What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-24 17:00:00 | Le juge fédéral rejette les efforts de NSO \\ pour rejeter le procès de Pegasus d'Apple \\ Federal judge rejects NSO\\'s effort to dismiss Apple\\'s Pegasus lawsuit (lien direct) |
Un juge fédéral a rejeté une requête du Group Spyware Maker NSO pour rejeter une action en justice Apple alléguant que le puissant outil de Pegasus de la société a violé les lois sur la fraude informatique et a injustement profité d'Apple et de ses clients, selon une décision de justice déposée mardi. groupe NSO , un fournisseur très controversé de logiciels espions qui a été
A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company\'s powerful Pegasus tool has violated computer fraud laws and unfairly profited off of Apple and its customers, according to a court ruling filed Tuesday. NSO Group, a highly controversial purveyor of spyware which has been |
Tool | ★★★ | |
 |
2024-01-24 15:20:27 | Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 (lien direct) | >Multiplication des attaques par ransomware, tensions géopolitiques en Europe et au Moyen-Orient, incertitude économique : l'année 2023 fut tumultueuse et marquée par une succession de crises protéiformes. Dans ce contexte, les organisations ont eu fort à faire pour préserver l'intégrité de leur système d'information, ou encore se prémunir et remédier aux éventuelles cyberattaques. 2024 ne dérogera […] The post Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 first appeared on UnderNews. | Ransomware Tool | ★★★ | |
 |
2024-01-24 14:00:13 | Au-delà du battage médiatique - où l'IA peut briller en sécurité Beyond the Hype - Where AI Can Shine in Security (lien direct) |
> Découvrez l'impact du monde réel de l'IA dans la cybersécurité avec des informations d'experts de Palo Alto Networks et de l'unité 42. Plongez dans la prolifération des outils d'IA.
>Discover the real-world impact of AI in cybersecurity with insights from experts at Palo Alto Networks and Unit 42. Dive into the proliferation of AI tools. |
Tool | ★★★ | |
 |
2024-01-24 13:00:35 | L'éducation à la cybersécurité de l'enfance est un outil vital: 72% des enfants du monde entier ont connu au moins un type de cyber-menace Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (lien direct) |
> 90% des enfants de plus de 8 ans utilisent déjà Internet.Seulement 40% des parents sont conscients que leurs enfants ont fait face à des cybermenaces.L'éducation est la pierre angulaire de notre culture, car elle nous permet de progresser en tant que société et nous pouvons partager avec les valeurs et les connaissances des nouvelles générations que nous considérons comme essentielles.Dans une société de plus en plus numérisée, et surtout considérant que les enfants utilisent de plus en plus la technologie à un âge plus précoce, il est crucial que l'éducation se concentre sur la façon d'utiliser cet outil mondial en toute sécurité.La technologie offre de grands avantages dans l'éducation, la culture et le divertissement, mais [& # 8230;]
>90% of children over 8 years old are already using Internet. Only 40% of parents are aware that their children have faced cyber threats. Education is the cornerstone of our culture, as it allows us to progress as a society and we can share with the new generations values and knowledge that we consider essential. In an increasingly digitized society, and especially considering that children are using technology more and more at an earlier age, it is crucial for education to focus on how to use this global tool safely. Technology offers great advantages in education, culture and entertainment, but […] |
Tool Threat | ★★★ | |
 |
2024-01-24 11:56:13 | Le Royaume-Uni dit que l'IA autonomisera les ransomwares au cours des deux prochaines années UK says AI will empower ransomware over the next two years (lien direct) |
Le National Cyber Security Center (NCSC) du Royaume-Uni avertit que les outils d'intelligence artificielle (IA) auront un impact défavorable à court terme sur la cybersécurité, ce qui contribue à dégénérer la menace de ransomware.[...]
The United Kingdom\'s National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...] |
Ransomware Tool Threat | ★★★ | |
 |
2024-01-24 06:26:08 | Les avertissements NCSC de GCHQ \\ de la possibilité réaliste \\ 'AI aideront à détection d'évasion des logiciels malveillants soutenus par l'État GCHQ\\'s NCSC warns of \\'realistic possibility\\' AI will help state-backed malware evade detection (lien direct) |
Cela signifie que les espions britanniques veulent la capacité de faire exactement cela, hein? L'idée que l'IA pourrait générer des logiciels malveillants super potentiels et indétectables a été bandé depuis des années & # 8211;et aussi déjà démystifié .Cependant, un article Publié aujourd'hui par le Royaume-Uni National Cyber Security Center (NCSC) suggère qu'il existe une "possibilité réaliste" que d'ici 2025, les attaquants les plus sophistiqués \\ 's'amélioreront considérablement grâce aux modèles d'IA informés par des données décrivant une cyber-cyberHits.… | Malware Tool | ChatGPT | ★★★ |
 |
2024-01-24 06:00:39 | 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) | Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage. This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks. Understanding privilege escalation In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise. Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically. Horizontal example This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems. Here\'s an example of how a horizontal privilege escalation attack might unfold: An attacker uses stolen credentials to access a host with regular privileges within a company\'s network. The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files. The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files. This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack. Vertical example In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials. Here is how a vertical privilege escalation attack might play out: An attacker uses a compromised user account to gain access to a targeted system. They identify a known vulnerability in an application or service that is running on the system. The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized. The attacker can now change their privileges to a higher level, like system admin. Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data. Why it is important to prevent privilege escalation attacks The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern: Unauthorized access to and exposure of sensitive data Compromised user accounts and user identities Manipulated systems and configurations Disrupted business operations Data tampering and manipulation, such as with ransomware Legal and regulatory repercussions Reputational damage 5 Common privilege escalation attack techniques and examples Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in | Tool Vulnerability Threat Commercial | ★★★ | |
|
2024-01-24 06:00:39 | (Déjà vu) 5 Techniques d'attaque d'escalade communes avec des exemples 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) |
Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage. This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks. Understanding privilege escalation In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise. Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically. Horizontal example This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems. Here\'s an example of how a horizontal privilege escalation attack might unfold: An attacker uses stolen credentials to access a host with regular privileges within a company\'s network. The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files. The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files. This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack. Vertical example In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials. Here is how a vertical privilege escalation attack might play out: An attacker uses a compromised user account to gain access to a targeted system. They identify a known vulnerability in an application or service that is running on the system. The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized. The attacker can now change their privileges to a higher level, like system admin. Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data. Why it is important to prevent privilege escalation attacks The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern: Unauthorized access to and exposure of sensitive data Compromised user accounts and user identities Manipulated systems and configurations Disrupted business operations Data tampering and manipulation, such as with ransomware Legal and regulatory repercussions Reputational damage 5 Common privilege escalation attack techniques and examples Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in | Tool Vulnerability Threat Commercial | ★★★ | |
 |
2024-01-24 02:32:22 | Quatre points à retenir du rapport McKinsey AI Four Takeaways from the McKinsey AI Report (lien direct) |
L'intelligence artificielle (IA) a été un sujet de discussion brûlant cette année parmi les professionnels de la technologie et de la cybersécurité et le public plus large.Avec l'avènement récent et les progrès rapides d'un certain nombre d'outils d'IA génératifs accessibles au public, Chatgpt, Dall-E et d'autres, le sujet de l'IA est au sommet de nombreux esprits.Les organisations et les individus ont adopté ces outils pour un large éventail de fonctions commerciales et personnelles.La dernière enquête mondiale de McKinsey Global Publishing a interrogé des milliers de cadres et de gestionnaires sur l'état actuel de l'IA.Les résultats de l'enquête offrent une valeur précieuse ...
