What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-03 14:57:27 | Construire un cas pour les programmes de primes de bogues: répondre aux préoccupations des entreprises Building a case for bug bounty programs: Addressing corporate concerns (lien direct) |
> Les programmes de primes de bogues sont devenus un outil puissant dans l'arsenal de cybersécurité, ce qui permet aux organisations de pouvoir identifier et résoudre de manière proactive les vulnérabilités avant de pouvoir être exploitées.Malgré cela, les préoccupations internes concernant les implications financières, les complexités juridiques, les risques de sécurité des données et les barrières culturelles peuvent entraver l'adoption de ces programmes. & # 160; & # 160;Les entreprises ont besoin & # 8217; n'ont pas peur d'entrer dans [& # 8230;]
>Bug bounty programs have emerged as a powerful tool in the cybersecurity arsenal, empowering organizations to proactively identify and resolve vulnerabilities before they can be exploited. Despite this, internal concerns around financial implications, legal complexities, data security risks, and cultural barriers can hinder the adoption of these programs. Companies needn’t be afraid to step into […] |
Tool Vulnerability | ★★★ | |
 |
2024-04-03 13:00:21 | Autonomiser votre équipe: 5 façons dont les politiques de sécurité marketing en interne peuvent bénéficier à votre organisation Empowering Your Team: 5 ways internally marketing security policies can benefit your organization (lien direct) |
> L'histoire: pourquoi la frustration des politiques de sécurité des utilisateurs de la frustration est une histoire aussi ancienne que les politiques elles-mêmes.Initialement, les mesures de sécurité étaient rudimentaires, impliquant souvent une simple protection par mot de passe et des contrôles d'accès de base.Cependant, à mesure que la technologie avançait et que les cybermenaces sont devenues plus sophistiquées, les entreprises ont intensifié leurs protocoles de sécurité.Cette escalade a souvent conduit à des politiques plus complexes et strictes qui, bien que nécessaire à la protection, sont également devenues des sources de frustration pour les utilisateurs.L'introduction de l'authentification multi-facteurs, des modifications de mot de passe fréquentes et de l'accès restreint à certains sites Web ou outils au nom de la sécurité ont commencé à être considérés comme des obstacles à [& # 8230;]
>The History: Why the frustration User frustration with company security policies is a tale as old as the policies themselves. Initially, security measures were rudimentary, often involving simple password protection and basic access controls. However, as technology advanced and cyber threats became more sophisticated, companies ramped up their security protocols. This escalation often led to more complex and stringent policies, which, while necessary for protection, also became sources of frustration for users. The introduction of multi-factor authentication, frequent password changes, and restricted access to certain websites or tools in the name of security began to be seen as impediments to […] |
Tool | ★★ | |
|
2024-04-03 13:00:20 | Top Genai Menaces & # 8211;Et pourquoi l'accès à zéro confiance est l'avenir Top GenAI Threats – and why Zero Trust AI Access is the Future (lien direct) |
> Les modèles de grandes langues (LLM) révolutionnent la façon dont nous interagissons avec la technologie.En conséquence, les vendeurs SaaS se disputent un avantage concurrentiel en intégrant les fonctionnalités de l'IA, offrant des outils d'entreprises tels que des informations commerciales basées sur l'IA ou des copilotes de codage.Traditionnellement, les modèles de sécurité Zero-Cust se sont appuyés sur une distinction claire entre les utilisateurs et les applications.Pourtant, les applications intégrées à LLM perturbent cette distinction, fonctionnant simultanément comme les deux.Cette réalité introduit un nouvel ensemble de vulnérabilités de sécurité, telles que la fuite de données, l'injection rapide, l'accès risqué aux ressources en ligne et même l'accès aux ressources des entreprises pour le compte des employés.Pour relever ces défis dans le déploiement de LLM, un [& # 8230;]
>Large Language Models (LLMs) are revolutionizing the way we interact with technology. As a result, SaaS vendors are vying for a competitive edge by integrating AI features, offering enterprises tools such as AI-based sales insights or coding co-pilots. Traditionally, zero-trust security models have relied on a clear distinction between users and applications. Yet, LLM-integrated applications disrupt this distinction, functioning simultaneously as both. This reality introduces a new set of security vulnerabilities, such as data leakage, prompt injection, risky access to online resources, and even access to corporate resources on behalf of employees. To address these challenges in LLM deployment, a […] |
Tool Vulnerability Cloud | ★★ | |
 |
2024-04-03 10:00:00 | Le rôle des contrôles d'accès dans la prévention des menaces d'initiés The role of access controls in preventing insider threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. If you’ve ever worked in an IT department, you know how easily a single misclick can lead to data breaches and system compromises. Preventive efforts are critical since there’s no reliable way to truly eliminate insider threats. Can robust access controls protect your organization? The impact of insider threats on organizations Insider threats are a prominent danger regardless of the industry you’re in. In fact, 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts. Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver. Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions. Access control mechanisms are crucial for threat mitigation The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems. No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated. If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else. Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact. With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack. Which access control systems should you implement? Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises. A standard system to consid | Tool Threat | ★★★ | |
 |
2024-04-03 06:00:40 | Les acteurs de la menace offrent des logiciels malveillants via les fissures du jeu vidéo YouTube Threat Actors Deliver Malware via YouTube Video Game Cracks (lien direct) |
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of information stealers. The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers. Overview Threat actors often target home users because they do not have the same resources or knowledge to defend themselves from attackers compared to enterprises. While the financial gain might not be as large as attacks perpetrated on corporations, the individual victims likely still have data like credit cards, cryptocurrency wallets, and other personal identifiable information (PII) stored on their computers which can be lucrative to criminals. Proofpoint Emerging Threats has observed information stealer malware including Vidar, StealC, and Lumma Stealer being delivered via YouTube in the guise of pirated software and video game cracks. The videos purport to show an end user how to do things like download software or upgrade video games for free, but the link in the video descriptions leads to malware. Many of the accounts that are hosting malicious videos appear to be compromised or otherwise acquired from legitimate users, but researchers have also observed likely actor-created and controlled accounts that are active for only a few hours, created exclusively to deliver malware. Third-party researchers have previously published details on fake cracked software videos used to deliver malware. The distribution method is particularly notable due to the type of video games the threat actors appear to promote. Many of them appear to be targeted to younger users including games popular with children, a group that is less likely to be able to identify malicious content and risky online behaviors. During our investigation, Proofpoint Emerging Threats reported over two dozen accounts and videos distributing malware to YouTube, which removed the content. Example account The following is an example of a suspected compromised account (or potentially sold to a new “content creator”) used to deliver malware. Indicators of a suspected compromised or otherwise acquired account include significant gaps of time between the videos posted, content that vastly differs from previously published videos, differences in languages, and descriptions of the videos containing likely malicious links, among other indicators. The account has around 113,000 subscribers, and the account displays a grey check mark which indicates the account owner has met verified channel requirements including verifying their identity. Example of a verified YouTube account with a large following, suspected to be compromised. When Proofpoint researchers identified the account, the majority of the account\'s videos had been posted one year or more previously, and all had titles written in Thai. However, when the account was identified, twelve (12) new English language videos had been posted within a 24-hour period, all related to popular video games and software cracks. All of the new video descriptions included links to malicious content. Some of the videos had over 1,000 views, possibly artificially increased by bots to make the videos seem more legitimate. Screenshot of a suspected compromised YouTube account distributing malware comparing upload dates. In one example, a video purported to contain a character enhancement for a popular video game with a MediaFire link in the description. The MediaFire URL led to a password-protected file (Setup_Pswrd_1234.rar) containing an executable (Setup.exe) that, if executed, downloaded and installed Vidar Stealer malware. The video was uploaded to the suspected compromised account seven (7) hours prior to our investigation. Around the same time the video was posted, several comments purported to attest to the legitimacy of the software crack. It is likely those accounts and comments were created by the video | Malware Tool Threat | ★★★ | |
 |
2024-04-02 20:33:27 | Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) | #### Description
Check Point Research a analysé la dernière version Linux (V11) de Dinodasrat, qui est une porte dérobée multiplateforme qui a été observée dans les attaques de l'acteur de la menace chinoise Luoyu.
