie
La propagation de la désinformation, des pertes financières et de la réputation endommagée figurent parmi les préoccupations critiques prévues pour dégénérer en raison de la prolifération des Fakes Deep et de l'avancement des outils génératifs de l'IA.
-
rapports spéciaux
Pindrop Unveils 2024 Voice Intelligence Security Report & Groundbreaking Pulse Deepfake Warranty The spread of misinformation, financial losses, and damaged reputations are among the critical concerns projected to escalate due to the proliferation of deepfakes and the advancement of generative AI tools. - Special Reports |
Tool | ★★★ | |
 |
2024-05-22 14:00:00 | Extinction de l'IOC?Les acteurs de cyber-espionnage de Chine-Nexus utilisent des réseaux orbes pour augmenter les coûts des défenseurs IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders (lien direct) |
Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers. Building networks of compromised devices allows ORB network administrators to easily grow the size of their ORB network with little effort and create a constantly evolving mesh network that can be used to conceal espionage operations. By using these mesh networks to conduct espionage operations, actors can disguise external traffic between command and control (C2) infrastructure and victim environments including vulnerable edge devices that are being exploited via zero-day vulnerabilities. These networks often use both rented VPS nodes in combination with malware designed to target routers so they can grow the number of devices capable of relaying traffic within compromised networks. Mandiant assesses with moderate confidence that this is an effort to raise the cost of defending an enterprise\'s network and shift the advantage toward espionage operators by evading detection and complicating attribution. Mandiant believes that if network defenders can shift the current enterprise defense paradigm away from treating adversary infrastructure like indicators of compromise (IOCs) and instead toward tracking ORB networks like evolving entities akin to APT groups, enterprises can contend with the rising challenge of ORB networks in the threat landscape. IOC Extinction and the Rise of ORB Networks The cybersecurity industry has reported on the APT practice of ORB network usage in the past as well as on the functional implementation of these networks. Less discussed are the implications of broad ORB network usage by a multitude of China-nexus espionage actors, which has become more common over recent years. The following are three key points and paradigm shifting implications about ORB networks that require enterprise network defenders to adapt the way they think about China-nexus espionage actors: ORB networks undermine the idea of “Actor-Controlled Infrastructure”: ORB networks are infrastructure networks administered by independent entities, contractors, or administrators within the People\'s Republic of China (PRC). They are not controlled by a single APT actor. ORB networks create a network interface, administer a network of compromised nodes, and contract access to those networks to multiple APT actors that will use the ORB networks to carry out their own distinct espionage and reconnaissance. These networks are not controlled by APT actors using them, but rather are temporarily used by these APT actors often to deploy custom tooling more conventionally attributable to known China-nexus adversaries. ORB network infrastructure has a short lifesp |
Threat Malware Cloud Tool Prediction Commercial Vulnerability | APT 15 APT 5 APT 31 | ★★★ |
 |
2024-05-22 13:24:31 | Aux États-Unis pour investir 50 millions de dollars dans la sécurisation des hôpitaux contre les cybermenaces US to Invest $50 Million in Securing Hospitals Against Cyber Threats (lien direct) |
> ARPA-H a annoncé un investissement de 50 millions de dollars dans des outils pour aider les équipes informatiques à mieux sécuriser les environnements hospitaliers.