Artificial intelligence (AI) has been a hot topic of discussion this year among tech and cybersecurity professionals and the wider public. With the recent advent and rapid advancement of a number of publicly available generative AI tools-ChatGPT, Dall-E, and others-the subject of AI is at the top of many minds. Organizations and individuals alike have adopted these tools for a wide range of business and personal functions. The latest global survey from McKinsey Global Publishing polled thousands of executives and managers on the current state of AI. The results of the survey provide valuable... |
Tool | ★★★ | |
 |
2024-01-23 16:00:00 | Informations sensibles dans les API et utilisation sécurisée du facteur Sensitive Information in APIs and Secure Usage of Postman (lien direct) |
> L'un des développeurs & # 8217;Les outils les plus fréquemment utilisés dans le développement de logiciels sont sans aucun doute le facteur.Mais ...
>One of the developers’ most frequently used tools in software development is undoubtedly Postman. But... |
Tool | ★★★ | |
 |
2024-01-23 15:36:45 | HC3 prévient le secteur des soins de santé des menaces d'accès non autorisées de ScreenConnect Tool HC3 warns healthcare sector of unauthorized access threats from ScreenConnect tool (lien direct) |
> Le centre de coordination de la cybersécurité du secteur de la santé (HC3) dans le département américain de la santé & # 38;Services humains (HHS) émis ...
>The Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) issued... |
Tool Medical | ★★★ | |
|
2024-01-23 15:29:37 | Plus d'un quart des 2000 mondiaux ne sont pas prêts pour les règles d'authentification des e-mails rigoureuses à venir More than One-Quarter of the Global 2000 Are Not Ready for Upcoming Stringent Email Authentication Rules (lien direct) |
Le courrier électronique reste le principal canal de communication pour les organisations et les moyens de communication préférés pour les consommateurs.Et partout où les gens vont, les acteurs de la menace suivent.Les cybercriminels continuent d'exploiter les e-mails pour livrer le phishing, la fraude par e-mail, le spam et d'autres escroqueries.Mais Google, Yahoo!, Et Apple se battent avec de nouvelles exigences d'authentification par e-mail conçues pour empêcher les acteurs de la menace d'abuser des e-mails.Bien que ce changement majeur soit une excellente nouvelle pour les consommateurs, les organisations n'ont pas beaucoup de temps pour préparer le google, Yahoo!Et Apple commencera à appliquer ses nouvelles exigences au premier trimestre de 2024. Avec seulement des semaines jusqu'à ce que ces règles commencent à prendre effet, plus d'un quart (27%) des Forbes Global 2000 ne sont pas prêts pour ces nouvelles exigences;Cela peut avoir un impact significatif sur leur capacité à fournir des communications par e-mail à leurs clients en temps opportun et met leurs clients en danger de fraude par e-mail et d'escroqueries.En fait, notre rapport State of the Phish 2023 a révélé que 44% des consommateurs mondiaux pensent qu'un e-mail est sûr s'il inclut simplement l'image de marque familière. L'analyse de Proofpoint \\ de la Forbes Global 2000 et leur adoption du protocole ouvert DMARC (reporting et conformité d'authentification des messages basés sur le domaine), un protocole d'authentification largement utilisé qui aide à garantir l'identité des communications par e-mail et protège les noms de domaine du site Web contre le fait d'êtreusurpé et mal utilisé, montre: Plus d'un quart (27%) du Global 2000 n'a aucun enregistrement DMARC en place, indiquant qu'ils ne sont pas préparés aux prochaines exigences d'authentification par e-mail. 69% stupéfiants ne bloquent pas activement les e-mails frauduleux en atteignant leurs clients;Moins d'un tiers (31%) ont mis en œuvre le plus haut niveau de protection pour rejeter les e-mails suspects en atteignant leurs clients de réception. 27% ont mis en œuvre une politique de moniteur, ce qui signifie que des e-mails non qualifiés peuvent toujours arriver dans la boîte de réception du destinataire;et seulement 15% ont mis en œuvre une politique de quarantaine pour diriger des e-mails non qualifiés aux dossiers spam / indésirables. L'authentification par e-mail est une meilleure pratique depuis des années.DMARC est l'étalon-or pour se protéger contre l'identité des e-mails, une technique clé utilisée dans la fraude par e-mail et les attaques de phishing.Mais, comme le révèle notre analyse du Global 2000, de nombreuses entreprises doivent encore la mettre en œuvre, et celles qui sont à la traîne de l'adoption du DMARC devront désormais rattraper leur retard rapidement s'ils souhaitent continuer à envoyer des e-mails à leurs clients.Les organisations qui ne se contentent pas ne pourraient pas voir leurs e-mails acheminés directement vers les dossiers de spam des clients ou rejeté. La mise en œuvre peut cependant être difficile, car elle nécessite une variété d'étapes techniques et une maintenance continue.Toutes les organisations n'ont pas les ressources ou les connaissances en interne pour répondre aux exigences en temps opportun.Vous pouvez profiter de ressources telles que le kit technique et d'authentification de l'e-mail technique de Proofpoint \\ pour vous aider à démarrer.ProofPoint propose également un outil pour vérifier les enregistrements DMARC et SPF de votre domaine, ainsi que pour créer un enregistrement DMARC pour votre domaine.Cet outil fait partie d'une solution complète de défense de fraude par e-mail, qui fournit un SPF hébergé, un DKIM hébergé et des fonctionnalités DMARC hébergées pour simplifier le déploiement et la maintenance tout en augmentant la sécurité.La solution comprend également l'accès à des consultants hautement expérimentés pour vous guider à travers les workflows d'im | Spam Tool Threat Cloud Technical | ★★★ | |
