What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-28 19:24:07 | TCPView v4.0 Released, (Sun, Mar 28th) (lien direct) | TCPView is a Sysinternals&#;x26;#;39; tool that displays information about the TCP and UDP endpoints on a system. It&#;x26;#;39;s like netstat, but with a GUI. | Tool | ||
 |
2021-03-28 09:53:41 | Security Affairs newsletter Round 307 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. CISA releases CHIRP, a tool to detect SolarWinds malicious activity Microsoft Defender can now protect servers against ProxyLogon […] | Tool | ||
 |
2021-03-26 13:00:37 | Amazon\'s new machine learning tool will help businesses spot flagging KPIs (lien direct) | Lookout for Metrics is a fully-managed machine learning tool for monitoring business metrics and tackling dips in business performance. | Tool | ||
|
2021-03-26 08:17:18 | FBI published a flash alert on Mamba Ransomware attacks (lien direct) | The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives. […] | Ransomware Tool | ||
 |
2021-03-25 22:15:12 | CVE-2021-27372 (lien direct) | Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | Tool | ||
 |
2021-03-25 22:07:54 | Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (lien direct) | IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via |
Tool | ||
|
2021-03-25 19:15:14 | CVE-2021-26597 (lien direct) | An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | Tool | ||
 |
2021-03-25 15:36:05 | Mamba Ransomware Leverages DiskCryptor for Encryption, FBI Warns (lien direct) | The Federal Bureau of Investigation (FBI) this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system. | Ransomware Tool | ||
 |
2021-03-24 15:19:38 | Comprehensive Guide to AutoRecon (lien direct) | The AutoRecon tool is designed as a network reconnaissance tool. It is a multi-threaded tool that performs automated enumeration of services. The purpose of this tool is to save time while cracking CTFs and other penetration testing environments or exams. It is useful in real-world engagements as well. Table of | Tool | ||
 |
2021-03-23 14:00:00 | Anomali Cyber Watch: APT, Malware, Vulnerabilities and More. (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackRock, CopperStealer, Go, Lazarus, Mirai, Mustang Panda, Rust, Tax Season, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Bogus Android Clubhouse App Drops Credential-Swiping Malware
(published: March 19, 2021)
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. The app is only available on Apple's App Store mobile application marketplace - though plans are in the works to develop one.
Analyst Comment: Use only the official stores to download apps to your devices. Be wary of what kinds of permissions you grant to applications. Before downloading an app, do some research.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105
Tags: LokiBot, BlackRock, Banking, Android, Clubhouse
Trojanized Xcode Project Slips XcodeSpy Malware to Apple Developers
(published: March 18, 2021)
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. The malicious project is a ripped version of TabBarInteraction, a legitimate project that has not been compromised. Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors.
Analyst Comment: Researchers attribute this new targeting of Apple developers to North Korea and Lazarus group: similar TTPs of compromising developer supply chain were discovered in January 2021 when North Korean APT was using a malicious Visual Studio project. Moreover, one of the victims of XcodeSpy is a Japanese organization regularly targeted by North Korea. A behavioral detection solution is required to fully detect the presence of XcodeSpy payloads.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] Security Software Discovery - T1063 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: Lazarus, XcodeSpy, North Korea, EggShell, Xcode, Apple
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
(published: March 18, 2021)
Cybereason detected a new campaig |
Ransomware Malware Tool Threat Patching Medical | APT 38 APT 28 | |
 |
2021-03-23 13:00:00 | \'Browser Isolation\' Takes On Entrenched Web Threats (lien direct) | Cloudflare says it's possible to build a version of the notoriously slow and buggy tool without compromising on speed. | Tool | ||
|
2021-03-22 15:27:16 | Linux 101: How to create symbolic links in Linux (lien direct) | Symbolic links are a very important admin tool to use in Linux. Jack Wallen tells you why and how to create such links with ease. | Tool | ||
|
2021-03-21 14:47:05 | CISA releases CHIRP, a tool to detect SolarWinds malicious activity (lien direct) | US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based tool, that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows environments. Below […] | Tool | ||
 |
