What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-21 21:06:00 | OT final: vulnérabilité de la chute de glace divulguée affectant l'outil Schneider Final OT:ICEFALL vulnerability disclosed affecting Schneider tool (lien direct) |
Les chercheurs ont révélé une vulnérabilité affectant les outils réalisés par le fabricant de technologies opérationnels (OT) Schneider Electric - le bogue final annoncé dans le cadre d'un ensemble de divulgations Collectivement connu sous le nom d'OT: Filf .La vulnérabilité affecte les compteurs d'énergie de l'ion et de l'électricité de l'entreprise, qui fournissent des outils de surveillance de l'énergie et de l'énergie aux organisations dans la fabrication, l'énergie, l'eau
Researchers have disclosed a vulnerability affecting tools made by operational technology (OT) manufacturer Schneider Electric - the final bug announced as part of a set of disclosures collectively known as OT:ICEFALL. The vulnerability affects the company\'s ION and PowerLogic power meters, which provide power and energy monitoring tools to organizations in the manufacturing, energy, water |
Tool Vulnerability | ★★ | |
 |
2023-06-21 20:11:00 | Anomali Cyber Watch: Cadet Blizzard - New Gru Apt, Chamedoh Rat Linux Hard à détecter, Cirypto-monnaie furtive de la crypto-monnaie furtive Anomali Cyber Watch: Cadet Blizzard - New GRU APT, ChamelDoH Hard-to-Detect Linux RAT, Stealthy DoubleFinger Targets Cryptocurrency (lien direct) |
Les différentes histoires d'intelligence de la menace dans cette itération de l'anomali Cyber Watch Discutez des sujets suivants: Fuites de données, perturbation, extorsion, mascarading, chevaux de Troie à distance, tunneling, et Vulnérabilités .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
événement de sécurité mondiale anomali Intel - Progress Software Vulnerabilities & ndash;Moveit & amp;DataDirect Connect
(Publié: 16 juin 2023)
Après la découverte de CVE-2023-34362 et son exploitation antérieure par un affilié des ransomwares CLOP, plusieurs vulnérabilités supplémentaires ont été découvertes dans Moveit Transfer (CVE-2023-35036 et CVE-2023-35708) et d'autres produits de logiciels de progrès (CVE et CVE-2023-34363 et CVE-2023-34364).Alors que le site de fuite de Darkweb du groupe (> _clop ^ _- les fuites) a commencé à s'adresser aux entités compromises, l'événement d'exploitation original a été évalué comme un événement de sécurité mondial.Ceci est basé sur la liste croissante des organisations violées connues et l'utilisation de Moveit parmi des milliers d'organisations à travers le monde, y compris les secteurs public, privé et gouvernemental.
Commentaire des analystes: Les défenseurs du réseau doivent suivre les étapes d'assainissement des logiciels de progrès qui incluent le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à l'exploitation de déplacement observé sont disponibles dans la plate-forme Anomali pour la détection et la référence historique.
mitre att & amp; ck: [mitre att & amp; ck] t1190 - exploiter le publicApplication | [mitre att & amp; ck] t1036 - masquée | [mitre att & amp; ck] t1560.001 - Données collectées par les archives: archive via l'utilité
Signatures (Sigma Rules): Exploitation potentielle de transfert de déplacement | exploitation movet .
(Règles Yara) lemurloot webshell dll charges utiles - yara by mandiant | scénarisation de la webshell lemurloot ASP.net - yara par mandiant | exploitation movet - yara par Florian Roth | moveit_transfer_exploit_webshell_aspx | moveit_transfer_exploit_webshell_dll
Tags: Target-Software: Moveit Transfer, Vulnérabilité: CVE-2023-34362, Vulnérabilité: CVE-2023-35036, Vulnérabilité: CVE-2023-35708, Vulnérabilité: CVE-2023-34363, Vulnérabilité:CVE-2023-34364, Target-Country: ÉtatsType: ransomware, malware: Lemurloot, Type de logiciels malveillants: webs |
Ransomware Tool Threat Cloud | APT 28 | ★★ |
 |
2023-06-21 13:20:45 | L'Opentext Cybersecurity Survey révèle que 86% des clients MSP cherchent à consolider leurs outils de sécurité OpenText Cybersecurity Survey Finds 86% of MSP Customers are Looking to Consolidate their Security Tools (lien direct) |
L'enquête sur la cybersécurité OpenTEXT révèle que 86% des clients MSP cherchent à consolider leurs outils de sécurité
L'OpenText Cybersecurity 2023 Global Managed Security Survey révèle que la consolidation des outils est motivée par une économie incertaine, l'augmentation des défis de sécurité et de ressources
-
rapports spéciaux
OpenText Cybersecurity Survey Finds 86% of MSP Customers are Looking to Consolidate their Security Tools The OpenText Cybersecurity 2023 Global Managed Security Survey reveals tool consolidation is driven by an uncertain economy, rising security and resource challenges - Special Reports |
Tool | ★★★ | |
 |
2023-06-21 10:00:00 | Vers un SOC plus résilient: la puissance de l'apprentissage automatique Toward a more resilient SOC: the power of machine learning (lien direct) |
A way to manage too much data
To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, and other sources. Reviewing and analyzing all this data in a reasonable amount of time has become a task that is well beyond the scope of human efforts.
AI-powered tools are changing the way security teams operate. Machine learning (which is a subset of artificial intelligence, or “AI”)—and in particular, machine learning-powered predictive analytics—are enhancing threat detection and response in the SOC by providing an automated way to quickly analyze and prioritize alerts.
Machine learning in threat detection
So, what is machine learning (ML)? In simple terms, it is a machine\'s ability to automate a learning process so it can perform tasks or solve problems without specifically being told do so. Or, as AI pioneer Arthur Samuel put it, “. . . to learn without explicitly being programmed.”
ML algorithms are fed large amounts of data that they parse and learn from so they can make informed predictions on outcomes in new data. Their predictions improve with “training”–the more data an ML algorithm is fed, the more it learns, and thus the more accurate its baseline models become.
While ML is used for various real-world purposes, one of its primary use cases in threat detection is to automate identification of anomalous behavior. The ML model categories most commonly used for these detections are:
Supervised models learn by example, applying knowledge gained from existing labeled datasets and desired outcomes to new data. For example, a supervised ML model can learn to recognize malware. It does this by analyzing data associated with known malware traffic to learn how it deviates from what is considered normal. It can then apply this knowledge to recognize the same patterns in new data.
 Unsupervised models do not rely on labels but instead identify structure, relationships, and patterns in unlabeled datasets. They then use this knowledge to detect abnormalities or changes in behavior. For example: an unsupervised ML model can observe traffic on a network over a period of time, continuously learning (based on patterns in the data) what is “normal” behavior, and then investigating deviations, i.e., anomalous behavior.