|
2024-01-23 12:51:12 | Le paysage des menaces est toujours en train de changer: à quoi s'attendre en 2024 The Threat Landscape Is Always Changing: What to Expect in 2024 (lien direct) |
Gather \'round, cyber friends, and I\'ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can look back on 2023, identify notable changes and actor behaviors, and make educated assessments about what 2024 will bring. This month on the DISCARDED podcast my co-host Crista Giering and I sat down with our Threat Research leaders Daniel Blackford, Alexis Dorais-Joncas, Randy Pargman, and Rich Gonzalez, leaders of the ecrime, advanced persistent threat (APT), threat detection, and Emerging Threats teams, respectively. We discussed what we learned over the last year, and what\'s on the horizon for the future. While the discussions touched on different topics and featured different opinions on everything from artificial intelligence (AI) to living off the land binaries (LOLBins) to vulnerability exploitation to ransomware, there were some notable themes that are worth writing down. We can\'t say for sure what surprises are in store, but with our cyber crystals balls fully charged – and a deep knowledge of a year\'s worth of threat actor activity based on millions of email threats per day – we can predict with high confidence what\'s going to be impactful in the coming year. 1: Quick response (QR) codes will continue to proliferate 2023 was the year of the QR code. Although not new, QR codes burst on the scene over the last year and were used in many credential phishing and malware campaigns. The use was driven by a confluence of factors, but ultimately boiled down to the fact that people are now way more accustomed to scanning QR codes for everything from instructions to menus. And threat actors are taking advantage. Proofpoint recently launched new in-line sandboxing capabilities to better defend against this threat, and our teams anticipate seeing more of it in 2024. Notably, however, Dorais-Joncas points out that QR codes still just exist in the realm of ecrime – APT actors have not yet jumped on the QR code bandwagon. (Although, some of those APT actors bring ecrime energy to their campaigns, so it\'s possible they may start QR code phishing, too.) 2: Zero-day and N-day vulnerability exploitation A theme that appeared throughout our conversations was the creative use of vulnerabilities – both known and unreported – in threat actor activity. APT actors used a wide variety of exploits, from TA473 exploiting publicly-facing webmail servers to espionage actors using a zero-day in an email security gateway appliance that ultimately forced users to rip out and reinstall physical hardware. But ecrime actors also exploited their share of vulnerabilities, including the MOVEit file transfer service vulnerability from the spring of 2023 that had cascading repercussions, and the ScreenConnect flaw announced in the fall of 2023 – both of which were used by ecrime actors before being officially published. Proofpoint anticipates vulnerability exploitation will continue, driven in part by improved defense making old school techniques – like macro-enabled documents – much less useful, as well as the vast financial resources now available to cybercriminals that were once just the domain of APT. Pargman says the creativity from ecrime threat actors is a direct response of defenders imposing cost on our adversaries. 3: Continuing, unexpected behavior changes Avid listeners of the podcast know I have regularly said the ecrime landscape is extremely chaotic, with TA577 demonstrating the most chaotic vibes of them all. The tactics, techniques, and procedures (TTPs) of some of the most sophisticated actors continue to change. The cost imposed on threat actors that Pargman mentioned – from law enforcement takedowns of massive botnets like Qbot to improved detections and automated defenses – have forced threat actors, cybercriminals in particular, to regularly change their behaviors to figure out what is most effective. For example, recently Proofpoint has observed the increased use of: traffic dis | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
 |
2024-01-22 16:00:00 | Lutter contre la désinformation pendant la saison électorale Battling Misinformation During Election Season (lien direct) |
La diffusion de fausses informations, souvent avec l'intention de tromper, est devenue une question omniprésente amplifiée par des outils d'intelligence artificielle (IA).
Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools. |
Tool | ★★★ | |
 |
2024-01-22 12:18:13 | Les principales façons inattendues d'utiliser un gestionnaire de mots de passe pour une sécurité et une organisation améliorées Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation (lien direct) |
Les gestionnaires de mots de passe sont devenus des outils intégraux pour les particuliers et les entreprises.Ils sont principalement connus pour enregistrer et gérer en toute sécurité les informations d'identification de connexion afin que les utilisateurs ne devaient pas se souvenir de tous ou les noter, où ils pourraient être compromis.Cependant, ces tuteurs numériques peuvent offrir plus qu'un simple coffre-fort sécurisé pour les mots de passe.En fait, [& # 8230;]
Le message Les principales façons inattendues d'utiliser un gestionnaire de mots de passe pour une sécurité et une organisation améliorées sont apparues pour la première fois sur gourou de la sécurité informatique .
Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don\'t have to remember them all or write them down, where they could be compromised. However, these digital guardians can offer more than just a secure vault for passwords. In fact, […] The post Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation first appeared on IT Security Guru. |
Tool | ★★ | |
 |
2024-01-22 11:00:00 | Meilleures pratiques pour mettre en œuvre l'auto-doxxing dans les organisations Best practices to implement self-doxxing in organizations (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Organizations face a constant challenge to balance transparency and security in today\'s rapidly evolving digital landscape. One emerging concept that has gained traction in recent years is the practice of "self-doxxing." This seemingly counterintuitive term refers to the deliberate and controlled sharing of an organization\'s information, often sensitive, to enhance transparency, accountability, and trust. While it might sound paradoxical to disclose information that could be exploited by malicious actors voluntarily, the strategic implementation of self-doxing can indeed be a powerful tool in an organization\'s arsenal. What does it mean by self-doxxing? Self-doxing, short for "self-documenting," is a proactive approach where organizations voluntarily share information about themselves, their operations, and their practices with the public, stakeholders, and competitors. This practice is in direct contrast to traditional security measures that aim to limit the exposure of sensitive data. Traditionally, data privacy measures rely on endpoint security tools such as VPNs, antivirus, password managers, etc, to ensure security. These tools help implement a zero-trust security module within an organization to ensure data privacy and security. In contrast to this traditional zero-trust security method, self-doxing is a strategic move to foster transparency, build trust, and engage with a broader audience. It\'s about taking control of the narrative surrounding your organization and providing the public with a clearer picture of who you are and what you stand for. By voluntarily sharing information, organizations aim to shape perceptions, demonstrate accountability, and minimize the potential for unauthorized leaks or misinformation. However, successful self-doxxing requires careful planning and a deep understanding of what to share and protect. Why should you implement self-doxxing in an organization? Self-doxing, when executed thoughtfully, offers many advantages for organizations looking to thrive in a digitally connected world. Enhanced transparency: One of the primary benefits of self-doxxing is the promotion of transparency. By willingly sharing information about your organization\'s operations, practices, and ethical standards, you signal stakeholders and the public that you have nothing to hide. This transparency can foster trust and credibility, making your organization more attractive to customers, investors, and partners. Reputation management: Self-doxxing allows you to control the narrative about your organization. By providing accurate and comprehensive information, you can preemptively address potential issues, correct misunderstandings, and mitigate reputational risks. This proactive approach to reputation management can be invaluable in an age where public perception can impact an organization\'s success. Stakeholder engagement: Sharing information about your organization can also enhance stakeholder engagement, including customers, employees, and shareholders. When people feel that an organization is open and honest about its practices, they are more likely to engage positively with it. Competitive advantage: Self-doxxing can also provide a competitive edge. By openly sharing your organization\'s strengths, innovations, and accomplishments, you can demonstrate industry leadership and attract talent, partners, and customers who align with your values and goals. Regulatory compliance: In many industries, regulatory compliance requ | Tool Vulnerability | ★★★ | |
 |
2024-01-22 05:10:56 | Outils de sécurité cloud essentiels pour les devsecops efficaces Essential Cloud Security Tools for Effective DevSecOps (lien direct) |
La mise en œuvre d'une approche DevSecops est le facteur clé le plus impactant dans le coût total d'une violation de données.Les DevseCops réussis dans un monde natif du cloud sont aidés par les bons outils.Voici une poignée des outils de sécurité du cloud les plus essentiels et ce qu'il faut rechercher pour aider DevseCops.
Top outil de sécurité du cloud essentiel pour DevSecops: analyse de composition logicielle
L'analyse de la composition logicielle (SCA) est le pain et le beurre des outils de sécurité du cloud pour des Devsecops efficaces et la sécurisation de la chaîne d'approvisionnement des logiciels.
Pourquoi cela compte: les logiciels open source (OSS) sont pratiques, mais il est livré avec quelques captures.Il y a des vulnérabilités, des mises à jour manquées et un risque de licence pour s'inquiéter.C'est là où SCA entre en jeu.
SCA adopte une approche proactive pour trouver ces risques tôt.Quelques choses que vous souhaitez rechercher lorsque vous choisissez le bon outil SCA pour vous:
Contrôle continu
Rapports et analyses avec référence par les pairs
Guide de remédiation et suggestions
Dépendance…
Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps. Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the software supply chain. Why it matters: open-source software (OSS) is handy, but it comes with a few catches. There are vulnerabilities, missed updates, and license risk to be worried about. That\'s where SCA comes in. SCA takes a proactive approach to finding these risks early. A few things you want to look out for when picking the right SCA tool for you: Continuous Monitoring Reporting & Analytics with Peer Benchmarking Remediation Guidance & Fix Suggestions Dependency… |
Data Breach Tool Vulnerability Cloud | ★★★ | |
|
2024-01-22 04:25:00 | Résoudre les principaux erreurs de sécurité: ce que vous devez savoir Resolving Top Security Misconfigurations: What you need to know (lien direct) |
L'un des facteurs les plus courants pouvant conduire à des incidents de cybersécurité est une mauvaise configuration de la sécurité dans les logiciels ou les paramètres d'application.Les paramètres par défaut qui accompagnent la mise en œuvre de ces outils et solutions ne sont souvent pas configurés en toute sécurité, et de nombreuses organisations n'investissent pas le temps et les ressources pour s'assurer qu'elles le sont.Plusieurs organisations réglementaires ont établi des normes pour éviter les erreurs de sécurité de sécurité afin de prévenir les cyberattaques et les infractions à la sécurité accidentelle, de maintenir la conformité aux réglementations et de renforcer la cybersécurité globale ...
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established standards for avoiding security misconfigurations in order to prevent cyberattacks and accidental security breaches, maintain compliance with regulations, and strengthen the overall cybersecurity... |
Tool | ★★★ | |
|
2024-01-19 21:30:00 | L'acteur de ransomware utilise TeamViewer pour obtenir un accès initial aux réseaux Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks (lien direct) |
Les attaquants ont de plus en plus exploité l'outil d'accès à distance largement utilisé, installé sur des centaines de millions de points de terminaison, pour pénétrer dans les environnements des victimes.
Attackers have increasingly leveraged the widely used remote access tool, installed on hundreds of millions of endpoints, to break into victim environments. |
Ransomware Tool | ★★★ | |
|
2024-01-19 19:46:00 | Les vulnérabilités ivanti sont largement exploitées, dit CISA dans la directive d'urgence Ivanti vulnerabilities are being exploited widely, CISA says in emergency directive (lien direct) |
Les agences civiles du gouvernement américain sont condamnées à réparer immédiatement deux vulnérabilités affectant un outil populaire de la société informatique Ivanti après que le meilleur chien de garde de la cybersécurité de la nation \\ a mis en garde contre une exploitation généralisée.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a sonné l'alarme vendredi à propos de CVE-2023-46805 et CVE-2024-21887 - Deux bogues affectant la politique d'Ivanti Secu
Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation\'s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 - two bugs affecting Ivanti Policy Secure |
Tool Vulnerability | ★★ | |
|
2024-01-19 14:28:42 | Waterfall Security fait ses débuts en cascade centrale pour améliorer la surveillance des passerelles de sécurité unidirectionnelles Waterfall Security debuts Waterfall Central to enhance monitoring of unidirectional security gateways (lien direct) |
> OT Sécurité Vendor Waterfall Security Solutions a lancé jeudi sa cascade Central, un outil basé sur un navigateur conçu pour améliorer le ...