2021-03-20 23:52:47 | Deconstructing that $69million NFT (lien direct) | "NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Specifically, I deconstruct that huge purchase and show what actually was exchanged, down to the raw code. (The answer: almost nothing).The reason for this post is that every other description of NFTs describe what they pretend to be. In this blogpost, I drill down on what they actually are.Note that this example is about "NFT artwork", the thing that's been in the news. There are other uses of NFTs, which work very differently than what's shown here.tl;drI have long bit of text explaining things. Here is the short form that allows you to drill down to the individual pieces.Beeple created a piece of art in a fileHe created a hash that uniquely, and unhackably, identified that fileHe created a metadata file that included the hash to the artworkHe created a hash to the metadata fileHe uploaded both files (metadata and artwork) to the IPFS darknet decentralized file sharing serviceHe created, or minted a token governed by the MakersTokenV2 smart contract on the Ethereum blockchainChristies created an auction for this tokenThe auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.Beeple transferred the token to the winner, who transferred it again to this final Metakovan accountEach of the link above allows you to drill down to exactly what's happening on the blockchain. The rest of this post discusses things in long form.Why do I care?Well, you don't. It makes you feel stupid that you haven't heard about it, when everyone is suddenly talking about it as if it's been a thing for a long time. But the reality, they didn't know what it was a month ago, either. Here is the Google Trends graph to prove this point -- interest has only exploded in the last couple months: The same applies to me. I've been aware of them (since the CryptoKitties craze from a couple years ago) but haven't invested time reading source code until now. Much of this blogpost is written as notes as I discover for myself exactly what was purchased fo |
Tool Guideline | ||
|
2021-03-19 21:15:12 | CVE-2021-21267 (lien direct) | Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. | Tool | ||
 |
2021-03-18 15:56:17 | CISA releases new SolarWinds malicious activity detection tool (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. [...] | Tool | ||
|
2021-03-18 12:57:13 | WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS (lien direct) | Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but in a selective way Throughout my life, my daily job has been purely related to cybersecurity. But the branch I like the most is Incident Response and Forensics. So, I work as DFIRer. For many […] | Tool | ||
 |
2021-03-18 10:00:00 | Enterprise-Grade Mobility takes another step forward with new mobile security offers (lien direct) |
Companies and organizations of all sizes need mobile technology built for the rigors of business—it’s a must for businesses seeking to stay competitive. Enterprise-grade mobility offers additional business options, features, and services, helping companies perform functions beyond just enabling employees to work remotely. The right mobility solutions can significantly help increase productivity, reduce inefficiencies, improve Quality of Service (QoS), and manage compliance requirements— while enabling the same security protections on mobile devices as organization’s have on laptops and desktops to help protect critical business information.
With today’s highly sophisticated attacks, traditional security elements designed to protect the network infrastructure are not enough to fully protect this critical business information on mobile endpoints. AT&T understands the unique needs of mobile devices to both operate at their highest performance and be properly secured from these emerging threats. Because of this, AT&T is taking another step forward to provide our business customers with Enterprise-Grade mobile security, designed for businesses of any size.
AT&T wants to make mobile security an easy choice
Now, customers with AT&T Business Mobile Select - Pooled plans can add Lookout Mobile Endpoint Security (MES) Comprehensive for a greatly reduced price per device license per month! Businesses no longer need to make the choice between great security and great savings. This Lookout MES Comprehensive plan provides customers with industry leading mobile security at a deeply discounted price. Additionally, AT&T is bringing the Lookout MES Threats offer to customers at a price that helps make mobile security an easy decision for businesses. Both offers include Lookout’s installation and 24X7 support so customers can get up and running with ease. To learn more about these new offers, visit us at https://cybersecurity.att.com/products/lookout.
Enterprise-Grade mobile security
Truly, businesses of all sizes need to understand the importance of mobile security and how to best protect their mobile devices. And, in the ever-evolving threat landscape, businesses should not rely solely on the end-user to self-remediate threats. Rather, implement solutions that can enforce automated remediation through integration with a Mobile Device Management (MDM) solution or Unified Endpoint Management (UEM) tool while also providing real-time alerts to the end user who can immediately take action.
Furthermore, mobile security should also provide the ability to create custom policies and integrate into the business’s wholistic ecosystem. With AT&T, customers can get the right mobility solutions and mobile security solutions for their business.