Large language models (LLMs), such as ChatGPT, are a type of generative AI that use unsupervised learning. They train by ingesting massive amounts of unlabeled text data. Not only can LLMs analyze syntax to find connections and patterns between words, but they can also analyze semantics. This means they can understand context and interpret meaning in existing data in order to create new content.
Finally, reinforcement models, which more closely mimic human learning, are not given labeled inputs or outputs but instead learn and perfect strategies through trial and error. With ML, as with any data analysis tools, the accuracy of the output depends critically on the quality and breadth of the data set that is used as an input.
A valuable tool for the SOC
The SOC needs to be resilient in the face of an ever-changing threat landscape. Analysts have to be able to quickly understand which alerts to prioritize and which to ignore. Machine learning helps optimize security operations by making threat detection and response faster and more accurate. |
Malware Tool Threat Prediction Cloud | ChatGPT | ★★ |
 |
2023-06-20 21:14:00 | Le chatbot de l'investigateur de l'Esentire \\ est un enquêteur de l'investigateur aide la réponse humaine aux incidents de sécurité eSentire\\'s AI Investigator Chatbot Aids Human Response to Security Incidents (lien direct) |
L'outil s'est formé sur l'ensemble de données des services d'investigation de la cybersécurité de la société et fournit des réponses en langage naturel aux requêtes des clients, pour améliorer les efforts de réponse et d'assainissement.
The tool trained on the company\'s investigative cybersecurity services data set, and provides natural language responses to client queries, to improve response and remediation efforts. |
Tool | ★★ | |
|
2023-06-17 01:48:00 | Êtes-vous prêt pour Moveit? Are you ready for MOVEit? (lien direct) |
Background
Multiple vulnerabilities have recently been identified in the managed file transfer (MFT) software MOVEit developed by Ipswitch, Inc. and produced by Progress Software. These include CVE-2023-34362 [1], CVE-2023-35036 [2] and CVE-2023-35708 [3]. These vulnerabilities allow adversaries to gain unauthorized access and escalate privileges in the environment.
MOVEit is a popular tool that is used by thousands of organizations around the world. These include organizations in the public, private, and government sectors. The transfer software can be deployed as on-prem, in the MOVEit Cloud, or on any Microsoft Azure server. Due to the nature of handling potentially sensitive information, MOVEit is a lucrative target from a threat actor’s perspective, granting threat actors the ability to add and remove database content, execute arbitrary code, and steal sensitive information.
What do we know about the exploits?
While this story is still actively playing out and we will know the final count only in the coming weeks, here’s what we know about it thus far.
The CL0p ransomware gang has been actively exploiting this vulnerability and has claimed to compromise over dozens of organizations across different industries and regions. These include oil & gas, news & media, healthcare, financial services, state and federal governments, and more. Anomali’s own assessment has shown that there are thousands of externally exposed MOVEit instances that could potentially be exploited.
Additional public research has revealed that this vulnerability may have been actively exploited even since 2021 [4]. More recently, organizations have also released proof of concept (PoC) exploit code for this vulnerability [5], making it likely that other attackers could exploit unpatched systems.
Anomali MOVEit Vulnerability Dashboard
The Anomali Threat Research team has additionally researched and documented additional details on this vulnerability via Threat Bulletin. The team has also identified over 430 relevant indicators and signatures and several sector specific articles to provide more industry-specific details. The dashboard below highlights some of the insights available to Anomali customers via ThreatStream.
What can you do about it?
There are several steps important to reduce the impact of this vulnerability, some of which are also documented in Progress’ knowledge base article [6]
1. Discover your attack surface. there are several tools that offer this capability, including Anomali Attack Surface Management [7]
2. Patch the vulnerable systems at the earliest. The Progress knowledge base [6] article captures this in the following steps
a.Disable HTTP/S traffic to your MOVEit Transfer environment
b.Patch the vulnerable systems
c.Enable HTTP/S access to the MOVEit Transfer environment
3. Monitor your environment for any known indicators to identify malicious activities. The Anomali Threat Bulletin captures over 2200 observables that can be used to monitor for malicious activities via a SIEM, firewall, or other technologies. Proactively distribute these indicators to your security controls (firewalls, proxies, etc.) to monitor for any malicious activity.
Anomali MOVEit Vulnerability Threat Bulletin
4. Hunt for any attacker footprints. While monitoring looks forward, hunting a |
Ransomware Tool Vulnerability Threat | ★★ | |
 |
2023-06-16 19:24:00 | Chamedoh: Nouvelle porte dérobée Linux en utilisant le tunneling DNS-Over-HTTPS pour CNC Covert ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC (lien direct) |
L'acteur de menace connu sous le nom de Chamelgang a été observé à l'aide d'un implant préalable sans papiers dans des systèmes Linux de porte dérobée, marquant une nouvelle expansion des capacités de l'acteur de menace.
Le malware, surnommé Chamedoh par cage d'escalier, est un outil basé sur C ++ pour communiquer via DNS-Over-HTTPS (DOH).
Chamelgang a été éteinte pour la première fois par la société russe de cybersécurité Positive Technologies en septembre 2021,
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor\'s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed by Russian cybersecurity firm Positive Technologies in September 2021, |
Tool Threat | ★★ | |
 |
2023-06-16 19:15:14 | CVE-2023-25188 (lien direct) | Un problème a été découvert sur Nokia Airscale Asika Single Ran Ran Devices avant 21b.Niveau de système opérationnel Linux intégré BTS.
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. |
Tool | ||
|
2023-06-16 19:15:14 | CVE-2023-25186 (lien direct) | Un problème a été découvert sur Nokia Airscale Asika Single Ran Ran Devices avant 21b.Si / quand CSP (en tant qu'administrateur BTS) supprime les durcissements de sécurité d'une unité de bande de base BTS Single Ran Ran, une traversée de chemin de répertoire dans l'unité de diagnostic de bande de base Nokia BTS Aashell (qui est par défaut désactivé) donne accès à l'unité de bande de base BTS interneSystème de fichiers à partir du réseau BTS de gestion interne de la solution de réseau mobile.