>OT security vendor Waterfall Security Solutions launched Thursday its Waterfall Central, a browser-based tool designed to enhance the... |
Tool Industrial | ★★★ | |
|
2024-01-19 09:30:00 | La première étape pour sécuriser les outils AI / ML est de les localiser First Step in Securing AI/ML Tools Is Locating Them (lien direct) |
Les équipes de sécurité doivent commencer à prendre en compte ces outils lorsque vous réfléchissez à la chaîne d'approvisionnement des logiciels.Après tout, ils ne peuvent pas protéger ce qu'ils ne savent pas.
Security teams need to start factoring for these tools when thinking about the software supply chain. After all, they can\'t protect what they don\'t know they have. |
Tool | ★★★ | |
 |
2024-01-18 18:17:07 | 4 Major Falcon Logscale NE NEXT-GEN MISES À JOUR SIEM qui accélèrent 4 Major Falcon LogScale Next-Gen SIEM Updates That Accelerate Time-to-Insights (lien direct) |
Pour déverrouiller la vitesse et l'évolutivité de Crowdsstrike Falcon & Reg;LOGSCALE NEXT-GEN SIEM, vous devez d'abord apporter vos données dans la solution puissante et native du cloud.Et avec les sources de journal multipliant et les volumes de données en flèche, vous avez besoin d'un moyen facile de collecter, d'analyser et d'enrichir vos données.L'intégration des données peut être complexe et longue dans les outils SIEM traditionnels.[& # 8230;]
To unlock the speed and scalability of CrowdStrike Falcon® LogScale next-gen SIEM, you must first bring your data into the powerful, cloud-native solution. And with log sources multiplying and data volumes skyrocketing, you need an easy way to collect, parse and enrich your data. Data onboarding can be complex and time-consuming in traditional SIEM tools. […] |
Tool | ★★ | |
|
2024-01-18 17:51:52 | Annonce de Veracode Scan: un plugin unifié Sast et SCA IDE Announcing Veracode Scan: A Unified SAST and SCA IDE Plugin (lien direct) |
Veracode est heureux d'annoncer la disponibilité d'une nouvelle numérisation de plugin-veracode de l'environnement de développement intégré (IDE).Le scan Veracode combine à la fois l'analyse statique Veracode (SAST) et l'analyse de composition logicielle (SCA) en un seul plugin.Cela permet aux développeurs de scanner rapidement des projets pour les faiblesses et les risques de sécurité dans les bibliothèques de code et de tiers.
Les avantages d'un plugin combiné et SCA
La numérisation des projets avec SCA et Sast est importante pour s'assurer que le code et les bibliothèques sont aussi sûrs que possible.La mise à disposition de ces outils dans l'IDE dans un seul plugin rend les vérifications de sécurité à la fois plus rapides et plus faciles à effectuer.Le code de numérisation au début du processus de développement de logiciels réduit à la fois le coût des défauts de réparation et les chances de défauts de la production.
Comment fonctionne le scan veracode
Le scan veracode s'occupe de l'emballage et de l'envoi d'artefacts au scanner statique Veracode, puis renvoie les résultats des analyses…
Veracode is pleased to announce the availability of a new Integrated Development Environment (IDE) Plugin-Veracode Scan. Veracode Scan combines both Veracode Static Analysis (SAST) and Software Composition Analysis (SCA) into a single plugin. This allows developers to quickly scan projects for security weaknesses and risks in both first-party code and third-party libraries. The Benefits of a Combined SAST and SCA Plugin Scanning projects with SCA and SAST is important to make sure that both the code and libraries are as safe as possible. Making these tools available natively in the IDE in a single plugin makes performing security checks both faster and easier to perform. Scanning code early in the software development process reduces both the cost of remediating flaws and the chances of flaws making it into production. How Veracode Scan Works Veracode Scan takes care of packaging and sending of artifacts to the Veracode static scanner, and then returns the results of scans… |
Tool | ★★★ | |
 |
2024-01-18 13:47:14 | Département de l'énergie à investir 30 millions de dollars dans des solutions de cybersécurité à l'énergie propre Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions (lien direct) |
> Les organisations peuvent gagner jusqu'à 3 millions de dollars en financement fédéral pour les cyber outils qui garantissent l'infrastructure d'énergie propre.
>Organizations can earn up to $3 million in federal funding for cyber tools securing the clean energy infrastructure. |
Tool | ★★★ | |
 |
2024-01-18 12:00:45 | Les logiciels malveillants exploitent 9HIT Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (lien direct) |
> Par deeba ahmed
9Hits, double coup: malware imite l'outil Web pour exploiter la crypto, générer un faux trafic de site Web.
Ceci est un article de HackRead.com Lire le post original: Les logiciels malveillants exploitent 9HITS, transforment les serveurs Docker en mineurs de cryptographie boostés du trafic
>By Deeba Ahmed 9Hits, Double Hit: Malware Mimics Web Tool to Mine Crypto, Generate Fake Website Traffic. This is a post from HackRead.com Read the original post: Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners |
Malware Tool | ★★ | |
|
2024-01-18 11:00:00 | Quatre tendances de cybersécurité que vous devriez connaître pour 2024 Four cybersecurity trends you should know for 2024 (lien direct) |
This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur | Tool Threat Prediction | ★★★ | |
|
2024-01-18 09:00:00 | Google: les pirates de FSB russes déploient de nouveaux logiciels malveillants SPICA Backdoor Google: Russian FSB hackers deploy new Spica backdoor malware (lien direct) |
Google dit que le groupe de piratage à dos russe Coldriver pousse des logiciels malveillants de porte dérobée auparavant inconnus en utilisant des charges utiles se faisant passer pour un outil de décryptage PDF.[...]
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. [...] |
Malware Tool | ★★ | |
|
2024-01-18 05:00:52 | Mémoire de sécurité: TA866 revient avec une grande campagne de messagerie Security Brief: TA866 Returns with a Large Email Campaign (lien direct) |
What happened Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_[10 digits].pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset. Screenshot of an email with an attached PDF. If the user clicked on the OneDrive URL inside the PDF, they were: Served a JavaScript file hosted on OneDrive. The JavaScript, if run by the user, downloaded and ran an MSI file. The MSI file executed an embedded WasabiSeed VBS script. The WasabiSeed VBS script then downloaded and executed a second MSI file as well as continued polling for additional payloads in a loop. The additional payloads are currently unknown. Finally, the second MSI file contained components of the Screenshotter screenshot utility which took a screenshot of the desktop and sent it the C2. Attack chain summary: Email > PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.) One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body. Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability). Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”. Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server. Attribution There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers. Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated. Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors. Why it matters The following are notable characteristics of TA866\'s return to email threat data: TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile | Spam Malware Tool Threat | ★★ | |
|
2024-01-17 19:33:02 | L'outil Ishutdown de Kaspersky \\ détecte les logiciels espions Pegasus sur les appareils iOS Kaspersky\\'s iShutdown Tool Detects Pegasus Spyware on iOS Devices (lien direct) |
par waqas
Kaspersky a récemment lancé un outil appelé Ishutdown, conçu non seulement pour détecter le logiciel spymétrique de Pegasus notoire, mais aussi pour identifier d'autres menaces de logiciels malveillants sur les appareils iOS.