>ARPA-H has announced a $50 million investment in tools to help IT teams better secure hospital environments. |
Tool | ★★ | |
|
2024-05-22 08:41:40 | Innovation grâce à la collaboration: les avantages mutuels des programmes de primes de bogues Innovation through collaboration: the mutual benefits of bug bounty programs (lien direct) |
> Les programmes de primes de bogues sont un outil charnière dans le paysage de la cybersécurité, offrant une situation gagnant-gagnant aux organisations qui cherchent à augmenter leur posture de sécurité.Mais ils fournissent également une source de revenus vitale à de nombreux professionnels de l'INFOSEC dans le monde entier.& # 160;Dans ce billet de blog, nous mettons en évidence & # 160; comment les initiatives de prime de bogue bénéficient aux organisations tout en autonomisant l'éthique [& # 8230;]
>Bug bounty programs are a pivotal tool in the cybersecurity landscape, offering a win-win situation for organizations looking to boost their security posture. But they also provide a vital source of income for many infosec professionals around the globe. In this blog post, we\'ll highlight how bug bounty initiatives benefit organizations while also empowering ethical […] |
Tool | ★★★ | |
|
2024-05-22 07:40:07 | Checkmarx lance AI Security (lien direct) | Checkmarx accélère la sécurité du code généré par IA avec sa nouvelle offre AI Security De nouveaux outils pour sécuriser le code généré par IA mais aussi pour empêcher la fuite de données et la propriété intellectuelle - Produits | Tool | ★★ | |
|
2024-05-22 00:36:51 | Sage Cyber lance l'outil de planification CISO SAGE Cyber Launches CISO Planning Tool (lien direct) |
En tant qu'entreprise nouvellement indépendante, Sage Cyber offrira une plate-forme qui aide les CISO à prendre des décisions basées sur les données et à optimiser leurs défenses de sécurité.
As a newly independent company, SAGE Cyber will offer a platform that helps CISOs make data-driven decisions and optimize their security defenses. |
Tool | ★★ | |
 |
2024-05-21 20:48:29 | Couverture des menaces de netskope: Attaques de ransomwares Microsoft Assist rapide Netskope Threat Coverage: Microsoft Quick Assist Ransomware Attacks (lien direct) |
> Introduction Microsoft a récemment mis en évidence l'abus de l'outil de support à distance rapide dans les attaques sophistiquées d'ingénierie sociale conduisant à des infections à ransomwares.Ce billet de blog résume la menace et recommande une stratégie d'atténuation pour les clients de NetSkope.Chaîne d'attaque Un groupe d'adversaire inconnu exploite une aide rapide aux campagnes d'ingénierie sociale ciblées.Ces attaques généralement [& # 8230;]
>Introduction Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers. Attack Chain An unknown adversary group is exploiting Quick Assist in targeted social engineering campaigns. These attacks typically […] |
Threat Ransomware Tool | ★★ | |
|
2024-05-21 15:18:47 | Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts (lien direct) | #### Géolocations ciblées
- États-Unis
#### Industries ciblées
- Éducation
- L'enseignement supérieur
- agences et services gouvernementaux
## Instantané
Proofpoint a détecté une campagne de Sucregh0st Rat active en mai 2024 destinée aux organisations américaines impliquées dans l'intelligence artificielle, y compris celles du monde universitaire, de l'industrie privée et du gouvernement.
## Description
La campagne utilise une variante de Troie (rat) d'accès à distance de l'ancien GH0Strat.Historiquement, GH0Strat a été utilisé par les acteurs de la menace de langue chinoise pour cibler les utilisateurs d'Asie centrale et de l'Est.
Dans cette campagne, les acteurs de la menace ont utilisé un compte de messagerie gratuit pour envoyer des e-mails de spectre sur le thème de l'IA-AI à des cibles qui leur ont demandé d'ouvrir un fichier zip ci-joint.Lors de l'ouverture du fichier, un fichier de raccourci LNK a déployé un compte-gouttes JavaScript qui a ensuite installé la charge utile de Sugargh0st, en utilisant diverses techniques telles que le codage de base64, l'abus d'outils ActiveX et l'exécution de shellcode à plusieurs étages pour établir des données de persistance et d'exfiltrat.
Proofpoint note qu'il a observé un nombre relativement faible de campagnes impliquant Sugargh0strat depuis sa détection pour la première fois en 2023. Les objectifs précédents incluent une société de télécommunications américaine, une organisation internationale des médias et une organisation gouvernementale sud-asiatique.ProofPoint évalue que ces campagnes sont extrêmement ciblées.Cette campagne la plus récente semble avoir ciblé moins de 10 personnes, qui sont toutes liées à une seule organisation américaine d'intelligence artificielle.
