What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-27 13:00:39 | Vérifiez les technologies du logiciel reconnu comme un leader supérieur de Frost Radar ™ 2024 Global Managed Detection and Response Rapport Check Point Software Technologies Recognized as a Top Leader in Frost Radar™ 2024 Global Managed Detection and Response Report (lien direct) |
> Check Point Software a fièrement annoncé qu'elle avait été nommée un leader de la croissance et de l'innovation dans le rapport Global Managed Detection and Response 2024 de la détection gérée de Frost Radar ™.Check Point a démontré les capacités impressionnantes de son infinité MDR / MPR, ce qui permet aux organisations avec des outils de pointe pour prévenir rapidement et remédier efficacement aux attaques, maximisant les performances globales.À propos de Frost Radar ™: Frost & # 38;Le rapport Sullivan & # 8217; s Frost Radar ™ a analysé divers facteurs pour déterminer les principaux fournisseurs de détection et de réponse gérés (MDR).Après avoir évalué plus de 150 acteurs de l'industrie, le rapport a identifié indépendamment 22 fournisseurs MDR comme les principaux leaders de la croissance et de l'innovation dans cet espace.Le rapport [& # 8230;]
>Check Point Software proudly announced that it has been named a Growth and Innovation Leader in the Frost Radar™ Global Managed Detection and Response 2024 Report. Check Point has demonstrated the impressive capabilities of its Infinity MDR/MPR, empowering organizations with cutting-edge tools to rapidly prevent and efficiently remediate attacks, maximizing overall performance. About the Frost Radar™: Frost & Sullivan’s Frost Radar™ report analyzed various factors to determine the leading Managed Detection and Response (MDR) providers. After evaluating over 150 industry players, the report independently identified 22 MDR vendors as the top growth and innovation leaders in this space. The report […] |
Tool | ★★ | |
 |
2024-03-27 10:29:52 | GRAND Issue travaillant avec NCSC, NCA et a rencontré la police pour enquêter sur le cyber-incident Big Issue working with NCSC, NCA and Met Police to investigate cyber incident (lien direct) |
Les chercheurs de Comparerch, le site Web Pro-Consumer fournissant des informations, des outils, des avis et des comparaisons pour aider les lecteurs à améliorer leur cybersécurité et leur confidentialité en ligne, ont découvert que Ransomware Gang Qilin a revendiqué son crédit sur son site Web pour avoir volé 550 Go de données dans les données des données des données des données des données de laBig Issue, un journal de rue basé au Royaume-Uni.La société a déclaré dans un communiqué que [& # 8230;]
Le post GRAND PROBLÈME DE LA PRODUCTION AVEC NCSC, NCA ET MONT La police pour enquêter sur le cyber-incident est apparu pour la première fois sur gourou de la sécurité informatique .
Researchers at Comparitech, the pro-consumer website providing information, tools, reviews and comparisons to help readers improve their cyber security and privacy online, have discovered that ransomware gang Qilin claimed credit on its website for stealing 550 GB of data from the Big Issue, a UK-based street newspaper. The company has said in a statement that […] The post Big Issue working with NCSC, NCA and Met Police to investigate cyber incident first appeared on IT Security Guru. |
Ransomware Tool Legislation | ★★ | |
 |
2024-03-27 10:00:00 | Techniques avancées de numérisation NMAP Advanced Nmap Scanning Techniques (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let\'s take a look at these techniques:
1. Vulnerability Detection
Syntax: nmap -sV --script=vulners
Nmap\'s vulnerability detection feature, facilitated by the \'vulners\' script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems.
2. Idle Scanning
Syntax: nmap -sI
Idle scanning represents a stealthy approach to port scanning, leveraging a "zombie" host to obfuscate the origin of scan requests. By monitoring changes in the zombie host\'s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target\'s ports without direct interaction.
3. Firewall Testing (Source Port Spoofing)
Syntax: nmap --source-port
This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses.
4. Service-Specific Probes (SMB Example)
Syntax: nmap -sV -p 139,445 --script=smb-vuln*
Nmap\'s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems.
5. Web Application Scanning (HTTP title grab)
Syntax: nmap -sV -p 80 --script=http-title
Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation.
By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations.
Nmap Scripting Engine:
One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool\'s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems.
nmap --script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by --script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap --script-help ssl-enum-ciphers
Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements. |
Tool Vulnerability Threat | ★★★ | |
 |
2024-03-27 08:00:00 | Danswer – Posez des questions à vos documents directement dans Slack et compagnie (lien direct) | Danswer est une solution open source qui facilite la recherche de documents et répond aux questions en langage naturel. Il s'intègre avec des outils de travail tels que Google Drive, Confluence et Slack, et apprend des commentaires grâce à des modèles d'apprentissage profond personnalisés. Danswer peut être déployé avec Docker Compose ou Kubernetes et couvre diverses applications pour améliorer l'efficacité des équipes. | Tool | ★★★ | |
 |
2024-03-26 22:24:00 | Package NuGet malveillant lié à l'espionnage industriel cible les développeurs Malicious NuGet Package Linked to Industrial Espionage Targets Developers (lien direct) |
Les chasseurs de menaces ont identifié un ensemble suspect dans le & nbsp; Nuget Package Manager & NBSP; qui a probablement conçu pour cibler les développeurs travaillant avec des outils fabriqués par une entreprise chinoise spécialisée dans la fabrication d'équipements industriels et numériques.
Le package en question est & nbsp; sqzrframework480, qui inverselabs a déclaré a été publié pour la première fois le 24 janvier 2024. Il a été & nbsp; téléchargé & nbsp;
Threat hunters have identified a suspicious package in the NuGet package manager that\'s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded |
Tool Threat Industrial | ★★ | |
 |
2024-03-26 18:46:40 | Des milliers d'entreprises utilisant le cadre Ray exposé aux cyberattaques, disent les chercheurs Thousands of companies using Ray framework exposed to cyberattacks, researchers say (lien direct) |
Les chercheurs avertissent que les pirates exploitent activement une vulnérabilité contestée dans un cadre d'IA à source ouverte populaire connue sous le nom de Ray.Cet outil est couramment utilisé pour développer et déployer des applications Python à grande échelle, en particulier pour les tâches telles que l'apprentissage automatique, l'informatique scientifique et le traitement des données.Selon le développeur de Ray \\, tous les domaines, le cadre est utilisé par major
Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray. This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing. According to Ray\'s developer, Anyscale, the framework is used by major |
Tool Vulnerability | ★★★ | |
 |
2024-03-26 13:00:00 | Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) | > Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
|
2024-03-26 13:00:00 | Défendre votre espace de travail mobile: les risques d'atténuation des applications de téléchargement de touche Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) |
> Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
 |
2024-03-26 11:10:00 | Top 3 des outils de cybersécurité pour protéger les données de l'entreprise Top 3 Cybersecurity Tools to Protect Business Data (lien direct) |
> Par uzair amir
Découvrez les trois principaux outils de cybersécurité conçus pour protéger vos données commerciales à partir de menaces et de violations en ligne, assurant un transfert de données sécurisé.
