What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-30 20:30:00 | Le fait de renouveler l'article 702 \\ 'aura des coûts importants pour la diplomatie américaine, \\' le haut responsable de l'État dit Failing to renew Section 702 \\'will have significant costs for US diplomacy,\\' top State official says (lien direct) |
Les efforts diplomatiques américains à travers le monde en souffriraient si le Congrès ne renouvelle pas un outil de surveillance étrangers avant qu'il ne s'allume à la fin de l'année civile, a averti le chef de la succursale du renseignement du Département d'État \\.«Ne vous y trompez pas, l'avenir sans 702, ou un programme 702 beaucoup diminué, aura des coûts importants pour
U.S. diplomatic efforts around the globe would suffer if Congress fails to renew a foreign surveillance tool before it lapses at the end of the calendar year, the head of the State Department\'s intelligence branch warned Tuesday. “Make no mistake, the future without 702, or a much diminished 702 program, will have significant costs for |
Tool | ★★ | |
 |
2023-05-30 19:55:01 | Écoutez ces enregistrements: Deepfake Social Engineering Scams effraye les victimes Listen to These Recordings: Deepfake Social Engineering Scams Are Scaring Victims (lien direct) |
> Deepfake Social Engineering Les escroqueries sont devenues une tendance de plus en plus effrayante parmi les cybercriminels à l'ingénierie socialement des victimes de la soumission.Les acteurs de la menace utilisent l'intelligence artificielle (AI) et les outils de clonage vocal d'apprentissage automatique (ML) pour disperser la désinformation pour les escroqueries cybercrimins.Cela ne prend pas beaucoup pour un enregistrement audio d'une voix & # 8211;seulement environ 10 à [& # 8230;]
Le post écoutez ces enregistrements: Deepfake Social Engineering Scams effraye les victimes href = "https://slashnext.com"> slashnext .
>Deepfake social engineering scams have become an increasingly scary trend among cybercriminals to socially engineer victims into submission. The threat actors are using Artificial Intelligence (AI) and Machine Learning (ML) voice cloning tools to disperse misinformation for cybercriminal scams. It doesn\'t take much for an audio recording of a voice – only about 10 to […] The post Listen to These Recordings: Deepfake Social Engineering Scams Are Scaring Victims first appeared on SlashNext. |
Tool Threat Prediction | ★★★ | |
 |
2023-05-30 17:00:00 | Attaques non détectées contre les cibles du Moyen-Orient menées depuis 2020 Undetected Attacks Against Middle East Targets Conducted Since 2020 (lien direct) |
Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that\'s been in the wild since 2020.
Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that\'s been in the wild since 2020. |
Tool | ★★ | |
 |
2023-05-30 10:00:00 | Introduction à l'objectif de la passerelle AWS Transit Introduction to the purpose of AWS Transit Gateway (lien direct) |
Introduction
Today you look at the Global/Multi-site Enterprise Security Architecture of an organization and see a myriad of concerns. Increased levels of complexity, difficulties managing multiple third parties, difficulties implementing consistent levels of security, and so on. This makes it imperative for organizations to identify opportunities to simplify, streamline, and generally improve their infrastructure wherever possible.
Managing the level of complexity is becoming increasingly difficult. Security may be partially implemented, which is an ongoing challenging issue.
Terminology
AWS Region - a physical location around the world where we cluster data centers.
AWS Availability Zone (AZ) - is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.
AWS Services - AWS offers a broad set of global cloud-based products, including compute, storage, database, analytics, networking, machine learning and AI, mobile, developer tools, IoT, security, enterprise applications, and more.
AWS Transit Gateway (TGW) - A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.
Global/Multi-Site Enterprise Architecture
Many organizations are using Global/Multi-site with dated technology spread throughout data centers and networks mixed in with some newer technologies. This can include uncounted third parties as well. These sites often include multiple environments (like Dev, QA, Pre-Prod, and Prod) supported by numerous technologies spread across both physical and virtual servers, including databases, web, and application servers, and more.
Modifications can be challenging when integrating legacy with new technologies. Sometimes can require a static approach when completely redesigning existing infrastructure. Understandably, most organizations tend to shy away from exploring anything that seems like a significant upgrade or change. Thankfully there are some solutions available that can substantially improve operations and infrastructure without the typical complexities and implementation challenges.
One such example is outlined below.
Example AWS Transit Gateway (TGW) Global Diagram
AWS Transit Gateway diagram
AWS Transit Gateway is a cloud-based tool that permits a simplified, secure networking approach for companies requiring a hybrid solution that can scale according to their global/multi-site enterprise business needs. The AWS Transit Gateway integrates with Palo Alto Security Devices, which helps to reduce the organization’s risk footprint.
AWS Transit Gateway architecture is used to consolidate site-to-site VPN connections from your on-premises network to your AWS environment and support connectivity between your team development and workload hosting VPCs and your infrastructure shared services VPC. This information will help you make a more informed decision as you consider the recommended approach of using AWS Transit Gateway.
AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.
As you expand globally, inter-region peering connects AWS Transit Gateways together using the AWS global network. Your data is secured automatically and encrypted; it never travels over the public internet, only on the AWS Global Network. Because of its central position, AWS Transit Gateway Network Manager has a unique view over your entire n |
Tool Threat Cloud | ★★ | |
 |
2023-05-30 06:16:36 | CVE-2023-33186 (lien direct) | Zulip est un outil de collaboration d'équipe open source avec un threading unique basé sur un sujet qui combine le meilleur e-mail et le chat pour rendre le travail à distance productif et délicieux.La branche de développement principale du serveur Zulip à partir du 2 mai 2023 et plus tard, y compris les versions bêta 7.0-bêta1 et 7.0-beta2, est vulnérable à une vulnérabilité de script de site transversale dans les infractions sur le flux de messages.Un attaquant qui peut envoyer des messages pourrait élaborer avec malveillance un sujet pour le message, de sorte qu'une victime qui oscille l'influence pour ce sujet dans leur flux de messages déclenche l'exécution du code JavaScript contrôlé par l'attaquant.
