What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-05 14:00:00 | These Smart Insoles Fixed My Running Form-and My Aching Hip (lien direct) | These pressure-sensing insoles are a great diagnostic tool for leveling up training or addressing painful running woes. | Tool | ★★★★ | |
 |
2021-03-04 17:16:01 | APT-Hunter – Threat Hunting Tool via Windows Event Log (lien direct) |  APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected.
The target audience for APT-Hunter is threat hunters, incident response professionals or forensic investigators.
Read the rest of APT-Hunter – Threat Hunting Tool via Windows Event Log now! Only available at Darknet.
|
Tool Threat | ||
 |
2021-03-04 16:39:12 | VMware addresses Remote Code Execution issue in View Planner (lien direct) | VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […] | Tool Vulnerability | ||
 |
2021-03-04 12:25:17 | Chinese Hackers Stole an NSA Windows Exploit in 2014 (lien direct) | Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box. ... | Tool | ||
 |
2021-03-03 17:51:31 | How to quickly validate your Kubernetes configuration files (lien direct) | Your Kubernetes YAML files need validation. Jack Wallen shows you a very easy tool that can drastically simplify that task. | Tool | Uber | |
 |
2021-03-03 13:26:24 | Veracode Named a Leader for AST on IT Central Station (lien direct) |  To keep up with the pace of the modern world, organizations are constantly looking for ways to release software faster than their competitors. This ???need for speed??? has led many organizations to adopt DevSecOps. With DevSecOps, security is moved earlier in the software lifecycle, into the realm of developers. As a result of the changing development landscape, application security testing has also been evolving. Yesterday???s application security testing tools and processes will no longer do.
Organizations need an AppSec vendor that is not only DevSecOps friendly but also offers multiple testing types, developer security training, and keeps false positives to a minimum. IT Central Station users have recently ranked AppSec vendors on these attributes and awarded Veracode the top spot for application security testing (AST) solutions.
Be DevSecOps friendly
DevSecOps, which adds security to the already merging workstreams of development (Dev) and IT operations (Ops), is now a critical piece of the application security story. IT Central Station members acknowledged the importance of having application security testing integrated into the DevSecOps workflow. For example, according to Riley B., a senior security analyst at a wellness & fitness company with over 1,000 employees, ???Veracode has improved our application security program by providing numerous integrations and tools to take our AppSec/DevSecOps to the next level.???
Being able to integrate automated scans into the DevSecOps pipeline makes applications security testing more ???DevSecOps friendly.??? For a security architect at a financial services firm with over 1,000 employees, one of Veracode???s most valuable features is its ability to submit the software and get automated scan results from it.
Divakar R., a senior solutions architect at NessPRO Italy, a small tech services company, simply stated that Veracode is ???a well-supported and valuable tool that was part of our DevSecOps process,??? while a DevSecOps consultant at a communications service provider with over 10,000 employees compared Veracode to a competitor: ???Veracode is more API and DevSecOps friendly. Veracode's scanning time is better.???
Cover all application types
Application security testing needs to cover a wide variety of application types if it???s going to contribute to positive outcomes in the modern world of DevSecOps. This means supporting testing for the web, mobile apps, microservices, and more. A senior security architect at a financial services firm with over 10,000 employees spoke to this need, saying, ???We are scanning external web applications, internal web applications, and mobile applications with various types/combinations of scanning. We use this both to improve our application security as well as achieve compliance with various compliance bodies that require code scanning.???
The communications service provider???s DevSecOps consultant echoed this approach, sharing, ???We use th |
Tool | ★★★★★ | |
 |
2021-03-03 11:00:00 | Extended threat detection and response (XDR): Filling out cybersecurity gaps (lien direct) |
This blog was written by an independent guest blogger.
Image source
Business technology generally advances on a rapid basis, however, so do the cyberthreats that can endanger your security.
According to BusinessWire, more than half of enterprises believe that their security cannot keep up, and according to IBM News Room, more than half of organizations with cybersecurity incident response plans fail to test them.
Because of overloaded security teams, poor visibility, and threat alert overload due to the many implemented technologies in place to fight this, for many of these enterprises, the difficulty constantly grows when it comes to detecting and effectively responding to cyber threats.