Ceci est un article de HackRead.com Lire le post original: Top 3 des outils de cybersécurité pour protéger les données de l'entreprise
>By Uzair Amir Discover the top three cybersecurity tools designed to safeguard your business data from online threats and breaches, ensuring secure data transfer. This is a post from HackRead.com Read the original post: Top 3 Cybersecurity Tools to Protect Business Data |
Tool | ★★★ | |
|
2024-03-26 10:00:00 | L'importance croissante du CAASM dans la stratégie de cybersécurité de l'entreprise The Growing Importance of CAASM in Company Cybersecurity Strategy (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years\' events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive tools in the cyber domain. Cybersecurity concepts that were nascent a few years ago are now being refined, demonstrating the practical benefits of modern digital risk management strategies. Gartner analysts have highlighted the expansion of the attack surface as a significant risk for corporate cyber environments in the upcoming years. The most vulnerable entities include IoT devices, cloud apps, open-source systems, and complex software supply chains. There is an increasing demand for concepts like Cyber Asset Attack Surface Management (CAASM), External Attack Surface Management (EASM), and Cloud Security Posture Management (CSPM) in corporate security frameworks. This trend is also documented in Gartner\'s "hype" chart. Let\'s discuss the concept of CAASM, which is centered on identifying and managing all digital assets within an organization, whether they are internal or external. This approach aims to provide a comprehensive view and control over the organization\'s cyber environment, enhancing security measures and management practices. What Is CAASM CAASM assists IT departments in achieving end-to-end visibility of a company\'s cyber assets. This strategy creates a fuller understanding of the actual state of the infrastructure, enabling the security team to respond promptly to existing threats and potential future ones. CAASM-based products and solutions integrate with a broad array of data sources and security tools. CAASM gathers and aggregates data and analyzes perimeter traffic, providing a continuous, multi-dimensional view of the entire attack surface. Having access to current asset data enables information security officers to visualize the infrastructure and address security gaps promptly. They can prioritize the protection of assets and develop a unified perspective on the organization\'s actual security posture. This sets the stage for proactive risk management strategies. Exploring CAASM\'s Core Functions The CAASM approach equips security professionals with a variety of tools necessary for effectively managing an organization\'s attack surface and addressing risks. Asset Discovery A lack of visibility into all of an organization\'s assets heightens the risk of cyberattacks. Cyber Asset Attack Surface Management products automatically detect and catalog every component of a company\'s digital infrastructure, encompassing local, cloud, and various remote systems, including shadow IT. A company employing CAASM gains a clear overview of all its deployed web applications, servers, network devices, and cloud services. CAASM facilitates a comprehensive inventory of the devices, applications, networks, and users constituting the company\'s attack surface. Vulnerability Detection It is important to understand the risks each asset poses, such as missing the latest security updates or opportunities to access sensitive data. CAASM systems integrate asset data, helping security teams identify misconfigurations, vulnerabilities, and oth | Ransomware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
 |
2024-03-25 13:28:48 | Faits saillants hebdomadaires, 25 mars 2024 Weekly OSINT Highlights, 25 March 2024 (lien direct) |
La semaine dernière, les rapports OSINT de \\ présentent une gamme de cyber-menaces, des campagnes d'espionnage parrainées par l'État russe par Secret Blizzard à l'infosteller malware comme Formbook et le lecteur Adobe Infosaler, démontrant l'adaptabilité et la persistance entre les acteurs de la menace.Des tactiques trompeuses telles que la typosquat et la distribution de faux logiciels sont utilisées pour le camouflage des activités et ciblent des groupes d'utilisateurs spécifiques, comme on le voit dans le cas du ciblage chinois des moteurs de recherche.De plus, le malvertising basé sur la recherche, notamment avec le malware FakeBat, met en évidence l'abus de sites Web légitimes et de certificats numériques pour échapper aux mesures de sécurité.Dans l'ensemble, ces tendances soulignent la nécessité de mesures de cybersécurité robustes et de l'intelligence continue des menaces pour atténuer efficacement les menaces en évolution. 1. ** [Campagne d'espionnage de Turla] (https://security.microsoft.com/intel-explorer/articles/bf6723e9?): ** Le groupe d'espionnage russe Turla, également connu sous le nom de Blizzard secret par Microsoft, orchestraciblant une ONG européenne, employant des tactiques comme le vol d'information et l'infiltration du réseau.Les activités post-compromises de Turla \\ impliquent le déploiement d'implants comme Tinyturla-ng et la reconnaissance de la reconnaissance, la démonstration de persistance et de furtivité dans leurs opérations. 2. ** [Linux Server RCE Attack] (https://security.microsoft.com/intel-explorer/articles/9b8f807f?): ** Cybereason Security Services rapporte un incident impliquant un serveur Linux exploité via une exécution de code distante (RCE) Vulnérabilité dans Apache ActiveMQ, facilitant le déploiement de VADes charges utiles malveillantes comme Mirai Botnet, Hellokitty Ransomware et Coinminers.Attaquer les méthodologiesClude l'automatisation et les séances interactives via les coquilles inversées de Netcat, mettant en évidence le divers arsenal des acteurs de la menace et leurs tactiques adaptables. 3. ** [Formbook InfoSteller Malware] (https://security.microsoft.com/intel-explorer/articles/7b321c6c?): ** Formbook, un logiciel malveillant infoséaler, présente des capacités avancées comme le suivi de la touche et la capture de l'écran, pendant l'évasion de l'évasion, comme le suivi des touches de touche et la capture d'écran, pendant l'évadisation, toutDétection par des techniques d'obscurcissement et de chiffrement.Les cybercriminels distribuent Formbook par courrier électronique, avec des cas d'utilisation notés lors des conflits géopolitiques, soulignant sa flexibilité et sa menace persistante. 4. ** [Ciblage de moteurs de recherche chinois] (https://security.microsoft.com/intel-explorer/articles/5a806c77?): ** Kaspersky découvre une menace ciblant les utilisateurs chinois via des versions modifiées de rédacteurs de texte populaires distribués via le type typosquattinget d'autres techniques trompeuses, soulignant les acteurs de la menace \\ 'efforts pour imiter les ressources légitimes à des fins malveillantes. 5. ** [Phantomblu Malware Campaign] (https://security.microsoft.com/intel-explorer/articles/356f4d44?): ** Perception Point révèle la campagne Phantomblu ciblant les organisations américaines avec le rat Netsupport, l'utilisation de la campagne avancée AdvanceLes tactiques d'évasion comme la manipulation des modèles OLE et l'ingénierie sociale pour compromettre efficacement les systèmes, présentant une évolution des stratégies de livraison de logiciels malveillants mélangeant l'évasion et l'ingénierie sociale. 6. ** [Surge malvertising basé sur la recherche] (https://security.microsoft.com/intel-explorer/articles/7cc81ecb?): ** MalwareBytes rapporte une augmentation des incidents malvertisons basés sur la recherche, impliquant notamment le malware FakeBat malveillant FakeBat.Distribué par le biais des installateurs de MSIX avec le code PowerShell obsc | Ransomware Spam Malware Tool Vulnerability Threat | ★★★ | |
|
2024-03-25 13:00:20 | New Geobox Tool détourne Raspberry Pi, permet aux pirates de faux emplacement New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location (lien direct) |
> Par deeba ahmed
nouvel outil Web Dark Geobox, vendu pour 700 $ sur les forums Telegram et Underground, les détournements Raspberry Pi, permettant aux cybercriminels de truquer les emplacements et d'éviter la détection.
