What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-23 21:28:48 | Les pirates peuvent débloquer 3 millions de portes hôtelières dans 131 pays Hackers Can Unlock 3 million Hotel Doors In 131 Countries (lien direct) |
Les chercheurs en sécurité ont découvert des vulnérabilités dans la gamme de serrures électroniques RFID de Dormakaba \\, ce qui pourrait permettre à un attaquant d'accéder aux chambres d'hôtel et aux portes de l'unité de logement multifamilial en quelques secondes en utilisant une seule paire de clés forgés. La série de vulnérabilités, surnommée «DeSaflok», a été découverte par les chercheurs Lennert Wouters, Ian Carroll, RQU, Buscanfly, Sam Curry, Shell et Will Caruana en septembre 2022 et divulgués en mars 2024, comme l'a rapporté pour la première fois par | Tool Technical Mobile Vulnerability | ★★ | |
 |
2024-03-22 00:00:00 | APT29 Uses WINELOADER to Target German Political Parties (lien direct) | Written by: Luke Jenkins, Dan Black
Executive Summary In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure. This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions. Based on the SVR\'s responsibility to collect political intelligence and this APT29 cluster\'s historical targeting patterns, we judge this activity to present a broad threat to European and other Western political parties from across the political spectrum. Please see the Technical Annex for technical details and MITRE ATT&CK techniques, (T1543.003, T1012, T1082, T1134, T1057, T1007, T1027, T1070.004, T1055.003 and T1083) Threat Detail In late February 2024, Mandiant identified APT29 - a Russian Federation backed threat group linked by multiple governments to Russia\'s Foreign Intelligence Service (SVR) - conducting a phishing campaign targeting German political parties. Consistent with APT29 operations extending back to 2021, this operation leveraged APT29\'s mainstay first-stage payload ROOTSAW (aka EnvyScout) to deliver a new backdoor variant publicly tracked as WINELOADER. Notably, this activity represents a departure from this APT29 initial access cluster\'s typical remit of targeting governments, foreign embassies, and other diplomatic missions, and is the first time Mandiant has seen an operational interest in political parties from this APT29 subcluster. Additionally, while APT29 has previously used lure documents bearing the logo of German government organizations, this is the first instance where we have seen the group use German-language lure content - a possible artifact of the targeting differences (i.e. domestic vs. foreign) between the two operations. Phishing emails were sent to victims purporting to be an invite to a dinner reception on 01 March bearing a logo from the Christian Democratic Union (CDU), a major political party in Germany (see Figure 1). The German-language lure document contains a phishing link directing victims to a malicious ZIP file containing a ROOTSAW dropper hosted on an actor-controlled compromised website “https://waterforvoiceless[.]org/invite.php”. ROOTSAW delivered a second-stage CDU-themed lure document and a next stage WINELOADER payload retrieved from “waterforvoiceless[.]org/util.php”. WINELOADER was first observed in operational use in late January 2024 in an operation targeting likely diplomatic entities in Czechia, Germany, India, Italy, Latvia, and Peru. The backdoor contains several features and functions that overlap with several known APT29 malware families including BURNTBATTER, MUSKYBEAT and BEATDROP, indicating they are likely created by a common developer (see Technical Annex for additional details). |
Threat Malware Cloud Technical | APT 29 | ★★★ |
 |
2024-03-20 13:58:32 | La chasse: la chasse aux menaces dans les environnements OT The Hunt: Threat Hunting in OT Environments (lien direct) |
> Bienvenue à & # 8220; The Hunt, & # 8221;Une série de blogs s'est concentrée sur le rôle essentiel de la chasse aux menaces dans les environnements de technologie opérationnelle (OT) ....
Le post The Hunt: Hugen Hunting in OT Environments est apparu pour la première fois sur dragos .
>Welcome to “The Hunt,” a blog series focused on the critical role of threat hunting within operational technology (OT) environments.... The post The Hunt: Threat Hunting in OT Environments first appeared on Dragos. |
Threat Technical Industrial | ★★★ | |
 |
2024-03-18 12:25:43 | Dette de sécurité: une menace croissante pour la sécurité des applications Security Debt: A Growing Threat to Application Security (lien direct) |
Comprendre la dette de sécurité
La dette de sécurité est un problème majeur et croissant dans le développement de logiciels avec des implications importantes pour la sécurité des applications, selon le rapport de l'état de la sécurité des logiciels de Veracode \\.Laissez-vous approfondir un peu plus dans la portée et le risque de dette de sécurité, et obtenir des informations sur les gestionnaires de sécurité des applications pour relever efficacement ce défi.
La dette de sécurité fait référence aux défauts logiciels qui restent non fixés pendant un an ou plus.Ces défauts s'accumulent au fil du temps en raison de divers facteurs, notamment des contraintes de ressources, de la complexité technique ou du manque de priorisation.La dette de sécurité peut être classée comme critique ou non critique et peut exister à la fois dans le code tiers et peut-être plus inquiétant.