## Les références
[Mémoire de sécurité: édulcorant artificiel: Sugargh0st Rat a utilisé pour cibler des experts en intelligence artificielle américaine] (https://www.proalfpoint.com/us/newsroom/news/us-ai-experts-targeted-sugargh0st-ram-campaign).Microsoft (consulté en 2024-05-21)
#### Targeted Geolocations - United States #### Targeted Industries - Education - Higher Education - Government Agencies & Services ## Snapshot Proofpoint has detected a SugarGh0st RAT campaign active during May 2024 aimed at US organizations involved in artificial intelligence, including those in academia, private industry, and government. ## Description The campaign uses a remote access trojan (RAT) variant of the older Gh0stRAT. Historically, Gh0stRAT has been used by Chinese-speaking threat actors to target users in Central and East Asia. In this campaign, the threat actors used a free email account to send AI-themed spearphishing emails to targets that instructed them to open an attached zip file. Upon opening the file, an LNK shortcut file deployed a JavaScript dropper that then installed the SugarGh0st payload, employing various techniques like base64 encoding, ActiveX tool abuse, and multi-stage shellcode execution to establish persistence and exfiltrate data. Proofpoint notes that it has observed a relatively small number of campaigns involving SugarGh0stRAT since it was first detected in 2023. Previous targets include a US telecommunications company, an international media organization, and a South Asian government organization. Proofpoint assesses that these campaigns are extremely targeted. This most recent campaign appears to have targeted less than 10 individuals, all of whom are connected to a single US artificial intelligence organization. ## References [Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts](https://www.proofpoint.com/us/newsroom/news/us-ai-experts-targeted-sugargh0st-rat-campaign). Microsoft (accessed 2024-05-21) |
Threat Tool | ★★★ | |
 |
2024-05-21 14:02:19 | MSP Brite révèle les dernières stratégies de cybersécurité MSP Brite Reveals The Latest Cybersecurity Strategies (lien direct) |
> Quels outils et techniques votre organisation devrait-elle utiliser pour gérer les risques?& # 8211;Stephen Salinas, responsable du marketing de produit, stellaire Cyber San Jose, Californie & # 8211;21 mai 2024 Les cyberattaques évoluent toujours, tout comme les outils et les techniques que les organisations utilisent pour gérer les risques.Pour obtenir
>What tools and techniques should your organization use to manage risk? – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – May 21, 2024 Cyberattacks are always evolving, and so are the tools and techniques organizations use to manage risk. To get |
Tool | ★★ | |
|
2024-05-21 14:00:00 | Trous dans votre bitbucket: pourquoi votre pipeline CI / CD fuit des secrets Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets (lien direct) |
Written by: Mark Swindle
While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian\'s code repository tool, Bitbucket, and leveraged by threat actors to gain unauthorized access to AWS. This blog post illustrates how Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches. Background Bitbucket is a code hosting platform provided by Atlassian and is equipped with a built-in continuous integration and continuous delivery/deployment (CI/CD) service called Bitbucket Pipelines. Bitbucket Pipelines can be used to execute CI/CD use cases like deploying and maintaining resources in AWS. Bitbucket includes an administrative function called "Secured Variables" that allows administrators to store CI/CD secrets, such as AWS keys, directly in Bitbucket for easy reference by code libraries. CI/CD Secrets: CI/CD Secrets serve as the authentication and authorization backbone within CI/CD pipelines. They provide the credentials required for pipelines to interact with platforms like AWS, ensuring pipelines possess the appropriate permissions for their tasks. Secrets are often extremely powerful and are beloved by attackers because they present an opportunity for direct, unabated access to an environment. Maintaining confidentiality of secrets while balancing ease of use by developers is a constant struggle in securing CI/CD pipelines. Bitbucket Secured Variables: Bitbucket provides a way to store variables so developers can quickly reference them when writing code. Additionally, Bitbucket offers an option to declare a variable as a "secured variable" for any data that is sensitive. A secured variable is designed such that, once its value is set by an administrator, it can no longer be read in plain text. This structure allows developers to make quick calls to secret variables without exposing their values anywhere in Bitbucket. Unless… Exporting Secrets from Bitbucket in Plain Text CI/CD pipelines are designed just like the plumbing in your house. Pipes, valves, and regulators all work in unison to provide you with reliable, running water. CI/CD pipelines are a complicated orchestration of events to accomplish a specific task. In order to accomplish this, these pipelines are highly proficient at packaging and deploying large volumes of data completely autonomously. As a developer, this creates countless possibilities for automating work, but, as a security professional, it can be a cause for anxiety and heartburn. Perhaps it\'s a line of code with a hardcoded secret sneaking into production. Maybe it\'s a developer accidentally storing secrets locally on their machine. Or maybe, as we have seen in recent investigations, it\'s a Bitbucket artifact object containing secrets for an AWS environment being published to publicly available locations like S3 Buckets or company websites. Bitbucket secured variables are a convenient way to store secrets locally in Bitbucket for quick reference by developers; however, they come with one concerning characteristic-they can be exposed in plain text through artifact objects. If a Bitbucket variable-secured or not secured-is copied to an artifact object using the artifacts: command, the result will generate a .txt file with |
Threat Studies Tool | ★★★ | |
 |
2024-05-21 13:37:26 | Gestion des mots de passe meilleures pratiques: dans quelle mesure les gestionnaires de mots de passe sont-ils sécurisés? Password Management Best Practices: How Secure Are Password Managers? (lien direct) |
Les gestionnaires de mots de passe sont des outils pratiques pour stocker, organiser et accéder aux mots de passe.Mais sont-ils à l'abri des cyberattaques?