What is XDR?
XDR can be defined as a cross-layered detection and response tool. In other words, it collects and then correlates data over a variety of security layers, such as endpoints, emails, servers, clouds, and networks.
What this means is that, rather than focusing on end-point detection alone, it can enable your security team to detect, investigate, and respond to threats across multiple layers of security, not just the end-point.
This is due to the fact that today’s cyber threats are extremely tricky and complex, to the point where they can hide throughout different layers within an organization.
If you were to use a sideload approach, through the usage of different technologies, simply cannot provide a contextual view of all of the threats across the environment, and as such, can slow down the detection, investigation, and response.
It allows for improved protection, detection, and response capabilities as well as improved productivity of the operational security personnel, with lower costs associated with owning it.
Image source
XDR features
XDR was designed to simplify the security visibility across an organization’s entire cyber architecture. In other words, to allow an organization to analyze all of the layers associated with their security, not just the end-point, through an |
Tool Threat Guideline | Wannacry | |
|
2021-03-02 20:24:44 | Pwn20wnd released the unc0ver v 6.0 jailbreaking tool (lien direct) | The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now includes the exploit code […] | Tool | ||
 |
2021-03-02 17:54:53 | Jailbreak Tool Works on iPhones Up to iOS 14.3 (lien direct) | The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices. | Hack Tool | ||
 |
2021-03-02 14:59:00 | Anomali February Product Release: Moving Beyond Tactical Intelligence (lien direct) | We are happy to announce the Anomali Product Release for February 2021. For our product and engineering teams to deliver this latest set of features and enhancements, they worked closely with our customers with a particular eye to supporting security teams in their further move beyond a reliance on tactical, technical intelligence to a holistic, threat-model-driven approach by allowing them to work with threat models like the MITRE ATT&CK framework inside Anomali ThreatStream easily and productively. A further highlight directed at augmenting collaboration across teams and with external peers, leveraging our popular Trusted Circles capabilities, is the advent of full-featured chat within the Anomali ThreatStream threat intelligence platform, while maintaining privacy controls.
Enhancements in this latest release include:
MITRE ATT&CK Framework Integration
As a follow-up to the recent release of support for MITRE ATT&CK framework techniques, we’ve added the ability to import content from the MITRE ATT&CK Navigator tool and store your framework capabilities inside ThreatStream. Users can use the MITRE capability in ThreatStream's Investigations feature to help prioritize investigative activity and decision-making, making security teams more efficient and responsive.
Advanced Search Functionality for Threat Models
This month we’ve extended advanced search to Threat Model content in ThreatStream - providing the same flexibility and features for finding and refining content in our platform as for observable content. Users can now create advanced search queries with conditions and operators, and some additional capabilities specific to our Threat Model content, to find relevant intelligence quickly, as well as save their complex searches for future use at a click.
Collaboration via Full-Featured ThreatStream Chat
Customers now have the benefit of real-time, protected communication within ThreatStream for their internal teams and with Trusted Circle collaborators via the use of a full-featured chat client. With this built-in chat functionality, analysts can communicate and share tactical information as well as more strategic aspects of analysis and response quickly and easily with colleagues and peers at organizations that are members of common Trusted Circles--from inside the ThreatStream platform, where it can be easily shared and investigated. Most importantly, the collaboration remains anonymized and privacy is ensured.
Clone Custom Themed Dashboards
Extending the custom themed dashboards developed by the Anomali Threat Research (ATR) team and released in December, we are now offering the ability to not only access a custom themed dashboard (for COVID, Sunburst or other specific themes), but also to clone (or create a copy) of that dashboard, which you can now further customize or tailor to your specific needs and preferences. Once a dashboard is cloned a user can change, for a given widget, the saved query upon which the widget is based, as well as add their own custom widgets.
Intelligence Enrichment Inside of Investigations
We continue to refine the display of critical information to the user at the appropriate point of their research in order to ensure analysts have the right intelligence |
Tool Threat | Solardwinds Solardwinds | |
|
2021-03-02 10:55:24 | Top Security Anti-Patterns in ASP.NET Core Applications (lien direct) |  Microsoft's ASP.NET Core enables users to more easily configure and secure their applications, building on the lessons learned from the original ASP.NET. The framework encourages best practices to prevent SQL injection flaws and cross-site scripting (XSS) in Razor views by default, provides a robust authentication and authorization solution, a Data Protection API that offers simplicity of configuration, and sensible defaults for session management.