Prévalence et impact de la dette de sécurité
Selon des recherches récentes, 42% des applications actives ont une dette de sécurité, 11% portant une dette de sécurité critique qui présente un risque grave pour les organisations.Les grandes applications sont particulièrement sensibles, avec 40% de…
Understanding Security Debt Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode\'s State of Software Security 2024 Report. Let\'s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more. These flaws accumulate over time due to various factors, including resource constraints, technical complexity, or lack of prioritization. Security debt can be categorized as critical or non-critical and can exist in both first-party and, maybe more worrying, third-party code. Prevalence and Impact of Security Debt According to recent research, 42% of active applications have security debt, with 11% carrying critical security debt that poses a severe risk to organizations. Large applications are particularly susceptible, with 40% of… |
Threat Technical | ★★★ | |
 |
2024-03-16 22:18:38 | Lolbin wow ltd x 2 (lien direct) | J'ai déjà couvert des cas où j'ai abusé de la variable de l'environnement Windir pour lolbiniser certains exécutables wow.Je pensais avoir couvert W32TM.exe auparavant, mais en regardant l'historique de mon blog, je ne peux pas y trouver de référence.Alors, voici:
I have already covered cases where I abused WINDIR environment variable to LOLBINize some WoW executables. I thought I covered w32tm.exe before, but looking at my blog history I can’t find any reference to it. So, here it is: |
Technical | ★★★ | |
 |
2024-03-14 06:00:19 | Comment nous avons déployé Github Copilot pour augmenter la productivité des développeurs How We Rolled Out GitHub Copilot to Increase Developer Productivity (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. Inspired by the rapid rise of generative artificial intelligence (GenAI), we recently kicked off several internal initiatives at Proofpoint that focused on using it within our products. One of our leadership team\'s goals was to find a tool to help increase developer productivity and satisfaction. The timing was perfect to explore options, as the market had become flush with AI-assisted coding tools. Our project was to analyze the available tools on the market in-depth. We wanted to choose an AI assistant that would provide the best productivity results while also conforming to data governance policies. We set an aggressive timeline to analyze the tools, collaborate with key stakeholders from legal, procurement, finance and the business side, and then deploy the tool across our teams. In the end, we selected GitHub Copilot, a code completion tool developed by GitHub and OpenAI, as our AI coding assistant. In this post, we walk through how we arrived at this decision. We also share the qualitative and quantitative results that we\'ve seen since we\'ve introduced it. Our analysis: approach and criteria When you want to buy a race car-or any car for that matter-it is unlikely that you\'ll look at just one car before making a final decision. As engineers, we are wired to conduct analyses that dive deeply into all the possible best options as well as list all the pros and cons of each. And that\'s what we did here, which led us to a final four list that included GitHub Copilot. These are the criteria that we considered: Languages supported IDEs supported Code ownership Stability AI models used Protection for intellectual property (IP) Licensing terms Security Service-level agreements Chat interface Innovation Special powers Pricing Data governance Support for a broad set of code repositories We took each of the four products on our shortlist for a test drive using a specific set of standard use cases. These use cases were solicited from several engineering teams. They covered a wide range of tasks that we anticipated would be exercised with an AI assistant. For example, we needed the tool to assist not just developers, but also document writers and automation engineers. We had multiple conversations and in-depth demos from the vendors. And when possible, we did customer reference checks as well. Execution: a global rollout Once we selected a vendor, we rolled out the tool to all Proofpoint developers across the globe. We use different code repos, programming languages and IDEs-so, we\'re talking about a lot of permutations and combinations. Our initial rollout covered approximately 50% of our team from various business units and roles for about 30 days. We offered training sessions internally to share best practices and address challenges. We also built an internal community of experts to answer questions. Many issues that came up were ironed out during this pilot phase so that when we went live, it was a smooth process. We only had a few issues. All stakeholders were aware of the progress, from our operations/IT team to our procurement and finance teams. Our journey from start to finish was about 100 days. This might seem like a long time, but we wanted to be sure of our choice. After all, it is difficult to hit “rewind” on an important initiative of this magnitude. Monitoring and measuring results We have been using GitHub Copilot for more than 150 days and during that period we\'ve been collecting telemetry data from the tool and correlating it with several productivity and quality metrics. Our results have been impressive. When it comes to quantitative results, we have seen a general increase in | Cloud Tool Technical | ★★★ | |
 |
2024-03-13 19:25:00 | Pixpirate Android Banking Trojan utilisant une nouvelle tactique d'évasion pour cibler les utilisateurs brésiliens PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (lien direct) |
Les acteurs de la menace derrière le Troie bancaire Android Pixpirate tirent parti d'une nouvelle astuce pour échapper à la détection sur des appareils compromis et récoltent des informations sensibles auprès des utilisateurs du Brésil.
L'approche lui permet de masquer l'icône de l'application malveillante à l'écran d'accueil de l'appareil de la victime, a déclaré IBM dans un rapport technique publié aujourd'hui.
«Merci à cette nouvelle technique, pendant la reconnaissance de Pixpirate
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app\'s icon from the home screen of the victim\'s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance |
Threat Technical Mobile | ★★ | |
|
2024-03-13 11:17:26 | Un changement opportun: hiérarchiser la sécurité des logiciels dans le paysage numérique 2024 A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape (lien direct) |
La sortie du rapport technique de février 2024 de la Maison Blanche, de retour aux éléments constitutifs: un chemin vers des logiciels mesurables sécurisés, entraîne un changement en temps opportun dans la hiérarchisation de la sécurité des logiciels.Le logiciel est omniprésent, il devient donc de plus en plus crucial pour aborder la surface d'attaque en expansion, naviguer dans des environnements réglementaires complexes et atténuer les risques posés par des attaques sophistiquées de la chaîne d'approvisionnement des logiciels.
Soit \\ explorer les idées clés du rapport technique de la Maison Blanche et plonger dans les recommandations d'intégration de la sécurité dans le cycle de vie du développement logiciel (SDLC).
Sécuriser les blocs de construction du cyberespace: le rôle des langages de programmation
Le rapport de la Maison Blanche met l'accent sur le langage de programmation comme un élément de construction principal pour sécuriser l'écosystème numérique.Il met en évidence la prévalence des vulnérabilités de la sécurité mémoire et la nécessité d'éliminer de manière proactive des classes de vulnérabilités logicielles.Le rapport préconise l'adoption de…
The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it\'s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks. Let\'s explore the key insights from the White House Technical Report and delve into recommendations for integrating security across the software development lifecycle (SDLC). Securing Cyberspace Building Blocks: The Role of Programming Languages The White House\'s report emphasizes the programming language as a primary building block in securing the digital ecosystem. It highlights the prevalence of memory safety vulnerabilities and the need to proactively eliminate entire classes of software vulnerabilities. The report advocates for the adoption of… |
Technical Vulnerability | ★★ | |
|
2024-03-12 07:03:40 | Si vous utilisez l'archivage de Veritas, quelle est votre prochaine étape? If You\\'re Using Veritas Archiving, What\\'s Your Next Step? (lien direct) |