Password managers are convenient tools for storing, organizing, and accessing passwords. But are they safe from cyber attacks? |
Tool | ★★ | |
|
2024-05-21 11:49:00 | Dell Technologies annonce la création de la Dell AI Factory (lien direct) | Dell Technologies accélère l'innovation basée sur l'IA avec la Dell AI Factory Le portefeuille de solutions d'IA le plus étendu du marché, du poste de travail au datacenters en passant par le Cloud, permet aux clients de saisir les opportunités d'IA rapidement et en toute sécurité. • Dell AI Factory offre aux entreprises l'infrastructure, les solutions et les services nécessaires pour adopter et déployer rapidement l'IA à grande échelle. • Les nouveaux PC Dell AI avec Copilot+ permettent aux utilisateurs de se focaliser sur des tâches stratégiques et créatives grâce aux nouvelles expériences d'IA de Microsoft, alimentées par les processeurs Snapdragon® X Elite et Snapdragon X Plus. • Les innovations de Dell en matière de stockage, de protection des données et de mise en réseau offrent des avancées en termes de performances et d'évolutivité pour permettre la prise en charge des déploiements d'IA. • Les solutions d'IA de Dell et les partenaires de l'écosystème simplifient le déploiement des applications d'IA grâce à des logiciels et du matériel intégrés et prétestés. • Dell étoffe son portefeuille de services professionnels en matière d'IA afin de fournir les outils et le cadre nécessaires à la création de plates-formes d'IA et à l'utilisation de copilotes d'IA. • Les optimisations de l'infrastructure et des services de Dell AI Factory with NVIDIA favorisent l'adoption de l'IA et l'innovation. - Produits | Cloud Tool | ★★ | |
|
2024-05-21 10:00:00 | Au-delà de la Silicon Valley: où les professionnels de la cybersécurité se dirigent dans un avenir à dominant IA Beyond Silicon Valley: Where Cybersecurity Pros Are Heading in an AI-Dominant Future (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 88% of cybersecurity professionals believe that artificial intelligence (AI) will significantly impact their jobs, according to a survey by the International Information System Security Certification Consortium (ISC2). With only 35% of the respondents having already witnessed AI’s effects on their jobs, there’s no question that there is a level of uncertainty regarding the future within the industry and how much of a role AI will play. From the negatives to the silver lining, AI has the potential to greatly transform the cybersecurity landscape in the coming years — a reality that can lead many Silicon Valley professionals to expand their horizons. A Brief Outlook AI is rapidly transforming the modern cybersecurity landscape, according to Station X. “It is enhancing the capabilities of bad actors to perform more sophisticated attacks while empowering cyber security professionals to elevate their defenses.” To highlight a few of many advantages, AI provides immediate access to an extensive knowledge base, serves as a reliable copilot for task execution, automates the protection of systems, and can even augment the workflow of professionals to increase efficiency, Station X points out. Andrew Shikiar, executive director at FIDO Alliance, expands on the threat of AI going forward in 2024. “The threat posed by AI to cybersecurity is real, but there is certainly a ‘hype’ element in how big a share of highly sophisticated new AI attacks and data breaches are going to pose.” Phishing, deep fakes, and disinformation are all identified as threats that AI brings to the table. In regard to phishing, SecurityWeek notes that if AI-as-a-service does emerge in 2024, it will lead to an increase in phishing incidents. Ivan Novikov, founder and CEO at Wallarm warns: “These AI models can provide novice malicious actors with advanced capabilities… which were once the domain of more skilled hackers.” The rise of AI can