What could possibly go wrong? Let's break down a few scenarios where misusing security features and improperly overriding defaults may lead to serious vulnerabilities in your applications. We'll focus on MVC-based ASP.NET Core applications; however, most of the scenarios are equally applicable to Razor Pages.
Not validating anti-forgery tokens properly
Cross-Site Request Forgery (CSRF) attacks allow an attacker to trick a user into performing an action on a trusted web application, typically through getting the user to click on a link created by the attacker that will call the vulnerable application. A vulnerable application would have no idea that the malicious request triggered by the user was not intentional, and it would perform it. If the user was logged in during this time, the web browser would likely send the cookies with the request.
To protect against this, tokens should be created by the web application that are then passed back on each request to the server. These tokens change regularly, so a link provided by an attacker would be detected due to the outdated or missing token, and subsequently discarded by the application. Because CSRF relies on a stateful, pre-existing session and that the session information will be automatically passed via cookies, it is less likely to be required for API endpoints which are typically stateless.
ASP.NET Core provides a powerful toolset to prevent attacks using anti-forgery tokens. POST, PUT, PATCH and DELETE HTTP methods are the most likely to have significant side effects if REST guidelines have been followed, because these verbs are reserved for actions that alter state or data, and therefore they will require and validate anti-forgery tokens. For the sake of brevity we???ll use POST as an example from here on.
There are multiple ways to apply attribute-based filters to configure anti-forgery token validation, and the approaches may seem overwhelming:
ValidateAntiForgeryToken??ッapplied to each POST action in the controllers that would be exposed to requests.
ValidateAntiForgeryToken??ッapplied at the Controller level, exempting specific methods (most prominently those with GET actions) from validation using IgnoreAntiforgeryToken.
AutoValidateAntiforgeryToken??ッapplied globally to validate tokens on all relevant requests by default, and using IgnoreAntiforgeryToken to opt out of validation for specific actions if necessary.
ASP.NET Core project templates and the code generation command-line interface creates controller actions that use approach (1) using the ValidateAntiForgeryToken attribute attached to every action associated with updating data - that is, ValidateAntiForgeryToken and HttpPost attributes are always used together:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task CreateSomething(Something something)
While the result of the approach is valid, if the developer is writing the methods manually, they may easily forget to include the ValidateAntiForgeryToken??ッattribute alongside the attribute designating the action such as [HttpPost]. By default, neither ASP.NET Core nor the code editor wi |
Tool Guideline | ★★★ | |
 |
2021-03-02 01:37:31 | New \'unc0ver\' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 (lien direct) | A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.
The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its |
Tool Vulnerability Guideline | ||
 |
2021-03-01 10:30:00 | Self-Assessment Tool Aims to Enhance Small Biz Security (lien direct) | Micro-businesses and sole traders urged to take the test | Tool | ||
 |
2021-02-26 09:17:30 | Chinese Attack Tool Gains Gmail Access (lien direct) | Pas de details / No more details | Tool | ||
 |
2021-02-24 19:00:36 | Android Pentest: Automated Analysis using MobSF (lien direct) | Introduction MobSF is an open-source tool developed by Ajin Abraham that is used for automated analysis of an APK. This is a collection of tools that run under one interface, perform their own individual tasks (like Jadx, apktool etc) and display their results under a common interface. These reports can | Tool | ||
 |
2021-02-24 16:16:56 | Google\'s Password Checkup tool rolling out to Android devices (lien direct) | People who use devices running Android 9 or newer will be alerted if their login credentials have been stolen | Tool | ||
 |
2021-02-22 11:01:46 | Chinese hackers cloned attack tool belonging to NSA\'s Equation Group (lien direct) | The Jian tool was used to exploit a Windows zero-day vulnerability years before a patch was issued. | Tool Vulnerability | ||
|
2021-02-22 09:30:00 | CIS Offers Free DNS Security Tool for US Hospitals (lien direct) | Akamai-powered MDBR service blocks traffic to suspicious domains | Tool | ★★ | |