By now, much of the industry has seen the big news about Cohesity acquiring the enterprise data protection business of Veritas Technologies. The transaction will see the company\'s NetBackup technology-software, appliances and cloud (Alta Data Protection)-integrated into the Cohesity ecosystem. But what about other Veritas products? As stated in the Cohesity and Veritas press releases, the “remaining assets of Veritas\' businesses will form a separate company, \'DataCo.\' \'DataCo\' will comprise Veritas\' InfoScale, Data Compliance, and Backup Exec businesses.” Data Compliance includes Veritas Enterprise Vault (EV), which might raise concerns for EV customers. As a new, standalone entity, \'DataCo\' has no innovation track record. In this blog, I provide my opinion on the questionable future of Veritas archiving products, why EV customers should start looking at alternative archiving tools, and why you should trust Proofpoint as your next enterprise archiving solution. EV architecture isn\'t future-proof EV gained a following because it came onto the market just when it was needed. With its big, robust on-premises architecture, EV was ideal to solve the challenges of bloated file and email servers. Companies had on-premises file and email servers that were getting bogged down with too much data. They needed a tool to offload legacy data to keep working and so they could be backed up in a reasonable amount of time. However, with key applications having moved to the cloud over the last decade-plus, storage optimization is no longer a primary use case for archiving customers. While EV has adapted to e-discovery and compliance use cases, its underlying on-premises architecture has struggled to keep up. EV customers still have headaches with infrastructure (hardware and software) planning, budgeting and maintenance, and archive administration. What\'s more, upgrades often require assistance from professional services and support costs are rising. And the list goes on. Today, most cloud-native archives remove virtually all of these headaches. And just like you moved on from DVDs and Blu-ray discs to streaming video, it\'s time to migrate from legacy on-premises archiving architectures, like EV, to cloud-native solutions. Future investments are uncertain When you look back over EV\'s last 5-6 years, you might question what significant innovations Veritas has delivered for EV. Yes, Veritas finally released supervision in the cloud. But that was a direct response to the EOL of AdvisorMail for EV.cloud many years ago. Yes, Veritas added dozens of new data sources for EV. But that was achieved through the acquisition of Globanet-and their product Merge1-in 2020. (They still list Merge1 as an independent product on their website.) Yes, they highlight how EV can store to “Azure, AWS, Google Cloud Storage, and other public cloud repositories” via storage tiering. But that just means that EV extends the physical storage layer of a legacy on-prem archiving architecture to the cloud-it doesn\'t mean it runs a cloud-native archiving solution. Yes, Veritas has cloud-based Alta Archiving. But that\'s just a rebranding and repackaging of EV.cloud, which they retired more than two years ago. Plus, Alta Archiving and Enterprise Vault are separate products. With the Cohesity data protection acquisition, EV customers have a right to question future investments in their product. Will EV revenue alone be able to sustain meaningful, future innovation in the absence of the NetBackup revenue “cash cow”? Will you cling to hope, only to be issued an EOL notice like Dell EMC SourceOne customers? Now is the time to migrate from EV to a modern cloud-native archiving solution. How Proofpoint can help Here\'s why you should trust Proofpoint for your enterprise archiving. Commitment to product innovation and support Year after year, Proofpoint continues to invest a double-digit percentage of revenue into all of our businesses, including Proofpoint Int | Cloud Studies Tool Technical | ★★ | |
 |
2024-03-11 17:27:44 | Des agences gouvernementales françaises frappées par des cyberattaques d'intensité sans précédent \\ ' French government agencies hit by cyberattacks of \\'unprecedented intensity\\' (lien direct) |
Un certain nombre d'agences gouvernementales françaises ont été touchées par des cyberattaques «intenses», a annoncé lundi le bureau du Premier ministre \\.La nature des attaques, qui a commencé dimanche soir, n'a pas été confirmée bien que la description soit conforme aux attaques distribuées en déni de service (DDOS).Le gouvernement français a déclaré que l'attaque était «menée en utilisant des moyens techniques familiers mais
A number of French government agencies have been hit by “intense” cyberattacks, the prime minister\'s office announced on Monday. The nature of the attacks, which began on Sunday night, has not been confirmed although the description is consistent with distributed-denial-of-service (DDoS) attacks. The French government said the attack was “conducted using familiar technical means but |
Technical | ★★★ | |
|
2024-03-11 11:58:00 | Exploit de preuve de concept publié pour le logiciel de progression Vulnérabilité OpenEdge Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (lien direct) |
Des détails techniques et un exploit de preuve de concept (POC) ont été mis à disposition pour un défaut de sécurité critique récemment divulgué de la passerelle d'authentification OpenEdge et de l'adminsateur, qui pourrait être exploité pour contourner les protections d'authentification.
Suivi en AS & NBSP; CVE-2024-1403, la vulnérabilité a une cote de gravité maximale de 10,0 sur le système de notation CVSS.Il
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It |
Threat Technical Vulnerability | ★★ | |
 |
2024-03-08 03:00:22 | Comment s'assurer que les forfaits open source ne sont pas des mines terrestres How to Ensure Open-Source Packages Are Not Landmines (lien direct) |
CISA et OpenSSF ont publié conjointement de nouveaux conseils recommandant des contrôles techniques pour rendre les développeurs plus difficiles à introduire des composants logiciels malveillants dans le code.
CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code. |
Technical | Bahamut | ★★★ |
|
2024-03-07 18:34:58 | La stratégie de cyber-assurance nécessite une collaboration CISO-CFO Cyber Insurance Strategy Requires CISO-CFO Collaboration (lien direct) |
La quantification des cyber-risques rassemble l'expertise technique du CISO \\ et l'accent mis par le CFO \\ sur l'impact financier pour développer une compréhension plus forte et meilleure du cyber-risque.
Cyber risk quantification brings together the CISO\'s technical expertise and the CFO\'s focus on financial impact to develop a stronger and better understanding of cyber risk. |
Technical | ★★★ | |
|
2024-03-07 13:09:00 | Nouveau voleur d'informations de serpent basé sur Python se répandant via les messages Facebook New Python-Based Snake Info Stealer Spreading Through Facebook Messages (lien direct) |
Les messages Facebook sont utilisés par les acteurs de la menace dans un voleur d'informations basé sur Python surnommé un serpent qui a conçu pour capturer des informations d'identification et d'autres données sensibles.
"Les informations d'identification récoltées auprès des utilisateurs sans méfiance sont transmises à différentes plates-formes telles que Discord, Github et Telegram", le chercheur de cyberison Kotaro Ogino & nbsp; a dit & nbsp; dans un rapport technique.
Détails sur la campagne et
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that\'s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign& |
Threat Technical | ★★★ | |
 |
2024-03-07 11:00:00 | Sécuriser l'IA Securing AI (lien direct) |
With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from | Threat Cloud Tool Technical Mobile Vulnerability Medical | ChatGPT | ★★ |
 |
2024-03-06 15:21:19 | Anatomie d'une attaque Blackcat à travers les yeux de la réponse aux incidents Anatomy of a BlackCat Attack Through the Eyes of Incident Response (lien direct) |
> Les experts de la réponse aux incidents de Sygnia fournissent un souffle détaillé par coup d'une attaque de ransomware Blackcat et partagent des conseils pour la survie.
>Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival. |
Ransomware Technical | ★★★★ | |
 |
2024-03-06 13:10:39 | Le rapport de l'ONCD décrit le chemin de la cybersécurité améliorée grâce à des logiciels et des pratiques matérielles sécurisées ONCD report outlines path to enhanced cybersecurity through secure software and hardware practices (lien direct) |
Le bureau américain du National Cyber Director (ONCD) a publié un rapport technique construit sur le président Joe Biden \'s ...
