What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-13 13:00:00 | Free and Commercial Tools to Implement the Center for Internet Security (CIS) Security Controls, Part 17: Data Protection (lien direct) | This is Part 17 of a 'How-To' effort to compile a list of tools (free and commercial) that can help IT administrators comply with what was formerly known as the "SANS Top 20 Security Controls". It is now known as the Center for Internet Security (CIS) Security Controls. A summary of the previous posts is here: Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure Configurations. Part 4 - we looked at Continuous Vulnerability Assessment and Remediation. Part 5 - we looked at Malware Defenses. Part 6 - we looked at Application Security. Part 7 - we looked at Wireless Access Control. Part 8/9 – we looked at Data Recovery and Security Training. Part 10/11 - we looked at Secure Configurations for Network Devices such as Firewalls, Routers, and Switches and Limitation and Control of Network Ports, Protocols and Services. Part 12 - we looked at Controlled Use of Administrative Privileges Part 13 - we looked at Boundary Defense Part 14 - we looked at Maintenance, Monitoring and Analysis of Audit Logs Part 15 - We looked at Controlled Access Based on the Need to Know. | APT 17 | ||
 |
2016-09-11 10:43:41 | Google Chrome : Vers une signalisation des pages HTTP “non sécurisées†(lien direct) |  Google Chrome affiche actuellement une icône informative grise sur les sites HTTP. Mais le géant explique sur son blog qu'à partir du début 2017, son navigateur avertira les utilisateurs qui se trouvent sur une page non protégée par HTTPS. Lorsqu'une alerte s'affichera pour tous les visiteurs d'un site, cela pourra être considéré comme un important moyen de pression pour forcer les webmasters à passer leur site en HTTPS. |
APT 19 | ||
 |
2016-08-26 08:14:40 | Mozilla launches free website security scanning service (lien direct) | In order to help webmasters better protect their websites and users, Mozilla has built an online scanner that can check if web servers have the best security settings in place.Dubbed Observatory, the tool was initially built for in-house use by Mozilla security engineer April King, who was then encouraged to expand it and make it available to the whole world.She took inspiration from the SSL Server Test from Qualys' SSL Labs, a widely appreciated scanner that rates a website's SSL/TLS configuration and highlights potential weaknesses. Like Qualys' scanner, Observatory uses a scoring system from 0 to 100 -- with the possibility of extra bonus points -- which translates into grades from F to A+.To read this article in full or to leave a comment, please click here | APT 19 | ||
 |
2016-07-01 04:22:19 | APT and why I don\'t like the term, (Fri, Jul 1st) (lien direct) | IntroductionIn May 2015, I wrote a dairy describing a SOC analyst pyramid. It describes the various types of activity SOC analysts encounter in their daily work [1]. In the comments, someone stated I shouldve included the term advanced persistent threat (APT) in the pyramid. But APT is supposed to describe an adversary, not the activity.As far as Im concerned, the media and security vendors have turned APT into a marketing buzzword. I do not like the term APT at all.With that in mind, this diary looks at the origin of the term APT. It also presents a case for and and a case against using the term.Origin of APTIn 2006 members of the United States Air Force (USAF) came up with APT as an unclassified term to refer to certain threat actors in public [2].Background on the term can be found in the July/August 2010 issue of Information Security magazine. It has a feature article titled, What APT is (And What it Isnt) written by Richard Bejtlich." />Shown above: An image showing the table of contents entry for Bejtlichs article.According to Bejtlich, If the USAF wanted to talk about a certain intrusion set with uncleared personnel, they could not use the classified threat actor name. Therefore, the USAF developed the term APT as an unclassified moniker (page 21). Based on later reports about cyber espionage, I believe APT was originally used for state-sponsored threat actors like those in China [3].A case for using APTBejtlichs article has specific guidelines on what constitutes an APT. He also discussed it on his blog [4]. Some key points follow:Advanced means the adversary can operate in the full spectrum of computer intrusion.Persistent means the adversary is formally tasked to accomplish a mission.Threat refers to a group that is organized, funded, and motivated.If you follow these guidelines, using APT to describe a particular adversary is well-justified.Mandiants report about a Chinese state-sponsored group called APT1 is a good example [3]. In my opinion, FireEye and Mandiant have done a decent job of using APT in their reporting.A case against APTThe terms advanced and persistent and even threat