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-19 20:24:09 | AI in the OR: One company is closing the gaps in surgery using technology (lien direct) | ExplORe Surgical was created because there were often waiting times in surgery, so they created a tool to help. | Tool | ||
 |
2021-02-19 20:15:13 | CVE-2021-20588 (lien direct) | Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. | Tool Vulnerability | ||
|
2021-02-19 20:15:12 | CVE-2021-20587 (lien direct) | Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. | Tool Vulnerability | ★★ | |
|
2021-02-19 18:00:01 | How to find details about user logins on Linux (lien direct) | If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you. | Tool | ★★ | |
|
2021-02-18 20:56:44 | Cloud and analytics are finally becoming integrated into one tool (lien direct) | One company has created a solution to merge the diverse cloud and analytics tools organizations juggle. Here's hoping there will be more unity to come. | Tool | ||
|
2021-02-17 06:01:00 | What is an incident response plan? Reviewing common IR templates, methodologies (lien direct) | This article was written by an independent guest author. In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not. Well-prepared businesses reported less breach-related costs by an average of about $2 million USD. What is an incident response plan? An Incident Response Plan (IRP) serves as a blueprint, outlining the steps to be followed when responding to a security incident. Think of the IRP as a set of guidelines and processes your security team can follow so threats can be identified, eliminated, and recovered from. It is an essential tool for minimizing damage caused by threats, such as data loss, loss of customer trust, or abuse of resources. With a robust IRP, your company’s team can respond quickly and more efficiently against any type of threat. No matter what type of attack an organization faces, all cyberattacks require incident response. The best scenarios are those in which sufficient preventive measures are in place, including threat detection and intelligence integration tools. For organizations looking to get started with an IRP, there are many templates and frameworks available. Two industry standard incident response frameworks are the National Institute of Standards and Technology (NIST) framework and the SysAdmin, Audit, Network, and Security (SANS) institute framework. We’ve compared the SANS and NIST frameworks here. Whichever playbook, template or framework you choose, make sure you have the right team in place and are prepared to dedicate the time and resources to this critical organizational process. Who should carry out an incident response plan? While a robust incident response plan is incredibly important, having the right people with the relevant skillsets to execute the plans is equally crucial. To handle a cybersecurity incident effectively, your company should have an incident response team in place. In some organizations, it’s called a Computer Security Incident Response Team (CSIRT) and others may refer to it as a Security Incident Response Team (SIRT) or Computer Incident Response Team (CIRT). The team’s mission is to execute on the incident response plan as soon as an incident is discovered. The incident response team is divided into several groups, each playing a key role in mitigating an incident's potential damage. The team should be comprised of technical and non-technical people who can work together to identify, manage, eradicate and recover from any threat. They are responsible for collecting, analyzing and taking action based on incident data and information, and well as communicating with other stakeholders in the organization and critical third parties, including press, legal, affected customers and law enforcement. The best-prepared CSIRTs should include the following specialized teams: The Security Operations Centers (SOC), | Data Breach Tool Threat | ★★★★★ | |
|
2021-02-17 04:02:37 | Researchers Unmask Hackers Behind APOMacroSploit Malware Builder (lien direct) | Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.
The tool - dubbed "APOMacroSploit" - is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, |
Malware Tool | ||
 |
2021-02-17 01:26:20 | (Déjà vu) France ties Russia\'s Sandworm to a multiyear hacking spree (lien direct) | Destructively minded group has exploited an IT monitoring tool from Centreon. | Tool | ||
 |
2021-02-17 01:22:02 | Fight against dickpics thanks to OSINT (lien direct) | Tags: OSINTviolencedicpicThe following lines are the result of collaborative work, under the leadership of Justin Seitz. There are many of us working together, including Heartbroken and Nanardon.