Ceci est un article de HackRead.com Lire la publication originale: L'outil Ishutdown de Kaspersky détecte les logiciels espions Pegasus sur les appareils iOS
By Waqas Kaspersky has recently launched a tool called iShutdown, designed not only to detect the notorious Pegasus spyware but also to identify other malware threats on iOS devices. This is a post from HackRead.com Read the original post: Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices |
Malware Tool | ★★★ | |
|
2024-01-17 18:38:30 | DOE annonce un financement de 30 millions de dollars pour les outils de cybersécurité pour protéger les infrastructures d'énergie propre DOE announces $30 million funding for cybersecurity tools to protect clean energy infrastructure (lien direct) |
Le Bureau de la cybersécurité, de la sécurité énergétique et des interventions d'urgence (CESER) au sein du département américain de l'énergie (DOE) a ...
The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) within the U.S. Department of Energy (DOE) has... |
Tool Industrial | ★★★★ | |
 |
2024-01-17 08:19:01 | Gestion du travail collaboratif : l\'opportunisme guide l\'adoption (lien direct) | Le Magic Quadrant des outils de gestion du travail collaboratif dénote une tendance aux déploiements " tactiques ". Quels fournisseurs s'y distinguent ? | Tool Commercial | ★★★ | |
|
2024-01-17 06:00:02 | Comment mettre en place un programme de gestion des menaces d'initié et de prévention des pertes de données How to Set Up an Insider Threat Management and Data Loss Prevention Program (lien direct) |
This blog post is adapted from our e-book, Getting Started with DLP and ITM. The last few years have brought unprecedented change. An increasingly distributed workforce, access to more data through more channels and a shift to the cloud have transformed the nature of work. These trends have made protecting sensitive data more complicated and demanding. What\'s clear is that organizations are struggling to rise to the challenge. Between 2020 and 2022, insider threats increased by a staggering 44%. And the costs of addressing them increased 34%-from $11.45 million to $15.38 million. This upswing mainly comes down to two factors. For starters, most security teams have little visibility into people-caused data loss and insider-led security incidents. And few have the tools or resources to handle it. That\'s why Gartner sees platforms for data loss prevention and insider threat management (DLP and ITM) increasingly converging. Businesses need tools and processes that give them holistic, contextualized insights that take user behavior into account. It\'s no longer enough to focus on data-and where it\'s moving. To prevent data loss, industry leaders need to take a people-centric approach that expands beyond traditional drivers like compliance. In this blog post, we\'ll explore some basics for designing an ITM and DLP program. This can help you approach information protection in a way that\'s built for how modern organizations work. Why information protection is so challenging Risks are everywhere in today\'s complex landscape. Here are a few changes making it difficult for companies to protect their data. More data is open to exposure and theft. As businesses go digital, more data is being generated than ever before. According to IDC\'s Worldwide Global DataSphere Forecast, the total amount of data generated data will double from 2022 to 2026. That means malicious insiders will have more access to more sensitive data through more channels. It will also be easier for careless users to expose data inadvertently. Plus, any security gap between channels, any misconfiguration or any accidental sharing of files can give external attackers more opportunities to steal data. New data types are hard to detect. Data isn\'t just growing in volume. It\'s also becoming more diverse, which makes it harder to detect and control. With traditional DLP program tools, data typically fits within very tightly defined data patterns (such as payment card number). But even then, it generates too many false positives. Now, key business data is more diverse and can be graphical, tabular or even source code. The network security perimeter no longer exists. With more employees and contractors working remotely, the security perimeter has shifted from brick and mortar to one based on people. Add to the mix bring-your-own-device (BYOD) practices, where the personal and professional tend to get blurred, and security teams have even more risks to contend with. In a survey for the 2023 State of the Phish report from Proofpoint, 72% of respondents said they use one or more of their personal devices for work. Employee churn is high. Tech industry layoffs in 2022 and 2023 have seen many employees leaving and joining businesses at a rapid rate. The result is greater risk of data exfiltration, infiltration and sabotage. Security leaders know it, too-39% of chief information security officers rated improving information protection as the top priority over the next two years. Security talent is in short supply. A lack of talent has left many security teams under-resourced. And the situation is likely to get worse. In 2023, the cybersecurity workforce gap hit an all-time high-there are 4 million more jobs than there are skilled workers. DLP vs. ITM What\'s the difference between DLP and ITM? Both DLP and ITM work to prevent data loss. But they achieve it in different ways. DLP tracks data movement and exfiltration DLP monitors file activity and scans content to see whether users are handling sen | Tool Threat Cloud Technical | ★★ | |
 |
2024-01-16 16:30:00 | Un nouvel outil identifie Pegasus et d'autres logiciels espions iOS New Tool Identifies Pegasus and Other iOS Spyware (lien direct) |
Les experts de Kaspersky ont développé l'outil après avoir analysé Shutdown.log, un fichier de conservation des informations de redémarrage
Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information |
Tool | ★★★ | |
|
2024-01-16 12:16:39 | Mise en œuvre de l'IA: équilibrer les objectifs commerciaux et les exigences de sécurité Implementing AI: Balancing Business Objectives and Security Requirements (lien direct) |
L'intelligence artificielle (IA) et l'apprentissage automatique sont devenus des outils intégrés pour les organisations dans diverses industries.Cependant, l'adoption réussie de ces technologies nécessite un équilibre minutieux entre les objectifs commerciaux et les exigences de sécurité.Je me suis assis avec Glenn Schmitz, le directeur de la sécurité de l'information du Département de la santé comportementale et des services de développement en Virginie, alors qu'il partageait des informations précieuses sur la mise en œuvre de l'IA tout en garantissant la sécurité, la sécurité et les considérations éthiques.Voici quelques-uns des principaux plats à retenir.