are subjective. This is especially true for leadership waiting on the results of an investigation.Usually, when Ive talked with people about APT, theyre often referring to a targeted attack. Some people I know have also used APT to describe an actor behind a successful attack, but it wasnt something I considered targeted. We always think our organization is special, so if were compromised, it must be an APT! If your IT infrastructure has any sort of vulnerability (because people are trained to balance risk and profit), youre as likely be compromised by a common cyber criminal as you are by an APT.Bejtlich states that after Googles Operation Aurora breach in 2010, wide-spread attention was brought to APT. At that point, many vendors saw APT as a marketing angle to rejuvenate a slump in security spending [2]." />Shown above: An example of media reporting on APT.A good example of bad reporting is the Santa-APT blog post from CloudSek in December 2015. however, other sources have reported the info [ | Guideline | APT 1 | |
|
2016-06-29 08:21:43 | États-Unis – Le FBI libre de pirater n\'importe quel PC légalement ? (lien direct) |  Au cours des turbulences liées à l'affaire de pédophilie Playpen, un juge américain a déclaré que le FBI n'avait pas besoin de mandat pour obtenir s'introduire et fouiller un ordinateur à distance. Dérive ? |
APT 10 | ||
|
2016-06-08 09:28:01 | Ransomware Web – Le CMS Drupal attaqué via une injection SQL (lien direct) | Ce n'est pas la première fois que des cybercriminels ciblent les webmasters avec leurs ransomwares dédiés au Web. Cette fois, c'est une campagne malveillante ciblant les sites sous le CMS Drupal qui sont touchés. |
APT 19 | ||
 |
2016-06-02 16:00:17 | 6 best html5 libraries 2016 (lien direct) | For any web developer or designer, HTML5 tools and libraries prove to be a great help when it comes to step up their workflow and perform repetitive tasks. These tools are blessed with all the richness and power that help webmasters to augment the value of their work and improve the usability of their web designs and development.Here we are showcasing some of the best HTML5 tools and libraries for web developers and designers. BEST HTML5 TOOLS & LIBRARIES Being the finest online animation tool, HTML5 Maker makes it easy for developers to add interactive content to their website with | APT 19 | ||
 |
2016-05-27 14:13:19 | IXESHE Derivative IHEATE Targets Users in America (lien direct) | Since 2012, we've been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.We also noticed that there were some changes to the underlying behavior of the malware used. While there were some incremental improvements in the observed behavior of the new sample, the underlying pattern of behavior is similar to what we observed earlier from IXESHE.These attacks targeting users in the United States used a variant of IXESHE which has been seen in Taiwan since 2009 named IHEATE. These showed some differences from known IXESHE variants: they had a different command-and-control (C&C) communication model and encryption methods.Post from: Trendlabs Security Intelligence Blog - by Trend MicroIXESHE Derivative IHEATE Targets Users in America | APT 12 | ||
 |
2016-05-27 03:00:57 | From Monkey to Man – The Evolution of a CISO (lien direct) | I think we are all familiar with the popular axiom, “It's not IF you get compromised, it's WHEN you get compromised.” I'm also pretty sure we all know that IT security is no longer viewed purely as an operational concern but as a significant contributor to business risk. As a result of this, IT security […]… Read More | APT 17 | ||
 |
2016-05-25 16:10:43 | Wekby hacker gang using DNS requests in new malware campaign (lien direct) | A long-time hacker group is using DNS requests as a command-and-control mechanism in a new series of malware attacks. |
APT 18 | ||
 |
2016-05-24 18:30:30 | New Wekby Attacks Use DNS Requests As Command and Control Mechanism (lien direct) | We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such… | APT 18 | ||
|
2016-05-23 01:00:26 | Operation Ke3chang Resurfaces With New TidePool Malware (lien direct) | Introduction Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve… | APT 15 APT 25 | ||
|
2016-05-07 16:25:00 | WordPress 4.5.2 : Mise à jour de sécurité critique (lien direct) | L'équipe de WordPress vient de mettre à disposition la version 4.5.2, qui est une mise à jour de sécurité. Webmasters, il est urgent de la déployer au plus vite si vous n'avez pas activé les mises à jours automatiques de votre WordPress. Sinon, elle a déjà été appliquée. |
APT 19 | ★★ | |
|