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. |
Tool | ||
|
2023-06-16 18:37:00 | La vulnérabilité de Third Moveit augmente les alarmes alors que le Département de l'agriculture américaine dit qu'il peut être affecté Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (lien direct) |
Une troisième vulnérabilité affectant le populaire outil de transfert de fichiers Moveit provoque une alarme parmi les responsables américains et les chercheurs en cybersécurité après avoir révélé que plusieurs agences gouvernementales ont été affectées par un piratage exploitant le premier bogue.Progress Software, la société derrière Moveit, a déclaré à Recorder Future News qu'une «source indépendante» avait révélé la nouvelle vulnérabilité.Suivi
A third vulnerability affecting the popular MOVEit file transfer tool is causing alarm among U.S. officials and cybersecurity researchers after it was revealed that several government agencies were affected by a hack exploiting the first bug. Progress Software, the company behind MOVEit, told Recorded Future News that an “independent source” disclosed the new vulnerability. Tracked |
Hack Tool Vulnerability | ★★ | |
 |
2023-06-16 15:20:18 | Un rat vole-t-il vos fichiers?& # 8211;Semaine en sécurité avec Tony Anscombe Is a RAT stealing your files? – Week in security with Tony Anscombe (lien direct) |
> Votre téléphone Android pourrait-il abriter un outil d'accès à distance (RAT) qui vole les sauvegardes WhatsApp ou exécute d'autres manigances?
>Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans? |
Tool | ★★ | |
 |
2023-06-16 13:11:38 | Apporter la transparence à l'informatique confidentielle avec SLSA Bringing Transparency to Confidential Computing with SLSA (lien direct) |
Asra Ali, Razieh Behjati, Tiziano Santoro, Software EngineersEvery day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential attack vectors grow more sophisticated, data must also be protected during use by the service, especially for software systems that handle personally identifiable user data.Toward this goal, Google\'s Project Oak is a research effort that relies on the confidential computing paradigm to build an infrastructure for processing sensitive user data in a secure and privacy-preserving way: we ensure data is protected during transit, at rest, and while in use. As an assurance that the user data is in fact protected, we\'ve open sourced Project Oak code, and have introduced a transparent release process to provide publicly inspectable evidence that the application was built from that source code. This blog post introduces Oak\'s transparent release process, which relies on the SLSA framework to generate cryptographic proof of the origin of Oak\'s confidential computing stack, and together with Oak\'s remote attestation process, allows users to cryptographically verify that their personal data was processed by a trustworthy application in a secure environment. | Tool | ★★ | |
 |
2023-06-16 13:00:00 | Comment certaines entreprises sont-elles compromises encore et encore? How Do Some Companies Get Compromised Again and Again? (lien direct) |
> Hack-moi une fois, honte à toi.Hack-moi deux fois, honte à moi.La populaire société de marketing par e-mail, MailChimp, a subi une violation de données l'année dernière après que les cyberattaques ont exploité un outil d'entreprise interne pour accéder aux comptes clients.Les criminels ont pu examiner environ 300 comptes et exfiltrer des données sur 102 clients.Ils aussi [& # 8230;]
>Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […] |
Data Breach Hack Tool | ★★ | |
|
2023-06-15 13:33:00 | La coquille géante du pétrole et du gaz confirme qu'elle a été touchée par les attaques de ransomware de Clop Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (lien direct) |
Shell a confirmé jeudi qu'il avait été touché par la violation de l'outil de transfert de fichiers de déménagement des gangs ransomwares de CloP après que le groupe ait répertorié la multinationale britannique sur l'huile et le gas sur son site d'extorsion.C'est la deuxième fois que Shell - qui emploie plus de 80 000 personnes dans le monde et rapporte des revenus au-delà de
Shell confirmed on Thursday it had been impacted by the Clop ransomware gang\'s breach of the MOVEit file transfer tool after the group listed the British oil and gas multinational on its extortion site. It is the second time that Shell - which employs more than 80,000 people globally and reported revenues in excess of |
Ransomware Tool | ★★★★ | |
|
2023-06-14 14:00:00 | Comment les outils de messagerie populaires inculquent un faux sentiment de sécurité How Popular Messaging Tools Instill a False Sense of Security (lien direct) |
Il est temps d'inclure la sécurité des outils de messagerie dans votre programme de sécurité cloud.Les bonnes premières étapes incluent le resserrement des paramètres du filtre sur Slack et les équipes.
It\'s time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams. |
Tool Cloud | ★★★ | |
|
2023-06-14 10:00:00 | Menage Hunt: Killnet \\'s DDOS Head Flood Attacks - CC.py Threat Hunt: KillNet\\'s DDoS HEAD Flood Attacks - cc.py (lien direct) |
Résumé de l'exécutif
Killnet est un groupe avancé de menace persistante (APT) basé en Russie qui est actif depuis au moins 2015. Le groupe est connu pour ses attaques très sophistiquées et persistantes contre un éventail diversifié d'industries, y compris les gouvernements publics et locaux, les télécommunicationset défense.
Killnet a été lié à plusieurs attaques de haut niveau, notamment le piratage de 2016 du Comité national démocrate (DNC) lors de l'élection présidentielle américaine.Le groupe a également été impliqué dans les attaques de déni de service distribué (DDOS) contre les aéroports américains et le service à large bande satellite d'Elon Musk \\. .
Les motivations derrière ces attaques varient, mais récemment, ils ont principalement ciblé ceux qui sont les partisans les plus vocaux de l'Ukraine et de son agenda politique.
Le but de cette chasse à la menace est de créer un environnement d'attaque virtuel qui simule les tactiques, techniques et procédures de Killnet \\ (TTPS).Par la suite, les détections et les requêtes de chasse aux menaces seront écrites pour identifier de manière proactive les TTP imités tout en compensant les limites des recherches historiques du CIO traditionnelles.
Les résultats de la chasse aux menaces comprendront des tableaux de bord de haut niveau, du code et des artefacts de réseau générés à partir de la plage d'attaque, qui sera utilisé pour expliquer comment une hypothèse a été formée.Les résultats contiendront également la pseudo et la logique de requête traduite dans un format qui peut être utilisé par des outils tels que Suricata, Snort, Splunk et Zeek.La sortie de la requête sera ensuite utilisée pour confirmer l'hypothèse initiale générée.
Artefacts de réseau
Pour imiter l'attaque, CC.py a été utilisé pour générer des demandes de tête continues contre un serveur Apache, reportez-vous à l'annexe A pour plus de détails.Une fois l'attaque lancée, le trafic logarithmique capturé a été examiné, comme le montre la figure 1 et la figure 2. Lors de l'examen du trafic HTTP Head, il a été découvert que les chiffres entre les gammes de 11-12 sont apparus après "Head /?"régulièrement.Ce modèle servira de base à notre première hypothèse, comme indiqué dans la section suivante.
La figure 3 contient également les journaux Apache générés sur le serveur car le script d'attaque continuait d'essayer d'accéder à différents fichiers dans & lsquo; / var / www / html / & rsquo;annuaire.Le script réitère dans un style de type de force brute, jusqu'à ce que les ressources CPU soient rendues épuisées par le volume de trafic pur.