leave many feeling hopeless regarding the outlook of cybersecurity jobs, with the worry that technological advancements will eliminate valuable positions in the coming years. However, Station X goes on to point out that currently, there is a high demand for skilled cyber professionals in the job market, with an expectation that by 2025 there will be 3.5 million unfilled cybersecurity jobs “due to a lack of skilled professionals and a growing need to secure more and more systems.” A silver lining AI will undoubtedly have a profound impact on sectors like cybersecurity, though there is a silver lining to keep in mind. Infosecurity Magazine dives deeper into the report by ISC2, which reveals that more than four in five respondents (82%) agree that AI will improve job efficiency for cyber professionals (it’s further noted that 42% strongly agree with this statement). Furthermore, the report found that more than half of respondents | Threat Tool Vulnerability | ★★ | |
|
2024-05-21 06:06:47 | Recall de Microsoft – Un outil super pratique ou un gros risque pour votre vie privée ? (lien direct) | Microsoft et Apple créent des outils espions qui enregistrent tout ce qu'on fait sur nos PC, rappelant l'épisode glaçant de Black Mirror. Vie privée et liberté en danger ? | Tool | ★★★ | |
|
2024-05-21 05:00:13 | 74% des CISO croient que les gens sont leur plus grande vulnérabilité de leur entreprise, révèle la voix de la voix du CISO 2024 74% of CISOs Believe that People Are Their Company\\'s Biggest Vulnerability, 2024 Voice of the CISO Report Reveals (lien direct) |
Bien que les 12 derniers mois aient peut-être manqué les événements des années précédentes, il a été loin d'être silencieux pour les principaux officiers de sécurité de l'information du monde (CISO).Le besoin désormais permanent de soutenir les travaux à distance et hybride a créé une plus grande surface d'attaque pour de nombreuses entreprises que jamais auparavant.Dans le même temps, les cyber-menaces deviennent plus fréquentes, sophistiquées et dommageables. & Nbsp; & nbsp; Les employés modifient des emplois à des niveaux record et prennent des données avec eux lorsqu'ils partent.Pendant ce temps, l'IA génératrice et les outils standard mettent des menaces dévastatrices entre les mains de quiconque veut payer quelques dollars.Et la recherche pour le rapport inaugural du paysage des pertes de données de Proofpoint a révélé que les employés négligents sont des entreprises \\ '' problème de perte de données. & Nbsp; & nbsp; & nbsp; Pour comprendre comment les CISO se trouvent dans une autre année à succès dans le paysage du cyber-risque, Proofpoint a interrogé 1 600 de ces leaders de la sécurité dans le monde pour en savoir plus sur leurs rôles et leurs perspectives pour les deux prochaines années.Cette année, nous avons interrogé des organisations avec plus de 1 000 employés pour mieux comprendre les pratiques de cybersécurité complexes. & NBSP; Les cisos se sentent plus inquiets mais mieux préparés & nbsp; & nbsp; Qu'ils soient motivés par le chiffre d'affaires des employés, les cyberattaques de plus en plus sophistiquées ou la dépendance croissante à l'égard de la technologie des nuages, la plupart des CISO scannent nerveusement le paysage des menaces.Plus des deux tiers (70%) pensent que leurs entreprises sont à risque de cyberattaque au cours des 12 prochains mois de 68% en 2023 et 48% en 2022. & nbsp; & nbsp; Malgré ces préoccupations, de nombreux CISO que nous avons interrogés ont déclaré que la capacité de leur entreprise ait \\ à faire face aux conséquences.Moins de la moitié (43%) croient qu'ils ne sont pas préparés pour une cyberattaque ciblée de 61% en 2023 et 50% en 2022. & nbsp; & nbsp; Il est encourageant de savoir que plus de cisos se sentent prêts à faire face à des cybermenaces.Cependant, la réalité est que 70% des CISO croient également qu'une attaque est