Le malware est plus mature que la version Windows, avec un ensemble de capacités adaptées spécifiquement pour les serveurs Linux.La dernière version introduit un module d'évasion distinct pour masquer les traces de logiciels malveillants dans le système en proxyant et en modifiant l'exécution des binaires système \\ '.Le malware est installé sur les serveurs Linux comme moyen pour les acteurs de la menace de prendre pied supplémentaires dans le réseau.
Dinodasrat était initialement basé sur le projet open source appelé SimplerMoter, un outil d'accès à distance basé sur le rat GH0ST, mais avec plusieurs mises à niveau supplémentaires.
#### URL de référence (s)
1. https://research.checkpoint.com/2024/29676/
#### Date de publication
31 mars 2024
#### Auteurs)
Recherche de point de contrôle
#### Description Check Point Research has analyzed the latest Linux version (v11) of DinodasRAT, which is a cross-platform backdoor that was observed in attacks by the Chinese threat actor LuoYu. The malware is more mature than the Windows version, with a set of capabilities tailored specifically for Linux servers. The latest version introduces a separate evasion module to hide any traces of malware in the system by proxying and modifying the system binaries\' execution. The malware is installed on Linux servers as a way for the threat actors to gain an additional foothold in the network. DinodasRAT was initially based on the open-source project called SimpleRemoter, a remote access tool based on the Gh0st RAT, but with several additional upgrades. #### Reference URL(s) 1. https://research.checkpoint.com/2024/29676/ #### Publication Date March 31, 2024 #### Author(s) Check Point Research |
Malware Tool Threat | ★★ | |
 |
2024-04-02 17:59:42 | Le nouvel outil Unapimon de Winnti \\ masque les logiciels malveillants à partir du logiciel de sécurité Winnti\\'s new UNAPIMON tool hides malware from security software (lien direct) |
Le groupe de piratage chinois \\ 'winnti \' a été trouvé en utilisant un logiciel malveillant précédemment sans papiers appelé Unapimon pour laisser les processus malicous s'exécuter sans être détectés.[...]
The Chinese \'Winnti\' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...] |
Malware Tool | ★★ | |
 |
2024-04-02 14:41:57 | Êtes-vous victime d'une attaque Deepfake?Voici ce qu'il faut faire ensuite Are You a Victim of a Deepfake Attack? Here\\'s What to Do Next (lien direct) |
> 
Avec la montée des outils d'IA bon marché et faciles à utiliser, les attaques Deepfake se retrouvent également à la hausse.Comme ça ...
> 
With the rise of cheap and easy-to-use AI tools, deepfake attacks find themselves likewise on the rise. Startling as that...
|
Tool | ★★ | |
 |
2024-04-02 12:00:11 | Les responsables polonais peuvent faire face à des accusations criminelles dans la sonde spyware de Pegasus Polish officials may face criminal charges in Pegasus spyware probe (lien direct) |
Les victimes du puissant outil de surveillance découvriront bientôt la vérité Les anciens responsables du gouvernement polonais peuvent faire face à des accusations criminelles à la suite d'une enquête sur leur utilisation du célèbre logiciel espion de Pegasus pour surveiller les opposants politiques et autres.…
Victims of the powerful surveillance tool will soon find out the truth Former Polish government officials may face criminal charges following an investigation into their use of the notorious spyware Pegasus to surveil political opponents and others.… |
Tool | ★★ | |
 |
2024-04-02 00:00:00 | Embrasser l'innovation: la transition de Derrick \\ de l'équipe de renseignement des menaces de Microsoft \\ Embracing innovation: Derrick\\'s transition from banking to Microsoft\\'s Threat Intelligence team (lien direct) |
Rencontrez Derrick, un responsable de programme senior au sein de l'équipe de renseignement sur les menaces opérationnelles de Microsoft.Le rôle de Derrick \\ implique la compréhension et la carte de route de l'ensemble complet d'outils que les analystes d'Intel menacent pour collecter, analyser, traiter et diffuser l'intelligence des menaces à travers Microsoft.
L'amour de Derrick de l'apprentissage et sa curiosité naturelle l'ont conduit à une carrière dans la technologie et, finalement, à son rôle actuel chez Microsoft.
Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick\'s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick\'s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft. |
Tool Threat | ★★ | |
 |
2024-04-01 22:18:59 | Microsoft Beefs Up Defenses en Azure AI Microsoft Beefs Up Defenses in Azure AI (lien direct) |
Microsoft ajoute des outils pour protéger Azure IA contre les menaces telles que l'injection rapide, ainsi que pour donner aux développeurs les capacités de garantir que les applications d'IA génératives sont plus résilientes aux attaques de manipulation de modèle et de contenu.
Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks. |
Tool | ★★ | |
 |
2024-04-01 19:30:00 | CVE-2024-3094 Information: Impact du code malveillant dans les outils et bibliothèques XZ (CVE-2024-3094) (Gravité: Aucun) CVE-2024-3094 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) (Severity: NONE) (lien direct) |
Microsoft ajoute des outils pour protéger Azure IA contre les menaces telles que l'injection rapide, ainsi que pour donner aux développeurs les capacités de garantir que les applications d'IA génératives sont plus résilientes aux attaques de manipulation de modèle et de contenu.
Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks. |
Tool | ||
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★ | |
 |
2024-04-01 11:00:00 | Veracode avance la sécurité des applications natives dans le cloud avec l'acquisition de l'arc long Veracode Advances Cloud-Native Application Security with Longbow Acquisition (lien direct) |
Alors que je voyage dans le monde entier pour rencontrer des clients et des prospects, nous discutons souvent des changements tectoniques qui se produisent dans l'industrie.Au cœur de leurs initiatives stratégiques, les organisations s'efforcent d'innover rapidement et d'offrir de la valeur client avec une qualité et une sécurité sans compromis, tout en obtenant un avantage concurrentiel sur le marché.Ils adoptent les méthodologies DevOps et tirent parti des technologies open source, accélèrent les déploiements dans des environnements multi-clouds pour améliorer l'agilité et la réactivité.Le plus grand défi auquel ils sont confrontés est d'acquérir une vue complète de tous les actifs de leur portefeuille lorsqu'ils sont déployés sur des points finaux multi-cloud.
Les équipes de sécurité sont submergées par une fatigue alerte provenant parfois de 20 outils qui fournissent chacun une vision différente du risque.Le plus grand défi consiste à agréger ce risque à partir de sources disparates, à la prioriser et à identifier la prochaine meilleure action à prendre pour sécuriser leurs actifs logiciels.Composer ces…
As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market. They are embracing DevOps methodologies and leveraging open-source technologies, accelerating deployments across multi-cloud environments to enhance agility and responsiveness. The biggest challenge they face is acquiring a comprehensive view of all the assets in their portfolio as they are deployed across multi cloud end points. Security teams are overwhelmed by alert fatigue coming from sometimes 20+ tools that each provide a different view of risk. The biggest challenge is aggregating this risk from disparate sources, prioritizing it and identifying the next best action to take to secure their software assets. Compounding these… |
Tool Cloud | ★★ | |
|
2024-04-01 10:00:00 | AI - le bon, le mauvais et effrayant AI - The Good, Bad, and Scary (lien direct) |
AI and machine learning (ML) optimizes processes by making recommendations for optimizing productivity, reducing cycles, and maximizing efficiency. AI also optimizes human capital by performing mundane & repetitive tasks 24x7 without the need for rest and minimizing human errors. There are numerous benefits as to how AI can benefit society. As much as AI can propel human progress forward, it can be consequential to our own detriment without proper guidance. We need to understand the risks and challenges that comes with AI. Growing your knowledge in the new era of AI will help you and your organization evolve. AI can be a battlefield of good and evil. There’s the power to do good and the power to do evil. Here are some examples on the Good, Bad, and Scary of AI. Good Cybersecurity - Detect and respond to cyber-attacks with automation capabilities at machine speed and predict behavioral anomalies and defend against cyber threats before an actual attack occurs Banking & Finance – Detect and prevent fraud, manage risks, enable personalized services, and automate financial-decision processing Healthcare – Optimize patient interactions, develop personalized treatment plans, attain better patient experience, improve patient data accuracy, and reduce misfiled patient records Manufacturing – Predict maintenance, detect defects and quality issues, enhance productivity, generate product & component designs, and optimize inventory & demand forecasting Retail – Secure self-checkout that helps loss prevention, optimize retail operations & supply chain, and enhance customer experiences Smart cities & IoT – Manage traffic of autonomous vehicles & self-driving, manage energy consumption, optimize water usage, and streamline waste management through real-time sensor data Telecom – Predict network congestion and proactively reroute traffic to avoid outages Bad Cybercriminals – Leverage AI-powered tools and social engineering to steal identities, generate ransomware attacks, perform targeted national state attacks, and destroy national critical infrastructure Computing resources – Require heavy power supply, Thermal Design Power (TDP), Graphics Processing Unit (GPU), and Random Access Memory (RAM) Environmental impact - Impact of intensive computing resources have on carbon footprint and environment Energy cost – Rise in electric power usage and water for cooling and increasing computational costs translates into carbon emissions Bias & Discrimination - Propagate biases as a result of bad training data, incomplete data, and poorly trained AI model Inequality – Widen the gap between the rich and poor and increase inequality in society Privacy – Loss of data privacy from insecure AI systems, unencrypted data sources, and misuse & abuse Skills loss - Reduce human critical thinking skills to uncover root issues, solve complex problems, and ability to write at college level and professionally Scary Job loss and displacement - Replace humans with robots across every sector to perform highly skilled professional jobs Overreliance on AI – Rely heavily on AI to make important decisions like electing medical procedures, making life or death decisions, or choosing political candidates Dominance of AI - Potential ability of AI to surpass human intelligence and take control Monopoly by tech – a select number of tech companies could monopolize the economy and have undue influence over the social construct of our daily lives from buying patterns to everyday decision-making Deepfakes – Generate deepfakes with manipulated videos and images to influence discussions on social media and online forums Propaganda & Disinformation – Deploy human a | Ransomware Tool Prediction Medical | ★★★ | |
 |
2024-03-30 08:00:00 | Hiddify – La solution tout-en-un pour contourner tous types de censures sur le net (lien direct) | Hiddify est une boîte à outils anti-censure puissante et professionnelle, offrant un accès facile et gratuit à Internet. Compatible avec plusieurs plateformes, décentralisée et open-source, Hiddify permet de créer son propre serveur VPN et de fournir des services VPN. Hiddify-Next est un client proxy multiplateforme avec une large gamme de fonctionnalités et de protocoles, disponible sur Google Play. Ces outils offrent une solution complète pour contourner la censure et protéger la vie privée en ligne. | Tool | ★★ | |
 |
2024-03-30 00:05:31 | Du métro à la sur-sol From Underground to Overground (lien direct) |
Il existe de nombreux débats et drames Infosec liés à la recherche sur la vulnérabilité, à la publication des outils de sécurité offensive (OST), au code de la preuve de concept (POC) et ces derniers jours & # 8211;Certains gangsters originaux (OG) réfléchissent à leurs propres actions en publiant des mémoires en larmes & # 8230; Continuer la lecture & # 8594;/ span>
There are many debates and infosec dramas related to vulnerability research, publishing Offensive Security Tools (OST), Proof Of Concept (POC) Code, and in recent days – some Original Gangsters (OG) are reflecting on their own doings by posting teary memoirs … Continue reading → |
Tool Vulnerability | ★★★★ | |
 |
2024-03-29 20:28:35 | Code de porte dérobée malveillant intégré à l'outil Linux populaire, CISA et Red Hat Warn Malicious backdoor code embedded in popular Linux tool, CISA and Red Hat warn (lien direct) |
La société de logiciels Red Hat et la principale agence de cybersécurité de la nation \\ ont publié un avertissement du Vendredi Saint concernant le code malveillant intégré dans un outil Linux populaire.Le problème - tagué sous le nom de CVE-2024-3094 - affecte XZ Utils, un outil qui aide à compresser les formats de fichiers grands en plus petits plus gérables pour le partage via le transfert de fichiers.