Figure 1 & ndash; Wireshark - généré dynamiquement 11-12 chiffres
Figure 2 & ndash; Wireshark - Forged Referrer & amp;IPS anonymisé
Figure 3 & ndash;Splunk & ndash;Journaux d'erreur du serveur Apache & ndash;Échec des tentatives d'accès au fichier
Guide de détection
Les expressions régulières compatibles Perl peuvent être utilisées pour tirer parti du contexte dérivé de la capture de paquets lors de l'analyse des menaces, comme le montre la figure 1. Cela nous permet d'écrire des règles de suricata / reniflement qui correspondent aux modèles observés dans les en-têtes.Les détections ont tendance à évoluer plus que les requêtes de chasse et peuvent être appliquées stratégiquement sur une base par capteur.Plus précisément, la règle suivante correspondra à n'importe q |
Hack Tool Threat | ★★ | |
|
2023-06-13 18:16:00 | Fortinet dit que VPN Bug \\ 'peut avoir été exploité dans un nombre limité de cas \\' Fortinet says VPN bug \\'may have been exploited in a limited number of cases\\' (lien direct) |
La société de sécurité de réseau Fortinet a déclaré qu'une nouvelle vulnérabilité affectant son outil VPN avait peut-être déjà été exploitée «dans un nombre limité de cas».Les préoccupations concernant la question - suivies comme CVE-2023-27997 - ont augmenté au cours du week-end en raison de la façon dont le produit SSL-VPN de Fortinet \\ de Fortinet est parmi les organisations gouvernementales.Le bogue permet aux pirates d'exécuter non autorisés
Network security company Fortinet said a new vulnerability affecting its VPN tool may have already been exploited “in a limited number of cases.” Concerns about the issue - tracked as CVE-2023-27997 - grew over the weekend due to how widely used Fortinet\'s SSL-VPN product is among government organizations. The bug allows hackers to run unauthorized |
Tool Vulnerability | ★★ | |
|
2023-06-13 17:15:14 | CVE-2023-28303 (lien direct) | Windows Snipping Tool Information Divulgation Vulnérabilité
Windows Snipping Tool Information Disclosure Vulnerability |
Tool Vulnerability | ||
 |
2023-06-13 11:56:50 | Cracking le code de la prise de décision de l'IA: exploiter la puissance des valeurs de forme Cracking the Code of AI Decision Making: Harnessing the Power of SHAP Values (lien direct) |
L'explication de l'apprentissage automatique garantit que les modèles d'IA sont transparents, dignes de confiance et une explicabilité précise permet aux scientifiques des données de comprendre comment et pourquoi un modèle d'IA est arrivé à une décision particulière ou des valeurs de forme de prédiction sont un outil puissant pour l'explication car ils fournissent un moyen de mesurer la contribution de la contribution deChaque fonctionnalité d'un modèle de [& # 8230;]
Machine learning explainability ensures that AI models are transparent, trustworthy and accurate Explainability enables data scientists to understand how and why an AI model arrived at a particular decision or prediction SHAP values are a powerful tool for explainability as they provide a way to measure the contribution of each feature in a model to […] |
Tool | ★★ | |
|
2023-06-13 10:00:00 | Rise of IA in Cybercrime: Comment Chatgpt révolutionne les attaques de ransomwares et ce que votre entreprise peut faire Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. OpenAI\'s flagship product, ChatGPT, has dominated the news cycle since its unveiling in November 2022. In only a few months, ChatGPT became the fastest-growing consumer app in internet history, reaching 100 million users as 2023 began. The generative AI application has revolutionized not only the world of artificial intelligence but is impacting almost every industry. In the world of cybersecurity, new tools and technologies are typically adopted quickly; unfortunately, in many cases, bad actors are the earliest to adopt and adapt. This can be bad news for your business, as it escalates the degree of difficulty in managing threats. Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. While cybersecurity teams can leverage ChatGPT defensively, the lower barrier to entry for launching a cyberattack has both complicated and escalated the threat landscape. Understanding the role of ChatGPT in modern ransomware attacks We’ve written about ransomware many times, but it’s crucial to reiterate that the cost to individuals, businesses, and institutions can be massive, both financially and in terms of data loss or reputational damage. With AI, cybercriminals have a potent tool at their disposal, enabling more precise, adaptable, and stealthy attacks. They\'re using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection. The problem isn\'t just the sophistication of the attacks, but their sheer volume. With AI, hackers can launch attacks on an unprecedented scale, exponentially expanding the breadth of potential victims. Today, hackers use AI to power their ransomware attacks, making them more precise, adaptable, and destructive. Cybercriminals can leverage AI for ransomware in many ways, but perhaps the easiest is more in line with how many ChatGPT users are using it: writing and creating content. For hackers, especially foreign ransomware gangs, AI can be used to craft sophisticated phishing emails that are much more difficult to detect than the poorly-worded message that was once so common with bad actors (and their equally bad grammar). Even more concerning, ChatGPT-fueled ransomware can mimic the style and tone of a trusted individual or company, tricking the recipient into clicking a malicious link or downloading an infected attachment. This is where the danger lies. Imagine your organization has the best cybersecurity awareness program, and all your employees have gained expertise in deciphering which emails are legitimate and which can be dangerous. Today, if the email can mimic tone and appear 100% genuine, how are the employees going to know? It’s almost down to a coin flip in terms of odds. Furthermore, AI-driven ransomware can study the behavior of the security software on a system, identify patterns, and then either modify itself or choose th | Ransomware Malware Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-06-13 03:15:09 | CVE-2023-32115 (lien direct) | Un attaquant peut exploiter MDS comparer l'outil et utiliser des entrées spécialement conçues pour lire et modifier les commandes de base de données, ce qui entraîne la récupération d'informations supplémentaires persistantes par le système.
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. |
Tool | ||
 |
2023-06-12 16:12:52 | EBPFMon: un nouvel outil pour explorer et interagir avec les applications EBPF eBPFmon: A new tool for exploring and interacting with eBPF applications (lien direct) |
EBPFMon est une application TUI open source qui aide les utilisateurs à comprendre, analyser et explorer les programmes EBPF intuitivement exécutés sur un système.