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker. |
Tool Vulnerability | ||
|
2023-05-30 05:15:12 | CVE-2023-33198 (lien direct) | TGStation-Server est un outil d'échelle de production pour Byond Server Management.Le cache de canal de chat Dreammaker API (DMAPI) peut éventuellement être empoisonné par un redémarrage et un relais Tgstation-Server (TGS).Cela peut entraîner l'envoi de messages de chat à l'un des canaux IRC ou Discord configurés pour l'instance sur les robots de chat activés.Cela dure jusqu'à ce que les canaux de chat de l'instance \\ soient mis à jour dans TGS ou DreamDaemon est redémarré.Les commandes de chat TGS ne sont pas affectées, personnalisées ou autrement.
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\'s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise. |
Tool | ||
|
2023-05-29 21:15:09 | CVE-2023-32072 (lien direct) | Tuleap est un outil open source pour la traçabilité de bout en bout des développements d'application et de système.TULEAP Community Edition avant la version 14.8.99.60 et Tuleap Enterprise Edition avant 14.8-3 et 14.7-7, les journaux des URL de travail Jenkins déclenchés ne sont pas correctement échappés.Un administrateur Git malveillant peut configurer un crochet Jenkins malveillant pour faire une victime, également un administrateur GIT, exécuter du code incontrôlé.TULEAP Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3 et Tuleap Enterprise Edition 14.7-7 contiennent un correctif pour ce numéro.
Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue. |
Tool | ||
 |
2023-05-29 13:22:52 | Les nouveaux Raas ont émergé, l'accès RDP, la base de données et les ventes de cartes de crédit New RaaS Emerged, RDP Access, Database, and Credit Card Sales (lien direct) |
Bienvenue à cette semaine Résumé des nouvelles du Web Dark.Nous découvrons un nouvel outil de ransomware appelé ...
Welcome to this week’s dark web news summary. We uncover a new ransomware tool called... |
Ransomware Tool | ★★★ | |
 |
2023-05-28 15:04:35 | Padre & # 8211;Outil de padding Oracle Attack Exploiter padre – Padding Oracle Attack Exploiter Tool (lien direct) |
Padre est un outil d'attaque Oracle exploiteur et padding avancé qui peut être déployé par rapport au cryptage en mode CBC.
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption. |
Tool | ★★ | |
 |
2023-05-25 12:00:55 | API de services Google Trust ACME disponibles pour tous les utilisateurs sans frais Google Trust Services ACME API available to all users at no cost (lien direct) |
David Kluge, Technical Program Manager, and Andy Warner, Product ManagerNobody likes preventable site errors, but they happen disappointingly often. The last thing you want your customers to see is a dreaded \'Your connection is not private\' error instead of the service they expected to reach. Most certificate errors are preventable and one of the best ways to help prevent issues is by automating your certificate lifecycle using the ACME standard. Google Trust Services now offers our ACME API to all users with a Google Cloud account (referred to as “users” here), allowing them to automatically acquire and renew publicly-trusted TLS certificates for free. The ACME API has been available as a preview and over 200 million certificates have been issued already, offering the same compatibility as major Google services like google.com or youtube.com. | Tool Cloud | ★★★ | |
|
2023-05-24 18:15:08 | Les domaines de Google \\ S .zip, .mov offrent aux ingénieurs sociaux un nouvel outil brillant Google\\'s .zip, .mov Domains Give Social Engineers a Shiny New Tool (lien direct) |
Security professionals warn that Google\'s new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
Security professionals warn that Google\'s new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. |
Tool | ★★ | |
|
2023-05-24 12:49:28 | Annonçant le lancement de Guac V0.1 Announcing the launch of GUAC v0.1 (lien direct) |
Brandon Lum and Mihai Maruseac, Google Open Source Security TeamToday, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals. This improved version is now available as an API for you to start developing on top of, and integrating into, your systems.The need for GUACHigh-profile incidents such as Solarwinds, and the recent 3CX supply chain double-exposure, are evidence that supply chain attacks are getting more sophisticated. As highlighted by the | Tool Vulnerability Threat | Yahoo | ★★ |
 |
2023-05-23 22:56:08 | Dexray, DFIR et l'art de l'ambulance Chasing… DeXRAY, DFIR, and the art of ambulance chasing… (lien direct) |
Presque tous mes articles Dexray ont jamais été publiés sur les nouvelles versions de cet outil publiées.Aujourd'hui, je vais parler de la fabrication des saucisses & # 8217;partie [& # 8230;]
Pretty much all of my DeXRAY posts ever published been focusing on new versions of this tool being released. Today I will talk about the ‘making of the sausages’ part […] |
Tool | ★★★★ | |
 |
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
 |
2023-05-22 10:41:02 | Une nouvelle ère d'AppSec: 10 fois en tant que leader de Gartner & Reg;Magic Quadrant ™ pour les tests de sécurité des applications A New Era of AppSec: 10 Times as a Leader in Gartner® Magic Quadrant™ for Application Security Testing (lien direct) |
Ten représente l'achèvement d'un cycle et le début d'un nouveau, car il y a dix chiffres dans notre système de nombres de base-10.Nous avons scanné près de 140 billions de lignes de code, nous ne pouvons donc aider à reprendre le seul et le zéro dans notre annonce passionnante.C'est la dixième publication du Gartner & Reg;Magic Quadrant ™ pour les tests de sécurité des applications (AST), et nous sommes heureux d'annoncer que nous sommes un leader pour le dixième temps consécutif.Voici un aperçu du nouveau cycle que nous voyons commencer: la nécessité d'une sécurité logicielle intelligente.
