What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-11 16:05:43 | Mettre les choses en contexte |Campagnes de menace de temps Putting Things in Context | Timelining Threat Campaigns (lien direct) |
La visualisation des données fait partie intégrante de la recherche sur les menaces.Voyez comment nous avons utilisé cet outil d'analyse de la chronologie pour suivre l'activité dans le cyber-conflit ukrainien.
Visualizing data is integral to threat research. See how we used this timeline analysis tool to track activity in the Ukrainian cyber conflict. |
Tool Threat | ★★ | |
 |
2022-05-11 15:15:08 | CVE-2021-34606 (lien direct) | A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account. | Tool Vulnerability | ||
|
2022-05-11 15:15:08 | CVE-2021-34605 (lien direct) | A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool. | Tool Vulnerability | ||
 |
2022-05-10 17:08:00 | Anomali Cyber Watch: Moshen Dragon Abused Anti-Virus Software, Raspberry Robin Worm Jumps from USB, UNC3524 Uses Internet-of-Things to Steal Emails, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Phishing, Ransomware, Sideloading, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Attackers Are Attempting to Exploit Critical F5 BIG-IP RCE
(published: May 9, 2022)
CVE-2022-1388, a critical remote code execution vulnerability affecting F5 BIG-IP multi-purpose networking devices/modules, was made public on May 4, 2022. It is of high severity (CVSSv3 score is 9.8). By May 6, 2022, multiple researchers have developed proof-of concept (PoC) exploits for CVE-2022-1388. The first in-the-wild exploitation attempts were reported on May 8, 2022.
Analyst Comment: Update your vulnerable F5 BIG-IP versions 13.x and higher. BIG-IP 11.x and 12.x will not be fixed, but temporary mitigations available: block iControl REST access through the self IP address and through the management interface, modify the BIG-IP httpd configuration.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: CVE-2022-1388, F5, Vulnerability, Remote code execution, Missing authentication
Mobile Subscription Trojans and Their Little Tricks
(published: May 6, 2022)
Kaspersky researchers analyzed five Android trojans that are secretly subscribing users to paid services. Jocker trojan operators add malicious code to legitimate apps and re-upload them to Google Store under different names. To avoid detection, malicious functionality won’t start until the trojan checks that it is available in the store. The malicious payload is split in up to four files. It can block or substitute anti-fraud scripts, and modify X-Requested-With header in an HTTP request. Another Android malware involved in subscription fraud, MobOk trojan, has additional functionality to bypass captcha. MobOk was seen in a malicious app in Google Store, but the most common infection vector is being spread by other Trojans such as Triada.
Analyst Comment: Limit your apps to downloads from the official stores (Google Store for Android), avoid new apps with low number of downloads and bad reviews. Pay attention to the terms of use and payment. Avoid granting it too many permissions if those are not crucial to the app alleged function. Monitor your balance and subscription list.
MITRE ATT&CK: [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Data Manipulation - T1565
Tags: Android, Jocker, MobOk, Triada, Vesub, GriftHorse, Trojan, Subscription fraud, Subscription Trojan, Russia, target-country:RU, Middle East, Saudi Arabia, target-country:SA, Egypt, target-country:EG, Thailand, target-country:TH
Raspberry Robin Gets the Worm Early
(published: May 5, 2022)
Since September 2021, Red Canary researchers monitor Raspberry Robin, a new worm |
Ransomware Malware Tool Vulnerability Threat | APT 29 APT 28 | ★★★ |
 |
2022-05-10 03:00:00 | Cohesity launches FortKnox to protect data from ransomware attacks (lien direct) | Data management specialist Cohesity is launching a new data isolation and recovery tool called FortKnox, in a bid to help customers protect their data from ransomware attacks.FortKnox provides an additional layer of off-site protection for customers by keeping data in a secure 'vault,' with physical separation, network and management isolation to keep threat actors from accessing sensitive data.An object lock requires a minimum of two or more people to approve critical actions, such as changes of vault policy, and access can be managed using granular role-based access control, multi-factor authentication, and encryption both in-flight and at rest.To read this article in full, please click here | Ransomware Tool Threat | ||