imminente et presque la moitié ne reste pas préparée à son impact. & Nbsp; & nbsp; Les humains restent une préoccupation majeure et NBSP; Cette année, il y a de nombreuses menaces dans l'esprit des CISO, des ransomwares et de la fraude par e-mail aux menaces d'initiés et aux compromis sur le compte cloud.Mais leur peuple leur provoque le plus d'anxiété. & Nbsp; & nbsp; Près des trois quarts (74%) des CISO croient que l'erreur humaine est leur plus grande cyber-vulnérabilité, contre 60% en 2023 et 56% en 2022. Encore plus (80%) croient que le risque humain et la négligence des employés seront des préoccupations clés de cybersécurité pourles deux prochaines années. & nbsp; & nbsp; Nos recherches montrent que les CISO croient généralement que leur peuple est conscient de leur rôle critique dans la défense de l'entreprise contre les cyber-menaces.Que les CISO voient toujours leur peuple comme le principal facteur de risque suggère qu'il y a une déconnexion entre les employés de la compréhension des cybermenaces et leur capacité à garder les menaces à distance.& nbsp; 74% des CISO croient que l'erreur humaine est leur plus grande cyber-vulnérabilité. & NBSP; 86% pensent que leurs employés comprennent leur rôle dans la défense de l'entreprise contre les cybermenaces.Près de la moitié (45%) sont fortement d'accord avec cette déclaration. & NBSP; 41% croient que les attaques de ransomwares sont la principale menace pour leur entreprise au cours des 12 prochains mois. & Nbsp; & nbsp; Les CISO ressentent la pression & nbsp; & nbsp; Les CISO ont cimenté leur place dans la salle de conférence ces dernières années, et bon nombre de ces | Threat Ransomware Cloud Studies Tool Vulnerability | ★★★★ | |
 |
2024-05-20 20:27:37 | Comment l'e-mail Antigena Darktrace a attiré une attaque par e-mail de Fearware How Darktrace Antigena Email Caught A Fearware Email Attack (lien direct) |
DarkTrace détecte et neutralise efficacement les attaques de Fearware Emparant des outils de sécurité de la passerelle.En savoir plus sur la façon dont les e-mails Antigena surpassent les cybercriminels.
Darktrace effectively detects and neutralizes fearware attacks evading gateway security tools. Learn more about how Antigena Email outsmarts cyber-criminals. |
Tool | ★★★ | |
|
2024-05-20 18:55:02 | Naviguer dans l'avenir de la cybersécurité: les meilleurs défis I&O pour l'année à venir Navigating the Future of Cybersecurity: Top I&O Challenges for the Year Ahead (lien direct) |
La série de blogs «i & # 38; o perspectives» présente des interviews avec des visionnaires de l'industrie et des experts avec des rôles dans la gestion des produits, le conseil, l'ingénierie et plus encore.Notre objectif est de présenter différents points de vue et prédictions sur la façon dont les organisations & # 8217;Le réseautage, l'infrastructure et les opérations (i & # 38; o) sont touchés par le paysage de menace actuel, les outils de réseautage et de cybersécurité existants, ainsi que les implications pour [& # 8230;]
The “I&O Perspectives” blog series features interviews with industry visionaries and experts with roles in product management, consulting, engineering and more. Our goal is to present different viewpoints and predictions on how organizations’ networking, infrastructure and operations (I&O) are impacted by the current threat landscape, existing networking and cybersecurity tools, as well as implications for […] |
Threat Tool | ★★ | |
|
2024-05-20 18:50:40 | La vulnérabilité de l'outil de bits courants menace des milliards de déploiements de cloud Fluent Bit Tool Vulnerability Threatens Billions of Cloud Deployments (lien direct) |
> Par deeba ahmed
"Linguistic Lumberjack" menace les violations de données (CVE-2024-4323).Patch maintenant pour protéger vos services cloud à partir de la divulgation d'informations, du déni de service ou même de la prise de contrôle à distance.