Des tests de sécurité des applications à la sécurité des logiciels intelligents
Ce marché n'est pas ce qu'il était auparavant, et nous voyons un nouveau cycle commençant que nous considérons comme la nécessité d'une sécurité logicielle intelligente.Ce qui a commencé comme un outil de balayage de code SaaS reconnu est devenu une plate-forme de sécurité logicielle intelligente qui empêche, détecte et répond aux défauts de sécurité et aux vulnérabilités et gère les risques et la conformité pour des milliers d'organisations de premier plan autour du…
Ten represents the completion of a cycle and the beginning of a new one, as there are ten digits in our base-10 number system. We\'ve scanned nearly 140 trillion lines of code, so we can\'t help but pick up on the one and the zero in our exciting announcement. It\'s the tenth publication of the Gartner® Magic Quadrant™ for Application Security Testing (AST), and we are pleased to announce we are a Leader for the tenth consecutive time. Here\'s a look at the new cycle we see beginning: the need for intelligent software security. From Application Security Testing to Intelligent Software Security This market isn\'t what it used to be, and we see a new cycle beginning which we see as the need for intelligent software security. What started as a recognized SaaS code scanning tool has evolved into an intelligent software security platform that prevents, detects, and responds to security flaws and vulnerabilities and manages risk and compliance for thousands of leading organizations around the… |
Tool Cloud | ★★★ | |
|
2023-05-22 10:00:00 | Partager les données de votre entreprise avec Chatgpt: à quel point est-elle risquée? Sharing your business\\'s data with ChatGPT: How risky is it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As a natural language processing model, ChatGPT - and other similar machine learning-based language models - is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being. ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns. For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history. In light of these implications, let\'s discuss if - and how - ChatGPT stores its users\' input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT. Does ChatGPT store users’ input data? The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model. Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information. But the technology is still in its nascent developing stages - ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model. Risks of sharing business data with ChatGPT In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents. The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property. One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requ | Tool Threat Medical | ChatGPT ChatGPT | ★★ |
 |
2023-05-22 09:00:00 | Don \\ 't @ moi: l'obscurcissement de l'URL à travers les abus de schéma Don\\'t @ Me: URL Obfuscation Through Schema Abuse (lien direct) |
Une technique est utilisée dans la distribution de plusieurs familles de logiciels malveillants qui obscurcissent la destination finale d'une URL en abusant du schéma URL .Mandiant suit cette méthodologie adversaire en tant que " URL Schema Obfuscation ” . La technique pourrait augmenter la probabilité d'une attaque de phishing réussie, et pourrait provoquer des erreurs d'extraction de domaine dans l'exploitation forestière ou l'outillage de sécurité. Si un réseau défense le réseauL'outil s'appuie sur la connaissance du serveur qu'une URL pointe vers (par exemple, la vérification si un domaine est sur un flux Intel de menace), il pourrait potentiellement le contourner et provoquer des lacunes dans la visibilité et la couverture.
A technique is being used in the distribution of multiple families of malware that obfuscates the end destination of a URL by abusing the URL schema. Mandiant tracks this adversary methodology as "URL Schema Obfuscation”. The technique could increase the likelihood of a successful phishing attack, and could cause domain extraction errors in logging or security tooling. If a network defense tool is relying on knowing the server a URL is pointing to (e.g. checking if a domain is on a threat intel feed), it could potentially bypass it and cause gaps in visibility and coverage. Common URL parsing |
Malware Tool Threat | ★★★★ | |
 |
2023-05-20 11:08:16 | Les sites Web de Capcut cloné poussent des informations sur le vol de logiciels malveillants Cloned CapCut websites push information stealing malware (lien direct) |
Une nouvelle campagne de distribution de logiciels malveillants est en cours d'identification de l'outil d'édition vidéo Capcut pour pousser diverses souches de logiciels malveillants à des victimes sans méfiance.[...]
A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. [...] |
Malware Tool | ★★ | |
|
2023-05-19 22:15:09 | CVE-2023-28623 (lien direct) | Zulip est un outil de collaboration d'équipe open source avec un thread unique basé sur un sujet.Dans le cas où 1: `zulipldapauthbackend` et un backend d'authentification externe (toute mis à part de` ZulipldapAuthBackend` et `CourrielAuthBackend`) sont les seules activées dans` Authentication_backends` dans `/ etc / zulip / settings.py` et 2: TheLes autorisations d'organisation n'exigent pas les invitations à rejoindre.Un attaquant peut créer un nouveau compte dans l'organisation avec une adresse e-mail arbitraire sous leur contrôle qui n'est pas dans le répertoire LDAP de l'organisation.L'impact est limité aux installations qui ont cette combinaison spécifique de backends d'authentification comme décrit ci-dessus, en plus d'avoir des invitations nécessaires pour rejoindre l'autorisation de l'organisation désactivée de cette organisation.Ce problème a été résolu dans la version 6.2.Il est conseillé aux utilisateurs de mettre à niveau.Les utilisateurs non en mesure de mettre à niveau peuvent permettre aux «invitations sont nécessaires pour rejoindre l'autorisation de l'organisation de cette organisation pour empêcher ce problème.