Reach out to us today to learn more about how AT&T can help with both your Enterprise-Grade mobility and Enterprise-Grade security solutions.
 |
Tool Threat Guideline | ||
|
2021-03-18 05:01:00 | What is managed detection and response? (lien direct) | This article was written by an independent guest author. The last 12 months have seen massive upticks in the frequency, sophistication, and intensity of cyberattacks. This comes at a time when business operations have changed drastically with shifts to more cloud resource use in order to increase access, availability, productivity, and profits. The challenge for IT has become how to monitor the state of security of this complex mix of systems, platforms, applications, and environments while being able to quickly and effectively respond to detected potential or active threats. Organizations like yours have long realized their limitations around staffing and expertise to properly address this growing need within a security strategy, causing security service providers to fill the void with managed detection and response services. What is managed detection and response (MDR)? Managed Detection and Response (MDR) is a managed cybersecurity service that provides organizations with 24x7 active monitoring and intelligence-based detection of threats, helping to quickly respond and remediate detected threats. Outsourced teams of experienced security analysts augment your internal team and enhance your security solutions with threat intelligence that is designed to detect advanced threats on endpoints and the network. The analyts also work with your team to define processes and workflows to aid in investigation and remediation activities. In short, MDR provides your organization with a security operations center (SOC) and dedicated analysts working to ensure the security of your environment. Some MDR offerings also include threat hunting as part of the service. Where does the term MDR come from? MDR has evolved from Managed Security Service Providers (MSSPs), who historically have offered managing and monitoring of network security, but left the investigation and remediation activity to internal IT teams. This put the burden of identifying real threats and performing incident response actions back on the already overtaxed IT staff. One common challenge for internal IT teams is that no one is a cybersecurity expert; your team is made up of primarily generalists with some degree of specialty. When we’re talking about identifying and responding to a potential cyberattack, your organization needs an expert. Thus, MDR was born. MSSPs are more focused on security monitoring and alerting, so MDR takes this much farther by including detection, response, and threat hunting. While both typically utilize vulnerability scanning and Security Incident and Event Management (SIEM) functionality, MDR services use additional solutions that provide visibility all the way down to the endpoint to ensure a complete picture of any potentially malicious activity, as well as response orchestration to automate remediation. The MDR’s monitoring includes: 24x7 alarm monitoring by a SOC team The reliance upon state-of-the-art threat intelligence Security analyst review and validation of alarms to eliminate false positives and non-actionable alarms, as well as escalation of actionable alarms to a Tier 2 analyst Incident investigation and notification to internal IT teams Execution of response plans tasked to the SOC team The key benefits of MDR MDR provides organizations seeking to have continual security monitoring and response in place with a number of benefits over taking this on internally: SOC complexity is eliminated – it’s going to take a tremendous effort and budget to establish an internal SOC; in many cases quarters to get up and running. MDR services include the use of a world-class SOC that already exists, meeting the organizations SOC need. Rapid deployment – With a SOC already in place, deploying MDR services takes weeks instead of quarters. Access to security experts & | Tool Vulnerability Threat | ||
|
2021-03-17 23:59:55 | Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites (lien direct) | Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.
The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.
According to Wordfence |
Tool | ★★★★ | |
|
2021-03-17 20:56:27 | Data Breaches Tracker monitor unsecured ElasticSearch servers online (lien direct) | Cybersecurity research at WizCase, an online security and privacy portal, built a tool to track accessible ElasticSearch servers on the internet. Cybersecurity research at WizCase, an online security and privacy portal, developed a tool that allows track accessible ElasticSearch servers on the Internet. The tool scans the web for accessible ElasticSearch servers and displays different variables […] | Tool | ||
|
2021-03-17 18:03:00 | Anomali Cyber Watch: APT, Ransomware, Vulnerabilities and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, AlientBot, Clast82, China, DearCry, RedXOR, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google: This Spectre proof-of-concept shows how dangerous these attacks can be
(published: March 15, 2021)
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another. While the PoC demonstrates the JavaScript Spectre attack against Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U CPU on Linux, Google notes it can easily be tweaked for other CPUs, browser versions and operating systems.
Analyst Comment: As the density of microchip manufacturing continues to increase, side-channel attacks are likely to be found across many architectures and are difficult (and in some cases impossible) to remediate in software. The PoC of the practicality of performing such an attack using javascript emphasises that developers of both software and hardware be aware of these types of attacks and the means by which they can be used to invalidate existing security controls.
Tags: CVE-2017-5753
Threat Assessment: DearCry Ransomware
(published: March 12, 2021)
A new ransomware strain is being used by actors to attack unpatched Microsoft Exchange servers. Microsoft released patches for four vulnerabilities that are being exploited in the wild. The initial round of attacks included installation of web shells onto affected servers that could be used to infect additional computers. While the initial attack appears to have been done by sophisticated actors, the ease and publicity around these vulnerabilities has led to a diverse group of actors all attempting to compromise these servers.