 |
2022-05-09 10:49:02 | A scanning tool for open-sourced software packages? Yes, please! (lien direct) | OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories. | Tool | ||
 |
2022-05-09 08:29:06 | New tool release: Discovering the origin host to bypass web application firewalls (lien direct) | OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories. | Tool | ||
 |
2022-05-05 20:26:37 | Vagrant vs Docker: Compare DevOps tools (lien direct) | Finding the right DevOps tool can be tricky. There are a variety of factors to weigh in deciding what solution will work best for your projects. Learn more about two of the top solutions: Vagrant and Docker. | Tool | ||
|
2022-05-05 20:03:50 | What is the ONLYOFFICE Community feature, and why should you use it? (lien direct) | ONLYOFFICE is not only a great web-based office suite and project management tool but an effective platform to keep your teams engaged with one another and the company. | Tool | ||
|
2022-05-05 19:09:54 | Check Point vs Palo Alto: Comparing EDR software (lien direct) | Check Point and Palo Alto are providers of effective endpoint detection and response tools to allow you to surpass detection-based cyber defense and improve your organization's ability to manage cybersecurity risk. But which tool is best for you? | Tool | ||
|
2022-05-05 16:26:47 | How to use KDE Plasma\'s Konsole SSH plugin (lien direct) | Looking for an incredibly easy tool to manage your SSH connections? KDE's terminal application has a handy trick up its sleeve. | Tool | ||
|
2022-05-05 11:00:56 | Les vulnérabilités dans Avast et AVG mettent des millions en danger Vulnerabilities in Avast And AVG Put Millions At Risk (lien direct) |
Deux défauts de haute sévérité dans les outils de sécurité des utilisateurs finaux populaires permettent aux attaquants d'élever les privilèges et les dispositifs de compromis.
Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices. |
Tool Vulnerability | ★★★ | |
|
2022-05-04 18:37:00 | Are moodables the next best thing in IoT? (lien direct) | More Americans are suffering from depression than ever before. With moodable sensors, we might finally have an IoT tool for mental wellness. | Tool | ||
|
2022-05-04 18:14:46 | How to move from an Android phone to an iPhone (lien direct) | You can more easily switch from an Android phone to an iPhone via a tool called Move to iOS. We'll show you how. | Tool | ||
|
2022-05-03 17:20:31 | Notion vs Trello: Project management software comparison (lien direct) | If your company is considering which project management and communication tool to choose, you should compare the features of Notion and Trello. | Tool | ||
|
2022-05-03 16:31:00 | Anomali Cyber Watch: Time-to-Ransom Under Four Hours, Mustang Panda Spies on Russia, Ricochet Chollima Sends Goldbackdoor to Journalists, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, LNK files, Malspam, North Korea, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
A Lookback Under the TA410 Umbrella: Its Cyberespionage TTPs and Activity
(published: April 28, 2022)
ESET researchers found three different teams under China-sponsored umbrella cyberespionage group TA410, which is loosely linked to Stone Panda (APT10, Chinese Ministry of State Security). ESET named these teams FlowingFrog, JollyFrog, and LookingFrog. FlowingFrog uses the Royal Road RTF weaponizer described by Anomali in 2019. Infection has two stages: the Tendyron implant followed by a very complex FlowCloud backdoor. JollyFrog uses generic malware such as PlugX and QuasarRAT. LookingFrog’s infection stages feature the X4 backdoor followed by the LookBack backdoor. Besides using different backdoors and exiting from IP addresses located in three different districts, the three teams use similar tools and similar tactics, techniques, and procedures (TTPs).