The software company Red Hat and the nation\'s top cybersecurity agency released a Good Friday warning about malicious code being embedded in a popular Linux tool. The issue - tagged as CVE-2024-3094 - affects XZ Utils, a tool that helps compress large file formats into smaller more manageable ones for sharing via file transfer. |
Tool | ★★ | |
 |
2024-03-29 15:11:02 | & Eacute; Ric Leblond, Stamus Networks: Le NDR est un outil indispensable Éric Leblond, Stamus Networks: The NDR is an indispensable tool (lien direct) |
& eacute; Ric Leblond, Stamus Networks: Le NDR est un outil indispensable
Chez Incyber Forum, Stamus Networks introduira la plate-forme de sécurité Stamus (SSP), une solution NDR qui utilise une inspection profonde des paquets pour découvrir de sérieuses menaces et des activités non autorisées qui se cachent dans nos clients d'entreprise \\ 'Networks.
-
Entretiens
/ /
affiche
Éric Leblond, Stamus Networks: The NDR is an indispensable tool At InCyber Forum, Stamus Networks will introduce Stamus Security Platform (SSP), an NDR solution that uses deep packet inspection to uncover serious threats and unauthorized activities lurking in our enterprise customers\' networks. - Interviews / affiche |
Tool | ★★ | |
|
2024-03-28 20:36:19 | Hallucinations LLM omniprésentes élargir la surface d'attaque du développeur de code Pervasive LLM Hallucinations Expand Code Developer Attack Surface (lien direct) |
La tendance des outils populaires basés sur l'IA pour recommander des bibliothèques de code inexistantes offre une plus grande opportunité qu'on ne le pense pour distribuer des forfaits malveillants.
The tendency of popular AI-based tools to recommend nonexistent code libraries offers a bigger opportunity than thought to distribute malicious packages. |
Tool | ★★★ | |
 |
2024-03-28 18:16:18 | Adressez désinfectant pour le firmware à métal nu Address Sanitizer for Bare-metal Firmware (lien direct) |
Posted by Eugene Rodionov and Ivan Lozano, Android Team With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. This area has traditionally received less scrutiny, but is critical to device security. We have previously discussed how we have been prioritizing firmware security, and how to apply mitigations in a firmware environment to mitigate unknown vulnerabilities. In this post we will show how the Kernel Address Sanitizer (KASan) can be used to proactively discover vulnerabilities earlier in the development lifecycle. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets. Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices. We\'ve already used KASan in some firmware targets to proactively find and fix 40+ memory safety bugs and vulnerabilities, including some of critical severity. Along with this blog post we are releasing a small project which demonstrates an implementation of KASan for bare-metal targets leveraging the QEMU system emulator. Readers can refer to this implementation for technical details while following the blog post. Address Sanitizer (ASan) overview Address sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime. It is capable of detecting the following classes of temporal and spatial memory safety bugs: out-of-bounds memory access use-after-free double/invalid free use-after-return ASan relies on the compiler to instrument code with dynamic checks for virtual addresses used in load/store operations. A separate runtime library defines the instrumentation hooks for the heap memory and error reporting. For most user-space targets (such as aarch64-linux-android) ASan can be enabled as simply as using the -fsanitize=address compiler option for Clang due to existing support of this target both in the toolchain and in the libclang_rt runtime. However, the situation is rather different for bare-metal code which is frequently built with the none system targets, such as arm-none-eabi. Unlike traditional user-space programs, bare-metal code running inside an embedded system often doesn\'t have a common runtime implementation. As such, LLVM can\'t provide a default runtime for these environments. To provide custom implementations for the necessary runtime routines, the Clang toolchain exposes an interface for address sanitization through the -fsanitize=kernel-address compiler option. The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren\'t supported by default with -fsanitize=address. We\'ll demonstrate how to use the version of address sanitizer originally built for the kernel on other bare-metal targets. KASan 101 Let\'s take a look at the KASan major building blocks from a high-level perspective (a thorough explanation of how ASan works under-the-hood is provided in this whitepaper). The main idea behind KASan is that every memory access operation, such as load/store instructions and memory copy functions (for example, memm | Tool Vulnerability Mobile Technical | ★★ | |
 |
2024-03-28 14:41:47 | EDR vs XDR: les principales différences EDR vs XDR: The Key Differences (lien direct) |
> Et le nouveau XDR vaut-il le prix?& # 8211;Aimei Wei, directeur technique, stellaire Cyber San Jose, Californie & # 8211;27 mars 2024 Alors que la détection et la réponse des points finaux (EDR) et la détection et la réponse prolongées (XDR) représentent toutes deux des outils cruciaux dans l'arsenal de cybersécurité d'aujourd'hui, il peut
>And is the newer XDR worth the price? – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Mar. 27, 2024 While Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) both represent crucial tools in today\'s cybersecurity arsenal, it can |
Tool Technical | ★★★ | |
|
2024-03-28 08:00:00 | Toolong – Un excellent outil pour gérer vos fichiers de log (lien direct) | Toolong est une application de terminal pour afficher, suivre en temps réel, fusionner et rechercher des fichiers de journalisation, y compris JSONL. Compatible avec Linux, macOS et Windows, elle remplace les outils nix classiques et offre une solution rapide et simple à utiliser. Pour l'installer, utilisez pipx ou Pip, et exécutez la commande "tl" pour l'utiliser. Des alternatives comme lnav existent, mais Toolong se distingue par sa rapidité et sa simplicité. | Tool | ★★★ | |
|
2024-03-27 13:00:39 | Vérifiez les technologies du logiciel reconnu comme un leader supérieur de Frost Radar ™ 2024 Global Managed Detection and Response Rapport Check Point Software Technologies Recognized as a Top Leader in Frost Radar™ 2024 Global Managed Detection and Response Report (lien direct) |
> Check Point Software a fièrement annoncé qu'elle avait été nommée un leader de la croissance et de l'innovation dans le rapport Global Managed Detection and Response 2024 de la détection gérée de Frost Radar ™.Check Point a démontré les capacités impressionnantes de son infinité MDR / MPR, ce qui permet aux organisations avec des outils de pointe pour prévenir rapidement et remédier efficacement aux attaques, maximisant les performances globales.À propos de Frost Radar ™: Frost & # 38;Le rapport Sullivan & # 8217; s Frost Radar ™ a analysé divers facteurs pour déterminer les principaux fournisseurs de détection et de réponse gérés (MDR).Après avoir évalué plus de 150 acteurs de l'industrie, le rapport a identifié indépendamment 22 fournisseurs MDR comme les principaux leaders de la croissance et de l'innovation dans cet espace.Le rapport [& # 8230;]
>Check Point Software proudly announced that it has been named a Growth and Innovation Leader in the Frost Radar™ Global Managed Detection and Response 2024 Report. Check Point has demonstrated the impressive capabilities of its Infinity MDR/MPR, empowering organizations with cutting-edge tools to rapidly prevent and efficiently remediate attacks, maximizing overall performance. About the Frost Radar™: Frost & Sullivan’s Frost Radar™ report analyzed various factors to determine the leading Managed Detection and Response (MDR) providers. After evaluating over 150 industry players, the report independently identified 22 MDR vendors as the top growth and innovation leaders in this space. The report […] |
Tool | ★★ | |
 |
2024-03-27 10:29:52 | GRAND Issue travaillant avec NCSC, NCA et a rencontré la police pour enquêter sur le cyber-incident Big Issue working with NCSC, NCA and Met Police to investigate cyber incident (lien direct) |
Les chercheurs de Comparerch, le site Web Pro-Consumer fournissant des informations, des outils, des avis et des comparaisons pour aider les lecteurs à améliorer leur cybersécurité et leur confidentialité en ligne, ont découvert que Ransomware Gang Qilin a revendiqué son crédit sur son site Web pour avoir volé 550 Go de données dans les données des données des données des données des données de laBig Issue, un journal de rue basé au Royaume-Uni.La société a déclaré dans un communiqué que [& # 8230;]
Le post GRAND PROBLÈME DE LA PRODUCTION AVEC NCSC, NCA ET MONT La police pour enquêter sur le cyber-incident est apparu pour la première fois sur gourou de la sécurité informatique .