Comprendre les objectifs commerciaux et les exigences de sécurité commence par les fondamentaux
Lorsque Schmitz a rejoint l'organisation, il a reconnu la nécessité de comprendre le niveau global de maturité de la sécurité.En alignant les objectifs de l'entreprise sur les exigences de sécurité, il visait à permettre à l'entreprise d'atteindre ses objectifs de manière sûre et sécurisée.
Schmitz a partagé: "J'ai commencé à un niveau très fondamental. La sécurité est là pour protéger l'entreprise et…
Artificial Intelligence (AI) and machine learning have become integral tools for organizations across various industries. However, the successful adoption of these technologies requires a careful balance between business objectives and security requirements. I sat down with Glenn Schmitz, the Chief Information Security Officer of the Department of Behavioral Health and Developmental Services in Virginia, as he shared valuable insights on implementing AI while ensuring safety, security, and ethical considerations. Here are some of the key takeaways. Understanding Business Objectives and Security Requirements Starts with Fundamentals When Schmitz joined the organization, he recognized the need to understand the overall security maturity level. By aligning business objectives with security requirements, he aimed to enable the business to achieve its goals in a safe and secure manner. Schmitz shared: "I started at a very fundamental level. Security is here to protect the business and… |
Tool | ★★ | |
|
2024-01-16 11:14:05 | ChatGPT : OpenAI prépare des outils contre la désinformation électorale (lien direct) | Alors que 2024 sera une année d'élections majeures, notamment aux Etats-Unis ; OpenAI annonce le lancement de nouveaux outils pour prévenir les manipulations à des fins politiques provenant de ChatGPT et DALL-E. | Tool | ChatGPT | ★★★ |
|
2024-01-16 11:00:00 | Prédictions inhabituelles et stimulantes pour la cybersécurité en 2024 Unusual, thought-provoking predictions for cybersecurity in 2024 (lien direct) |
This is part one of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b | Tool Mobile Prediction Cloud Technical | ★★★ | |
|
2024-01-16 10:36:36 | Les outils de décryptage gratuits de Kaspersky ont été téléchargés 360 000 fois, aidant les victimes de ransomware à récupérer leurs données (lien direct) | >Les outils de déchiffrement de Kaspersky, développés dans le cadre de l’initiative No More Ransom et disponibles sur le portail dédié No Ransom, ont été téléchargés plus de 360 000 fois. Ces outils gratuits permettent aux victimes de ransomware de récupérer leurs données de manière rapide et efficace, soulignant l’importance des efforts de collaboration en […] The post Les outils de décryptage gratuits de Kaspersky ont été téléchargés 360 000 fois, aidant les victimes de ransomware à récupérer leurs données first appeared on UnderNews. | Ransomware Tool | ★★★ | |
|
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Malware Tool Threat Cloud | ★★ | |
 |
2024-01-15 23:35:41 | Ivanti Connect Secure VPN Exploitation devient global Ivanti Connect Secure VPN Exploitation Goes Global (lien direct) |
> Important: si votre organisation utilise Ivanti Connect Secure VPN et que vous n'avez pas appliqué l'atténuation, alors faites-le immédiatement!Les organisations doivent immédiatement examiner les résultats de l'outil de vérification d'intégrité intégré pour les entrées de journal indiquant des fichiers incompatibles ou nouveaux.À partir de la version 9.12, Ivanti a commencé à fournir un outil de vérificateur d'intégrité intégré qui peut être exécuté en tant que numérisation périodique ou planifiée.La volexité a observé qu'il a réussi à détecter les compromis décrits dans ce poste dans les organisations touchées.La semaine dernière, Ivanti a également publié une version mise à jour de l'outil de damier d'intégrité externe qui peut être utilisé pour vérifier et vérifier les systèmes.Le 10 janvier 2024, la volexité a partagé publiquement les détails des attaques ciblées par UTA00178 exploitant deux vulnérabilités de deux jours zéro (CVE-2024-21887 et CVE-2023-46805) dans les appareils VPN Ivanti Secure (ICS).Le même jour, Ivanti a publié une atténuation qui pourrait être appliquée aux appareils VPN ICS pour empêcher l'exploitation de ces [& # 8230;]
>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […] |
Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-01-15 16:30:00 | L'outil basé sur Python FBOT perturbe la sécurité du cloud Python-Based Tool FBot Disrupts Cloud Security (lien direct) |
Découvert par l'équipe Sentinelabs, FBOT cible les serveurs Web, les services cloud et les plateformes SaaS
Discovered by the SentinelLabs team, FBot targets web servers, cloud services and SaaS platforms |
Tool Cloud | ★★ | |
|
2024-01-15 13:59:00 | Watchdog de la vie privée du Royaume-Uni pour examiner la pratique du grattage Web pour obtenir des données de formation pour l'IA UK privacy watchdog to examine practice of web scraping to get training data for AI (lien direct) |
Le régulateur de protection des données de la Grande-Bretagne, le bureau du commissaire à l'information (ICO), examine la légalité du grattage Web pour collecter des données pour former des modèles d'IA génératifs.Il a annoncé lundi le Première consultation Dans une série se concentrant sur les modèles d'IA génératifs - les outils qui créent du texte ou des images basées sur une invite après avoir été formé sur
Britain\'s data protection regulator, the Information Commissioner\'s Office (ICO), is scrutinizing the legality of web scraping to collect data to train generative AI models. It announced on Monday the first consultation in a series focusing on generative AI models - the tools that create text or images based on a prompt after being trained on |
Tool | ★★★ | |
 |
2024-01-12 19:55:57 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
#### Description
FBOT est un outil de piratage basé sur Python distinct des autres familles de logiciels malveillants cloud, ciblant les serveurs Web, les services cloud et les plateformes SaaS comme AWS, Office365, PayPal, SendGrid et Twilio.Les caractéristiques clés incluent la récolte des informations d'identification pour les attaques de spam, les outils de détournement de compte AWS et les fonctions pour permettre des attaques contre PayPal et divers comptes SaaS.
FBOT possède plusieurs fonctionnalités qui ciblent les services de paiement ainsi que les configurations SaaS.La fonction Validator PayPal valide l'état du compte PayPal en contactant une URL codée en dur avec une adresse e-mail lue à partir d'une liste de saisies.L'e-mail est ajouté à la demande de la section Détails du client pour valider si une adresse e-mail est associée à un compte PayPal.