Analyst Comment: Organizations should keep their web-facing applications such as Microsoft Exchange or SharePoint secured and updated. Educate your employees on handling suspected spearphishing attempts. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Native API - T1106 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Inter-Process Communication - T1559 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Rootkit - T1014 | [MITRE ATT&CK] Process Injection - T1055 | |
Ransomware Malware Tool Vulnerability Threat Guideline Cloud | APT 37 APT 10 APT 10 | |
|
2022-05-03 14:36:25 | Amazon CloudWatch vs Pingdom: Monitoring tool comparison (lien direct) | Let's compare the features of two popular website monitoring tools, Pingdom and Amazon CloudWatch, to determine what makes each one unique and what you should consider before adopting each tool. | Tool | ||
|
2022-05-03 14:08:13 | The COVID-19 gender gap: Addressing bias at work can help bring women back to the office (lien direct) | The global pandemic highlighted inequities at the workplace and the greater stresses women face. Here's how a new tool that uses science to uncover bias at work can improve workplaces for women. | Tool | ||
 |
2022-05-03 06:08:45 | Package Analysis dynamic analyzes packages in open-source repositories (lien direct) | The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis, to perform dynamic analysis of the packages uploaded to popular open-source repositories. […] | Tool | ||
|
2022-05-02 22:46:55 | CyberArk vs BeyondTrust: Compare IAM solutions (lien direct) | It's time to upgrade your IAM software, but which security tool should you choose? See how the features of CyberArk and BeyondTrust compare. | Tool | ||
|
2022-05-02 20:15:08 | CVE-2021-41810 (lien direct) | Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | Tool | ||
 |
2022-05-02 09:30:00 | UNC3524: Eye Spy sur votre e-mail UNC3524: Eye Spy on Your Email (lien direct) |
Mise à jour (novembre 2022): Nous avons fusionné UNC3524 avec APT29. L'activité UNC3524 décrite dans ce post est désormais attribuée à APT29.
Depuis décembre 2019, Mandiant a observé que les acteurs avancés des menaces augmentent leur investissement dans des outils pour faciliter la collecte de courriels en vrac dans les environnements de victime, en particulier en ce qui concerne leur soutien aux objectifs d'espionnage présumés.Les e-mails et leurs pièces jointes offrent une riche source d'informations sur une organisation, stockée dans un emplacement centralisé pour les acteurs de menace à collecter.La plupart des systèmes de messagerie, qu'ils soient sur site ou dans le cloud, offrent
UPDATE (November 2022): We have merged UNC3524 with APT29. The UNC3524 activity described in this post is now attributed to APT29. Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives. Email messages and their attachments offer a rich source of information about an organization, stored in a centralized location for threat actors to collect. Most email systems, whether on-premises or in the cloud, offer |
Tool Threat | APT 29 | ★★ |
 |
2022-05-01 21:51:22 | Here\'s a New Tool That Scans Open-Source Repositories for Malicious Packages (lien direct) | The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the | Tool | ||
|
2022-04-29 21:12:21 | Datadog vs New Relic: Compare DevOps tools (lien direct) | Datadog vs. New Relic: Which is the best DevOps tool for your business? This guide will help you choose. | Tool | ||
 |
2022-04-29 17:32:59 | Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage (lien direct) |  socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.
Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.
Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.
|
Tool | ||
|
2022-04-29 14:45:19 | LogMeIn vs GoToMyPC: Compare remote desktop software (lien direct) | LogMeIn and GoToMyPC are two of the top remote access software solutions. Read this feature comparison to learn which remote desktop tool is right for your business. | Tool | ||
|
2022-04-29 13:09:34 | OneLogin vs Okta: Comparing IAM solutions (lien direct) | Which identity and access management software should you choose? Compare the features of OneLogin and Okta to see if either is the right IAM tool for your business. | Tool | ||
|
2022-04-28 11:00:00 | More Tools, More Problems: Why It\'s Important to Ensure Security Tools Work Together (lien direct) | Welcome to blog #six as I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience. In the last blog, I wrote about the challenges that organizations have with disparate tools, highlighted by the fact that mature enterprise organizations deployed over 130 security tools on average. That blog is a perfect introduction to number five on our list of challenges enterprise organizations face: ‘Solutions not customized to the types of risks we face.’ More Tools, More Problems Most security teams use several security management tools to help them manage their security infrastructure. While each tool was acquired for a specific reason and purpose, introducing each tool into an existing security tech stack poses a different challenge. Unfortunately, there’s no one size fits all approach. Every new security tool introduced requires integration to use the tool effectively. It takes a lot of time and effort to implement a tool properly into your environment and processes. There would most likely need training involved for those analysts who would be using the new tools. While necessary, these tasks take time and attention away from everyday activities and can significantly decrease a security team’s effectiveness before they’re fully integrated into their workflow. Increasing in Multiple Tools Increases Security Complexity The increasing adoption of cybersecurity solutions has created more consequences and challenges for organizations and their IT teams. With each addition of a new solution, another problem emerges Tool sprawl. Tool sprawl is when an organization invests in various tools that make it harder for IT teams to manage and orchestrate the solution. Time is a precious commodity, especially in cybersecurity. It takes time to collect information from multiple tools and disparate data sources, then correlate it manually with the necessary intelligence. Instead of responding quickly to an attack, analysts will waste time collecting the data and relevant intelligence needed to understand what kind of attacks they are dealing with and which actions they should take. Instead of fixing a problem, security teams may suddenly find that they’ve added more. How Cybersecurity Tools Grew Out of Control Traditional cybersecurity operations were designed to manage anti-viruses, install and monitor firewalls, protect data, and help users manage passwords. It was evident by the mid-1990s that investing in cybersecurity would be necessary. Organizations now had a budget for security and had to figure out which parts of their infrastructure were most vulnerable. As their strategy evolved, organizations began investing in hiring cybersecurity experts but realized people are expensive. They then began buying various tools to complement their security professionals. They soon realized that there was a security tool you could buy that could help resolve the situation for any potential problem. The desire to throw tools at a situation continues today. Cybersecurity budgets have increased since the pandemic sped up digital transformation efforts and increased an organization’s attack surface. Board members and Executives realize the need to invest more in cybersecurity. New security products continue to spring up, promising to solve problems and secure all the various parts of businesses’ technology stacks. Unfortunately, when adding tools, too many organizations make the mistake of looking for a quick fix, working in silos to solve one problem rather than t | Tool Threat Guideline | ||
|
2022-04-27 16:15:11 | CVE-2022-22521 (lien direct) | In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. | Tool | ||
|
2022-04-26 16:24:00 | Anomali Cyber Watch: Gamaredon Delivers Four Pterodos At Once, Known-Plaintext Attack on Yanlouwang Encryption, North-Korea Targets Blockchain Industry, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, CatalanGate, Cloud, Cryptocurrency, Information stealers, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
(published: April 25, 2022)
Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables.
Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | |
Ransomware Malware Tool Vulnerability Threat Guideline Medical | Uber APT 38 APT 28 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-22 19:32:36 | Chef vs Terraform: DevOps tool comparison (lien direct) | Server configuration, automation and infrastructure development are at the heart of every IT business operation. Read this feature comparison of two DevOps tools, Chef and Terraform, to enhance your IT efficiency. | Tool | ||
 |
2022-04-22 18:30:28 | A Detailed Guide on Hydra (lien direct) | Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent | Tool | ||
|
2022-04-21 19:15:08 | CVE-2021-43708 (lien direct) | The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | Tool | ||
|
2022-04-21 16:54:59 | Terraform vs Puppet: DevOps tool comparison (lien direct) | Not all software tools are created equal, and one solution may be more beneficial to your DevOps needs than another. Read on to learn more about two popular DevOps tools: Terraform and Puppet. | Tool | ||
 |
2022-04-21 12:07:55 | Free Yanlouwang decryptor released, after flaw found in ransomware code (lien direct) | Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don't have to pay the ransom. | Ransomware Tool | ||
|
2022-04-20 22:34:24 | Bamboo vs Jenkins: DevOps tools comparison (lien direct) | To choose the best CI/CD tool to power your DevOps initiatives, you need to take a close look at the features offered by the top contenders. See how two DevOps solutions, Bamboo and Jenkins, compare. | Tool | ||
|
2022-04-19 17:44:23 | Monday.com vs Smartsheet: Project management software comparison (lien direct) | Smartsheet and monday work management are two similar project management tools. Here's a key feature comparison to help you choose which PM tool is right for your business. | Tool | ||
|