eBPFmon is an open source TUI application that helps users intuitively understand, analyze, and explore eBPF programs running on a system. |
Tool | ★★ | |
 |
2023-06-12 14:29:50 | 12 juin & # 8211;Rapport de renseignement sur les menaces 12th June – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 12 juin, veuillez télécharger notre Bulletin Menace_Intelligence Top Attacks and Breach Cl0p Ransomware Gang a revendiqué la responsabilité d'une exploitation majeure d'un outil de transfert de fichiers géré & # 8211;Le gang a exploité la vulnérabilité d'injection SQL zéro-jour (CVE-2023-34362) qui a potentiellement exposé les données de centaines d'entreprises.[& # 8230;]
>For the latest discoveries in cyber research for the week of 12th June, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Cl0p ransomware gang claimed responsibility for a major exploitation of a managed file transfer tool – The gang leveraged zero-day SQL injection vulnerability (CVE-2023-34362) that potentially exposed the data of hundreds of companies. […] |
Ransomware Tool Vulnerability Threat | ★★ | |
|
2023-06-12 10:00:00 | Understanding AI risks and how to secure using Zero Trust (lien direct) | I. Introduction AI’s transformative power is reshaping business operations across numerous industries. Through Robotic Process Automation (RPA), AI is liberating human resources from the shackles of repetitive, rule-based tasks and directing their focus towards strategic, complex operations. Furthermore, AI and machine learning algorithms can decipher the huge sets of data at an unprecedented speed and accuracy, giving businesses insights that were once out of reach. For customer relations, AI serves as a personal touchpoint, enhancing engagement through personalized interactions. As advantageous as AI is to businesses, it also creates very unique security challenges. For example, adversarial attacks that subtly manipulate the input data of an AI model to make it behave abnormally, all while circumventing detection. Equally concerning is the phenomenon of data poisoning where attackers taint an AI model during its training phase by injecting misleading data, thereby corrupting its eventual outcomes. It is in this landscape that the Zero Trust security model of \'Trust Nothing, Verify Everything\', stakes its claim as a potent counter to AI-based threats. Zero Trust moves away from the traditional notion of a secure perimeter. Instead, it assumes that any device or user, regardless of their location within or outside the network, should be considered a threat. This shift in thinking demands strict access controls, comprehensive visibility, and continuous monitoring across the IT ecosystem. As AI technologies increase operational efficiency and decision-making, they can also become conduits for attacks if not properly secured. Cybercriminals are already trying to exploit AI systems via data poisoning and adversarial attacks making Zero Trust model\'s role in securing these systems is becomes even more important. II. Understanding AI threats Mitigating AI threats risks requires a comprehensive approach to AI security, including careful design and testing of AI models, robust data protection measures, continuous monitoring for suspicious activity, and the use of secure, reliable infrastructure. Businesses need to consider the following risks when implementing AI. Adversarial attacks: These attacks involve manipulating an AI model\'s input data to make the model behave in a way that the attacker desires, without triggering an alarm. For example, an attacker could manipulate a facial recognition system to misidentify an individual, allowing unauthorized access. Data poisoning: This type of attack involves introducing false or misleading data into an AI model during its training phase, with the aim of corrupting the model\'s outcomes. Since AI systems depend heavily on their training data, poisoned data can significantly impact their performance and reliability. Model theft and inversion attacks: Attackers might attempt to steal proprietary AI models or recreate them based on their outputs, a risk that’s particularly high for models provided as a service. Additionally, attackers can try to infer sensitive information from the outputs of an AI model, like learning about the individuals in a training dataset. AI-enhanced cyberattacks: AI can be used by malicious actors to automate and enhance their cyberattacks. This includes using AI to perform more sophisticated phishing attacks, automate the discovery of vulnerabilities, or conduct faster, more effective brute-force attacks. Lack of transparency (black box problem): It\'s often hard to understand how complex AI models make decisions. This lack of transparency can create a security risk as it might allow biased or malicious behavior to go undetected. Dependence on AI systems: As businesses increasingly rely on AI systems, any disruption to these systems can have serious consequences. This could occur due to technical issues, attacks on the AI system itself, or attacks on the underlying infrastructure. III. Th | Tool Threat | ChatGPT ChatGPT | ★★ |
 |
2023-06-09 15:42:46 | Trouver et exploiter les conducteurs de tueurs de processus avec LOL pour 3000 $ Finding and exploiting process killer drivers with LOL for 3000$ (lien direct) |
Cet article décrit un moyen rapide de trouver des conducteurs de tueurs de processus exploitables faciles.Il existe de nombreuses façons d'identifier et d'exploiter les conducteurs de tueurs de processus.Cet article n'est pas exhaustif et ne présente qu'une seule méthode (facile).
Dernièrement, l'utilisation de la technique BYOVD pour tuer les agents AV et EDR semble tendance.Le projet Blackout ZeromeMoryEx, l'outil Terminator vendu (pour 3000 $) de Spyboy en est quelques exemples récents.
L'utilisation de conducteurs vulnérables pour tuer AV et EDR n'est pas neuf, il a été utilisé par APTS, Red Teamers et Ransomware Gangs depuis un certain temps.
This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique to kill AV and EDR agents seems trending. The ZeroMemoryEx Blackout project, the Terminator tool sold (for 3000$) by spyboy are some recent examples. Using vulnerable drivers to kill AV and EDR is not brand new, it’s been used by APTs, Red Teamers, and ransomware gangs for quite some time. |
Ransomware Tool Technical | ★★★★ | |
|
2023-06-08 15:05:00 | L'utilisation des médias sociaux comme outil pour partager les connaissances sur les risques de cybersécurité quotidiens Using social media as a tool to share knowledge on day-to-day Cybersecurity risks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking private information. It’s for good reason that this is top-of-mind. The Identity Theft Resource Center’s 2022 Consumer Impact Report revealed that social media account takeovers have grown by 1,000% in one year. Putting yourself out there on social media platforms opens up your personal information to cyber threats. However, social media can be used for good, rather than evil, when it comes to cybersecurity. Learn how to educate your social media following on everyday cybersecurity risks. Create Cybersecurity content relevant to your audience Not every company or content creator posting on social media is in the cybersecurity niche, not to mention any offshoots or umbrella niches like technology. Of course, if you do fall into a tech niche and have an audience that’s interested specifically in cybersecurity, you can certainly post on social media about the topic. However, virtually any industry could benefit from creating cybersecurity content. When planning quality content for your social pages, identify your content niche and determine what aspects of cybersecurity would be most beneficial and interesting to your audience. You can also capitalize on current trends on social media or in the news when designing an informational content campaign around cybersecurity. Let’s look at how cybersecurity topics can be approached from a variety of industry angles. B2B If you are a shared workspace company, for example, your followers are likely interested in ways to establish network security in a hybrid workplace. Followers of a hiring software company likely want to see how to hire more securely online. If your business caters to other businesses, you can create educational cybersecurity content to help them stay safe while using your services or otherwise doing things related to your product or services. Healthcare While creating content aimed at public services is different than B2B audiences, cybersecurity information is especially relevant. In a time when interest in virtual healthcare services is booming, patients and providers alike need to be aware of HIPAA laws. For instance, a social media post about the security risks and ethical concerns of doctors emailing and texting patients is an important and highly relevant topic. Education Like many healthcare practices have incorporated virtual visits, many schools have started providing virtual classes. If your business is in the education sphere at all, your followers would likely benefit from engaging content about keeping student information private in online classrooms. Lifestyle If your brand is in a lifestyle category, you may not think this has much to do with cybersecurity. However, think about the ways in which your followers engage with your brand. If you sell products on a website, make a social post about how to create a secure login for your site when purchasing to reduce the risk of data theft. Further, you can inform your consumers how you’re taking steps to securely process payments and handle customer information. This will instill trust in | Tool | ★★ | |
 |
2023-06-08 00:00:00 | Hey yara, trouvez des vulnérabilités Hey Yara, find some vulnerabilities (lien direct) |
Intro Intro Trouver des vulnérabilités dans le logiciel n'est pas une tâche facile en soi.Faire cela à l'échelle du cloud est très difficile à effectuer manuellement, et nous utilisons des outils pour nous aider à identifier les modèles ou les signatures de vulnérabilité.Yara est l'un de ces outils.