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don\'t require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that\'s not in the organization\'s LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. |
Tool | ||
|
2023-05-19 21:15:08 | CVE-2023-32677 (lien direct) | Zulip est un outil de collaboration d'équipe open source avec un thread unique basé sur un sujet.Les administrateurs de Zulip peuvent configurer Zulip pour limiter qui peut ajouter des utilisateurs aux flux et séparément pour limiter qui peut inviter des utilisateurs à l'organisation.Dans Zulip Server 6.1 et ci-dessous, l'interface utilisateur qui permet à un utilisateur d'inviter un nouvel utilisateur lui permet également de définir les flux auxquels le nouvel utilisateur est invité - même si l'utilisateur invitant n'aurait pas d'autorisations pour ajouter un utilisateur existant aux flux.Bien qu'une telle configuration soit probablement rare dans la pratique, le comportement viole les contrôles liés à la sécurité.Cela ne permet pas à un utilisateur d'inviter de nouveaux utilisateurs à des flux qu'ils ne peuvent pas voir ou ne seraient pas en mesure d'ajouter des utilisateurs s'ils avaient cette autorisation générale.Ce problème a été résolu dans la version 6.2.Il est conseillé aux utilisateurs de mettre à niveau.Les utilisateurs incapables de mettre à niveau peuvent limiter l'envoi d'invitations aux utilisateurs qui ont également l'autorisation d'ajouter des utilisateurs aux flux.
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. |
Tool | ||
|
2023-05-19 17:40:00 | FBI misused controversial surveillance tool to investigate Jan. 6 protesters (lien direct) |
The FBI improperly searched the personal communications of Americans who participated in the Jan. 6 attack on the Capitol and the 2020 protests over police violence, newly declassified documents show. The inappropriate searches of data intercepted under the Foreign Intelligence Surveillance Act (FISA) were originally detailed in a classified April 2021 certification issued by the
The FBI improperly searched the personal communications of Americans who participated in the Jan. 6 attack on the Capitol and the 2020 protests over police violence, newly declassified documents show. The inappropriate searches of data intercepted under the Foreign Intelligence Surveillance Act (FISA) were originally detailed in a classified April 2021 certification issued by the |
Tool | ★★★ | |
 |
2023-05-18 11:44:32 | L'outil POC exploite la vulnérabilité Keepass non corrigée pour récupérer les mots de passe maîtres PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords (lien direct) |
Le chercheur publie un outil POC qui exploite la vulnérabilité Keepass non corrigée pour récupérer le mot de passe maître à partir de la mémoire.
Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. |
Tool Vulnerability | ★★★ | |
|
2023-05-18 10:03:27 | Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784) (lien direct) | Une vulnérabilité dans l'outil de gestion du mot de passe open-source peut permettre la récupération du maître ...
Le post vulnérabilité dans le gestionnaire de mot de passe de Keepass permetRécupération du mot de passe maître (CVE-2023-32784) est apparu pour la première fois sur socradar & reg;Cyber Intelligence Inc. .
A vulnerability in the open-source password manager tool KeePass could allow retrieval of the master... The post Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784) first appeared on SOCRadar® Cyber Intelligence Inc.. |
Tool Vulnerability | ★★ | |
 |
2023-05-17 23:20:00 | Sparkrat est distribué dans un programme d'installation VPN coréen SparkRAT Being Distributed Within a Korean VPN Installer (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a récemment découvert que Sparkrat était distribué au sein de l'installateur d'un certain VPNprogramme.Sparkrat est un outil d'administration à distance (rat) développé avec Golang.Lorsqu'il est installé sur un système d'utilisateur, il peut effectuer une variété de comportements malveillants, tels que l'exécution de commandes à distance, le contrôle des fichiers et les processus, le téléchargement de charges utiles supplémentaires et la collecte d'informations à partir du système infecté comme en prenant des captures d'écran.1. Cas de distribution Le fournisseur VPN, dont l'installateur contenait Sparkrat semble ...
AhnLab Security Emergency response Center (ASEC) has recently discovered SparkRAT being distributed within the installer of a certain VPN program. SparkRAT is a Remote Administration Tool (RAT) developed with GoLang. When installed on a user’s system, it can perform a variety of malicious behaviors, such as executing commands remotely, controlling files and processes, downloading additional payloads, and collecting information from the infected system like by taking screenshots. 1. Case of Distribution The VPN provider, whose installer contained SparkRAT appears to... |
Tool | ★★ | |
|
2023-05-17 18:15:09 | CVE-2023-31135 (lien direct) | DGRAPH est une base de données GraphQL distribuée open source.Les journaux d'audit DGRAPH existants sont vulnérables aux attaques de force brute en raison des collisions non -ce.Les 12 premiers octets proviennent d'une base de base qui est initialisée lorsqu'un journal d'audit est créé.Les 4 derniers octets proviennent de la longueur de la ligne de journal cryptée.Ceci est problématique car deux lignes de journal auront souvent la même longueur, donc en raison de ces collisions, nous réutilisons les mêmes non-non.Tous les journaux d'audit générés par les versions de DGRAPH | Tool | ||
|
2023-05-16 21:39:00 | Les attaquants ciblent les macOS avec \\ 'geacon \\' outil de frappe de cobalt Attackers Target macOS With \\'Geacon\\' Cobalt Strike Tool (lien direct) |
Les acteurs de la menace ont vu en utilisant la mise en œuvre de l'outil d'équipement rouge sur les systèmes MacOS basés sur Intel et Apple silicium.
Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems. |
Tool Threat | ★★★ | |
 |
2023-05-16 18:03:00 | Anomali Cyber Watch: Lancefly APT adopte des alternatives au phishing, BPFDoor a supprimé les indicateurs codés en dur, le FBI a ordonné aux logiciels malveillants russes de s'auto-destruction Anomali Cyber Watch: Lancefly APT Adopts Alternatives to Phishing, BPFdoor Removed Hardcoded Indicators, FBI Ordered Russian Malware to Self-Destruct (lien direct) |
Les diverses histoires de l'intelligence des menaces dans cette itération de la cyber surveillance de l'anomali discutent des sujets suivants: apt, bourse, vol d'identification, Chine, exploits, phishing, ransomware, et Russie .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
lancefly: Le groupe utilise la porte dérobée personnalisée pour cibler les orgs au gouvernement, l'aviation, d'autres secteurs
(Publié: 15 mai 2023)
Les chercheurs de Symantec ont détecté une nouvelle campagne de cyberespionnage par le groupe parrainé par Lancefly Chine ciblant les organisations en Asie du Sud et du Sud-Est.De la mi-2022 à 2023, le groupe a ciblé les secteurs de l'aviation, du gouvernement, de l'éducation et des télécommunications.Les indications des vecteurs d'intrusion montrent que Lancefly est peut-être passé des attaques de phishing à la force brute SSH et en exploitant des dispositifs accessibles au public tels que les équilibreurs de charge.Un petit nombre de machines ont été infectées de manière très ciblée pour déployer la porte dérobée Merdoor personnalisée et une modification de la ZXShell Rootkit open source.Lancefly abuse d'un certain nombre de binaires légitimes pour le chargement latéral DLL, le vol d'identification et d'autres activités de vie (lolbin).
Commentaire des analystes: Les organisations sont conseillées de surveiller l'activité suspecte des PME et les activités LOLBIN indiquant une éventuelle injection de processus ou un dumping de la mémoire LSASS.Les hachages de fichiers associés à la dernière campagne Lancefly sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquer sur leur infrastructure.
mitre att & amp; ck: [mitre att & amp; ck] t1190 - exploiter l'application de formation publique | [mitreAtt & amp; ck] t1078 - comptes valides | [mitre att & amp; ck] t1056.001 - Capture d'entrée: keylogging | [mitre att & amp; ck] t1569 - services système | [mitre att & amp; ck] t1071.001 - couche d'applicationProtocole: protocoles Web | [mitre att & amp; ck] t1071.004 - protocole de couche d'application: DNS | [mitre att & amp; ck] t1095 - couche non applicationProtocole | [mitre att & amp; ck] t1574.002 - flux d'exécution de hijack: chargement secondaire dll | [mitre att & amp; ck] T1003.001 - Dumping des informations d'identification du système d'exploitation: mémoire lsass | [mitre att & amp; ck] T1003.002 - Dumping des informations d'identification du système d'exploitation: gestionnaire de compte de s |
Ransomware Malware Tool Vulnerability Threat Cloud | ★★ | |
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-16 10:00:00 | Crypting des fichiers et des e-mails: un guide débutant pour sécuriser les informations sensibles Encrypting files and emails: A beginner\\'s guide to securing sensitive information (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today\'s digital age, sensitive information is constantly being shared and transmitted over various electronic devices and networks. Whether it\'s personal information like social security numbers and financial information like card information, or business information like trade secrets and client data, it\'s important to ensure that this information is kept secure and protected from unauthorized access. One of the most effective ways to do this is through encryption. Encryption is the process of converting plain text or data into an unreadable format using an encryption algorithm, which can only be deciphered or decrypted by those who have the decryption key. This ensures that if the file or email is intercepted or accessed by unauthorized users, they will not be able to read the information. In cybersecurity, encryption plays a crucial role in ensuring data confidentiality, integrity, and authenticity. In day-to-day life, encryption is used in various ways to make life easier for the common man. For example, encryption is used in online transactions to protect the user\'s financial information from being intercepted and stolen by hackers. Encryption is also used in messaging and email applications to protect the privacy of conversations and messages from being read by unauthorized users. Why encrypt files and Emails? It is important for computer users to encrypt their files and emails because they may contain sensitive information that could be intercepted or accessed by unauthorized users. Encryption adds an extra layer of security to protect against the risks. Encryption ensures that even if the information is intercepted by a malicious user, it is unreadable and unusable. This can prevent the loss of sensitive data. Encryption is becoming more important for organisations in order to comply with privacy and data protection regulations like GDPR, PCI-DSS, and HIPAA. These regulations require businesses to take steps to protect sensitive data, and failure to comply can result in legal and financial penalties. Encrypting emails and files can save individuals and organisations from various cyberthreats such as identity theft, financial fraud etc., as well encryption ensures the confidentiality and integrity of data. How to encrypt files: Here are some steps you can follow to encrypt files: Identify the file you want to encrypt, it can be any file such as document, image, video etc. Choose the encryption software, there are various tools available alongside built in encryption features in Windows and MacOS. Some popular encryption tools available are Veracrypt, 7-zip, GnuPG, AxCrypt. Proceed with the installation of the tool you chose. Browse the file which you want to encrypt in the encryption tool you installed. Choose the encryption algorithm, you can choose as per your needs from algorithms given in the tool, such as AES, blowfish etc. Now, encryption tool will ask you to create a passphrase or password, which will be used to encrypt and decrypt the file. Choose a strong and complex password. Keep the password safe since it is the key to decrypt the file and avoid sharing it with anyone. After choosing the password, start the encryption process within the encryption tool. Time consumed for encrypting files may vary based on file size and encryption algorithm chosen. Once the encryption process is complete, the encrypted will be saved with a new file extension depending on the encryption tool used. By following these steps, you can encrypt your files and protect sensitive information from unauthorized access and interception. How to encrypt E-mails: Encrypting emails is another effective way to protect sensitive information from | Tool | ★★ | |
 |
2023-05-12 00:00:00 | Annonces d'outils d'IA malveillants utilisés pour livrer le voleur Redline Malicious AI Tool Ads Used to Deliver Redline Stealer (lien direct) |
Nous avons observé des campagnes publicitaires malveillantes dans le moteur de recherche de Google \\ avec des thèmes liés à des outils d'IA tels que MidJourney et Chatgpt.