2022-04-18 05:58:45 | Researchers Share In-Depth Analysis of PYSA Ransomware Group (lien direct) | An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to | Ransomware Malware Tool Threat | ||
|
2022-04-15 19:30:55 | Prometheus vs Zabbix: Network monitoring tools comparison (lien direct) | Prometheus and Zabbix are popular network monitoring solutions with large and active communities. Which is the better tool for you? | Tool | ||
|
2022-04-15 19:15:12 | CVE-2022-24851 (lien direct) | LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1. | Tool Guideline | ||
|
2022-04-15 18:07:00 | A Detailed Guide on Medusa (lien direct) | Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of | Tool | ||
|
2022-04-15 16:15:01 | Wrike vs Monday: Project management software comparison (lien direct) | Wrike and monday work management are popular project management tools. Here's a features comparison rundown to help you decide which PM tool is best for your business. | Tool | ★★ | |
|
2022-04-15 15:42:55 | Best DevOps Tools & Solutions 2022: Compare DevOps Software (lien direct) | Running a successful DevOps operation requires a comprehensive tool set to support each phase of the software development cycle. | Tool | ||
|
2022-04-15 15:15:12 | CVE-2022-20676 (lien direct) | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. | Tool Vulnerability | ||
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-14 19:47:55 | Talend vs Fivetran: ETL tool comparison (lien direct) | Choosing the best ETL tool is paramount for business success. Find the optimum solution with the help of this feature comparison of Talend and Fivetran. | Tool | ||
|
2022-04-14 19:32:53 | Site24x7 vs Dynatrace: Website monitoring tool comparison (lien direct) | See how the popular website monitoring tools Site24x7 and Dynatrace compare. | Tool | ||
|
2022-04-14 11:00:00 | More is Less: The Challenge of Utilizing Multiple Security Tools (lien direct) | Greetings everyone, and welcome to this week’s blog. This week, I’m diving into number six in our “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience: Lack of integrated cyber-security solutions. To deal with the cyberthreats they face every day, Enterprise Security Decision Makers seek new and well-supported solutions. They look for solutions that are easy to use and integrate with other cybersecurity systems and different parts of their organizations. 44% of those surveyed said that easily integrating with other cybersecurity tools is essential when evaluating cybersecurity solutions. What do you look for? initIframe('62573c84d0742a0929d79352'); So why do almost half of enterprise decision-makers want easily integrated tools? Enterprises frequently deploy new security tools and services to address changing needs and an increase in threats. In fact, according to recent findings, mature security organizations have deployed on average: Small business: 15 and 20 security tools Medium-sized companies: 50 to 60 security tools Enterprises: over 130 tools security tools If you like math, check out these stats: A typical six-layer enterprise tech stack, composed of networking, storage, physical servers, virtualization, management, and application layers, causes enterprise organizations to struggle with 1.6 billion versions of tech installations for 336 products by 57 vendors. Increasing Investments Our research showed that 74% of organizations had increased their cybersecurity budgets to help defend against increasing cyber-attacks. Despite these increasing investments in cybersecurity, only 46% are very confident that their cyber-protection technologies can detect today’s sophisticated attacks. While investment is on the uptake, effectiveness is not. Response efforts have been hindered by the complexity caused by fragmented toolsets, highlighting that investing in too many tools can reduce the effectiveness of security defenses. More Tools, More Problems The wide variety of tools enterprises invest their time and money into to combat security threats can create numerous issues. Security analysts are understandably frustrated. They’re spending most of their time chasing false positives and performing manual processes born from these disparate toolsets. They’re working longer hours and are under more pressure to protect the business. CSO Online provides a good article listing the top challenges of security tool integration: 7 top challenges of security tool integration | CSO Online Too many security tools Lack of interoperability among security tools Broken functionality Limited network visibility Increase in false alarms Failure to set expectations properly Lack of skills You can find the full article here. Source: csoonline.com For this blog, I’ll focus on what I think is the biggest challenge the article did not mention: Disparate tools create siloed organizations. Creating Gaps and Silos In the last | Tool Threat Guideline | ||
|
2022-04-13 19:50:30 | GitLab vs Bitbucket: DevOps tools comparison (lien direct) | Read this feature comparison of two popular DevOps solutions: Atlassian's Bitbucket and the open source platform GitLab. Which is the right DevOps tool for your organization? | Tool |
To see everything:
Our RSS (filtrered)