Researchers at Comparitech, the pro-consumer website providing information, tools, reviews and comparisons to help readers improve their cyber security and privacy online, have discovered that ransomware gang Qilin claimed credit on its website for stealing 550 GB of data from the Big Issue, a UK-based street newspaper. The company has said in a statement that […] The post Big Issue working with NCSC, NCA and Met Police to investigate cyber incident first appeared on IT Security Guru. |
Ransomware Tool Legislation | ★★ | |
|
2024-03-27 10:00:00 | Techniques avancées de numérisation NMAP Advanced Nmap Scanning Techniques (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let\'s take a look at these techniques:
1. Vulnerability Detection
Syntax: nmap -sV --script=vulners
Nmap\'s vulnerability detection feature, facilitated by the \'vulners\' script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems.
2. Idle Scanning
Syntax: nmap -sI
Idle scanning represents a stealthy approach to port scanning, leveraging a "zombie" host to obfuscate the origin of scan requests. By monitoring changes in the zombie host\'s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target\'s ports without direct interaction.
3. Firewall Testing (Source Port Spoofing)
Syntax: nmap --source-port
This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses.
4. Service-Specific Probes (SMB Example)
Syntax: nmap -sV -p 139,445 --script=smb-vuln*
Nmap\'s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems.
5. Web Application Scanning (HTTP title grab)
Syntax: nmap -sV -p 80 --script=http-title
Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation.
By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations.
Nmap Scripting Engine:
One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool\'s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems.
nmap --script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by --script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap --script-help ssl-enum-ciphers
Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements. |
Tool Vulnerability Threat | ★★★ | |
|
2024-03-27 08:00:00 | Danswer – Posez des questions à vos documents directement dans Slack et compagnie (lien direct) | Danswer est une solution open source qui facilite la recherche de documents et répond aux questions en langage naturel. Il s'intègre avec des outils de travail tels que Google Drive, Confluence et Slack, et apprend des commentaires grâce à des modèles d'apprentissage profond personnalisés. Danswer peut être déployé avec Docker Compose ou Kubernetes et couvre diverses applications pour améliorer l'efficacité des équipes. | Tool | ★★★ | |
 |
2024-03-26 22:24:00 | Package NuGet malveillant lié à l'espionnage industriel cible les développeurs Malicious NuGet Package Linked to Industrial Espionage Targets Developers (lien direct) |
Les chasseurs de menaces ont identifié un ensemble suspect dans le & nbsp; Nuget Package Manager & NBSP; qui a probablement conçu pour cibler les développeurs travaillant avec des outils fabriqués par une entreprise chinoise spécialisée dans la fabrication d'équipements industriels et numériques.
Le package en question est & nbsp; sqzrframework480, qui inverselabs a déclaré a été publié pour la première fois le 24 janvier 2024. Il a été & nbsp; téléchargé & nbsp;
Threat hunters have identified a suspicious package in the NuGet package manager that\'s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded |
Tool Threat Industrial | ★★ | |
|
2024-03-26 18:46:40 | Des milliers d'entreprises utilisant le cadre Ray exposé aux cyberattaques, disent les chercheurs Thousands of companies using Ray framework exposed to cyberattacks, researchers say (lien direct) |
Les chercheurs avertissent que les pirates exploitent activement une vulnérabilité contestée dans un cadre d'IA à source ouverte populaire connue sous le nom de Ray.Cet outil est couramment utilisé pour développer et déployer des applications Python à grande échelle, en particulier pour les tâches telles que l'apprentissage automatique, l'informatique scientifique et le traitement des données.Selon le développeur de Ray \\, tous les domaines, le cadre est utilisé par major
Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray. This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing. According to Ray\'s developer, Anyscale, the framework is used by major |
Tool Vulnerability | ★★★ | |
 |
2024-03-26 13:00:00 | Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) | > Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
|
2024-03-26 13:00:00 | Défendre votre espace de travail mobile: les risques d'atténuation des applications de téléchargement de touche Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) |
> Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
 |
2024-03-26 11:10:00 | Top 3 des outils de cybersécurité pour protéger les données de l'entreprise Top 3 Cybersecurity Tools to Protect Business Data (lien direct) |
> Par uzair amir
Découvrez les trois principaux outils de cybersécurité conçus pour protéger vos données commerciales à partir de menaces et de violations en ligne, assurant un transfert de données sécurisé.