Yara est un outil très populaire avec des équipes bleues, des chercheurs de logiciels malveillants et pour une bonne raison.
Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware researchers, and for good reason. |
Malware Tool Vulnerability Cloud | ★★ | |
 |
2023-06-07 19:46:11 | Notre dernière intégration & # 8211;Mou Our latest integration – Slack (lien direct) |
> Nous & # 8217; sommes heureux de partager que Intigriti s'intègre désormais à Slack, un meilleur outil de communication d'entreprise largement utilisé dans toutes les industries.Cette fonctionnalité permet de publier des mises à jour automatiques sur vos canaux Slack chaque fois que des événements spécifiés ont lieu.Cette amélioration rationalise votre flux de travail et augmente l'efficacité de votre processus de coordination de vulnérabilité. & # 160;Que pouvez-vous faire avec [& # 8230;]
>We’re happy to share that Intigriti now integrates with Slack, a top business communication tool used widely across industries. This feature allows automatic updates to be posted to your Slack channels whenever specified events take place. This enhancement streamlines your workflow and increases the efficiency of your vulnerability coordination process. What can you do with […] |
Tool Vulnerability | ★★ | |
|
2023-06-07 11:59:00 | Groupe de ransomwares émet un préavis d'extorsion à \\ 'des centaines de victimes Ransomware group Clop issues extortion notice to \\'hundreds\\' of victims (lien direct) |
Potentially hundreds of companies globally are being extorted by the Clop ransomware group after it exploited a vulnerability in the file transfer tool MOVEit to break into computer networks around the world and steal sensitive information. Clop, which Microsoft warned on Sunday was behind the attempts to exploit MOVEit, published an extortion note on Wednesday
Potentially hundreds of companies globally are being extorted by the Clop ransomware group after it exploited a vulnerability in the file transfer tool MOVEit to break into computer networks around the world and steal sensitive information. Clop, which Microsoft warned on Sunday was behind the attempts to exploit MOVEit, published an extortion note on Wednesday |
Ransomware Tool Vulnerability | ★★ | |
|
2023-06-06 19:15:12 | CVE-2023-33957 (lien direct) | La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre et ajouté un nombre élevé de signatures à un artefact peut provoquer un déni de service sur la machine, si un utilisateur exécute la commande Inspecter Notation sur la même machine.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leurs packages de notation vers V1.0.0-RC.6 ou plus.Il est conseillé aux utilisateurs de mettre à niveau.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables.
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. |
Tool | ||
|
2023-06-06 19:15:12 | CVE-2023-33959 (lien direct) | La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre peut amener les utilisateurs à vérifier le mauvais artefact.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leur bibliothèque Notation-Go en V1.0.0-RC.6 ou plus.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables.
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. |
Tool | ||
|
2023-06-06 19:15:12 | CVE-2023-33958 (lien direct) | La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre et ajouté un nombre élevé de signatures à un artefact peut provoquer le déni de service des services sur la machine, si un utilisateur exécute la commande Vérifier la même machine.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leurs packages de notation vers V1.0.0-RC.6 ou plus.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables.
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. |
Tool | ||
|
2023-06-06 19:11:00 | Anomali Cyber Watch: LemurLoot sur les transferts Moveit exploités, exploite iOS zéro-clic ciblée Kaspersky, Qakbot transforme les bots en proxys Anomali Cyber Watch: LEMURLOOT on Exploited MOVEit Transfers, Zero-Click iOS Exploit Targeted Kaspersky, Qakbot Turns Bots into Proxies (lien direct) |
Les diverses histoires de l'intelligence de la menace dans cette itération de la cyber montre anomali discutent des sujets suivants: Adware, botnets, fuite de données, obscurcissement, phishing, vulnérabilités zéro-jour, et Exploits zéro cliquez en clic .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
vulnérabilité de la journée zéro dansTransfert Moveit exploité pour le vol de données
(Publié: 2 juin 2023)
Une vulnérabilité du zéro-day dans le logiciel de transfert de fichiers géré de transfert Moveit (CVE-2023-34362) a été annoncée par Progress Software Corporation le 31 mai 2023. Les chercheurs mandiants ont observé une large exploitation qui avait déjà commencé le 27 mai le 27 mai, 2023. Cette campagne opportuniste a affecté le Canada, l'Allemagne, l'Inde, l'Italie, le Pakistan, les États-Unis et d'autres pays.Les attaquants ont utilisé le shell Web LemurLoot personnalisé se faisant passer pour un composant légitime du transfert Moveit.Il est utilisé pour exfiltrater les données précédemment téléchargées par les utilisateurs de systèmes de transfert Moveit individuels.Cette activité d'acteur est surnommée UNC4857 et elle a une faible similitude de confiance avec l'extorsion de vol de données attribuée à FIN11 via le site de fuite de données de ransomware CL0P.
Commentaire des analystes: L'agence américaine de sécurité de cybersécurité et d'infrastructure a ajouté le CVE-2023-34362 du CVE-2023-34362 à sa liste de vulnérabilités exploitées connues, ordonnant aux agences fédérales américaines de corriger leurs systèmes d'ici le 23 juin 2023.Progress Software Corporation STAPES RESTATIONS, notamment le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à la coque en ligne Lemurloot sont disponibles dans la plate-forme Anomali pour la détection et la référence historique.
mitre att & amp; ck: [mitre att & amp; ck] t1587.003 - développer des capacités:Certificats numériques | [mitre att & amp; ck] t1190 - exploiter la demande publique | [mitre att & amp; ck] t1036 - masquée | [mitre att & amp; ck] t1136 - créer un compte | [mitre att & amp; ck] t1083 - Discovery de dossier et d'annuaire | [mitre att & amp; ck] t1560.001 -Données collectées des archives: Archive via l'utilitaire
Signatures: LEMURLOOT WEBSHELL DLL TARDS - YARA BY BYMandiant | scénarisation de la webshell lemurloot ASP.net - yara par mandiant | Moveit Exploitation - Yara par Florian Roth .