Analyst Comment: Patch and asset management are a critical and often under-resourced aspect of defense in depth. As this particular set of vulnerabilities and attacks are against locally hosted Exchange servers, organization may want to assess whether a hosted solution may make sense from a risk standpoint
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] System Service Discovery - T1007 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | |
Ransomware Tool Vulnerability Threat Guideline | Wannacry APT 41 APT 34 | |
|
2021-03-16 17:02:56 | Using "Star Wars" as inspiration, hologram maker imagines new future for smartphones (lien direct) | IKIN's founder describes a 3D hologram tool that works without glasses or goggles and can even be seen in daylight and more. | Tool | ||
|
2021-03-16 13:00:03 | Security firm releases free Purple Knight tool to spot weaknesses in Active Directory (lien direct) | The AD report card scores the security of Group Policies, Kerberos security and AD infrastructure. | Tool | ||
 |
2021-03-16 10:45:23 | Automated Security Testing for Developers (lien direct) |  Today, more than ever before, development organizations are focusing their efforts on reducing the amount of time it takes to develop and deliver software applications. While this increase in velocity provides significant benefits for the end users and the business, it does complicate the process for testing and verifying the function and security of a release.
The days of long-running, waterfall-style development cycles, wherein security was manually evaluated and bolted on at the end, are gone for good. With the move towards an agile development methodology, security testing and remediation is inherently shifting to the left. And to support this, developers must adopt tools to automate security testing for easy vulnerability identification at the earliest point possible in the development lifecycle.
Below, we discuss the why and how of implementing an effective strategy for automated security testing within the development lifecycle.
Shifting security testing to the left
Through the use of automation, security testing can be executed earlier (or left) in the development pipeline. This is advantageous for a variety of reasons. For one, the earlier vulnerabilities are discovered, the less expensive they are to fix. If a security issue was introduced into the code early in the release cycle, it???s more likely that it???ll be resolved in minutes or hours. Whereas, a vulnerability discovered at the end of the release cycle could face complexity that increases the time required to remediate.
Moreover, earlier execution of security tests ensures that vulnerabilities pose less of a threat to the delivery schedule. When security tests are automated as part of the build and integration processes, there is less uncertainty as the release approaches the later stages of the development lifecycle. This reflects well on both development personnel and the organization as a whole.
Shifting security left can also help reduce security debt, which piles up over time and can only add to serious risk if left unchecked. Instead of leaving the prioritization and remediation of bugs and vulnerabilities until the very end, shifting security left encourages collaboration between security and development to tackle this issue and determine which security debt is acceptable, and which should be remediated ASAP, reducing lingering risk.
Automated security testing for developers
So with the intent being to automate and shift security testing to the earliest possible point in the development lifecycle, let???s analyze how this is done in practice.
What are we looking for when we test? What does automated security testing involve?
Automated security testing for applications is accomplished by scanning code for vulnerabilities. Static code analysis, for instance, scans a codebase while the application is not running. The code is evaluated against a set of policies to ensure that developer implementation is in compliance with the security standards set forth by the organization. Non-compliance with any standard would indicate a vulnerability. These vulnerabilities can include anything from failure to properly protect database calls from SQL injection, to non-compliance with PCI standards for processing, storing, and transmitting credit card information. Furthermore, automated security testing can be leveraged to validate the security of third-party libraries being used by the system.
Organizations that wish to shorten their development cycles and enable continuous delivery should uti |
Tool Vulnerability Threat | ★★★ | |
 |
2021-03-16 10:33:00 | Microsoft One-Click Tool Mitigates Exchange Server Attacks (lien direct) | Tool designed for customers without dedicated IT or cybersecurity resource | Tool | ||
 |
2021-03-16 08:41:26 | (Déjà vu) Microsoft releases one-click mitigation tool for Exchange Server hacks (lien direct) | Another tool is at the disposal of admins struggling to protect their systems. | Tool | ||
|
2021-03-16 08:27:36 | (Déjà vu) Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues (lien direct) | Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. The IT giant reported that at least one […] | Tool | ||
 |
2021-03-16 06:00:00 | (Déjà vu) Microsoft releases one-click ProxyLogon mitigation tool (lien direct) | Pas de details / No more details | Tool | ||
|
2021-03-16 00:22:56 | Microsoft Ships One-Click Mitigation Tool for Exchange Attacks (lien direct) | 
|
Tool | ||
|
2021-03-15 23:06:51 | Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks (lien direct) | Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks.