Ceci est un article de HackRead.com Lire le post original: Top 3 des outils de cybersécurité pour protéger les données de l'entreprise
>By Uzair Amir Discover the top three cybersecurity tools designed to safeguard your business data from online threats and breaches, ensuring secure data transfer. This is a post from HackRead.com Read the original post: Top 3 Cybersecurity Tools to Protect Business Data |
Tool | ★★★ | |
|
2024-03-26 10:00:00 | L'importance croissante du CAASM dans la stratégie de cybersécurité de l'entreprise The Growing Importance of CAASM in Company Cybersecurity Strategy (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years\' events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive tools in the cyber domain. Cybersecurity concepts that were nascent a few years ago are now being refined, demonstrating the practical benefits of modern digital risk management strategies. Gartner analysts have highlighted the expansion of the attack surface as a significant risk for corporate cyber environments in the upcoming years. The most vulnerable entities include IoT devices, cloud apps, open-source systems, and complex software supply chains. There is an increasing demand for concepts like Cyber Asset Attack Surface Management (CAASM), External Attack Surface Management (EASM), and Cloud Security Posture Management (CSPM) in corporate security frameworks. This trend is also documented in Gartner\'s "hype" chart. Let\'s discuss the concept of CAASM, which is centered on identifying and managing all digital assets within an organization, whether they are internal or external. This approach aims to provide a comprehensive view and control over the organization\'s cyber environment, enhancing security measures and management practices. What Is CAASM CAASM assists IT departments in achieving end-to-end visibility of a company\'s cyber assets. This strategy creates a fuller understanding of the actual state of the infrastructure, enabling the security team to respond promptly to existing threats and potential future ones. CAASM-based products and solutions integrate with a broad array of data sources and security tools. CAASM gathers and aggregates data and analyzes perimeter traffic, providing a continuous, multi-dimensional view of the entire attack surface. Having access to current asset data enables information security officers to visualize the infrastructure and address security gaps promptly. They can prioritize the protection of assets and develop a unified perspective on the organization\'s actual security posture. This sets the stage for proactive risk management strategies. Exploring CAASM\'s Core Functions The CAASM approach equips security professionals with a variety of tools necessary for effectively managing an organization\'s attack surface and addressing risks. Asset Discovery A lack of visibility into all of an organization\'s assets heightens the risk of cyberattacks. Cyber Asset Attack Surface Management products automatically detect and catalog every component of a company\'s digital infrastructure, encompassing local, cloud, and various remote systems, including shadow IT. A company employing CAASM gains a clear overview of all its deployed web applications, servers, network devices, and cloud services. CAASM facilitates a comprehensive inventory of the devices, applications, networks, and users constituting the company\'s attack surface. Vulnerability Detection It is important to understand the risks each asset poses, such as missing the latest security updates or opportunities to access sensitive data. CAASM systems integrate asset data, helping security teams identify misconfigurations, vulnerabilities, and oth | Ransomware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
|
2024-03-25 13:28:48 | Faits saillants hebdomadaires, 25 mars 2024 Weekly OSINT Highlights, 25 March 2024 (lien direct) |
La semaine dernière, les rapports OSINT de \\ présentent une gamme de cyber-menaces, des campagnes d'espionnage parrainées par l'État russe par Secret Blizzard à l'infosteller malware comme Formbook et le lecteur Adobe Infosaler, démontrant l'adaptabilité et la persistance entre les acteurs de la menace.Des tactiques trompeuses telles que la typosquat et la distribution de faux logiciels sont utilisées pour le camouflage des activités et ciblent des groupes d'utilisateurs spécifiques, comme on le voit dans le cas du ciblage chinois des moteurs de recherche.De plus, le malvertising basé sur la recherche, notamment avec le malware FakeBat, met en évidence l'abus de sites Web légitimes et de certificats numériques pour échapper aux mesures de sécurité.Dans l'ensemble, ces tendances soulignent la nécessité de mesures de cybersécurité robustes et de l'intelligence continue des menaces pour atténuer efficacement les menaces en évolution. 1. ** [Campagne d'espionnage de Turla] (https://security.microsoft.com/intel-explorer/articles/bf6723e9?): ** Le groupe d'espionnage russe Turla, également connu sous le nom de Blizzard secret par Microsoft, orchestraciblant une ONG européenne, employant des tactiques comme le vol d'information et l'infiltration du réseau.Les activités post-compromises de Turla \\ impliquent le déploiement d'implants comme Tinyturla-ng et la reconnaissance de la reconnaissance, la démonstration de persistance et de furtivité dans leurs opérations. 2. ** [Linux Server RCE Attack] (https://security.microsoft.com/intel-explorer/articles/9b8f807f?): ** Cybereason Security Services rapporte un incident impliquant un serveur Linux exploité via une exécution de code distante (RCE) Vulnérabilité dans Apache ActiveMQ, facilitant le déploiement de VADes charges utiles malveillantes comme Mirai Botnet, Hellokitty Ransomware et Coinminers.Attaquer les méthodologiesClude l'automatisation et les séances interactives via les coquilles inversées de Netcat, mettant en évidence le divers arsenal des acteurs de la menace et leurs tactiques adaptables. 3. ** [Formbook InfoSteller Malware] (https://security.microsoft.com/intel-explorer/articles/7b321c6c?): ** Formbook, un logiciel malveillant infoséaler, présente des capacités avancées comme le suivi de la touche et la capture de l'écran, pendant l'évasion de l'évasion, comme le suivi des touches de touche et la capture d'écran, pendant l'évadisation, toutDétection par des techniques d'obscurcissement et de chiffrement.Les cybercriminels distribuent Formbook par courrier électronique, avec des cas d'utilisation notés lors des conflits géopolitiques, soulignant sa flexibilité et sa menace persistante. 4. ** [Ciblage de moteurs de recherche chinois] (https://security.microsoft.com/intel-explorer/articles/5a806c77?): ** Kaspersky découvre une menace ciblant les utilisateurs chinois via des versions modifiées de rédacteurs de texte populaires distribués via le type typosquattinget d'autres techniques trompeuses, soulignant les acteurs de la menace \\ 'efforts pour imiter les ressources légitimes à des fins malveillantes. 5. ** [Phantomblu Malware Campaign] (https://security.microsoft.com/intel-explorer/articles/356f4d44?): ** Perception Point révèle la campagne Phantomblu ciblant les organisations américaines avec le rat Netsupport, l'utilisation de la campagne avancée AdvanceLes tactiques d'évasion comme la manipulation des modèles OLE et l'ingénierie sociale pour compromettre efficacement les systèmes, présentant une évolution des stratégies de livraison de logiciels malveillants mélangeant l'évasion et l'ingénierie sociale. 6. ** [Surge malvertising basé sur la recherche] (https://security.microsoft.com/intel-explorer/articles/7cc81ecb?): ** MalwareBytes rapporte une augmentation des incidents malvertisons basés sur la recherche, impliquant notamment le malware FakeBat malveillant FakeBat.Distribué par le biais des installateurs de MSIX avec le code PowerShell obsc | Ransomware Spam Malware Tool Vulnerability Threat | ★★★ | |
|
2024-03-25 13:00:20 | New Geobox Tool détourne Raspberry Pi, permet aux pirates de faux emplacement New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location (lien direct) |
> Par deeba ahmed
nouvel outil Web Dark Geobox, vendu pour 700 $ sur les forums Telegram et Underground, les détournements Raspberry Pi, permettant aux cybercriminels de truquer les emplacements et d'éviter la détection.