Ceci est un article de HackRead.com Lire le post original: New Geobox Tool détourne Raspberry Pi, permet aux pirates de faux emplacement
>By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location |
Tool | ★★★ | |
 |
2024-03-25 11:43:55 | Les meilleurs développeurs Python piratés dans une attaque de chaîne d'approvisionnement sophistiquée Top Python Developers Hacked in Sophisticated Supply Chain Attack (lien direct) |
> Plusieurs développeurs Python sont infectés après le téléchargement du clone de malveillance de l'outil populaire Colorama.
>Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. |
Tool | ★★★ | |
|
2024-03-25 10:00:00 | Décodage des implications de cybersécurité de l'avancement rapide de l'AI \\ Decoding the Cybersecurity Implications of AI\\'s Rapid Advancement (lien direct) |
The genius at the heart of AI—its ability to sift through mountains of data, actually spot a needle in a haystack, and act on threats before they blossom into full-scale emergencies—it’s undeniable. However, here’s the rub—every part of that impressive arsenal? It’s also up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the | Spam Tool Vulnerability Threat Prediction Technical | Deloitte | ★★ |
 |
2024-03-25 08:19:08 | TD SYNNEX lance CITADEL (lien direct) | TD SYNNEX lance CITADEL, une offre de cybersécurité managée 24h/24 à destination des TPE/PME • CITADEL by TD SYNNEX offre un service de sécurité proactif et préventif qui bloque les cyberattaques en temps réel. • C'est un service entièrement intégré et facilement déployable sur les outils Microsoft Business Premium. - Produits | Tool | ★★ | |
 |
2024-03-25 00:00:00 | Les cybercriminels transforment Raspberry Pi en un outil de fraude et d'anonymisation: Geobox Discovery Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery (lien direct) |
TD SYNNEX lance CITADEL, une offre de cybersécurité managée 24h/24 à destination des TPE/PME • CITADEL by TD SYNNEX offre un service de sécurité proactif et préventif qui bloque les cyberattaques en temps réel. • C'est un service entièrement intégré et facilement déployable sur les outils Microsoft Business Premium. - Produits | Tool | ★★★★ | |
 |
2024-03-23 21:28:48 | Les pirates peuvent débloquer 3 millions de portes hôtelières dans 131 pays Hackers Can Unlock 3 million Hotel Doors In 131 Countries (lien direct) |
Les chercheurs en sécurité ont découvert des vulnérabilités dans la gamme de serrures électroniques RFID de Dormakaba \\, ce qui pourrait permettre à un attaquant d'accéder aux chambres d'hôtel et aux portes de l'unité de logement multifamilial en quelques secondes en utilisant une seule paire de clés forgés. La série de vulnérabilités, surnommée «DeSaflok», a été découverte par les chercheurs Lennert Wouters, Ian Carroll, RQU, Buscanfly, Sam Curry, Shell et Will Caruana en septembre 2022 et divulgués en mars 2024, comme l'a rapporté pour la première fois par | Tool Vulnerability Mobile Technical | ★★ | |
 |
2024-03-22 20:00:00 | AWS CISO: faites attention à la façon dont l'IA utilise vos données AWS CISO: Pay Attention to How AI Uses Your Data (lien direct) |
Amazon Web Services Ciso Chris Betz explique pourquoi une AI générative est à la fois un outil d'économie de temps ainsi qu'une épée à double tranchant.
Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool as well as a double-edged sword. |
Tool | ★★ | |
|
2024-03-22 16:46:46 | Outil de suivi de la désinformation de la clé méta-volet avant 2024 Élections Meta to shutter key disinformation tracking tool before 2024 election (lien direct) |
La décision de Meta \\ de fermer sa division Crowdtangle - un outil qui suit le contenu sur les réseaux sociaux - a augmenté la colère de plus de 100 groupes de recherche et de défense qui disent qu'il rendra plus difficile la lutte contre la désinformation.Des groupes tels que la Fondation Mozilla, le Center for Democracy and Technology and Access maintenant envoyés
Meta\'s decision to close its CrowdTangle division - a tool that tracks content across social media - has raised the ire of more than 100 research and advocacy groups who say it will make it harder to fight disinformation. Groups including the Mozilla Foundation, the Center for Democracy and Technology and Access Now sent |
Tool | ★★ | |
 |
2024-03-22 06:00:42 | La solution centrée sur l'homme à un problème centré sur l'homme défiant vos données critiques The Human-Centric Solution to a Human-Centric Problem-Defending Your Critical Data (lien direct) |
This cybersecurity lore is well on its way to becoming cliché. But like most clichés, it\'s true: Data doesn\'t leave your organization on its own. People let your data out. They either take it with them, or they leave the door open for someone else to help themselves. In this environment, where cybercriminals are less inclined to target software vulnerabilities and far more focused on our identities, the perimeter as we once knew it has disappeared. Today, our people are the perimeter-wherever they are, on-premises or in the cloud, and whatever systems, devices and credentials they use to access our data. Needless to say, if cyberattacks are targeted at our people (or rather, their identities), then our cyber defenses must be targeted, too. But with large and often remote workforces accessing our networks across various endpoints, this is increasingly challenging. To protect our people-and, in turn, our businesses-we need a deep understanding of who is accessing our data as well as how, when, where and why. It\'s only when we have all this information that we can begin to place protections where they are needed most, educate users on the risks they face and fight threat actors on the new frontier of our identities. Tackling insider threats As if defending a new, more fluid perimeter wasn\'t difficult enough, the increased focus on our identities presents another problem. Our people are already within our traditional defenses. So, to protect against malicious, compromised or careless users who are enabling data loss, we need to defend from the inside out. Email remains the number one entry point for common and advanced threats, so any effective defense starts in the inbox. Our people must understand the importance of strong credentials, the risk of password reuse and sharing, and the dangers posed by phishing emails, malicious links and bogus attachments. In our research for the 2024 State of the Phish report, Proofpoint found that security professionals in Europe and the Middle East rated password reuse as the riskiest behavior-and the second-most common behavior among end users. Email protection tools can assist here, too, by filtering malicious messages before they reach the inbox. That helps to mitigate the compromised employee use case. However, security teams must always assume that threats will get through these lines of defense, even with detection rates above 99% being the norm. And when they do, additional layers of security are needed to stop them in their tracks. Advanced enterprise data loss prevention (DLP) and insider threat management (ITM) tools provide this additional layer. By analyzing content, behavior and threat telemetry, these tools highlight anomalous or suspicious behavior that can lead to data loss. Careless users were the most cited cause of data loss in our inaugural 2024 Data Loss Landscape report. To handle this use case you might want to interrupt their careless behavior with a security prompt. For example, suppose an employee attempts to send confidential files in a plain text email. A simple pop-up advising them to reconsider their action could prevent this data from being exposed. A complete log of the incident is also captured, which can add real-world context to security awareness training. Another action that a careless user may perform is to send an email to the wrong recipient. According to our research, 1 in 3 users misdirected one or two emails to the wrong recipient. In the event of a malicious insider, intelligent DLP and ITM tools will spot and alert security teams to any high-risk behaviors. This could be a user who downloads an unauthorized app to a corporate machine or renames files to hide their intentions and cover their tracks. As for leavers-who remain one of the primary reasons for insider-driven data loss-security teams can take a more proactive approach. By focusing on these high-risk employees, you can build an evidential picture of intent. With the right tools in place, you can capture activity l | Tool Vulnerability Threat Cloud | ★★ | |
|
2024-03-21 18:18:00 | AndroxGH0st malware cible les applications Laravel pour voler des informations d'identification cloud AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials (lien direct) |
Les chercheurs en cybersécurité ont fait la lumière sur un outil appelé & nbsp; androxgh0st & nbsp; qui a utilisé pour cibler les applications Laravel et voler des données sensibles.