We\'ve been observing malicious advertisement campaigns in Google\'s search engine with themes that are related to AI tools such as Midjourney and ChatGPT. |
Tool | ChatGPT | ★★ |
|
2023-05-11 21:22:00 | Tool de phishing Microsoft 365 Plug-and-play \\ 'démocratise \\' Campagnes d'attaque Plug-and-Play Microsoft 365 Phishing Tool \\'Democratizes\\' Attack Campaigns (lien direct) |
Nouvelle «grandeur» phishing-as-a-service utilisé dans les attaques ciblant la fabrication, les soins de santé, la technologie et d'autres secteurs.
New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors. |
Tool | ★★ | |
 |
2023-05-11 15:30:00 | "Greatness" Phishing Tool Exploits Microsoft 365 Credentials (lien direct) | Les résultats proviennent de chercheurs en sécurité de Cisco Talos
The findings come from security researchers at Cisco Talos |
Tool | ★★★ | |
 |
2023-05-11 11:30:10 | Analyse du malware de voler Redline Analyse der RedLine Stealer Malware (lien direct) |
Le voleur Redline est apparu pour la première fois dans M & AUML; RZ 2020.Dans le passé, il a été utilisé à maintes reprises par les membres désormais découverts du groupe Lapsus $, mais est toujours offert dans les forums DarkNet pour quelques centaines d'euros.Ce vol est un outil basé sur les performances pour collecter des données d'enregistrement à partir d'une variété de sources, notamment un navigateur Web, des clients FTP, des applications de messagerie, Steam, des clients de messagerie instantanéeet les VPN.De plus, les logiciels malveillants peuvent collecter des cookies d'authentification et des numéros de carte qui sont dans les navigateurs, les protocoles de chat,Les fichiers locaux et même les bases de données Kryptow & Auml; Hermungwallet sont enregistrées.
-
malware
/ /
cybersecurite_home_droite
RedLine Stealer tauchte erstmals im März 2020 auf. Genutzt wurde sie in der Vergangenheit immer wieder von den inzwischen aufgedeckten Mitgliedern der Lapsus$-Gruppe, wird aber auch immer noch in Darknet-Foren für wenige Hundert Euro angeboten. Bei diesem Stealer handelt es sich um ein leistungsfähiges Tool zum Sammeln von Anmeldedaten aus einer Vielzahl von Quellen, darunter Webbrowser, FTP-Clients, E-Mail-Apps, Steam, Instant-Messaging-Clients und VPNs. Darüber hinaus kann die Malware Authentifizierungs-Cookies und Kartennummern sammeln, die in Browsern, Chat-Protokollen, lokalen Dateien und sogar Kryptowährungs-Wallet-Datenbanken gespeichert sind. - Malware / cybersecurite_home_droite |
Malware Tool | ★★ | |
|
2023-05-10 20:13:00 | OneNote documents have emerged as a new malware infection vector (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Intro
In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.
OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.
Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.
Attack chain
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.
Email – Social engineering
Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.
In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.
In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the "Open" button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.
One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.
Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.
Tactics and techniques
This particular campaign |
Malware Tool Threat | ★★★ | |
|
2023-05-10 16:32:00 | Cisco met en garde contre le nouveau outil de la grandeur \\ 'Phishing-As-A-Service vu dans la nature Cisco warns of new \\'Greatness\\' phishing-as-a-service tool seen in the wild (lien direct) |
Un nouvel outil de phishing-as-a-Service (PaaS) permet aux pirates de recrue d'incorporer les caractéristiques «certaines des plus avancées» dans leurs cyberattaques, ont averti mercredi les chercheurs.Semblable à d'autres services criminels, les plates-formes de PaaS abaissent la barre à l'entrée pour la cybercriminalité, offrant aux pirates non qualifiés la possibilité d'automatiser les tâches impliquées dans la création de victimes dans la saisie de leurs références sur
A new phishing-as-a-service (PaaS) tool is allowing rookie hackers to incorporate “some of the most advanced” features into their cyberattacks, researchers warned Wednesday. Similar to other criminal services, PaaS platforms lower the bar to entry for cybercrime, offering unskilled hackers the ability to automate the tasks involved in tricking victims into entering their credentials on |
Tool Cloud | ★★ | |
|
2023-05-10 14:59:36 | E / S 2023: Ce qui est nouveau dans la sécurité et la confidentialité d'Android I/O 2023: What\\'s new in Android security and privacy (lien direct) |
Posted by Ronnie Falcon, Product Manager Android is built with multiple layers of security and privacy protections to help keep you, your devices, and your data safe. Most importantly, we are committed to transparency, so you can see your device safety status and know how your data is being used. Android uses the best of Google\'s AI and machine learning expertise to proactively protect you and help keep you out of harm\'s way. We also empower you with tools that help you take control of your privacy. I/O is a great moment to show how we bring these features and protections all together to help you stay safe from threats like phishing attacks and password theft, while remaining in charge of your personal data. Safe Browsing: faster more intelligent protection Android uses Safe Browsing to protect billions of users from web-based threats, like deceptive phishing sites. This happens in the Chrome default browser and also in Android WebView, when you open web content from apps. Safe Browsing is getting a big upgrade with a