2016-03-30 07:00:00 | Cmstar APT Malware Exploits CVE-2012-0158 (lien direct) | BackgroundAPTs (Advanced Persistent Threats) are a type of threat that targets a specific group of potential victims. For example, they have been used in cyber-espionage campaigns to target governments, anti-government activists, military organizations, as well as private companies. Their goal is to penetrate a targeted system or network, remain hidden for extended periods, and collect and exfiltrate data.A common compromise technique is for an APT to target the victims with a spear phishing campaign. Spear phishing campaigns are successful in part because of the great deal of information we have posted about ourselves online. With only a few minutes of research, a cyber criminal can usually identify one or more people in our professional circles whose name, when we see it in the ‘from’ field in an email, would likely cause us to open the email.The attachment exploits a common vulnerability (CVE-2012-0158) which installs the Cmstar downloader onto the compromised system. Cmstar then contacts the Command and Control (C&C) server for the BBSRAT remote access malware to download, and installs it on the compromised system. The attacker can now control the compromised system directly.Impact on YouHaving any type of malware (especially one designed to steal data) on your network puts your sensitive or regulated information at risk.Once installed, Cmstar has the ability to download malware that can infect other machines as well as pull down additional malware variants as neededThe data-stealing malware can reside inside a network for months or years before detection, giving an attacker virtually unlimited access to dataHow AlienVault HelpsAPTs are sophisticated attacks conducted by well-resourced teams. Preventive technologies like sandboxing can help block some attacks, but a dedicated, focused adversary will always find a way to penetrate a network.That’s why you need the ability to detect the presence of compromised systems, downloaders, remote access malware, and other malicious content in your network quickly. And, once you have detected it, you need to be able to minimize the damage that compromised systems can cause. That’s where the AlienVault Labs team can help—the threat research team continues to research and update the ability of the USM platform to detect new downloaders, remote access toolkits (RATs), as well as new variations on existing malware.The Labs team recently updated the USM platform’s ability to detect the latest version of the Cmstar downloader on your network by adding an IDS signature to detect the malicious traffic and a correlation directive to link events from across your network that indicate that Cmstar has compromised one or more systems.These updates are included in the latest AlienVault Threat Intelligence update available now:New Detection Technique - APT CmstarCmstar is a downloader that is similar to the Lurid and Enfal families of malware. Cmstar is typically delivered through phishing emails that contain malicious Microsoft documents and has recently been used to download BBSRAT. The group that utilizes Cmstar and BBSRAT appears to be targeting Russian victims and most r | APT 15 | ★★★★★ | |
 |
2015-07-13 08:31:00 | Démontrant Hustle, les groupes de l'APT chinois utilisent rapidement une vulnérabilité zéro-jour (CVE-2015-5119) après une fuite d'équipe de piratage Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak (lien direct) |
Le Fireeye en tant qu'équipe de service a détecté des campagnes de phishing indépendantes menées par deux groupes de menace persistante avancés chinois (APT) que nous suivons, APT3 et APT18.Chaque groupe de menaces a rapidement profité d'une vulnérabilité zéro-jour (CVE-2015-5119), qui a été divulguée dans la divulgation des données internes de l'équipe de piratage.Adobe a publié un patch pour la vulnérabilité le 8 juillet 2015. Avant ce patcha été publié, les groupes ont lancé des campagnes de phishing contre plusieurs sociétés de l'aérospatiale et de la défense, de la construction et de l'ingénierie, de l'éducation, de l'énergie
The FireEye as a Service team detected independent phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups that we track, APT3 and APT18. Each threat group quickly took advantage of a zero-day vulnerability (CVE-2015-5119), which was leaked in the disclosure of Hacking Team\'s internal data. Adobe released a patch for the vulnerability on July 8, 2015. Before that patch was released, the groups launched phishing campaigns against multiple companies in the aerospace and defense, construction and engineering, education, energy |
Vulnerability Threat | APT 18 APT 3 | ★★★★ |
|
2014-10-27 03:00:42 | Malware APT28: une fenêtre sur les opérations de cyber-espionnage de la Russie? APT28 Malware: A Window into Russia\\'s Cyber Espionage Operations? (lien direct) |
Le rôle des acteurs de l'État-nation dans les cyberattaques a peut-être été le plus largement révélé en février 2013 lorsque mandiant href = "https://www.mandiant.com/resources/mandiant-expose-apt1-chinas-cyber-espionage-units" cible = "_ Blank"> Rapport APT1, en Chine.Aujourd'hui, nous publions un nouveau rapport: apt28:Une fenêtre sur les opérations de cyber-espionnage de la Russie?