"Il fonctionne en numérisant et en supprimant des informations importantes à partir des fichiers .env, en révélant les détails de connexion liés à AWS et Twilio", a déclaré le chercheur de Juniper Threat Labs Kashinath T Pattan & NBSP;
"Classé comme un cracker SMTP, il exploite SMTP
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP |
Malware Tool Threat Cloud | ★★ | |
|
2024-03-21 16:00:00 | GitHub lance l'outil AutoFix alimenté par AI pour aider les développeurs à patcher des défauts de sécurité GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (lien direct) |
GitHub a annoncé mercredi qu'il met à disposition une fonctionnalité appelée Code Scanning Autofix en bêta publique pour All & NBSP; Advanced Security Clients & NBSP; pour fournir des recommandations ciblées dans le but d'éviter d'introduire de nouveaux problèmes de sécurité.
"Powered by & nbsp; github copilot & nbsp; et & nbsp; codeQL, le code scan de code Autofix couvre plus de 90% des types d'alerte en javascript, dactylographié, java, et
GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and |
Tool Patching | ★★ | |
 |
2024-03-21 05:30:10 | Le gang Kimsuky de 2024 et de la Corée du Nord \\ en Corée du Nord exploite les fichiers d'aide Windows It\\'s 2024 and North Korea\\'s Kimsuky gang is exploiting Windows Help files (lien direct) |
nouvel infosteller peut indiquer un changement de tactique & # 8211;Et peut-être aussi des cibles, au-delà de l'Asie Kimsuky Cyber Crime Gang, de la Corée du Nord, a commencé une campagne en utilisant de nouvelles tactiques, selon le fournisseur d'outils infosec Rapid7.…
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia North Korea\'s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.… |
Tool | ★★★★ | |
 |
2024-03-21 00:00:00 | Bringing Access Back - Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect (lien direct) | Written by: Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed exploitation of Connectwise ScreenConnect CVE-2024-1709 by the same actor. This mix of custom tooling and the SUPERSHELL framework leveraged in these incidents is assessed with moderate confidence to be unique to a People\'s Republic of China (PRC) threat actor, UNC5174. Mandiant assesses UNC5174 (believed to use the persona "Uteus") is a former member of Chinese hacktivist collectives that has since shown indications of acting as a contractor for China\'s Ministry of State Security (MSS) focused on executing access operations. UNC5174 has been observed attempting to sell access to U.S. defense contractor appliances, UK government entities, and institutions in Asia in late 2023 following CVE-2023-46747 exploitation. In February 2024, UNC5174 was observed exploiting ConnectWise ScreenConnect vulnerability (CVE-2024-1709) to compromise hundreds of institutions primarily in the U.S. and Canada. Targeting and Timeline UNC5174 has been linked to widespread aggressive targeting and intrusions of Southeast Asian and U.S. research and education institutions, Hong Kong businesses, charities and non-governmental organizations (NGOs), and U.S. and UK government organizations during October and November 2023, as well as in February 2024. The actor appears primarily focused on executing access operations. Mandiant observed UNC5174 exploiting various vulnerabilities during this time. ConnectWise ScreenConnect Vulnerability CVE-2024-1709 F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability CVE-2023-46747 Atlassian Confluence CVE-2023-22518 Linux Kernel Exploit CVE-2022-0185 Zyxel Firewall OS Command Injection Vulnerability CVE-2022-30525 Investigations revealed several instances of UNC5174 infrastructure, exposing the attackers\' bash command history. This history detailed artifacts of extensive reconnaissance, web application fuzzing, and aggressive scanning for vulnerabilities on internet-facing systems belonging to prominent universities in the U.S., Oceania, and Hong Kong regions. Additionally, key strategic targets like think tanks in the U.S. and Taiwan were identified; however, Mandiant does not have significant evidence to determine successful exploitation of these targets. 
Figure 1: UNC5174 global targeting map
Initial Disclosure of CVE-2023-46747
On Oct. 25, 2023, Praetorian published an advisory and proof-of-concept (PoC) for a zero-day (0-day) vulnerabil |
Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2024-03-20 19:59:09 | Les logiciels malveillants des accryptor ont augmenté en Europe, disent les chercheurs AceCryptor malware has surged in Europe, researchers say (lien direct) |
Des milliers de nouvelles infections impliquant l'outil d'accryptor - qui permet aux pirates de obscurcir les logiciels malveillants et de les glisser dans des systèmes sans être détectés par des logiciels antivirus - ont été découverts dans le cadre d'une campagne ciblant des organisations à travers l'Europe. & NBSP;Des chercheurs de l'ESET ont passé des années à suivre l'accryptor, et ils ont déclaré mercredi que le
Thousands of new infections involving the AceCryptor tool - which allows hackers to obfuscate malware and slip it into systems without being detected by anti-virus software - have been discovered as part of a campaign targeting organizations across Europe. Researchers at ESET have spent years tracking AceCryptor, and they said on Wednesday that the |
Malware Tool | ★★ | |
|
2024-03-20 16:33:26 | Les pirates liés à la Russie utilisent des logiciels malveillants SmokeLoader pour voler des fonds aux entreprises ukrainiennes Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (lien direct) |
Selon un récent rapport, les logiciels malveillants smokeloder utilisés par les cybercriminels liés à la Russie restent l'un des principaux outils pour les hacks financiers en Ukraine.Entre mai et novembre 2023, les chercheurs ont identifié 23 campagnes de smokeloder visant divers objectifs en Ukraine, notamment des institutions financières et des organisations gouvernementales.Les pirates étaient les plus actifs en août et octobre, lancement
Smokeloader malware used by Russia-linked cybercriminals remains one of the major tools for financial hacks in Ukraine, according to a recent report. Between May and November 2023, researchers identified 23 Smokeloader campaigns aimed at various targets in Ukraine, including financial institutions and government organizations. The hackers were most active in August and October, launching |
Malware Tool | ★★★ | |
|
2024-03-20 12:49:56 | Détecter les menaces de nuage avec CloudGrappler Detecting Cloud Threats With CloudGrappler (lien direct) |
L'outil open source de Permiso peut aider les équipes de sécurité à identifier les acteurs de la menace qui se cachent dans leurs environnements AWS et Azure.