The U.S. Office of the National Cyber Director (ONCD) published a technical report built upon President Joe Biden\'s... |
Technical | ★★ | |
 |
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Threat Ransomware Malware Studies Tool Technical Vulnerability Medical | APT 28 ChatGPT APT 4 | ★★ |
 |
2024-03-05 11:00:10 | Accélérez votre transformation de cybersécurité à Ignite on Tour Accelerate Your Cybersecurity Transformation at Ignite On Tour (lien direct) |
> Ignite on Tour est un roadshow mondial de l'industrie de conférences de cybersécurité en personne, réunissant les chefs d'entreprise et les praticiens techniques.
>Ignite on Tour is a global industry roadshow of in-person cybersecurity conferences, bringing business leaders and technical practitioners together. |
Technical | ★★★ | |
|
2024-03-01 23:59:08 | 1 Secret peu connu de nslookup.exe 1 little known secret of nslookup.exe (lien direct) |
J'ai récemment été surpris par le fait que Windows & # 8217;nslookup.exe accepte le fichier de configuration local .nslookuprc.Lorsque le programme démarre, il résout la variable d'environnement à la maison, puis recherche un fichier% Home% \. NSlookuprc.Il lit ensuite ce fichier de configuration (si & # 8230; Continuer la lecture & # 8594;
I was recently surprised by the fact that Windows’ nslookup.exe accepts the local config file .nslookuprc. When the program starts it resolves the environment variable HOME and then looks for a %HOME%\.nslookuprc file. It then reads this config file (if … Continue reading → |
Technical | ★★★ | |
|
2024-03-01 20:49:50 | Les opérateurs de logiciels espions prédateurs reconstruisent l'infrastructure à plusieurs niveaux pour cibler les appareils mobiles Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices (lien direct) |
#### Description
Le groupe INSIKT de Future \\ a découvert de nouvelles infrastructures liées aux opérateurs de Predator, un logiciel spymétrique mobile mercenaire.L'infrastructure serait utilisée dans au moins onzepays, dont l'Angola, l'Arménie, le Botswana, l'Égypte, l'Indonésie, le Kazakhstan, la Mongolie, Oman, les Philippines, l'Arabie saoudite,et Trinidad et Tobago.Bien qu'il soit commercialisé pour la lutte contre le terrorisme et les forces de l'ordre, Predator est souvent utilisé contre la société civile, ciblant les journalistes, les politiciens et les militants.
L'utilisation de logiciels espions comme Predator présente des risques importants pour la confidentialité, la légalité et la sécurité physique, en particulier lorsqu'ils sont utilisés en dehors des contextes graves de criminalité et de lutte contre le terrorisme.La recherche du groupe INSIKT \\ a identifié une nouvelle infrastructure de livraison de prédateurs à plusieurs niveaux, avec des preuves de l'analyse du domaine et des données de renseignement du réseau.Malgré les divulgations publiques en septembre 2023, les opérateurs de Predator \\ ont poursuivi leurs opérations avec un minimum de changements.Predator, aux côtés de Pegasus de NSO Group \\, reste un principal fournisseur de logiciels espions mercenaires, avec des tactiques, des techniques et des procédures cohérentes au fil du temps.À mesure que le marché des logiciels espions mercenaires se développe, les risques s'étendent au-delà de la société civile à toute personne intéressée aux entités ayant accès à ces outils.Les innovations dans ce domaine sont susceptibles de conduire à des capacités de logiciels espions plus furtifs et plus complets.
#### URL de référence (s)
1. https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices
#### Date de publication
1er mars 2024
#### Auteurs)
Groupe insikt
#### Description Recorded Future\'s Insikt Group has discovered new infrastructure related to the operators of Predator, a mercenary mobile spyware. The infrastructure is believed to be in use in at least eleven countries, including Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. Despite being marketed for counterterrorism and law enforcement, Predator is often used against civil society, targeting journalists, politicians, and activists. The use of spyware like Predator poses significant risks to privacy, legality, and physical safety, especially when used outside serious crime and counterterrorism contexts. The Insikt Group\'s research identified a new multi-tiered Predator delivery infrastructure, with evidence from domain analysis and network intelligence data. Despite public disclosures in September 2023, Predator\'s operators have continued their operations with minimal changes. Predator, alongside NSO Group\'s Pegasus, remains a leading provider of mercenary spyware, with consistent tactics, techniques, and procedures over time. As the mercenary spyware market expands, the risks extend beyond civil society to anyone of interest to entities with access to these tools. Innovations in this field are likely to lead to more stealthy and comprehensive spyware capabilities. #### Reference URL(s) 1. https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices #### Publication Date March 1, 2024 #### Author(s) Insikt Group |
Tool Technical Mobile | ★★ | |
|
2024-02-29 19:17:54 | Mitre déploie 4 nouvelles CWE pour les bogues de sécurité des microprocesseurs MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (lien direct) |
L'objectif est de donner aux concepteurs de puces et aux praticiens de la sécurité dans l'espace semi-conducteur une meilleure compréhension des principaux défauts du microprocesseur comme Meltdown et Spectre.
Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. |
Technical | ★★★★ | |
 |
2024-02-29 16:07:39 | Explorer les différences entre les procurations résidentielles et les VPN: qui vous convient? Exploring the Differences Between Residential Proxies and VPNs: Which is Right for You? (lien direct) |
> Par uzair amir
VPN ou proxys résidentiels: quel est le meilleur?Soit \\ explorer sans plonger dans les détails techniques.
Ceci est un article de HackRead.com Lire le post original: Explorer les différences entre les procurations résidentielles et les VPN: qui vous convient?