Ce rapport se concentre sur un groupe de menaces que nous avons désigné comme APT28.Alors que les logiciels malveillants d'APT28 \\ sont assez connus dans la communauté de la cybersécurité, notre rapport détaille des informations supplémentaires exposant des opérations en cours et ciblées qui, selon nous, indiquent un sponsor gouvernemental basé à Moscou.
dans
The role of nation-state actors in cyber attacks was perhaps most widely revealed in February 2013 when Mandiant released the APT1 report, which detailed a professional cyber espionage group based in China. Today we release a new report: APT28: A Window Into Russia\'s Cyber Espionage Operations? This report focuses on a threat group that we have designated as APT28. While APT28\'s malware is fairly well known in the cybersecurity community, our report details additional information exposing ongoing, focused operations that we believe indicate a government sponsor based in Moscow. In |
Malware Threat | APT 28 APT 28 APT 1 | ★★★★ |
|
2014-09-03 18:00:29 | Le groupe APT préféré de Darwin \\ Darwin\\'s Favorite APT Group (lien direct) |
Introduction
Les attaquants appelés APT12 (également connu sous le nom d'Ixeshe, Dyncalc et DNSCALC) ont récemment lancé une nouvelle campagne ciblant les organisations au Japon et à Taïwan.L'APT12 serait un groupe de cyber-espionnage qui aurait des liens avec l'armée de libération du peuple chinois.Les objectifs d'APT12 \\ sont conformes aux objectifs de la République de Chine (PRC) de la République de Chine (PRC).Les intrusions et les campagnes menées par ce groupe sont en ligne avec les objectifs de la RPC et l'intérêt personnel à Taïwan.De plus, les nouvelles campagnes que nous avons révélées mettent davantage met en évidence la corrélation entre les groupes APT qui cessent et réoulèvent
Introduction The attackers referred to as APT12 (also known as IXESHE, DynCalc, and DNSCALC) recently started a new campaign targeting organizations in Japan and Taiwan. APT12 is believed to be a cyber espionage group thought to have links to the Chinese People\'s Liberation Army. APT12\'s targets are consistent with larger People\'s Republic of China (PRC) goals. Intrusions and campaigns conducted by this group are in-line with PRC goals and self-interest in Taiwan. Additionally, the new campaigns we uncovered further highlight the correlation between APT groups ceasing and retooling |
Technical | APT 12 | ★★★★ |
|
2013-02-19 07:00:45 | Mandiant expose APT1 & # 8211;L'une des unités de cyber-espionnage de Chine et libère 3 000 indicateurs Mandiant Exposes APT1 – One of China\\'s Cyber Espionage Units & Releases 3,000 Indicators (lien direct) |
Aujourd'hui, le Mandiant & Reg;Intelligence Center ™ a publié un rapport sans précédent Exposer la campagne d'espionnage informatique de l'APT1 \\ à l'échelle de l'entreprise.APT1 est l'une des dizaines de groupes de menaces, des pistes mandiantes du monde entier et nous le considérons comme l'un des plus prolifiques en termes de quantité d'informations qu'elle a volée.
Les faits saillants du rapport incluent:
Preuve liant APT1 au 2e Bureau de la Chine de la Chine du Département général de l'Armée de libération (PLA) \'s (GSD) 3e département (désignateur de couverture militaire 61398).
Une chronologie de l'espionnage économique de l'APT1 réalisée depuis 2006
Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1\'s multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen. Highlights of the report include: Evidence linking APT1 to China\'s 2nd Bureau of the People\'s Liberation Army (PLA) General Staff Department\'s (GSD) 3rd Department (Military Cover Designator 61398). A timeline of APT1 economic espionage conducted since 2006 |
Threat | APT 1 | ★★★★ |
To see everything:
Our RSS (filtrered)