The open-source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments. |
Tool Threat Cloud | ★★ | |
 |
2024-03-20 04:56:57 | Qu'est-ce que la gestion des journaux et pourquoi vous en avez besoin What Is Log Management and Why you Need it (lien direct) |
Grâce à la chaîne d'approvisionnement en plein essor, à une multitude d'appareils IoT et de travail à domicile et une présence en expansion du cloud, les organisations ingèrent constamment de nouveaux matériels dans leur environnement informatique.Avec chaque nouvelle ligne de code vient une nouvelle chance pour une vulnérabilité cachée.Avec chaque faiblesse non fondée, les attaquants acquièrent une autre occasion pour prendre pied dans l'organisation et compromettre les actifs sensibles.Afin de l'arrêter, les entreprises peuvent tirer parti des outils de gestion de la configuration de sécurité (SCM) et des outils de surveillance de l'intégrité des fichiers (FIM), mais pour vraiment créer une approche préventive, ils ont besoin de plein ...
Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a foothold in the organization and compromise sensitive assets. In order to stop this, companies can leverage security configuration management (SCM) and file integrity monitoring (FIM) tools, but to truly create a preventative approach, they need full... |
Tool Vulnerability Cloud | ★★★ | |
|
2024-03-19 21:16:06 | Opération Phantomblu: la méthode nouvelle et évasive fournit un rat Netsupport Operation PhantomBlu: New and Evasive Method Delivers NetSupport RAT (lien direct) |
#### Description
Les chercheurs de la sécurité de Perception Point ont découvert la campagne Phantomblu ciblant les organisations américaines, déploiement du rat Netsupport grâce à des techniques d'évasion sophistiquées et des tactiques d'ingénierie sociale.Les attaquants ont utilisé des caractéristiques légitimes des outils d'administration à distance, tels que Netsupport Manager, pour des activités malveillantes telles que la surveillance, le keylogging, le transfert de fichiers et le contrôle du système.La campagne a exploité la manipulation du modèle OLE dans des documents Microsoft Office pour masquer et exécuter un code malveillant, en échappant aux systèmes de sécurité traditionnels.Grâce à l'analyse des e-mails et des charges utiles de phishing, les chercheurs ont identifié la préférence des attaquants pour utiliser des plateformes de livraison de messagerie réputées et leurs techniques complexes de compte-gouttes PowerShell.L'opération Phantomblu représente une évolution des stratégies de livraison de logiciels malveillants, mélangeant des méthodes d'évasion avancées avec l'ingénierie sociale pour compromettre efficacement les organisations ciblées.
#### URL de référence (s)
1. https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/
#### Date de publication
18 mars 2024
#### Auteurs)
Ariel Davidpur
#### Description Perception Point\'s security researchers uncovered the PhantomBlu campaign targeting US-based organizations, deploying the NetSupport RAT through sophisticated evasion techniques and social engineering tactics. The attackers used legitimate features of remote administration tools, such as NetSupport Manager, for malicious activities like surveillance, keylogging, file transfer, and system control. The campaign leveraged OLE template manipulation in Microsoft Office documents to hide and execute malicious code, evading traditional security systems. Through analysis of phishing emails and payloads, the researchers identified the attackers\' preference for using reputable email delivery platforms and their intricate PowerShell dropper techniques. The PhantomBlu operation represents an evolution in malware delivery strategies, blending advanced evasion methods with social engineering to compromise targeted organizations effectively. #### Reference URL(s) 1. https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ #### Publication Date March 18, 2024 #### Author(s) Ariel Davidpur |
Malware Tool | ★★ | |
|
2024-03-19 19:25:00 | De Deepfakes aux logiciels malveillants: le rôle croissant d'Ai \\ dans les cyberattaques From Deepfakes to Malware: AI\\'s Expanding Role in Cyber Attacks (lien direct) |
Les modèles de grande langue (LLMS) alimentaient aujourd'hui les outils d'intelligence artificielle (IA) pourraient être exploités pour développer des logiciels malveillants auto-auprès capables de contourner les règles YARA.
"L'IA générative peut être utilisée pour échapper aux règles YARA basées sur des chaînes en augmentant le code source des petites variantes de logiciels malveillants, en réduisant efficacement les taux de détection", a enregistré Future & NBSP; Said & NBSP; dans un nouveau rapport partagé avec les hacker News.
Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News. |
Malware Tool | ★★ | |
|
2024-03-19 15:33:07 | Les Russes ne pourront plus accéder à Microsoft Cloud Services, Business Intelligence Tools Russians will no longer be able to access Microsoft cloud services, business intelligence tools (lien direct) |
Microsoft aurait suspendu l'accès à ses services cloud pour les utilisateurs russes ce mois-ci en raison des sanctions européennes imposées à la Russie après son invasion de l'Ukraine.La société de technologie russe Softline, l'un des plus grands distributeurs de produits Microsoft du pays, a déclaré dans un communiqué la semaine dernière que les utilisateurs locaux
Microsoft will reportedly suspend access to its cloud services for Russian users this month as a result of European sanctions imposed on Russia after its invasion of Ukraine. The Russian tech firm Softline, one of the largest distributors of Microsoft products in the country, said in a statement last week that local users will |
Tool Cloud | ★★★ | |
|
2024-03-19 14:21:36 | Cato dévoile la détection et la réponse aux réseaux et à des incidents de sécurité dirigés par l'IA Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response (lien direct) |
Cato Networks, le leader de Sase, a annoncé l'ajout d'outils de détection d'incidences et de réponse au réseau à la plate-forme cloud Cato Sase.Avec les histoires de réseau pour Cato XDR, les algorithmes AI avancés identifient instantanément les pannes dans les réseaux clients et effectuent une analyse des causes profondes.Les équipes du Centre des opérations réseau (NOC) et du Centre des opérations de sécurité (SOC) ont désormais un [& # 8230;]
Le message Cato dévoile l'industrie de la détection et de la réponse des incidents et des incidents de sécurité dirigés par l'IA / p>
Cato Networks, the leader in SASE, announced the addition of network incident detection and response tools to the Cato SASE Cloud platform. With Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root cause analysis. Network operations centre (NOC) and security operations centre (SOC) teams now have a […] The post Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response first appeared on IT Security Guru. |
Tool Cloud | ★★★ | |
 |
2024-03-19 13:00:42 | Les acteurs de la menace exercent de nouvelles techniques d'attaque pour contourner les contrôles de sécurité d'apprentissage automatique Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls (lien direct) |
> & # 8220; Les attaques de conversation de conversation sont la dernière tentative pour obtenir des e-mails de phishing de la récolte des informations d'identification dans votre boîte de réception, les chercheurs de menace de slashnext ont découvert un nouveau type de cyberattaque dangereux dans la nature qui utilise des e-mails masqués pour inciter les outils d'apprentissage automatique à accepter la charge utile malveillante.La charge utile malveillante dans l'e-mail pénètre ensuite les réseaux d'entreprise pour exécuter [& # 8230;]
Le post Les acteurs de la menace exercent de nouvelles techniques d'attaque pour contourner les contrôles de sécurité d'apprentissage automatique est apparu pour la première fois sur slashnext .