Called Exchange On-premises Mitigation Tool (EOMT), the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using |
Tool | ||
 |
2021-03-15 22:46:02 | One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 (lien direct) | We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated threats from the recent Exchange Server on-premises attacks. Based on these engagements we realized that there was a need for a simple, easy to use, automated solution that … One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 Read More " | Tool | ★★★★★ | |
|
2021-03-15 20:13:28 | Microsoft releases one-click Exchange On-Premises Mitigation Tool (lien direct) | Microsoft has released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to allow small business owners to easily mitigate the recently disclosed ProxyLogon vulnerabilities. [...] | Tool | ||
|
2021-03-15 19:15:13 | CVE-2021-23879 (lien direct) | Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | Tool Vulnerability | ||
|
2021-03-15 15:30:30 | How to use Bitwarden\'s new Send feature (lien direct) | What is probably the best open source password manager on the market has added a new feature that will make using the tool even better. | Tool | ★★★★★ | |
|
2021-03-15 13:30:00 | The UK Is Secretly Testing a Controversial Web Snooping Tool (lien direct) | The country passed its Investigatory Powers Act in 2016. Now, it's building what could be the most powerful data collection system used by any democratic nation. | Tool | ||
|
2021-03-12 20:36:00 | Dell closes the STEM gap with Girls Who Game (lien direct) | Gaming and Minecraft provide a learning tool for young girls as they develop global competencies, such as communication, collaboration, critical thinking and creativity. | Tool | ||
|
2021-03-11 21:33:36 | (Déjà vu) Expert publishes PoC exploit code for Microsoft Exchange flaws (lien direct) | This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant […] | Hack Tool | ||
|
2021-03-11 15:13:27 | A new Linux Foundation open source signing tool could make secure software supply chains universal (lien direct) | sigstore could eliminate the headaches associated with current software signing technology through public ledgers. | Tool | ★★★ | |
|
2021-03-11 07:15:12 | CVE-2021-28132 (lien direct) | LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI. | Tool | ★★★★★ | |
|
2021-03-08 17:32:03 | Opera Workspaces turn a chaotic browser into an effective and efficient tool (lien direct) | Opera has a feature that all browser power users will relish. Jack Wallen introduces you to Opera Workspaces, which will turn your otherwise chaotic browser workspace a thing of organized beauty. | Tool | ||
|
2021-03-08 16:22:00 | Git: A cheat sheet (lien direct) | Git is an easy to use open source tool for team collaboration, though developers primarily use it to manage source code. Get details about this Linus Torvalds-created version control system. | Tool | ||
|
2021-03-08 13:11:43 | (Déjà vu) Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs (lien direct) | Microsoft updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks. Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that […] | Tool | ||
|
2021-03-07 16:28:08 | Microsoft\'s MSERT tool now finds web shells from Exchange Server attacks (lien direct) | Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...] | Tool | ||
|
2021-03-06 16:50:08 | (Déjà vu) Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws (lien direct) | After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. In response to the […] | Tool | ★★★ | |
|
2021-03-06 15:32:00 | Check to see if you\'re vulnerable to Microsoft Exchange Server zero-days using this tool (lien direct) | A CISA alert has been issued to urge admins to check their systems as quickly as possible. | Tool | ||
|
2021-03-06 14:04:41 | This new Microsoft tool checks Exchange Servers for ProxyLogon hacks (lien direct) | Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...] | Tool | ★★★★★ | |
 |
2021-03-06 11:00:38 | BackTrack (lien direct) | Type: Keylogger Platform: Mac OS X Last updated: 02/09/16 9:14 pm Threat Level: High Description BackTrack is a keylogger. It is marketed as a data recovery tool designed to help users in the event of an application crash, but like all keystroke logging software, it can also be used to record the activity of any user working on the computer on which it is installed. BackTrack captures all keystrokes - with the exception of passwords - and saves them ... | Tool | ||
|
2021-03-06 10:52:03 | Amac (lien direct) | also known as OSX/AMK.A, OSX/AMK.B, OSX/AMK.C Type: Keylogger Platform: Mac OS X Last updated: 03/02/19 12:34 am Threat Level: High Description Amac is a keylogger marketed as a monitoring tool for employers, parents, and schools. However, like all keystroke logging software, it can be used to record the activity of any computer on which it is installed. Formerly offered by Amac Software Co., Ltd., and related to the Aobo and EaseMon keyloggers, Amac is designed to run undetected in the ... | Tool | ||
|
2021-03-05 22:01:30 | Microsoft Exchange Server Vulnerabilities Mitigations – updated March 15, 2021 (lien direct) | Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. … Microsoft Exchange Server Vulnerabilities Mitigations – updated March 15, 2021 Read More " | Tool | ★★ |
To see everything:
Our RSS (filtrered)