>By Uzair Amir VPN or Residential Proxies: Which is best? Let\'s explore without diving into technical details. This is a post from HackRead.com Read the original post: Exploring the Differences Between Residential Proxies and VPNs: Which is Right for You? |
Technical | ★★★ | |
|
2024-02-29 11:00:00 | Gouvernance de l'IA et préservation de la vie privée AI governance and preserving privacy (lien direct) |
AT&T Cybersecurity featured a dynamic cyber mashup panel with Akamai, Palo Alto Networks, SentinelOne, and the Cloud Security Alliance. We discussed some provocative topics around Artificial Intelligence (AI) and Machine Learning (ML) including responsible AI and securing AI. There were some good examples of best practices shared in an emerging AI world like implementing Zero Trust architecture and anonymization of sensitive data. Many thanks to our panelists for sharing their insights. Before diving into the hot topics around AI governance and protecting our privacy, let’s define ML and GenAI to provide some background on what they are and what they can do along with some real-world use case examples for better context on the impact and implications AI will have on our future. GenAI and ML Machine Learning (ML) is a subset of AI that relies on the development of algorithms to make decisions or predictions based on data without being explicitly programmed. It uses algorithms to automatically learn and improve from experience. GenAI is a subset of ML that focuses on creating new data samples that resemble real-world data. GenAI can produce new and original content through deep learning, a method in which data is processed like the human brain and is independent of direct human interaction. GenAI can produce new content based on text, images, 3D rendering, video, audio, music, and code and increasingly with multimodal capabilities can interpret different data prompts to generate different data types to describe an image, generate realistic images, create vibrant illustrations, predict contextually relevant content, answer questions in an informational way, and much more. Real world uses cases include summarizing reports, creating music in a specific style, develop and improve code faster, generate marketing content in different languages, detect and prevent fraud, optimize patient interactions, detect defects and quality issues, and predict and respond to cyber-attacks with automation capabilities at machine speed. Responsible AI Given the power to do good with AI - how do we balance the risk and reward for the good of society? What is an organization’s ethos and philosophy around AI governance? What is the organization’s philosophy around the reliability, transparency, accountability, safety, security, privacy, and fairness with AI, and one that is human-centered? It\'s important to build each of these pillarsn into an organization\'s AI innovation and business decision-making. Balancing the risk and reward of innovating AI/ML into an organization\'s ecosystem without compromising social responsibility and damaging the company\'s brand and reputation is crucial. At the center of AI where personal data is the DNA of our identity in a hyperconnected digital world, privacy is a top priority. Privacy concerns with AI In Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies. Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives 54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud | Cloud Studies Technical Prediction | ★★ | |
 |
2024-02-29 01:15:21 | L'anatomie d'une attaque de ransomware alpha The Anatomy of an ALPHA SPIDER Ransomware Attack (lien direct) |
Alpha Spider est l'adversaire derrière le développement et le fonctionnement du ransomware AlphV en tant que service (RAAS).Au cours de la dernière année, les filiales Alpha Spider ont tiré parti d'une variété de nouvelles techniques dans le cadre de leurs opérations de ransomware.CrowdStrike Services a observé des techniques telles que l'utilisation des flux de données alternatifs NTFS pour cacher [& # 8230;]
ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding […] |
Ransomware Technical | ★★★★ | |
|
2024-02-27 05:00:31 | Risque et ils le savent: 96% des utilisateurs de prise de risque sont conscients des dangers mais le font quand même, 2024 State of the Phish révèle Risky and They Know It: 96% of Risk-Taking Users Aware of the Dangers but Do It Anyway, 2024 State of the Phish Reveals (lien direct) |
We often-and justifiably-associate cyberattacks with technical exploits and ingenious hacks. But the truth is that many breaches occur due to the vulnerabilities of human behavior. That\'s why Proofpoint has gathered new data and expanded the scope of our 2024 State of the Phish report. Traditionally, our annual report covers the threat landscape and the impact of security education. But this time, we\'ve added data on risky user behavior and their attitudes about security. We believe that combining this information will help you to: Advance your cybersecurity strategy Implement a behavior change program Motivate your users to prioritize security This year\'s report compiles data derived from Proofpoint products and research, as well as from additional sources that include: A commissioned survey of 7,500 working adults and 1,050 IT professionals across 15 countries 183 million simulated phishing attacks sent by Proofpoint customers More than 24 million suspicious emails reported by our customers\' end users To get full access to our global findings, you can download your copy of the 2024 State of the Phish report now. Also, be sure to register now for our 2024 State of the Phish webinar on March 5, 2024. Our experts will provide more insights into the key findings and answer your questions in a live session. Meanwhile, let\'s take a sneak peek at some of the data in our new reports. Global findings Here\'s a closer look at a few of the key findings in our tenth annual State of the Phish report. Survey of working adults In our survey of working adults, about 71%, said they engaged in actions that they knew were risky. Worse, 96% were aware of the potential dangers. About 58% of these users acted in ways that exposed them to common social engineering tactics. The motivations behind these risky actions varied. Many users cited convenience, the desire to save time, and a sense of urgency as their main reasons. This suggests that while users are aware of the risks, they choose convenience. The survey also revealed that nearly all participants (94%) said they\'d pay more attention to security if controls were simplified and more user-friendly. This sentiment reveals a clear demand for security tools that are not only effective but that don\'t get in users\' way. Survey of IT and information security professionals The good news is that last year phishing attacks were down. In 2023, 71% of organizations experienced at least one successful phishing attack compared to 84% in 2022. The bad news is that the consequences of successful attacks were more severe. There was a 144% increase in reports of financial penalties. And there was a 50% increase in reports of damage to their reputation. Another major challenge was ransomware. The survey revealed that 69% of organizations were infected by ransomware (vs. 64% in 2022). However, the rate of ransom payments declined to 54% (vs. 64% in 2022). To address these issues, 46% of surveyed security pros are increasing user training to help change risky behaviors. This is their top strategy for improving cybersecurity. Threat landscape and security awareness data Business email compromise (BEC) is on the rise. And it is now spreading among non-English-speaking countries. On average, Proofpoint detected and blocked 66 million BEC attacks per month. Other threats are also increasing. Proofpoint observed over 1 million multifactor authentication (MFA) bypass attacks using EvilProxy per month. What\'s concerning is that 89% of surveyed security pros think MFA is a “silver bullet” that can protect them against account takeover. When it comes to telephone-oriented attack delivery (TOAD), Proofpoint saw 10 million incidents per month, on average. The peak was in August 2023, which saw 13 million incidents. When looking at industry failure rates for simulated phishing campaigns, the finance industry saw the most improvement. Last year the failure rate was only 9% (vs. 16% in 2022). “Resil | Threat Ransomware Studies Tool Technical Vulnerability | ★★★★ | |
|
2024-02-27 00:12:58 | La Maison Blanche exhorte le passage aux langues sûres de la mémoire White House Urges Switching to Memory Safe Languages (lien direct) |
Le Bureau du Rapport technique du National Cyber Director se concentre sur la réduction des vulnérabilités de sécurité de la mémoire dans les applications et de rendre plus difficile pour les acteurs malveillants de les exploiter.