>“Conversation Overflow” attacks are the latest attempt to get credential harvesting phishing emails into your inbox SlashNext threat researchers have uncovered a dangerous new type of cyberattack in the wild that uses cloaked emails to trick machine learning tools into accepting malicious payload. The malicious payload in the email then penetrates enterprise networks to execute […] The post Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls first appeared on SlashNext. |
Tool Threat | ★★★ | |
|
2024-03-19 05:00:28 | Le rapport du paysage de la perte de données 2024 explore la négligence et les autres causes communes de perte de données The 2024 Data Loss Landscape Report Explores Carelessness and Other Common Causes of Data Loss (lien direct) |
La perte de données est un problème de personnes, ou plus précisément, un problème de personnes imprudentes.C'est la conclusion de notre nouveau rapport, le paysage de la perte de données 2024, que Proofpoint lance aujourd'hui. Nous avons utilisé des réponses à l'enquête de 600 professionnels de la sécurité et des données de la protection des informations de Proofpoint pour explorer l'état actuel de la prévention de la perte de données (DLP) et des menaces d'initiés.Dans notre rapport, nous considérons également ce qui est susceptible de venir ensuite dans cet espace à maturation rapide. De nombreuses entreprises considèrent aujourd'hui toujours leur programme DLP actuel comme émergent ou évoluant.Nous voulions donc identifier les défis actuels et découvrir des domaines d'opportunité d'amélioration.Les praticiens de 12 pays et 17 industries ont répondu aux questions allant du comportement des utilisateurs aux conséquences réglementaires et partageaient leurs aspirations à l'état futur de DLP \\. Ce rapport est une première pour Proofpoint.Nous espérons que cela deviendra une lecture essentielle pour toute personne impliquée dans la tenue de sécuriser les données.Voici quelques thèmes clés du rapport du paysage de la perte de données 2024. La perte de données est un problème de personnes Les outils comptent, mais la perte de données est définitivement un problème de personnes.2023 Données de Tessian, une entreprise de point de preuve, montre que 33% des utilisateurs envoient une moyenne d'un peu moins de deux e-mails mal dirigés chaque année.Et les données de la protection de l'information ProofPoint suggèrent que à peu de 1% des utilisateurs sont responsables de 90% des alertes DLP dans de nombreuses entreprises. La perte de données est souvent causée par la négligence Les initiés malveillants et les attaquants externes constituent une menace significative pour les données.Cependant, plus de 70% des répondants ont déclaré que les utilisateurs imprudents étaient une cause de perte de données pour leur entreprise.En revanche, moins de 50% ont cité des systèmes compromis ou mal configurés. La perte de données est répandue La grande majorité des répondants de notre enquête ont signalé au moins un incident de perte de données.Les incidents moyens globaux par organisation sont de 15. L'échelle de ce problème est intimidante, car un travail hybride, l'adoption du cloud et des taux élevés de roulement des employés créent tous un risque élevé de données perdues. La perte de données est dommageable Plus de la moitié des répondants ont déclaré que les incidents de perte de données entraînaient des perturbations commerciales et une perte de revenus.Celles-ci ne sont pas les seules conséquences dommageables.Près de 40% ont également déclaré que leur réputation avait été endommagée, tandis que plus d'un tiers a déclaré que leur position concurrentielle avait été affaiblie.De plus, 36% des répondants ont déclaré avoir été touchés par des pénalités réglementaires ou des amendes. Préoccupation croissante concernant l'IA génératrice De nouvelles alertes déclenchées par l'utilisation d'outils comme Chatgpt, Grammarly et Google Bard ne sont devenus disponibles que dans la protection des informations de Proofpoint cette année.Mais ils figurent déjà dans les cinq règles les plus implémentées parmi nos utilisateurs.Avec peu de transparence sur la façon dont les données soumises aux systèmes d'IA génératives sont stockées et utilisées, ces outils représentent un nouveau canal dangereux pour la perte de données. DLP est bien plus que de la conformité La réglementation et la législation ont inspiré de nombreuses initiatives précoces du DLP.Mais les praticiens de la sécurité disent maintenant qu'ils sont davantage soucieux de protéger la confidentialité des utilisateurs et des données commerciales sensibles. Des outils de DLP ont évolué pour correspondre à cette progression.De nombreux outils | Tool Threat Legislation Cloud | ChatGPT | ★★★ |
|
2024-03-19 01:50:49 | Andariel Group exploitant les solutions de gestion des actifs coréens (Meshagent) Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent) (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment découvert les attaques continues d'Andariel Group & # 8217;.Il est à noter que des installations de Meshagent ont été trouvées dans certains cas.Les acteurs de la menace exploitent souvent Meshagent ainsi que d'autres outils de gestion à distance similaires car il offre diverses fonctionnalités de télécommande.Le groupe Andariel a exploité les solutions de gestion des actifs coréens pour installer des logiciels malveillants tels que Andarloader et ModelOader, qui sont les logiciels malveillants utilisés dans les cas précédents.En commençant par l'agent Innix dans le passé, le groupe ...
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Andariel group’s continuous attacks on Korean companies. It is notable that installations of MeshAgent were found in some cases. Threat actors often exploit MeshAgent along with other similar remote management tools because it offers diverse remote control features. The Andariel group exploited Korean asset management solutions to install malware such as AndarLoader and ModeLoader, which are the malware used in the previous cases. Starting with Innorix Agent in the past, the group... |
Malware Tool Threat | ★★ | |
|
2024-03-18 18:28:00 | Fortra Patches Critical RCE Vulnérabilité dans l'outil de transfert FileCatalyst Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (lien direct) |
Fortra a publié les détails d'un défaut de sécurité critique désormais par paire impactant sa solution de transfert de fichiers & nbsp; FileCatalyst & nbsp; qui pourrait permettre aux attaquants non authentifiés d'obtenir une exécution de code distante sur des serveurs sensibles.
Suivi sous le nom de CVE-2024-25153, la lacune contient un score CVSS de 9,8 sur un maximum de 10.
"Une traversée du répertoire dans le \\ 'ftpServlet \' du flux de travail FileCatalyst
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the \'ftpservlet\' of the FileCatalyst Workflow |
Tool Vulnerability | ★★ | |
 |
2024-03-18 15:14:24 | Le CISC australien améliore les outils et le cadre de la résilience organisationnelle, complète l'outil de vérification de la santé rafraîchie Australian CISC enhances organizational resilience tools and framework, complements refreshed HealthCheck Tool (lien direct) |
> L'Australian Cyber and Infrastructure Security Center (CISC) a dévoilé un outil d'auto-évaluation amélioré, l'outil d'organisation Resilience Healthcheck, ...