Ceci est un article de HackRead.com Lire le post original: La vulnérabilité de l'outil de bits courants menace des milliards de déploiements cloud
>By Deeba Ahmed "Linguistic Lumberjack" Threatens Data Breaches (CVE-2024-4323). Patch now to shield your cloud services from information disclosure, denial-of-service, or even remote takeover. This is a post from HackRead.com Read the original post: Fluent Bit Tool Vulnerability Threatens Billions of Cloud Deployments |
Cloud Tool Vulnerability | ★★★★ | |
|
2024-05-20 14:19:33 | Faits saillants hebdomadaires, 20 mai 2024 Weekly OSINT Highlights, 20 May 2024 (lien direct) |
## Instantané La semaine dernière, les rapports OSINT de \\ mettent en évidence un éventail diversifié de cyber-menaces sophistiquées ciblant divers secteurs, notamment des infrastructures critiques, des institutions financières et des entités diplomatiques.Les articles soulignent la complexité croissante des vecteurs d'attaque, tels que l'utilisation de campagnes de tunnels DNS, de malvertisation et de phishing sophistiquées.Les acteurs de la menace, allant de groupes à motivation financière comme FIN7, à des entités parrainées par l'État comme Turla, utilisent des techniques avancées comme l'obscurcissement des logiciels malveillants, la stéganographie et l'ingénierie sociale pour atteindre leurs objectifs. ## Description 1. ** [Darkgate Malware Campaign exploite PDF Lures] (https://security.microsoft.com/intel-explorer/articles/055cd342) **: les chercheurs de ForcePoint ont identifié une campagne de logiciels malveillants Darkgate qui utilise des rémissions de PDF déguisées sous forme de factures QuickBooks intuites, incitant les utilisateurs à télécharger un fichier malveillant des archives Java (JAR).Le fichier JAR télécharge des charges utiles supplémentaires, y compris un script AutOIT, établissant des connexions distantes et exécutant du code de shell pour communiquer avec les serveurs C2. 2. ** [Campagne d'évolution des logiciels malveillants Ebury] (https://security.microsoft.com/intel-explorer/articles/276a4404) **: Les chercheurs ESET ont indiqué que le malware Ebury, qui cible les serveurs Linux pour un gain financier, a de gain financier,a évolué avec de nouvelles techniques d'obscurcissement et un algorithme de génération de domaine.Le malware, actif depuis 2009, compromet les serveurs pour voler des données de crypto-monnaie et financières, exploitant le trafic SSH et tirant parti de l'infrastructure du fournisseur d'hébergement. 3. ** [DNS Tunneling utilisé pour la communication secrète] (https://security.microsoft.com/intel-explorer/articles/7f0d7aa3) **: les chercheurs de Palo Alto ont mis en évidence l'utilisation du tunneling DNS par des pirates pour exfiltrater les données et communiqueravec les serveurs C2 secrètement.Des campagnes comme "TrkCDN" et "Secshow" utilisent cette technique pour contourner les mesures de sécurité traditionnelles, l'intégration de données malveillantes dans les requêtes et les réponses DNS. 4. ** [La campagne de phishing distribue une nouvelle souche de logiciels malveillants] (https://security.microsoft.com/intel-explorer/articles/95ff5bf6)**: AhnLab a identifié une campagne de phishing distribuant des logiciels malveillantsPar e-mails déguisés en avertissements de violation du droit d'auteur, conduisant à l'infostaler et aux ransomwares de bête vidar.Le ransomware crypte les fichiers et se propage via des réseaux, tandis que l'infostaler cible les informations utilisateur et se connecte aux serveurs C2. 5. ** [Profil github utilisé pour distribuer des logiciels malveillants] (https://security.microsoft.com/intel-explorer/articles/4782de66) **: le groupe INSIKT a découvert une campagne par des acteurs de menace russe à l'aide de GitHub pour distribuer des logiciels malveillantsse faire passer pour un logiciel légitime.La campagne a utilisé des variantes comme le voleur atomique MacOS (AMOS) et le vidar pour infiltrer les systèmes et voler des données sensibles, indiquant un effort coordonné d'un groupe de menaces sophistiqué. 6. ** [Fin7 utilise des sites Web malveillants pour répandre les logiciels malveillants] (https://security.microsoft.com/intel-explorer/articles/6c0c8997) **: ESENTIRE observé Fin7, suivi par Microsoft comme [Sangria Tempest] (Https: Https://security.microsoft.com/intel-profiles/3e4a164ad64958b784649928499521808aeaea4d3565df70afc7c85eaee69f74278), en utilisant des sites Web malveillants qui imposent des marques et des formes de pochette et de la rencontre Google.Les attaques impliquaient Netsupport Rat pour la reconnaissance et la persistance du système, | Threat Ransomware Malware Tool Vulnerability Medical | ★★ | |
|