The Office of the National Cyber Director technical report focuses on reducing memory-safety vulnerabilities in applications and making it harder for malicious actors to exploit them. |
Threat Technical Vulnerability | ★★ | |
 |
2024-02-26 18:27:00 | Mise en œuvre de SIEM: stratégies et meilleures pratiques SIEM Implementation: Strategies and Best Practices (lien direct) |
> Apprenez à optimiser votre solution SIEM avec des stratégies et des pratiques clés.& # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;26 février 2024 Les systèmes de gestion de la sécurité et de la gestion des événements (SIEM) jouent un rôle central dans la posture de cybersécurité des organisations avec
>Learn how to optimize your SIEM solution with key strategies and practices. – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Feb. 26, 2024 Security Information and Event Management (SIEM) systems play a pivotal role in the cybersecurity posture of organizations with |
Technical | ★★ | |
|
2024-02-26 15:17:44 | Étapes pratiques pour prévenir les vulnérabilités d'injection SQL Practical Steps to Prevent SQL Injection Vulnerabilities (lien direct) |
Dans le paysage numérique d'aujourd'hui, les applications Web et les API sont constamment menacées par des acteurs malveillants qui cherchent à exploiter les vulnérabilités.Une attaque commune et dangereuse est une injection SQL.
Dans ce blog, nous explorerons les vulnérabilités et les attaques de l'injection de SQL, comprendrons leur niveau de gravité et fournirons des étapes pratiques pour les empêcher.En mettant en œuvre ces meilleures pratiques, vous pouvez améliorer la sécurité de vos applications Web et API.
Comprendre les vulnérabilités et les attaques de l'injection SQL
Les attaques d'injection SQL se produisent lorsque les pirates manipulent les requêtes SQL d'une application \\ pour obtenir un accès non autorisé, altérer la base de données ou perturber la fonctionnalité de l'application \\.Ces attaques peuvent entraîner une usurpation d'identité, un accès aux données non autorisé et des attaques enchaînées.
L'injection SQL est une technique où les pirates injectent des requêtes SQL malveillantes dans la base de données backend d'une application Web.Cette vulnérabilité survient lorsque l'application accepte la saisie de l'utilisateur comme une instruction SQL que la base de données…
In today\'s digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs. Understanding SQL Injection Vulnerabilities and Attacks SQL injection attacks occur when hackers manipulate an application\'s SQL queries to gain unauthorized access, tamper with the database, or disrupt the application\'s functionality. These attacks can lead to identity spoofing, unauthorized data access, and chained attacks. SQL injection is a technique where hackers inject malicious SQL queries into a web application\'s backend database. This vulnerability arises when the application accepts user input as a SQL statement that the database… |
Threat Guideline Technical Vulnerability | ★★★ | |
 |
2024-02-23 18:06:39 | Liste de contrôle 364: Tech Toches Technical Difficultés Checklist 364: Tech Tackles Technical Difficulties (lien direct) |
> Explorez les géants de la technologie \\ 'Stance proactive contre les cyber-menaces, un accord mondial sur la manipulation de l'IA et la poussée des attaques d'identification européennes.Vigilance continue dans un paysage numérique dynamique.
>Explore tech giants\' proactive stance against cyber threats, a global accord on AI manipulation, and the surge in European credential attacks. Continuous vigilance in a dynamic digital landscape. |
Technical | ★★ | |
|
2024-02-23 10:13:36 | AT&T dit que la panne de son réseau de téléphones portables américains n'a pas été causée par une cyberattaque AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack (lien direct) |
AT & # 038; t a déclaré que la panne de temps de son réseau de téléphones portables américains semblait être le résultat d'une erreur technique, pas d'une attaque malveillante.
AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack. |
Technical | ★★ | |
 |
2024-02-22 19:41:25 | Playbooks sur site Playbooks on-prem (lien direct) |
> L'automatisation joue un rôle central dans la rationalisation des opérations, l'amélioration de la posture de sécurité et la minimisation des risques.Cependant, l'exécution des tâches d'automatisation peut toujours être difficile pour les organisations ayant une infrastructure sur site en raison de la complexité et des contraintes techniques.Pour relever ce défi, Sekoia.io a récemment publié PlayBooks sur prém.Cette nouvelle fonctionnalité aide à exécuter en toute sécurité des actions dans un environnement sur prémal, [& # 8230;]
la publication Suivante playbooks on-prem est un article de sekoia.io blog .
>Automation plays a pivotal role in streamlining operations, enhancing security posture, and minimizing risks. However, executing automation tasks can still be challenging for organizations with on-premises infrastructure due to technical complexities and constraints. To address this challenge, Sekoia.io has recently released Playbooks on-prem. This new feature helps to safely execute actions across an on-prem environment, […] La publication suivante Playbooks on-prem est un article de Sekoia.io Blog. |
Technical | ★★★ | |
 |
2024-02-21 12:18:14 | Screenconnect Critical Bug maintenant attaqué à mesure que le code d'exploit émerge ScreenConnect critical bug now under attack as exploit code emerges (lien direct) |
Les détails techniques et les exploits de preuve de concept sont disponibles pour les deux vulnérabilités que Connectwise a divulguées plus tôt cette semaine pour Screenconnect, son bureau à distance et son logiciel d'accès.[...]
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. [...] |
Threat Technical Vulnerability | ★★★ | |
|
2024-02-20 20:50:00 | Nouveaux logiciels malveillants Migo ciblant les serveurs Redis pour l'exploitation des crypto-monnaies New Migo Malware Targeting Redis Servers for Cryptocurrency Mining (lien direct) |
Une nouvelle campagne de logiciels malveillants a été observée ciblant les serveurs Redis pour l'accès initial avec l'objectif ultime de l'exploitation de la crypto-monnaie sur des hôtes Linux compromis.
"Cette campagne particulière implique l'utilisation d'un certain nombre de nouvelles techniques d'affaiblissement du système par rapport au magasin de données lui-même", a déclaré le chercheur en sécurité CADO Matt Muir & Nbsp; a déclaré & NBSP; dans un rapport technique.
L'attaque de cryptojacking est facilitée
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated |
Malware Technical | ★★ | |
|
2024-02-16 22:24:14 | À quoi pourrait ressembler à la sécurité pour réguler les puces d'IA What Using Security to Regulate AI Chips Could Look Like (lien direct) |
Une proposition de recherche exploratoire recommande la réglementation des puces d'IA et des mesures de gouvernance plus fortes pour suivre les innovations techniques rapides de l'intelligence artificielle.