>The Australian Cyber and Infrastructure Security Centre (CISC) unveiled an enhanced self-assessment tool, the Organisational Resilience HealthCheck Tool,... |
Tool | ★★ | |
|
2024-03-18 13:23:03 | Faits saillants hebdomadaires OSINT, 18 mars 2024 Weekly OSINT Highlights, 18 March 2024 (lien direct) |
## Weekly OSINT Highlights, 18 March 2024 Last week\'s OSINT reporting revealed a common theme: cyberattacks targeting specific user groups are becoming more sophisticated. Take, for instance, the Notion installer malware, which dupes users by posing as a legitimate software installer, showcasing adept social engineering. Similarly, the BIPClip campaign demonstrates a highly targeted approach towards developers involved in cryptocurrency projects, with the threat actors leveraging multiple open-source packages to steal sensitive mnemonic phrases. Despite distinct attack methods, both instances underscore threat actors\' adaptability in tailoring attacks to their targets. Additionally, the analysis highlights a growing trend where attackers focus on specific sectors or user demographics, indicating a shift towards more targeted and stealthy cyber threats rather than indiscriminate attacks. This trend underscores the importance of user vigilance and the necessity for industry-specific cybersecurity measures to mitigate evolving risks. 1. **[Notion Installer Malware](https://security.microsoft.com/intel-explorer/articles/f21ac4ec?):** A new MSIX malware posing as the Notion installer is distributed through a fake website resembling the official Notion homepage. The malware, signed with a valid certificate, infects Windows PCs when users attempt to install Notion, compromising their systems with malware. 2. **[BIPClip Crypto Wallet Theft Campaign](https://security.microsoft.com/intel-explorer/articles/21aa5484?):** ReversingLabs uncovered the BIPClip campaign, which utilizes seven open-source packages across 19 versions from PyPI to steal mnemonic phrases for crypto wallet recovery. The campaign targets developers involved in cryptocurrency wallet projects, particularly those implementing Bitcoin Improvement Proposal 39 (BIP39), and employs sophisticated methods to avoid detection. The BIPClip campaign underscores how crypto assets are one of the most popular targets of cybercriminal groups and other threat actors, such as North Korean APTs. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments: - Tool Profile: [Information stealers](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) - [Financially motivated threat actors misusing App Installer](https://security.microsoft.com/intel-explorer/articles/74368091?) ## Recommendations to protect against Information stealers Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-sec | Ransomware Spam Malware Tool Threat Prediction | ★★★ | |
|
2024-03-18 13:20:09 | Dark Web Tool Arms Ransomware Gangs: Industries du commerce électronique et de l'aviation ciblées Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted (lien direct) |
par waqas
Cyber Warfare prend son envol: Géopolitique Attaques de carburant sur les compagnies aériennes - Dark Web Tool vise le commerce électronique!
Ceci est un article de HackRead.com Lire la publication originale: Dark Web Tool Arms Ransomware Gangs: e-commerce et ampli;Industries aéronautiques ciblées
By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted |
Ransomware Tool | ★★ | |
 |
2024-03-18 12:59:39 | Analyse agressive dans la prime des insectes (et comment l'éviter) Aggressive scanning in bug bounty (and how to avoid it) (lien direct) |
> Qu'est-ce que la numérisation agressive?Pourquoi devriez-vous l'éviter?Comment pouvez-vous l'éviter?Configuration des outils communs FFUF GOBUSTER SQLMAP Burp Conclusion Soyez doux lors de la réalisation de tests ou scanners automatisés.Certains programmes peuvent interdire les tests automatisés de toute nature ou imposer des limites de taux.Il est de la plus haute importance de suivre ces règles, comme une violation [& # 8230;]
>What is aggressive scanning? Why should you avoid it? How can you avoid it? Configuring Common Tools ffuf gobuster sqlmap burp Conclusion Be gentle when conducting automated tests or scanners. Some programs may disallow automated testing of any kind or impose rate limits. It is of utmost importance to follow these rules, as a violation […] |
Tool | ★★ | |
 |
2024-03-18 12:40:00 | Microsoft: 87% des organisations britanniques vulnérables aux cyberattaques coûteuses Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks (lien direct) |
Un rapport de Microsoft a révélé que 87% des organisations britanniques sont soit vulnérables ou à haut risque de cyberattaques et ont exhorté l'investissement dans l'IA comme outil de sécurité
A Microsoft report found that 87% of UK organizations are either vulnerable or at high-risk of cyber-attacks, and urged investment in AI as a security tool |
Tool | ★★★ | |
|
2024-03-18 10:00:00 | Explorer les risques de la technologie de suivi des yeux dans la sécurité VR Exploring the risks of eye-tracking technology in VR security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) offers profound benefits across industries, particularly in education and training, thanks to its immersive nature. Through derivatives, such as 3D learning environments, VR enables learners to gain a deeper understanding of theoretical concepts more quickly and efficiently. However, with the benefits come some dangers. One such risk is the integration of eye-tracking technology within virtual reality environments. While eye-tracking promises to make experiences better and improve security through biometric verification, it also raises privacy concerns. This technology, though handy, could be exploited by cybercriminals. For instance, a recent paper by Rutgers University shows that hackers could use common virtual reality (AR/VR) headsets with motion sensors to capture facial movements linked to speech. This could lead to the theft of sensitive data communicated through voice commands, like credit card numbers and passwords. | Tool Cloud | ★★★ | |
|
2024-03-16 07:00:00 | Top 50 des IA génératives à découvrir absolument en 2024 (lien direct) | Découvrez le top 50 des applications IA génératives les plus innovantes et populaires en 2024, classées selon leur trafic web et mobile. Des assistants généraux aux outils de productivité en passant par les compagnons IA, explorez les tendances clés et les entreprises émergentes dans le domaine de l'IA générative grand public. | Tool Mobile | ★★★ | |
|
2024-03-15 13:45:16 | Exclusif: après le démontage de Lockbit \\, son prétendu leader promet de pirater Exclusive: After LockBit\\'s takedown, its purported leader vows to hack on (lien direct) |
Cette semaine, le podcast Click Here a décroché une entrevue rare avec le prétendu leader du groupe Ransomware Lockbit - il porte le nom LockbitsUpp.Il est sous pression parce que le mois dernier, une opération de police internationale a infiltré le groupe et a saisi non seulement leur plate-forme, mais aussi leurs outils de piratage, les comptes de crypto-monnaie et le code source
This week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware group - he goes by the name LockBitSupp. He\'s under pressure because last month an international police operation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts and source code |
Ransomware Hack Tool Legislation | ★★★ | |
|
2024-03-14 15:53:00 | Redcurl Cybercrime Group abuse de l'outil PCA Windows pour l'espionnage d'entreprise RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage (lien direct) |
Le groupe de cybercrimes russophone appelé & nbsp; redcurl & nbsp; tire un tir un composant Microsoft Windows légitime appelé l'assistant de compatibilité du programme (PCA) pour exécuter des commandes malveillantes.