new real-time API that helps ensure you\'re warned about fast-emerging malicious sites. With the newest version of Safe Browsing, devices will do real-time blocklist checks for low reputation sites. Our internal analysis has found that a significant number of phishing sites only exist for less than ten minutes to try and stay ahead of block-lists. With this real-time detection, we expect we\'ll be able to block an additional 25 percent of phishing attempts every month in Chrome and Android1. Safe Browsing isn\'t just getting faster at warning users. We\'ve also been building in more intelligence, leveraging Google\'s advances in AI. Last year, Chrome browser on Android and desktop started utilizing a new image-based phishing detection machine learning model to visually inspect fake sites that try to pass themselves off as legitimate log-in pages. By leveraging a TensorFlow Lite model, we\'re able to find 3x more2 phishing sites compared to previous machine learning models and help warn you before you get tricked into signing in. This year, we\'re expanding the coverage of the model to detect hundreds of more phishing campaigns and leverage new ML technologies. This is just one example of how we use our AI expertise to keep your data safe. Last year, Android used AI to protect users from 100 billion suspected spam messages and calls.3 Passkeys helps move users beyond passwords For many, passwords are the primary protection for their online life. In reality, they are frustrating to create, remember and are easily hacked. But hackers can\'t phish a password that doesn\'t exist. Which is why we are excited to share another major step forward in our passwordless journey: Passkeys. | Spam Malware Tool | ★★★ | |
|
2023-05-10 14:15:16 | CVE-2022-41610 (lien direct) | Autorisation incorrecte dans l'outil de configuration Intel (R) EMA avant la version 1.0.4 et Intel (R) MC avant la version 2.4, le logiciel peut permettre à un utilisateur authentifié d'activer potentiellement le déni de service via un accès local.
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. |
Tool | ||
|
2023-05-10 14:15:14 | CVE-2022-40971 (lien direct) | Les autorisations par défaut incorrectes pour l'outil Intel (R) HDMI firmware de mise à jour pour NUC avant la version 1.79.1.1 peuvent permettre à un utilisateur authentifié d'activer potentiellement l'escalade du privilège via l'accès local.
Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
Tool | ||
|
2023-05-10 14:15:10 | CVE-2022-21162 (lien direct) | Le chemin de recherche non contrôlé de l'outil Intel (R) HDMI firmware de mise à jour pour NUC avant la version 1.79.1.1 peut permettre à un utilisateur authentifié d'activer potentiellement l'escalade du privilège via l'accès local.
Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
Tool | ||
 |
2023-05-10 14:14:00 | Le gouvernement américain neutralise l'outil de cyber-espionnage de serpent le plus sophistiqué de la Russie U.S. Government Neutralizes Russia\\'s Most Sophisticated Snake Cyber Espionage Tool (lien direct) |
Le gouvernement américain a annoncé mardi la perturbation par le tribunal d'un réseau mondial compromis par une souche de logiciels malveillante avancée connue sous le nom de serpent exercé par le Federal Security Service (FSB) de Russie.
Snake, surnommé "l'outil de cyber-espionnage le plus sophistiqué", est le travail d'un groupe parrainé par l'État russe appelé Turla (aka Iron Hunter, Secret Blizzard, Summit, Uroburos, Venomous Bear,
The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia\'s Federal Security Service (FSB). Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, |
Malware Tool | ★★ | |
|
2023-05-10 13:15:00 | L'outil gratuit déverrouille certaines données cryptées dans les attaques de ransomwares Free Tool Unlocks Some Encrypted Data in Ransomware Attacks (lien direct) |
L'outil "White Phoenix" automatisé pour récupérer des données sur les fichiers partiellement chiffrés a frappé avec des ransomwares est disponible sur GitHub.
"White Phoenix" automated tool for recovering data on partially encrypted files hit with ransomware is available on GitHub. |
Ransomware Tool | ★★★ | |
|
2023-05-09 20:40:00 | Le FBI désarme le Russe FSB \\ 'Snake \\' MALWARE NAIGNET FBI Disarms Russian FSB \\'Snake\\' Malware Network (lien direct) |
Operation "Medusa" disabled Turla\'s Snake malware with an FBI-created tool called Perseus.
Operation "Medusa" disabled Turla\'s Snake malware with an FBI-created tool called Perseus. |
Malware Tool | ★★ | |
|
2023-05-09 20:02:00 | Anomali Cyber Watch: l'environnement virtuel personnalisé cache Fluorshe Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions (lien direct) |
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Defense evasion, Infostealers, North Korea, Spearphishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
(published: May 5, 2023)
McAfee researchers have detected a multi-stage attack that starts with a trojanized wextract.exe, Windows executable used to extract files from a cabinet (CAB) file. It was used to deliver the AgentTesla, Amadey botnet, LockBit ransomware, Redline Stealer, and other malicious binaries. To avoid detection, the attackers use obfuscation and disable Windows Defender through the registry thus stopping users from turning it back on through the Defender settings.
Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioral analysis defenses and social engineering training. Users should report suspicious files with double extensions such as .EXE.MUI. Indicators associated with this campaign are available in the Anomali platform and users are advised to block these on their infrastructure.