An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence. |
Technical | ★★ | |
|
2024-02-15 17:07:14 | Sécuriser les chaînes d'approvisionnement en XDR ouvert Securing Supply Chains with Open XDR (lien direct) |
> Comment l'Open XDR fournit un moyen efficace et complet de lutter contre les menaces & # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;15 février 2024 Les cyberattaques sont en hausse dans chaque industrie, mais les sociétés de logiciels et leurs clients restent particulièrement vulnérables parce que
>How Open XDR provides an effective and comprehensive means of combating threats – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Feb. 15, 2024 Cyberattacks are on the rise in every industry, but software companies and their clients remain especially vulnerable because |
Technical | ★★ | |
|
2024-02-15 11:00:00 | 2024: Plan de cyber-action pratique - survivre et prospérer 2024: Practical cyber action plan- Survive and thrive (lien direct) |
\'Cyber insecurity\' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year. How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today\'s rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers\' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation. What is top of mind for the CISO in 2024? How do we build a cyber security ecosystem that can manage the threats and opportunities of the future? How do we ensure future technologies are secure by design, not as an afterthought? How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop? Must haves for CISOs in 2024 Protecting privacy Protecting critical assets Mitigating risk Minimizing disruption Maintaining compliance Establishing and maintaining "CRUST" (credibility and trust) Ensuring secure productivity & efficiency At the top of the list of issues driving cybersecurity concerns include: Growing number of hackers/cybercriminals. Evolving threats & advanced skillset of criminals. Privacy concerns handling other\'s data. Generative AI Practical action plan: Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following: 1) Prevents breaches & minimizes the impact of a potential breach Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year. 2) Reduces cybersecurity risks Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allo | Threat Cloud Technical Vulnerability | ★★ | |
 |
2024-02-15 09:18:45 | Rhysida ransomware a fissuré!Outil de décryptage gratuit publié Rhysida ransomware cracked! Free decryption tool released (lien direct) |
Bonne nouvelle pour les organisations qui ont été victimes du célèbre ransomware de Rhysida.Un groupe de chercheurs sud-coréens en matière de sécurité a découvert une vulnérabilité dans le tristement célèbre ransomware.Cette vulnérabilité offre un moyen pour que les fichiers cryptés soient non recueillis.Des chercheurs de l'Université de Kookmin décrivent comment ils ont exploité un défaut de mise en œuvre dans le code de Rhysida \\ pour régénérer sa clé de cryptage dans un document technique sur leurs résultats."Rhysida Ransomware a utilisé un générateur de nombres aléatoires sécurisé pour générer la clé de chiffrement et crypter ensuite les données. Cependant, un ...
Good news for organisations who have fallen victim to the notorious Rhysida ransomware . A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation flaw in Rhysida\'s code to regenerate its encryption key in a technical paper about their findings. "Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data. However, an... |
Ransomware Tool Technical Vulnerability | ★★★ | |
|
2024-02-15 08:27:50 | La nouvelle variante de logiciels malveillants QBOT utilise une fausse popup d'installation d'Adobe pour l'évasion New Qbot malware variant uses fake Adobe installer popup for evasion (lien direct) |
Le développeur de Qakbot Malware, ou une personne ayant accès au code source, semble expérimenter de nouvelles versions car des échantillons nouveaux ont été observés dans les campagnes de courrier électronique depuis la mi-décembre.[...]
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [...] |
Malware Technical | ★★★ | |
|
2024-02-14 23:00:00 | 10 catégories de métriques de sécurité Les Cisos devraient présenter au conseil d'administration 10 Security Metrics Categories CISOs Should Present to the Board (lien direct) |
Les conseils d'administration ne se soucient pas des moindres détails techniques du programme de sécurité.Ils veulent voir comment les indicateurs de performance clés sont suivis et utilisés.
Boards of directors don\'t care about the minute technical details of the security program. They want to see how key performance indicators are tracked and utilized. |
Technical | ★★ | |
|
2024-02-12 17:27:08 | Les astuces de l'usurpation du DMARC de la Corée du Nord North Korea\\'s DMARC spoofing tricks (lien direct) |
Les conseils d'administration ne se soucient pas des moindres détails techniques du programme de sécurité.Ils veulent voir comment les indicateurs de performance clés sont suivis et utilisés.
Boards of directors don\'t care about the minute technical details of the security program. They want to see how key performance indicators are tracked and utilized. |
Technical | ★★★★ | |
 |
2024-02-12 11:00:25 | La cyber-vengeance de la Chine |Pourquoi la RPC ne soutient pas ses affirmations d'espionnage occidental China\\'s Cyber Revenge | Why the PRC Fails to Back Its Claims of Western Espionage (lien direct) |
Les affirmations de piratage et d'espionnage de la Chine n'ont pas les détails techniques rigoureux observés dans la menace occidentale Intel.Pourquoi l'asymétrie et comment profite-t-elle à la RPC?
China\'s claims of hacks and espionage lack the rigorous technical detail seen in western threat intel. Why the asymmetry, and how does it benefit the PRC? |
Threat Technical | ★★★ | |
|
2024-02-08 12:23:00 | Le nouveau voleur de Golang de Kimsuky \\ a \\ 'troll \\' et \\ 'gobear \\' cible de porte dérobée de la Corée du Sud Kimsuky\\'s New Golang Stealer \\'Troll\\' and \\'GoBear\\' Backdoor Target South Korea (lien direct) |
L'acteur de l'État-nation lié à la Corée du Nord connue sous le nom de Kimsuky est soupçonné d'utiliser un voleur d'informations basé à Golang auparavant sans papiers appelé & nbsp; troll Stealer.
Le malware vole "SSH, Filezilla, C Fichiers / répertoires de lecteur, navigateurs, informations système, [et] captures d'écran" des systèmes infectés, la société sud-coréenne de cybersécurité S2W & NBSP; Said & Nbsp; dans un nouveau rapport technique.
Troll
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report. Troll |
Malware Technical | ★★★ | |
|
2024-02-07 21:45:09 | CISA: les pirates de typhon volt de la Chine planifiant une perturbation des infrastructures critiques CISA: China\\'s Volt Typhoon Hackers Planning Critical Infrastructure Disruption (lien direct) |
La nouvelle alerte de la CISA comprend des atténuations techniques pour durcir les surfaces d'attaque et les instructions pour chasser les pirates chinois soutenus par le gouvernement.