#### URL de référence (s)
1. https://www.sentinelone.com/labs/exploring-fbot-python-basked-malware-targeting-cloud-and-payment-services/
#### Date de publication
11 janvier 2024
#### Auteurs)
Alex Delamotte
#### Description FBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts. FBot has several features that target payment services as well as SaaS configurations. The PayPal Validator feature validates PayPal account status by contacting a hardcoded URL with an email address read from an input list. The email is added to the request in the customer details section to validate whether an email address is associated with a PayPal account. #### Reference URL(s) 1. https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/ #### Publication Date January 11, 2024 #### Author(s) Alex Delamotte |
Malware Tool Cloud | ★★ | |
 |
2024-01-12 13:16:14 | Sentinellabs: Exploration de FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement SentinelLabs: Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Explorer FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement
La scène des outils de piratage cloud est très liée, avec de nombreux outils qui se fondent sur le code de l'autre.Cela est particulièrement vrai pour les familles de logiciels malveillants comme Alienfox, Greenbot, Legion et Predator, qui partagent le code à partir d'un module de crampons des informations d'identification appelée AndroxGH0st.
-
mise à jour malveillant
Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services The cloud hack tool scene is highly intertwined, with many tools relying on one another\'s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential-scraping module called Androxgh0st. - Malware Update |
Malware Hack Tool Cloud | ★★★ | |
|
2024-01-12 06:00:17 | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? (lien direct) |
When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you | Malware Tool Vulnerability Threat | ★★ | |
|
2024-01-11 20:30:00 | La FCC presse les constructeurs automobiles, les fournisseurs sans fil pour protéger les survivants de la violence domestique contre les outils de traque FCC presses carmakers, wireless providers to protect domestic abuse survivors from stalking tools (lien direct) |
La Federal Communications Commission (FCC) exhorte les constructeurs automobiles et les prestataires sans fil à faire plus pour protéger les survivants de la violence domestique contre les outils de traque rendus les voitures connectées et la demande des détails de leurs pratiques de partage de données de localisation.Les voitures connectées sont maintenant chargées de capteurs et d'autres outils qui permettent le suivi de la géolocalisation en temps réel.A Rapport récent de Reuters révélé
The Federal Communications Commission (FCC) is urging automakers and wireless providers to do more to protect domestic abuse survivors from stalking tools enabled by connected cars and requesting the details of their location data-sharing practices. Connected cars are now loaded with sensors and other tools which allow real-time geolocation tracking. A recent Reuters report revealed |
Tool | ★★★ | |
 |
2024-01-11 19:30:00 | La nouvelle boîte à outils FBOT de piratage FBOT basée sur Python vise les plates-formes Cloud et SaaS New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms (lien direct) |
Un nouvel outil de piratage basé sur Python appelé & nbsp; fbot & nbsp; a été découvert de ciblage des serveurs Web, des services cloud, des systèmes de gestion de contenu (CMS) et des plateformes SaaS telles que Amazon Web Services (AWS), Microsoft 365, PayPal, SendGrid et Twilio.
«Les caractéristiques clés incluent la récolte des informations d'identification pour les attaques de spam, les outils de détournement de compte AWS et les fonctions pour permettre des attaques contre PayPal et divers
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various |
Tool Cloud | ★★★ | |
 |
2024-01-11 14:18:14 | MiraclePtr: protéger les utilisateurs contre les vulnérabilités sans utilisation sans plateformes MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms (lien direct) |
Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team
Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.
More platforms
We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes:
In June 2022, we enabled MiraclePtr for the browser process on Windows and Android.
In September 2022, we expanded its coverage to include all processes except renderer processes.
In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux.
Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level!
Evaluating Security Impact
First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness.
Bug reports
Chrome vulnerability reports come from various sources, such as:
Chrome Vulnerability Reward Program participants,
our fuzzing infrastructure,
internal and external teams investigating security incidents.
For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria.
What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues.
Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever |
Tool Vulnerability Threat Mobile | ★★★ | |
 |
2024-01-11 13:55:59 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Les acteurs de la menace des armes FBOT avec un outil d'attaque multifonction conçu pour détourner le cloud, le SaaS et les services Web.
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services. |
Malware Tool Threat Cloud | ★★ | |
|
2024-01-11 11:00:00 | Histoires du Soc: Blackcat sur le prouvoir Stories from the SOC: BlackCat on the prowl (lien direct) |
This blog was co-authored with Josue Gomez and Ofer Caspi.
Executive summary
BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries. This blog will cover a recent incident impacting one of the AT&T Managed Detection and Response (MDR) Security Operations Center SOC’s customers and discuss how in partnering with AT&T Alien Labs, the MDR SOC was able to detect and remediate the incident.
Building the investigation
On September 14th, 2023, the AT&T MDR SOC received multiple alarms indicating that lateral movement was occurring for one of our clients. The alarm detections were generated after activity in SentinelOne for multiple users attempting to perform network traversing through the clients’ environment.
Figure 1. Alarm Detection
The AT&T SOC immediately generated an investigation that included a call to the client to notify them of the activity as well as escalate the detection to the AT&T MDR Incident Response (IR) Team and the client\'s dedicated Threat Hunter. The IR team and Threat Hunter began the engagement by creating a timeline and searching through SentinelOne Deep Visibility tool. Within its events, they found a user was successfully logged into the client’s internal network on multiple endpoints using lsass.exe.. Additionally, multiple files were logged as being encrypted, which resulted in the team designating the incident a ransomware attack.
Figure 2. Lsass Activity in SentinelOne
During the review of the lsass.exe activity, a specific file was located with a suspicious process tree. A command line was recorded with the file execution that included an internal IP address and the user ADMIN$. The activity from the suspicious file prompted an immediate blocklist for the SHA 1 file hash to ensure that the file was unable to be executed within the client’s environment. Following the block of the file hash, multiple detections from SentinelOne populated, indicating that the file was successfully killed and quarantined and that the client’s devices were protected.
Figure 3. File execution command line
After initiating the blocklist, the Threat Hunter utilized the SentinelOne “file fetch” feature, which enabled them to download the malicious file and save a copy locally. The AT&T SOC then worked with the AT&T Alien Labs team to perform a deeper analysis of the file in order to more understand the true nature of the ransomware attack.
Technical analyses
As previously mentioned, BlackCat ransomware is developed in the Rust programming language, providing the attacker with the versatility to compile and run it on both Windows and Linux operating systems.The ransomware e |
Ransomware Malware Tool Threat | ★★★ |
To see everything:
Our RSS (filtrered)