OSINT is an acronym for Open Source Intelligence. It's a set of investigative techniques, allowing information to be retrieved from so-called open sources. Used by journalists, by police or in cybersecurity, OSINT can help to find information but it can also be used to protect yourself from malicious people. Violences against people, especially against women increased and diversified. Harassment, raids, doxxing, revenge porn by video or by pictures, identity theft or school harassment, etc. How to react? How to prevent them? Our goal is to give you simple resources, without the needs for special knowledge. It doesn't substitute support groups, law enforcement, health professionals or lawyers. We trust you. You are not responsible. Facts and situations we will use to illustrate ours kits are criminally and civilly repressed. You are not alone. The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available in this article are for general informational purposes only. Furthermore this article was written mainly in regards to French and European laws. Readers should consult their local laws and contact an attorney to obtain advice with respect to any particular legal matter. The word "dickpic" refers to unsolicited photos, showing genitals, sent by private message. Since it often involves penises, the term "dickpic" has been popularized. The reasons why the authors of these contents send them remain unclear. Let it be clear in the reader's mind that we are talking about unwanted mailings and not about an exchange of personal photos, in a consensual and adult setting. Some people see it as a way of flirting, others do it to harass. Either way, it is still punishable and no person should receive unwanted graphic images. In this article, we will talk about any unsolicited sending of sexual pictures or images of a sexual nature, regardless of the gender of the senders and recipients and the people photographed. Photos sent by direct messages In this case, we will talk about photos sent directly via an email application or a social network. This can be via Facebook, Twitter, Instagram, LinkedIn, Discord, Snapchat or Telegram, email or text message. Attackers usually take advantage of the fact that victims have set up their accounts in such a way that they can receive messages from people they do not follow. Here again, we will refer to the previous methodologies, i.e. to record and a |
Tool Guideline | ||
|
2021-02-15 23:34:42 | Neanderthals used stone tool tech once considered exclusive to Homo sapiens (lien direct) | A child's molar from an Israeli cave links Neanderthals to the cave's stone tools. | Tool | ★★★★ | |
|
2021-02-15 22:00:16 | Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities (lien direct) | Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.
The intrusion campaign - which breached "several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French |
Hack Tool Threat | ||
|
2021-02-15 20:10:27 | France Ties Russia\'s Sandworm to a Multiyear Hacking Spree (lien direct) | A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon. | Tool | ||
|
2021-02-15 14:00:00 | Underwater Meditation and the Therapeutic Benefits of VR (lien direct) | Virtual reality can be a supportive tool for people with disabilities or anxiety, or who just need help getting up and moving. | Tool | ★★★★ | |
|
2021-02-13 18:04:46 | Court documents show FBI could use a tool to access private Signal messages on iPhones (lien direct) | Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […] | Tool | ||
|
2021-02-12 19:55:34 | This new open source tool could improve data quality within the enterprise (lien direct) | Commentary: A new open source data testing and monitoring tool from Soda could help data engineers and CDOs improve data quality. | Tool | ||
|
2021-02-11 22:50:56 | Avaddon ransomware decryptor released, but operators quickly reacted (lien direct) | An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […] | Ransomware Malware Tool | ||
|
2021-02-11 17:46:30 | How to use the Vault command line tool to store your code secrets (lien direct) | Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp's Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage. | Tool | ||
|
2021-02-10 23:43:10 | Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies (lien direct) | UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch |
Tool Threat | ||
|