New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. |
Technical | Guam | ★★ |
 |
2024-02-05 11:12:23 | Hunting Down The Top 5 Most Common Price Manipulation Vulnerabilities in E-Commerce Websites (lien direct) | > Les magasins de commerce électronique peuvent perdre beaucoup de revenus si les vulnérabilités de manipulation des prix sont activement exploitées par les mauvais acteurs. & # 160;Ce sont souvent des vulnérabilités de sécurité causées par une mauvaise manipulation de la logique par les développeurs, ce qui peut entraîner une erreur de calcul des prix (injection de formule) à la caisse, permettant souvent aux acheteurs malveillants de commander des articles à un [& # 8230;] très réduit [& # 8230;]
>E-commerce stores can lose out on a lot of revenue if price manipulation vulnerabilities get actively exploited by bad actors. These are often security vulnerabilities caused by improper logic handling by developers which can cause the server to miscalculate prices (formula injection) at checkout, often allowing malicious shoppers to order items at a highly reduced […] |
Technical Vulnerability | ★★ | |
|
2024-02-05 10:46:32 | Sauvegarde de la mise en œuvre de l'IEC 61850 dans les systèmes de contrôle industriel: une odyssée technique Safeguarding IEC 61850 Implementation in Industrial Control Systems: A Technical Odyssey (lien direct) |
> Introduction: naviguer dans l'odyssée de cybersécurité IEC 61850 dans la tapisserie complexe des systèmes de contrôle industriel (ICS) et du ...
>Introduction: Navigating the IEC 61850 Cybersecurity Odyssey In the intricate tapestry of Industrial Control Systems (ICS) and the... |
Technical Industrial | ★★★ | |
|
2024-02-02 05:00:36 | Développement d'une nouvelle norme Internet: le cadre de la politique relationnelle du domaine Developing a New Internet Standard: the Domain Relationship Policy Framework (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In this blog post, we discuss the Domain Relationship Policy Framework (DRPF)-an effort that has been years in the making at Proofpoint. The DRPF is a simple method that is used to identify verifiably authorized relationships between arbitrary domains. We create a flexible way to publish policies. These policies can also describe complex domain relationships. The details for this new model require in-depth community discussions. These conversations will help us collectively steer the DRPF toward becoming a fully interoperable standard. We are now in the early proposal stage for the DRPF, and we are starting to engage more with the broader community. This post provides a glimpse down the road leading to standardization for the DRPF. Why Proofpoint developed DRPF To shine a light on why Proofpoint was inspired to develop the DRPF in the first place, let\'s consider the thinking of the initial designers of the Domain Name System (DNS). They assumed that subdomains would inherit the administrative control of their parent domains. And by extension, this should apply to all subsequent subdomains down the line. At the time, this was reasonable to assume. Most early domains and their subdomains operated in much the same way. For example, “university.edu” directly operated and controlled the administrative policies for subdomains such as “lab.university.edu” which flowed down to “project.lab.university.edu.” Since the mid-1980s, when DNS was widely deployed, there has been a growing trend of delegating subdomains to third parties. This reflects a breakdown of the hierarchical model of cascading policies. To see how this works, imagine that a business uses “company.com” as a domain. That business might delegate “marketing.company.com” to a third-party marketing agency. The subdomain must inherit some policies, while the subdomain administrator may apply other policies that don\'t apply to the parent domain. Notably, there is no mechanism yet for a domain to declare a relationship with another seemingly independent domain. Consider a parent company that operates multiple distinct brands. The company with a single set of policies may want them applied not only to “company.com” (and all of its subdomains). It may also want them applied to its brand domains “brand.com” and “anotherbrand.com.” It gets even more complex when any of the brand domains delegate various subdomains to other third parties. So, say some of them are delegated to marketing or API support. Each will potentially be governed by a mix of administrative policies. In this context, “policies” refers to published guidance that is used when these subdomains interact with the domain. Policies might be for information only. Or they might provide details that are required to use services that the domain operates. Most policies will be static (or appear so to the retrieving parties). But it is possible to imagine that they could contain directives akin to smart contracts in distributed ledgers. 3 Design characteristics that define DRPF The goal of the DRPF is to make deployment and adoption easier while making it flexible for future use cases. In many prior proposals, complex requirements bogged down efforts to get rid of administrative boundaries between and across disparate domains. Our work should be immediately useful with minimal effort and be able to support a wide array of ever-expanding use cases. In its simplest form, three design characteristics define the DRPF: A domain administrator publishes a policy assertion record for the domain so that a relying party can discover and retrieve it. The discovered policy assertion directs the relying party to where they can find | Cloud Tool Technical Prediction | ★★★ | |
|
2024-01-31 21:23:24 | ESET participe à une opération mondiale pour perturber le Trojan bancaire Grandoreiro ESET Takes Part in Global Operation to Disrupt the Grandoreiro Banking Trojan (lien direct) |
#### Description
ESET a travaillé avec la police fédérale du Brésil dans le but de perturber le botnet Grandoreiro, fournissant une analyse technique, des informations statistiques et des serveurs C&C connus aux autorités.
Grandoreiro est un cheval de Troie bancaire latino-américain qui est actif depuis au moins 2017 et cible le Brésil, le Mexique et l'Espagne.Les opérateurs de Grandoreiro \\ ont abusé des fournisseurs de cloud tels que Azure et AWS pour héberger leur infrastructure réseau.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/eset-takes-partit-hobal-opération-srupt-grandoreiro-banking-trojan/
#### Date de publication
30 janvier 2024
#### Auteurs)
Recherche ESET
#### Description ESET has worked with the Federal Police of Brazil on an effort to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities. Grandoreiro is a Latin American banking trojan that has been active since at least 2017 and targets Brazil, Mexico, and Spain. Grandoreiro\'s operators have abused cloud providers such as Azure and AWS to host their network infrastructure. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/ #### Publication Date January 30, 2024 #### Author(s) ESET Research |
Cloud Technical | ★★★ | |
|
2024-01-31 13:30:18 | Le domaine Internet de haut niveau russe souffre d'une panne massive Russian top-level internet domain suffers massive outage (lien direct) |
Les citoyens russes ne pouvaient pas accéder à la majorité des sites Web du domaine du pays \\..La panne était
Russian citizens couldn\'t access the majority of websites on the country\'s .ru domain for several hours on Tuesday, including the Yandex search engine, the VKontakte social media platform, the major state-owned bank Sberbank and news outlets. The outage was reportedly caused by a technical problem with the .ru domain\'s global Domain Name System Security Extensions, |
Technical | ★★ | |
 |
2024-01-30 11:30:00 | ESET participe à une opération mondiale pour perturber le Trojan bancaire Grandoreiro ESET takes part in global operation to disrupt the Grandoreiro banking trojan (lien direct) |
ESET a fourni une analyse technique, des informations statistiques, des serveurs C& C;
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology |
Technical | ★★★ |
To see everything:
Our RSS (filtrered)