Tags: Malware: LemurLoot, |
Ransomware Malware Tool Vulnerability Threat | ★★ | |
 |
2023-06-06 17:05:00 | Trois vulnérabilités découvertes dans Game Dev Tool RenderDoc Three Vulnerabilities Discovered in Game Dev Tool RenderDoc (lien direct) |
Qualys a identifié une instance d'escalade de privilèges et deux débordements de tampons basés sur un tas
Qualys identified one instance of privilege escalation and two heap-based buffer overflows |
Tool | ★★ | |
|
2023-06-06 16:55:00 | Université de Rochester, Nouvelle-Écosse, premières victimes de déménagement connues en Amérique du Nord University of Rochester, Nova Scotia first known MoveIT victims in North America (lien direct) |
Le gouvernement de la Nouvelle-Écosse et l'Université de Rochester sont les premières organisations en Amérique du Nord à confirmer le vol de données à la suite de l'exploitation d'une nouvelle vulnérabilité affectant le déplacement de l'outil de transfert de fichiers populaire.Dimanche, le gouvernement de la Nouvelle-Écosse, une petite province de l'est du Canada, a averti que les informations personnelles
The government of Nova Scotia and the University of Rochester are the first organizations in North America to confirm data theft as a result of the exploitation of a new vulnerability affecting popular file transfer tool MOVEit. On Sunday, the government of Nova Scotia, a small province in eastern Canada, warned that the personal information |
Tool Vulnerability | ★★ | |
 |
2023-06-06 13:00:00 | Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct) |
CyberheistNews Vol 13 #23 | June 6th, 2023
[Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing
Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks).
A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly.
This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches."
Let that sink in for a moment.
What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks.
[CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports
NEW! KnowBe4 |
Ransomware Malware Hack Tool Threat | ★★ | |
|
2023-06-06 09:10:00 | Kaspersky libère l'outil pour détecter les attaques iOS zéro cliquez sur zéro Kaspersky Releases Tool to Detect Zero-Click iOS Attacks (lien direct) |
Les retombées de l'opération Triangulation continue
Fallout from Operation Triangulation continues |
Tool | ★★★ | |
|
2023-06-05 21:15:10 | CVE-2022-4569 (lien direct) | Une vulnérabilité locale d'escalade des privilèges dans l'outil HYBRID USB-C hybride ThinkPad avec USB-A Dock Firmware Update pourrait permettre à un attaquant avec un accès local pour exécuter du code avec des privilèges élevés pendant la mise à niveau ou l'installation du package.
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. |
Tool Vulnerability | ||
 |
2023-06-05 13:58:29 | Nouvel outil scanne iPhones pour \\ 'triangulation \\' Infection des logiciels malveillants New tool scans iPhones for \\'Triangulation\\' malware infection (lien direct) |
La société de cybersécurité Kaspersky a publié un outil pour détecter si les iPhones Apple et autres appareils iOS sont infectés par une nouvelle \\ 'triangulation \' malware.[...]
Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new \'Triangulation\' malware. [...] |
Malware Tool | ★★ | |
|
2023-06-05 10:00:00 | Trois façons dont l'agro-industrie peut protéger les actifs vitaux des cyberattaques Three ways agribusinesses can protect vital assets from cyberattacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened. A surge of cyberattacks in recent years, disrupting operations, causing economic losses, and threatening food industry security- all underscore this escalating concern. In April 2023, hackers targeted irrigation systems and wastewater treatment plants in Israel. The attack was part of an annual "hacktivist" campaign, and it temporarily disabled automated irrigation systems on about a dozen farms in the Jordan Valley. The attack also disrupted wastewater treatment processes at the Galil Sewage Corporation. In addition, in June 2022, six grain cooperatives in the US were hit by a ransomware attack during the fall harvest, disrupting their seed and fertilizer supplies. Adding to this growing list, a leading US agriculture firm also fell victim to a cyberattack the same year, which affected operations at several of its production facilities. These incidents highlight the pressing need for improved cybersecurity in the agricultural sector and underscore the challenges and risks this sector faces compared to others. As outlined in a study, “Various technologies are integrated into one product to perform specific agricultural tasks.” An example provided is that of an irrigation system which "has smart sensors/actuators, communication protocols, software, traditional networking devices, and human interaction." The study further elaborates that these complex systems are often outsourced from diverse vendors for many kinds of environments and applications. This complexity “increases the attack surface, and cyber-criminals can exploit vulnerabilities to compromise one or other parts of the agricultural application.” However, the situation is far from hopeless. By taking decisive action, we can significantly strengthen cybersecurity in the agricultural sector. Here are three strategies that pave the way toward a more secure future for the farming industry: 1. Strengthening password practices Weak or default passwords are an easily avoidable security risk that can expose vital assets in the agricultural sector to cyber threats. Arguably, even now, people have poor habits when it comes to password security. As per the findings of a survey conducted by GoodFirms: A significant percentage of people - 62.9%, to be exact - update their passwords only when prompted. 45.7% of people admitted to using the same password across multiple platforms or applications. More than half of the people had shared their passwords with others, such as colleagues, friends, or family members, raising the risk of unauthorized access. A surprising 35.7% of respondents reported keeping a physical record of their passwords on paper, sticky notes, or in planners. These lax password practices have had tangible negative impacts, with 30% of users experiencing security breaches attributable to weak passwords. Hackers can use various methods, such as brute force attacks or phishing attacks, to guess or obtain weak passwords and access sensitive inf | Ransomware Tool Vulnerability Patching | ★★ | |
|
2023-06-02 20:09:55 | CrowdStrike améliore Falcon Discover pour réduire la surface d'attaque, rationaliser les opérations et réduire les coûts CrowdStrike Enhances Falcon Discover to Reduce the Attack Surface, Streamline Operations and Lower Costs (lien direct) |
Crowdsstrike Falcon & Reg;Discover offre une visibilité approfondie des actifs sans matériel à déployer ou à gérer, offrant un contexte précieux pour tous vos actifs.Pour les équipes et les équipes de sécurité, Falcon Discover est un outil puissant pour arrêter les violations.La majorité des clients Crowdsstrike utilisent déjà Falcon Discover pour améliorer leur posture informatique et de sécurité.Continuer [& # 8230;]
CrowdStrike Falcon® Discover delivers deep asset visibility with no hardware to deploy or manage, providing valuable context for all of your assets. For IT and security teams alike, Falcon Discover is a powerful tool to stop breaches. The majority of CrowdStrike customers already use Falcon Discover to improve their IT and security posture. To continue […] |
Tool | ★★ | |
|
2023-06-02 18:23:00 | Le botnet brésilien cible les espagnols à travers les Amériques, dit Cisco Brazil-based botnet targets Spanish-speakers across Americas, Cisco says (lien direct) |
Les pirates soupçonnés de vivre au Brésil utilisent un botnet non identifié auparavant appelé à cibler les boîtes de réception par e-mail des espagnols à travers les Amériques.Des chercheurs de l'équipe de sécurité de Talos de Cisco \\ ont déclaré que le botnet, appelé «Horabot», livre un outil de chevaux de Troie et de spam bancaire sur une campagne qui se déroule depuis
Hackers suspected to be living in Brazil are using a previously unidentified botnet called to target the email inboxes of Spanish speakers across the Americas. Researchers from Cisco\'s Talos security team said the botnet, called “Horabot,” delivers a banking trojan and spam tool onto victim machines in a campaign that has been running since at |
Spam Tool | ★★ | |
|
2023-06-02 13:50:00 | Comment les CISO peuvent gérer l'intersection de la sécurité, de la vie privée et de la confiance How CISOs Can Manage the Intersection of Security, Privacy, And Trust (lien direct) |
Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy.
Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy. |
Tool | ★★ | |
|
2023-06-01 18:42:00 | Comment réduire l'étalement de l'outil de sécurité dans mon environnement? How Do I Reduce Security Tool Sprawl in My Environment? (lien direct) |
En ce qui concerne la consolidation des outils, concentrez-vous sur les plates-formes sur les produits.
When it comes to tool consolidation, focus on platforms over products. |
Tool | ★★ | |
|
2023-06-01 17:17:00 | Les experts mettent en garde contre l'exploitation des outils de transfert Moveit à l'aide de bogue zéro-jour Experts warn of MOVEit Transfer tool exploitation using zero-day bug (lien direct) |
Les pirates exploitent une nouvelle vulnérabilité zéro-jour affectant un outil de transfert de fichiers populaire utilisé par des milliers de grandes entreprises. BleepingCompuller Pour signaler que les pirates exploitaient la vulnérabilité affectant le logiciel Moveit, et la société de sécurité Rapid7 a déclaré qu'elle voyait également l'exploitation du bogue «dans plusieurs environnements clients».L'outil a été créé par
Hackers are exploiting a new zero-day vulnerability affecting a popular file transfer tool used by thousands of major companies. BleepingComputer was first to report that hackers were exploiting the vulnerability affecting MOVEit software, and security company Rapid7 said it is also seeing exploitation of the bug “across multiple customer environments.” The tool was created by |
Tool Vulnerability | ★★★ | |
|
2023-05-31 19:15:16 | CVE-2022-35743 (lien direct) | Microsoft Windows Prise en charge de l'outil de diagnostic (MSDT) Vulnérabilité d'exécution de code distant
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
Tool Vulnerability | ||
|
2023-05-31 18:15:09 | CVE-2023-33967 (lien direct) | Easeprobe est un outil qui peut effectuer la vérification de la santé / de l'état.Un problème d'injection SQL a été découvert dans Easéprobe avant 2.1.0 lors de l'utilisation de la vérification des données MySQL / PostgreSQL.Ce problème a été résolu dans la v2.1.0.
EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. |
Tool | ||
|
2023-05-31 17:19:00 | Anomali Cyber Watch: Shadow Force cible les serveurs coréens, Volt Typhoon abuse des outils intégrés, Cosmicenergy Tests Electric Distribution Perturbation Anomali Cyber Watch: Shadow Force Targets Korean Servers, Volt Typhoon Abuses Built-in Tools, CosmicEnergy Tests Electric Distribution Disruption (lien direct) |
Les différentes histoires de l'intelligence des menaces dans cette itération de la cyber-montre anomali discutent des sujets suivants: Chine, chargement de DLL, vivant de la terre, technologie opérationnelle, ransomware, et Russie .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
shadowVictiticoor et Coinmin de Force Group \\
(Publié: 27 mai 2023)
Force Shadow est une menace qui cible les organisations sud-coréennes depuis 2013. Il cible principalement les serveurs Windows.Les chercheurs d'AHNLAB ont analysé l'activité du groupe en 2020-2022.Les activités de force fantôme sont relativement faciles à détecter car les acteurs ont tendance à réutiliser les mêmes noms de fichiers pour leurs logiciels malveillants.Dans le même temps, le groupe a évolué: après mars, ses fichiers dépassent souvent 10 Mo en raison de l'emballage binaire.Les acteurs ont également commencé à introduire divers mineurs de crypto-monnaie et une nouvelle porte dérobée surnommée Viticdoor.
Commentaire de l'analyste: Les organisations doivent garder leurs serveurs à jour et correctement configurés avec la sécurité à l'esprit.Une utilisation et une surchauffe du processeur inhabituellement élevées peuvent être un signe du détournement de ressources malveillantes pour l'exploitation de la crypto-monnaie.Les indicateurs basés sur le réseau et l'hôte associés à la force fantôme sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquer sur leur infrastructure.
mitre att & amp; ck: [mitre att & amp; ck] t1588.003 - obtenir des capacités:Certificats de signature de code | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1027.002 - fichiers ou informations obscurcies: emballage logiciel | [mitre att & amp; ck] t1569.002: exécution du service | [mitre att & amp; ck] T1059.003 - Commande et script Interpréteur: Windows Command Shell | [mitre att & amp; ck] T1547.001 - Exécution de botter ou de connexion automatique: Registre Run Keys / Startup Folder | [mitre att & amp; ck] t1546.008 - Événement Exécution déclenchée: caractéristiques de l'accessibilité | [mitre att & amp; ck] t1543.003 - créer ou modifier le processus système: service Windows | [mitre att & amp; ck] t1554 - compromis le logiciel client binaire | [mitreAtt & amp; ck] t1078.001 - Comptes valides: comptes par défaut | [mitre att & amp; ck] t1140 - désobfuscate / décode ou infor |
Ransomware Malware Tool Vulnerability Threat | APT 38 Guam CosmicEnergy | ★★ |
|
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
|
2023-05-30 22:00:00 | Rat Seroxen à vendre SeroXen RAT for sale (lien direct) |
This blog was jointly written with Alejandro Prada and Ofer Caspi.
Executive summary
SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.
Key takeaways:
SeroXen is a fileless RAT, performing well at evading detections on static and dynamic analysis.
The malware combines several open-source projects to improve its capabilities. It is a combination of Quasar RAT, r77-rootkit and the command line NirCmd.
Hundreds of samples have shown up since its creation, being most popular in the gaming community. It is only a matter of time before it is used to target companies instead of individual users.
Analysis
Quasar RAT is a legitimate open-source remote administration tool. It is offered on github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017).
It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day.
In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website.
Figure 1. SeroXen features announced on its website.
This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool.
In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal.
After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT.
The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th |
Malware Tool Threat | Uber APT 10 | ★★ |
To see everything:
Our RSS (filtrered)