Ceci est un article de HackRead.com Lire le post original: New Geobox Tool détourne Raspberry Pi, permet aux pirates de faux emplacement
>By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location |
Tool | ★★★ | |
 |
2024-03-25 11:43:55 | Les meilleurs développeurs Python piratés dans une attaque de chaîne d'approvisionnement sophistiquée Top Python Developers Hacked in Sophisticated Supply Chain Attack (lien direct) |
> Plusieurs développeurs Python sont infectés après le téléchargement du clone de malveillance de l'outil populaire Colorama.
>Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. |
Tool | ★★★ | |
|
2024-03-25 10:00:00 | Décodage des implications de cybersécurité de l'avancement rapide de l'AI \\ Decoding the Cybersecurity Implications of AI\\'s Rapid Advancement (lien direct) |
The genius at the heart of AI—its ability to sift through mountains of data, actually spot a needle in a haystack, and act on threats before they blossom into full-scale emergencies—it’s undeniable. However, here’s the rub—every part of that impressive arsenal? It’s also up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the | Spam Tool Vulnerability Threat Prediction Technical | Deloitte | ★★ |
|
2024-03-25 08:19:08 | TD SYNNEX lance CITADEL (lien direct) | TD SYNNEX lance CITADEL, une offre de cybersécurité managée 24h/24 à destination des TPE/PME • CITADEL by TD SYNNEX offre un service de sécurité proactif et préventif qui bloque les cyberattaques en temps réel. • C'est un service entièrement intégré et facilement déployable sur les outils Microsoft Business Premium. - Produits | Tool | ★★ | |
 |
2024-03-25 00:00:00 | Les cybercriminels transforment Raspberry Pi en un outil de fraude et d'anonymisation: Geobox Discovery Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery (lien direct) |
TD SYNNEX lance CITADEL, une offre de cybersécurité managée 24h/24 à destination des TPE/PME • CITADEL by TD SYNNEX offre un service de sécurité proactif et préventif qui bloque les cyberattaques en temps réel. • C'est un service entièrement intégré et facilement déployable sur les outils Microsoft Business Premium. - Produits | Tool | ★★★★ | |
 |
2024-03-23 21:28:48 | Les pirates peuvent débloquer 3 millions de portes hôtelières dans 131 pays Hackers Can Unlock 3 million Hotel Doors In 131 Countries (lien direct) |
Les chercheurs en sécurité ont découvert des vulnérabilités dans la gamme de serrures électroniques RFID de Dormakaba \\, ce qui pourrait permettre à un attaquant d'accéder aux chambres d'hôtel et aux portes de l'unité de logement multifamilial en quelques secondes en utilisant une seule paire de clés forgés. La série de vulnérabilités, surnommée «DeSaflok», a été découverte par les chercheurs Lennert Wouters, Ian Carroll, RQU, Buscanfly, Sam Curry, Shell et Will Caruana en septembre 2022 et divulgués en mars 2024, comme l'a rapporté pour la première fois par | Tool Vulnerability Mobile Technical | ★★ | |
|
2024-03-22 20:00:00 | AWS CISO: faites attention à la façon dont l'IA utilise vos données AWS CISO: Pay Attention to How AI Uses Your Data (lien direct) |
Amazon Web Services Ciso Chris Betz explique pourquoi une AI générative est à la fois un outil d'économie de temps ainsi qu'une épée à double tranchant.
Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool as well as a double-edged sword. |
Tool | ★★ | |
|
2024-03-22 16:46:46 | Outil de suivi de la désinformation de la clé méta-volet avant 2024 Élections Meta to shutter key disinformation tracking tool before 2024 election (lien direct) |
La décision de Meta \\ de fermer sa division Crowdtangle - un outil qui suit le contenu sur les réseaux sociaux - a augmenté la colère de plus de 100 groupes de recherche et de défense qui disent qu'il rendra plus difficile la lutte contre la désinformation.Des groupes tels que la Fondation Mozilla, le Center for Democracy and Technology and Access maintenant envoyés
Meta\'s decision to close its CrowdTangle division - a tool that tracks content across social media - has raised the ire of more than 100 research and advocacy groups who say it will make it harder to fight disinformation. Groups including the Mozilla Foundation, the Center for Democracy and Technology and Access Now sent |
Tool | ★★ | |
|
2024-03-22 06:00:42 | La solution centrée sur l'homme à un problème centré sur l'homme défiant vos données critiques The Human-Centric Solution to a Human-Centric Problem-Defending Your Critical Data (lien direct) |
This cybersecurity lore is well on its way to becoming cliché. But like most clichés, it\'s true: Data doesn\'t leave your organization on its own. People let your data out. They either take it with them, or they leave the door open for someone else to help themselves. In this environment, where cybercriminals are less inclined to target software vulnerabilities and far more focused on our identities, the perimeter as we once knew it has disappeared. Today, our people are the perimeter-wherever they are, on-premises or in the cloud, and whatever systems, devices and credentials they use to access our data. Needless to say, if cyberattacks are targeted at our people (or rather, their identities), then our cyber defenses must be targeted, too. But with large and often remote workforces accessing our networks across various endpoints, this is increasingly challenging. To protect our people-and, in turn, our businesses-we need a deep understanding of who is accessing our data as well as how, when, where and why. It\'s only when we have all this information that we can begin to place protections where they are needed most, educate users on the risks they face and fight threat actors on the new frontier of our identities. Tackling insider threats As if defending a new, more fluid perimeter wasn\'t difficult enough, the increased focus on our identities presents another problem. Our people are already within our traditional defenses. So, to protect against malicious, compromised or careless users who are enabling data loss, we need to defend from the inside out. Email remains the number one entry point for common and advanced threats, so any effective defense starts in the inbox. Our people must understand the importance of strong credentials, the risk of password reuse and sharing, and the dangers posed by phishing emails, malicious links and bogus attachments. In our research for the 2024 State of the Phish report, Proofpoint found that security professionals in Europe and the Middle East rated password reuse as the riskiest behavior-and the second-most common behavior among end users. Email protection tools can assist here, too, by filtering malicious messages before they reach the inbox. That helps to mitigate the compromised employee use case. However, security teams must always assume that threats will get through these lines of defense, even with detection rates above 99% being the norm. And when they do, additional layers of security are needed to stop them in their tracks. Advanced enterprise data loss prevention (DLP) and insider threat management (ITM) tools provide this additional layer. By analyzing content, behavior and threat telemetry, these tools highlight anomalous or suspicious behavior that can lead to data loss. Careless users were the most cited cause of data loss in our inaugural 2024 Data Loss Landscape report. To handle this use case you might want to interrupt their careless behavior with a security prompt. For example, suppose an employee attempts to send confidential files in a plain text email. A simple pop-up advising them to reconsider their action could prevent this data from being exposed. A complete log of the incident is also captured, which can add real-world context to security awareness training. Another action that a careless user may perform is to send an email to the wrong recipient. According to our research, 1 in 3 users misdirected one or two emails to the wrong recipient. In the event of a malicious insider, intelligent DLP and ITM tools will spot and alert security teams to any high-risk behaviors. This could be a user who downloads an unauthorized app to a corporate machine or renames files to hide their intentions and cover their tracks. As for leavers-who remain one of the primary reasons for insider-driven data loss-security teams can take a more proactive approach. By focusing on these high-risk employees, you can build an evidential picture of intent. With the right tools in place, you can capture activity l | Tool Vulnerability Threat Cloud | ★★ | |
|
2024-03-21 18:18:00 | AndroxGH0st malware cible les applications Laravel pour voler des informations d'identification cloud AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials (lien direct) |
Les chercheurs en cybersécurité ont fait la lumière sur un outil appelé & nbsp; androxgh0st & nbsp; qui a utilisé pour cibler les applications Laravel et voler des données sensibles.