MITRE ATT&CK: [MITRE ATT&CK] T1562.001: Disable or Modify Tools | [MITRE ATT&CK] T1555 - Credentials From Password Stores | [MITRE ATT&CK] T1486: Data Encrypted for Impact | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information
Tags: malware:Amadey, malware-type:Botnet, malware:RedLine, malware:AgentTesla, malware-type:Infostealer, malware:LockBit, malware-type:Ransomware, abused:Wextract.exe, file-type:CAB, file-type:EXE, file-type:MUI, target-program:Windows Defender, target-system:Windows
Eastern Asian Android Assault – FluHorse
(published: May 4, 2023)
Active since May 2022, a newly-detected Android stealer dubbed FluHorse spreads mimicking popular apps or as a fake dating application. According to Check Point researchers, FluHorse was targeting East Asia (Taiwan and Vietnam) while remaining undetected for months. This stealthiness is achieved by sticking to minimal functions while also relying on a custom virtual machine that comes with the Flutter user interface software development kit. FluHorse is being distributed via emails that prompt the recipient to install the app and once installed, it asks for the user’s credit card or banking data. If a second factor authentication is needed to commit banking fraud, FluHorse tells the user to wait for 10-15 minutes while intercepting codes by installing a listener for all incoming SMS messages.
Analyst Comment: FluHorse\'s ability to remain undetected for months makes it a dangerous threat. Users should avoid installing applications following download links received via email or other messaging. Verify the app authenticity on the official com |
Malware Tool Threat | APT 37 APT 43 | ★★★ |
|
2023-05-09 15:15:10 | CVE-2023-31143 (lien direct) | Mage-AI est un outil de pipeline de données open source pour transformer et intégrer les données.Ceux qui utilisent Mage à partir de la version 0.8.34 et avant 0,8,72 avec l'authentification de l'utilisateur activé peuvent être affectés par une vulnérabilité.Le terminal était accessible par des utilisateurs qui ne sont pas signés ou qui n'ont pas d'autorisations d'éditeur.La version 0.8.72 contient un correctif pour ce problème.
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue. |
Tool | ||
|
2023-05-09 13:32:00 | Les fédéraux continuent les retraits de sites DDOS-for-Hire \\ 'BOOTER \\' Feds continue takedowns of DDoS-for-hire \\'booter\\' sites (lien direct) |
Les forces de l'ordre américaines ont saisi 13 autres domaines Internet qui ont accueilli des services de «botter» pour attaquer des sites Web, ont déclaré lundi les procureurs et quatre personnes arrêtées lors d'un balayage précédent ont plaidé coupable à des accusations connexes.Il s'agit de la troisième vague des crises des domaines du booter du ministère de la Justice, qui permettent aux clients payants de lancer un puissant déni de service distribué (DDOS)
U.S. law enforcement has seized 13 more internet domains that hosted “booter” services for attacking websites, prosecutors said Monday, and four people arrested in a previous sweep have pleaded guilty to related charges. It\'s the Department of Justice\'s third wave of seizures of booter domains, which allow paying customers to launch powerful distributed denial-of-service (DDoS) |
Tool | ★★ | |
|
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 01:15:08 | CVE-2023-28764 (lien direct) | Plateforme SAP BusinessObjects - Versions 420, 430, L'outil de conception d'informations transmet des informations sensibles comme clarteText dans les binaires sur le réseau.Cela pourrait permettre à un attaquant non authentifié de connaissances profondes pour obtenir des informations sensibles telles que les informations d'identification des utilisateurs et les noms de domaine, ce qui peut avoir un faible impact sur la confidentialité et aucun impact sur l'intégrité et la disponibilité du système.
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. |
Tool | ||
|
2023-05-09 01:00:00 | New Bazel Ruleset aide les développeurs à construire des images de conteneurs sécurisées New Bazel Ruleset Helps Developers Build Secure Container Images (lien direct) |
Un nouvel ensemble de règles de Bazel, un outil de construction et de test open source de Google, permet aux développeurs de créer des images Docker et de générer des factures de matériaux logicielles sur ce qui se trouve à l'intérieur des conteneurs.
A new ruleset from Bazel, an open source build and test tool from Google, allows developers to create Docker images and generate software bills of materials about what is inside the containers. |
Tool | ★★ | |
|
2023-05-05 20:47:00 | (Déjà vu) Satori dévoile le scanner des autorisations de données universelles, un outil open source gratuit qui met en lumière l'autorisation d'accès aux données Satori Unveils Universal Data Permissions Scanner, a Free Open Source Tool that Sheds Light on Data Access Authorization (lien direct) |
Abordant des données d'accès aux données auxquelles les entreprises sont couramment confrontées par les entreprises, le leader de la sécurité des données lance le premier outil d'analyse d'autorisation open source pour fournir une visibilité universelle dans les autorisations d'accès aux données dans plusieurs magasins de données.
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores. |
Tool | Satori Satori | ★★ |
|
2023-05-05 15:53:00 | Les organisations lents pour patcher Goanywhere MFT vulnérabilité même après les attaques de ransomwares de Clop Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks (lien direct) |
Des dizaines d'organisations sont toujours exposées à des cyberattaques grâce à une vulnérabilité largement abusée dans Goanywhere MFT - un outil Web qui aide les organisations à transférer des fichiers - selon de nouvelles recherches.Depuis février, le groupe Ransomware Clop a exploité des dizaines de plus grandes entreprises et gouvernements du monde \\ à travers une vulnérabilité zéro-jour que Goanywhere a suivi comme CVE-2023-0669.Les gouvernements
Dozens of organizations are still exposed to cyberattacks through a widely-abused vulnerability in GoAnywhere MFT - a web-based tool that helps organizations transfer files - according to new research. Since February, the Clop ransomware group has exploited dozens of the world\'s largest companies and governments through a zero-day vulnerability GoAnywhere tracked as CVE-2023-0669. The governments |
Ransomware Tool Vulnerability | ★★ |
.gif){kind=link}
To see everything:
Our RSS (filtrered)