«Le service d'assistant de compatibilité du programme (Pcalua.exe) est un service Windows conçu pour identifier et résoudre les problèmes de compatibilité avec les programmes plus anciens», Trend Micro & Nbsp; Said & NBSP; dans une analyse
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs,” Trend Micro said in an analysis |
Tool Prediction | ★★ | |
|
2024-03-14 13:17:28 | Normcyber annonce un nouveau service d'évaluation de la réaction des incidents NormCyber announces new Incident Response Readiness Assessment Service (lien direct) |
Normcyber annonce un nouveau service d'évaluation de la préparation à la réponse aux incidents
Équipe les entreprises des outils pour renforcer et fortifier les réponses aux cyber-menaces
-
revues de produits
NormCyber announces new Incident Response Readiness Assessment Service Equips enterprises with the tools to bolster and fortify responses to cyber threats - Product Reviews |
Tool | ★★★ | |
|
2024-03-14 10:00:00 | Spyware commercial: la menace furtive Commercial spyware: The stealthy threat (lien direct) |
It can be difficult to over-estimate the benefits that we accrue from the use of technology in our day to day lives. But these benefits have come at a price which has redefined what we expect in terms of privacy. As a member of Generation X, which came of age at the dawn of the Internet era and witnessed the rise of an entire industry built on consumer information analytics, I have on occasion struck my own Faustian bargains, offering up my personal data in exchange for convenience. As have we all. In doing so we are implicitly trusting the organization that runs the website or app in question to safeguard our information effectively. Spyware, as the name suggests, is software designed to covertly gather data about a victim without their consent. Spyware can infect both computers and mobile devices, infiltrating them through malicious or hacked websites, phishing emails, and software downloads. Unlike other forms of malware that may seek to disrupt or damage systems, spyware operates discreetly, often evading detection while silently siphoning off sensitive information. When deployed against individuals this data can range from browsing habits and keystrokes to login credentials and financial information. Spyware can access microphones and cameras for purposes of gathering intelligence or evidence when deployed by government agencies, or capturing content for purposes of sale, blackmail, or other monetization schemes if deployed by threat actors. The effects of which can be devastating. The proliferation of commercial spyware poses significant risks to companies as well. Commercial spyware is a niche industry which develops and markets software for the purpose of data collection. Their products use many of the same methods as other kinds of malware. Often, commercial spyware leverages zero-day exploits that were either developed by the vendor in question or purchased from independent researchers. For example, in a recent report, Google researchers concluded that approximately half of the zero-day vulnerabilities targeting their products over the past decade were the work of “Commercial Surveillance Vendors” (https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products). | Ransomware Malware Tool Vulnerability Threat Legislation Mobile Commercial | ★★ | |
|
2024-03-14 06:00:19 | Comment nous avons déployé Github Copilot pour augmenter la productivité des développeurs How We Rolled Out GitHub Copilot to Increase Developer Productivity (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. Inspired by the rapid rise of generative artificial intelligence (GenAI), we recently kicked off several internal initiatives at Proofpoint that focused on using it within our products. One of our leadership team\'s goals was to find a tool to help increase developer productivity and satisfaction. The timing was perfect to explore options, as the market had become flush with AI-assisted coding tools. Our project was to analyze the available tools on the market in-depth. We wanted to choose an AI assistant that would provide the best productivity results while also conforming to data governance policies. We set an aggressive timeline to analyze the tools, collaborate with key stakeholders from legal, procurement, finance and the business side, and then deploy the tool across our teams. In the end, we selected GitHub Copilot, a code completion tool developed by GitHub and OpenAI, as our AI coding assistant. In this post, we walk through how we arrived at this decision. We also share the qualitative and quantitative results that we\'ve seen since we\'ve introduced it. Our analysis: approach and criteria When you want to buy a race car-or any car for that matter-it is unlikely that you\'ll look at just one car before making a final decision. As engineers, we are wired to conduct analyses that dive deeply into all the possible best options as well as list all the pros and cons of each. And that\'s what we did here, which led us to a final four list that included GitHub Copilot. These are the criteria that we considered: Languages supported IDEs supported Code ownership Stability AI models used Protection for intellectual property (IP) Licensing terms Security Service-level agreements Chat interface Innovation Special powers Pricing Data governance Support for a broad set of code repositories We took each of the four products on our shortlist for a test drive using a specific set of standard use cases. These use cases were solicited from several engineering teams. They covered a wide range of tasks that we anticipated would be exercised with an AI assistant. For example, we needed the tool to assist not just developers, but also document writers and automation engineers. We had multiple conversations and in-depth demos from the vendors. And when possible, we did customer reference checks as well. Execution: a global rollout Once we selected a vendor, we rolled out the tool to all Proofpoint developers across the globe. We use different code repos, programming languages and IDEs-so, we\'re talking about a lot of permutations and combinations. Our initial rollout covered approximately 50% of our team from various business units and roles for about 30 days. We offered training sessions internally to share best practices and address challenges. We also built an internal community of experts to answer questions. Many issues that came up were ironed out during this pilot phase so that when we went live, it was a smooth process. We only had a few issues. All stakeholders were aware of the progress, from our operations/IT team to our procurement and finance teams. Our journey from start to finish was about 100 days. This might seem like a long time, but we wanted to be sure of our choice. After all, it is difficult to hit “rewind” on an important initiative of this magnitude. Monitoring and measuring results We have been using GitHub Copilot for more than 150 days and during that period we\'ve been collecting telemetry data from the tool and correlating it with several productivity and quality metrics. Our results have been impressive. When it comes to quantitative results, we have seen a general increase in | Tool Cloud Technical | ★★★ | |
|
2024-03-13 21:59:23 | Chatgpt déverse les secrets dans une nouvelle attaque POC ChatGPT Spills Secrets in Novel PoC Attack (lien direct) |
La recherche est plus récente dans un ensemble croissant de travaux pour mettre en évidence les faiblesses troublantes des outils génératifs largement utilisés.
Research is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools. |
Tool | ChatGPT | ★★ |
|
2024-03-13 21:09:00 | Démystifier un mythe commun de cybersécurité Demystifying a Common Cybersecurity Myth (lien direct) |
L'une des idées fausses les plus courantes dans la cybersécurité de téléchargement de fichiers est que certains outils sont «suffisants» à leur propre chef - ce n'est tout simplement pas le cas.Dans notre dernier & NBSP; WhitePaper & NBSP; PDG et fondateur d'Opswat, Benny Czarny, jette un aperçu global de ce qu'il faut pour empêcher les menaces de logiciels malveillants dans le dossier de sécurité en constante évolution en constante évolution, et une grande partie de cela est de comprendre où la
One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own-this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today\'s ever-evolving file upload security landscape, and a big part of that is understanding where the |
Malware Tool | ★★★ |
To see everything:
Our RSS (filtrered)