2021-02-10 16:34:00 | Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies (lien direct) | ScreenConnect Remote Access Tool Utilizing Ministry of Foreign Affairs-Themed EXEs and URLs Authored by: Gage Mele, Winston Marydasan, and Yury Polozov Key Findings Anomali Threat Research identified a campaign targeting government agencies in the United Arab Emirates (UAE) and likely the broader Middle East. We assess that Iran-nexus cyberespionage group Static Kitten, due to Israeli geopolitical-themed lures, Ministry of Foreign Affairs (MOFA) references, and the use of file-storage service Onehub that was attributed to their previous campaign known as Operation Quicksand.[1] The objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch parameters that have custom properties. Malicious executables and URLs used in this campaign are masquerading as the Ministry of Foreign Affairs (MOFA) of Kuwait (mofa.gov[.]kw). Another sample, including only MOFA (mfa.gov), could be used for broader government targeting. Overview Anomali Threat Research has uncovered malicious activity very likely attributed to the Iran-nexus cyberespionage group, Static Kitten (Seedworm, MERCURY, Temp.Zagros, POWERSTATS, NTSTATS, MuddyWater), which is known to target numerous sectors primarily located in the Middle East.[2] This new campaign, which uses tactics, techniques, and procedures (TTPs) consistent with previous Static Kitten activity, uses ScreenConnect launch parameters designed to target any MOFA with mfa[.]gov as part of the custom field. We found samples specifically masquerading as the Kuwaiti government and the UAE National Council respectively, based on references in the malicious samples. In mid-2020, the UAE and Israel began the process of normalizing relations. Since then, tensions have further escalated in the region, as reported by numerous sources. The targeting of Kuwait could be tied to multiple factors, including Kuwait’s MOFA making a public statement that they were willing to lead mediation between Iran and Saudi Arabia.[3] Furthermore, in October 2020, trade numbers for a peace deal between Israel and UAE included an estimate for the creation of 15,000 jobs and $2 billion in revenue on each side.[4] In that same month, Static Kitten reportedly conducted Operation Quicksand, which targeted prominent Israeli organizations and included the use of file-storage service OneHub.[5] Details We identified two lure ZIP files being used by Static Kitten designed to trick users into downloading a purported report on relations between Arab countries and Israel, or a file relating to scholarships. The URLs distributed through these phishing emails direct recipients to the intended file storage location on Onehub, a legitimate service known to be used by Static Kitten for nefarious purposes.[6] Anomali Threat Research has identified that Static Kitten is continuing to use Onehub to host a file containing ScreenConnect. The delivery URLs found to be part of this campaign are: ws.onehub[.]com/files/7w1372el ws.onehub[.]com/files/94otjyvd File names in this campaign include: تحليل ودراسة تطبيع العلاقات الدول العربية واسرائيل httpsmod[.]gov.kw.ZIP تحليل ودراسة تطبيع العلاقات الدول العربية واسرائيل httpsmod[.]gov.kw.exe الدرا | Ransomware Malware Tool Threat Studies Guideline | ||
 |
2021-02-10 15:07:13 | Apple Patches Recent Sudo Vulnerability in macOS (lien direct) | Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility. Present in most Unix- and Linux-based operating systems out there, Sudo is a tool that allows users to execute programs with the privileges of another user, which by default is superuser. | Tool Vulnerability | ||
 |
2021-02-09 14:00:34 | Nonverbal Communication -A Valuable Tool to Gain Trust (lien direct) | Becoming self-aware and improving our nonverbal communication can be a valuable tool in gaining trust from others. | Tool | ||
 |
2021-02-09 11:00:39 | Exposing the Sophisticated Cyber Espionage Tool Known as BendyBear (lien direct) | Unit 42 has disclosed the discovery of BendyBear, extremely stealthy malware that is one of the most sophisticated cyber espionage tools seen to date. | Malware Tool | ||
|
2021-02-08 18:15:13 | CVE-2021-21304 (lien direct) | Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability. | Tool Vulnerability | ★★★★ | |
|
2021-02-05 22:15:12 | CVE-2021-21303 (lien direct) | Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. | Tool | Uber | |
 |
2021-02-05 19:07:33 | Why Pressure Tactics Have Become The Latest Tool Used By Cyber Criminals (lien direct) | Companies have developed new methods of keeping valuable data safe from cyber criminals, but over the last two years these same criminals have gotten smarter, and in turn, are now… | Tool | ||
|
2021-02-05 13:31:32 | Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems (lien direct) | Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems. | Tool | ||
|
2021-02-05 09:59:35 | AppSec Bites Part 2: Top 3 Things to Consider When Maturing Your AppSec Programs (lien direct) |  A joint blog post from Veracode andツ?ThreadFix
When it comes to maturing an AppSec program, there are several best practices that can help you get started. In part two of our AppSec podcast series, Tim Jarrett, Director of Product Management at Veracode, and Kyle Pippin, Director of Product Management at ThreadFix, share the top 3 things they???ve learned from organizations that have successfully matured and scaled their AppSec programs.
1. Know your anchor points.
The first thing you need to think about when maturing your AppSec program is the current landscape of your organization. What are the things you can???t change? It could be that you can???t find more AppSec resources (supply and demand) or that there is no budget for additional scan types. Whatever the constraints are at your organization, you need to acknowledge them so that you can find acceptable workarounds.