2024-05-20 10:00:00 | Disséquant une attaque de phishing à plusieurs étapes. Dissecting a Multi-stage Phishing Attack. (lien direct) |
Phishing is one of the most common forms of cyber attack that organizations face nowadays. A 2024 risk report states that 94% of organizations fall victim to phishing attacks, and 96% are negatively impacted by them. However, phishing attacks are not only growing in number but are also more sophisticated and successful. This is owing to the modern multi-stage phishing attack, which is common nowadays. The multi-stage phishing attack is a sophisticated and multifaceted technique that increases the likelihood of success of an attack. While these attacks are becoming increasingly common, there needs to be more awareness of them. Therefore, to find relevant measures for mitigating these attacks, organizations must gain crucial insights regarding these multifaceted threats covered in this blog. What is a Multi-stage Phishing Attack? As its name suggests, a multi-stage phishing attack is a complex form of traditional phishing. In a multi-stage setup, a phishing attack relies on more deceptive strategies and phases rather than solely relying on one deceptive email, unlike in a traditional phishing attack. All the phases within the multi-stage phishing attack are designed to build trust and gather relative information about the target over time. Since this approach works discreetly on a multi-phased setup, it allows threat actors to bypass advanced security measures such as residential proxies and phishing detection tools. Multi-stage phishing attacks are a common occurrence in the modern cyber threat landscape. Attackers use this sophisticated layered tactic to deploy targeted ransomware or while conducting successful business email compromise (BEC) attacks. Dissecting a multi-stage phishing attack A multi-stage phishing attack is a sophisticated strategy that relies on a sequence of carefully designed steps. These steps help increase the probability of a successful phishing attack by evading advanced security and detection techniques. A typical multi-stage approach to the attack consists of the following phases: Initial Contact Like any traditional attack, the multi-stage attack starts with the threat actor initiating contact with the target through seemingly innocuous means. These include social media messages, phishing emails, or even physical methods such as USB drops. Establishing Trust After establishing contact with the target, the threat actor builds trust. This often involves impersonating legitimate entities or using communication channels familiar to the target, making it easy for them to fall victim and trust the threat actor. Introducing Complexities As the attack progresses, the threat actor introduces complexities such as using CAPTCHAs, QR Codes, and steganography to create further layers of deception, guaranteeing the attack\'s success. Exploitation The final stage of the attack involves exploiting the target. At this stage, the threat actor could either deploy malware, extract sensitive information, or perform any other malicious activity that might have been the goal of the whole attack. This multi-layered nature of a phishing attack makes it hard to detect through traditional security tools like residential proxies and phishing detection tools. Therefore, it ultimately makes the attack successful. How QR Codes, Captchas, and Steganography Are Used in Layered Phishing Attacks. In a multi-stage phishing attack, QR Codes, steganography, and CAPTCHAs are used to overcome security barriers and increase the attack\'s efficiency. Here is how each of these elements is used to ensure the attack is successful: QR Codes Quick Response or QR codes have become ubiquitous in various applications since they a | Threat Ransomware Malware Tool | ★★ | |
|
2024-05-19 07:00:00 | WebCopilot : L\'ultime outil d\'automatisation pour les chasseurs de bugs 🚀 (lien direct) | WebCopilot est un outil d'automatisation puissant conçu pour les chasseurs de bugs. Il énumère les sous-domaines, filtre les paramètres vulnérables et scanne les failles de sécurité pour un gain de temps et d'efficacité considérable lors des tests d'intrusion. | Tool | ★★★★ |
To see everything:
Our RSS (filtrered)