"Il fonctionne en numérisant et en supprimant des informations importantes à partir des fichiers .env, en révélant les détails de connexion liés à AWS et Twilio", a déclaré le chercheur de Juniper Threat Labs Kashinath T Pattan & NBSP;
"Classé comme un cracker SMTP, il exploite SMTP
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP |
Malware Tool Threat Cloud | ★★ | |
|
2024-03-21 16:00:00 | GitHub lance l'outil AutoFix alimenté par AI pour aider les développeurs à patcher des défauts de sécurité GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (lien direct) |
GitHub a annoncé mercredi qu'il met à disposition une fonctionnalité appelée Code Scanning Autofix en bêta publique pour All & NBSP; Advanced Security Clients & NBSP; pour fournir des recommandations ciblées dans le but d'éviter d'introduire de nouveaux problèmes de sécurité.
"Powered by & nbsp; github copilot & nbsp; et & nbsp; codeQL, le code scan de code Autofix couvre plus de 90% des types d'alerte en javascript, dactylographié, java, et
GitHub on Wednesday announced that it\'s making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and |
Tool Patching | ★★ | |
|
2024-03-21 05:30:10 | Le gang Kimsuky de 2024 et de la Corée du Nord \\ en Corée du Nord exploite les fichiers d'aide Windows It\\'s 2024 and North Korea\\'s Kimsuky gang is exploiting Windows Help files (lien direct) |
nouvel infosteller peut indiquer un changement de tactique & # 8211;Et peut-être aussi des cibles, au-delà de l'Asie Kimsuky Cyber Crime Gang, de la Corée du Nord, a commencé une campagne en utilisant de nouvelles tactiques, selon le fournisseur d'outils infosec Rapid7.…
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia North Korea\'s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.… |
Tool | ★★★★ | |
|
2024-03-20 19:59:09 | Les logiciels malveillants des accryptor ont augmenté en Europe, disent les chercheurs AceCryptor malware has surged in Europe, researchers say (lien direct) |
Des milliers de nouvelles infections impliquant l'outil d'accryptor - qui permet aux pirates de obscurcir les logiciels malveillants et de les glisser dans des systèmes sans être détectés par des logiciels antivirus - ont été découverts dans le cadre d'une campagne ciblant des organisations à travers l'Europe. & NBSP;Des chercheurs de l'ESET ont passé des années à suivre l'accryptor, et ils ont déclaré mercredi que le
Thousands of new infections involving the AceCryptor tool - which allows hackers to obfuscate malware and slip it into systems without being detected by anti-virus software - have been discovered as part of a campaign targeting organizations across Europe. Researchers at ESET have spent years tracking AceCryptor, and they said on Wednesday that the |
Malware Tool | ★★ | |
|
2024-03-20 16:33:26 | Les pirates liés à la Russie utilisent des logiciels malveillants SmokeLoader pour voler des fonds aux entreprises ukrainiennes Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (lien direct) |
Selon un récent rapport, les logiciels malveillants smokeloder utilisés par les cybercriminels liés à la Russie restent l'un des principaux outils pour les hacks financiers en Ukraine.Entre mai et novembre 2023, les chercheurs ont identifié 23 campagnes de smokeloder visant divers objectifs en Ukraine, notamment des institutions financières et des organisations gouvernementales.Les pirates étaient les plus actifs en août et octobre, lancement
Smokeloader malware used by Russia-linked cybercriminals remains one of the major tools for financial hacks in Ukraine, according to a recent report. Between May and November 2023, researchers identified 23 Smokeloader campaigns aimed at various targets in Ukraine, including financial institutions and government organizations. The hackers were most active in August and October, launching |
Malware Tool | ★★★ | |
|
2024-03-20 12:49:56 | Détecter les menaces de nuage avec CloudGrappler Detecting Cloud Threats With CloudGrappler (lien direct) |
L'outil open source de Permiso peut aider les équipes de sécurité à identifier les acteurs de la menace qui se cachent dans leurs environnements AWS et Azure.
The open-source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments. |
Tool Threat Cloud | ★★ | |
 |
2024-03-20 04:56:57 | Qu'est-ce que la gestion des journaux et pourquoi vous en avez besoin What Is Log Management and Why you Need it (lien direct) |
Grâce à la chaîne d'approvisionnement en plein essor, à une multitude d'appareils IoT et de travail à domicile et une présence en expansion du cloud, les organisations ingèrent constamment de nouveaux matériels dans leur environnement informatique.Avec chaque nouvelle ligne de code vient une nouvelle chance pour une vulnérabilité cachée.Avec chaque faiblesse non fondée, les attaquants acquièrent une autre occasion pour prendre pied dans l'organisation et compromettre les actifs sensibles.Afin de l'arrêter, les entreprises peuvent tirer parti des outils de gestion de la configuration de sécurité (SCM) et des outils de surveillance de l'intégrité des fichiers (FIM), mais pour vraiment créer une approche préventive, ils ont besoin de plein ...
Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a foothold in the organization and compromise sensitive assets. In order to stop this, companies can leverage security configuration management (SCM) and file integrity monitoring (FIM) tools, but to truly create a preventative approach, they need full... |
Tool Vulnerability Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