2. Automate.
Next, if you are not doing so already, you need to automate as much as possible. If application security scans are automated into the developers??? existing tools and processes, there will likely be an increase in scan activity and developers will have more free time to work on securing their code and remediating flaws. Automation can also be used for other purposes, like onboarding. Since security professionals are hard to come by, they are often stretched thin for time. Because of this, security professionals can become a bottleneck when it comes to software deployments. If you automate some of their tasks, like onboarding developers in security best practices, it can free up some of their time and improve speed to market.
3. Focus on outcomes.
Last, but certainly not least, it???s important to focus not just on finding, but fixing flaws. You can help developers improve fix rates through training measures. For example, Veracode Security Labs is a great tool to help developers practice writing and remediating code in their chosen language. Implementing a security champions program is also a useful way to help make security top of mind for developers. Most developers don???t take security courses in college, so unless they are learning about security at their organization, chances are it???s not a strong skillset. If you find developers who are interested in learning more about security, you can train them to be security champions and they can take those skills back to other developers.
To learn more about the best practices for maturing your AppSec program, check out part 2 of our AppSec Bites podcast series with Threadfix. |
Tool | ||
|
2021-02-04 11:00:00 | Rooting out the cybersecurity risk in your CI/CD pipeline (lien direct) | This blog was written by an independent guest blogger. When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade. Some of the managerial and legal tools that will be used to meet this challenge are already available. Advanced vulnerability management programs are now able to deal with continuous environments by default, and the IoT cybersecurity act that has just been signed into law contains provisions that specify the liability of developers in the event of an embedded device getting hacked. On the technical side, however, cybersecurity has yet to catch up with the flexibility and complexity of CI/CD pipelines. In this article, therefore, I want to sketch a holistic way forward: a roadmap for how these environments can begin to be secured in the years to come. This roadmap contains five main pillars: 1. Leadership First, and arguably most importantly, finding security vulnerabilities in your CI/CD pipeline requires brave, involved, and forward-thinking leadership. The central challenge of CI/CD pipelines, from a cybersecurity perspective, is that they are constantly evolving. Security solutions that were developed for the environment of three years ago no longer offer adequate protection. In response, leaders need to inspire every member of an organization to adopt the DevSecOps mindset, in which every individual who interacts with a piece of software takes responsibility for its security. This means that managers need to put in place systems and processes through which developers can work with operations staff and through which software can be designed in a way that all key stakeholders know the risks it is exposed to. In addition, leaders should take a long-term view of security in their organizations. CI/CD pipelines provide a great deal of flexibility when it comes to software design and development, but they also require (at least) a three-year, horizon-scanning approach to security flaw identification. 2. Design for DevOps A related point to the one above is that developers must ensure that the code they write and ship via their CI/CD pipelines is designed for the DevOps approach. This means that all source code should be pre-checked with static analysis tools prior to committing to the integration branch. This verifies that it does not introduce critical code vulnerabilities into real world software. This is particularly important today, because of the range of devices on which the average piece of software is deployed. One of the main promises, and advantages, of CI/CD pipelines is that they allow developers to work in a way that is platform-agnostic. However, this can sometimes blind them to the sheer range of places in which their code will eventually be deployed and potentially exposed to attack. Of particular concern here is the (sometimes unauthorized and often unexpected) deployment of code on smartphones. In 2020, we passed a notable watershed – for the first time in history, the majority of internet traffic originates from cell phones. Given this, it seems absurd that the majority of software is still written, by default, for desktop environments. Making sure that code is thor | Tool Guideline | ||
|
2021-02-03 13:05:00 | OBIE Launches Free Tool to Fight Open Banking Fraud (lien direct) | New tool is freely available to all firms enrolled in the OBIE Directory | Tool | ||
|
2021-02-02 16:58:48 | Oracle introduces post-pandemic protection and decision-making tool for HR teams (lien direct) | New return-to-workplace solution, Oracle Fusion Cloud Human Capital Management, helps to maintain safety and helps employees adapt to new working conditions. | Tool | ||
|
2021-02-02 16:37:33 | A Swiss Army Knife for Industrial Operations Protection (lien direct) | When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are. | Tool |
To see everything:
Our RSS (filtrered)
