What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-17 16:49:19 | How to install the ManageEngine OpManager on your data center servers (lien direct) | OpManager is an outstanding tool for keeping tabs on your data center servers. Learn how to get it up and running. | Tool | ||
 |
2020-11-17 06:01:00 | What is unified endpoint management? UEM explained (lien direct) | This blog was written by a third party author. The business world is undergoing its most dramatic shift yet with the adoption of digital assets and workforce decentralization representing a huge business opportunity. These changes have led to added endpoints, or devices connecting to the network, and is enabling this transformation. But managing the volumes of these diverse endpoints and geographic locations has grown in complexity. Furthermore, along with these changes in technology adoption and distribution of the workforce, the cybersecurity landscape is also changing. The multitude of endpoints that connect to the network is expanding the attack surface that bad actors with malicious intent can attempt to exploit. From a cybersecurity perspective, this influx of endpoints represents a significant business risk. Organizations need to understand the importance of both managing and securing their endpoints and how these two variables are intertwined for a complete endpoint security strategy. What is UEM? Traditional mobile device management has evolved, and in some way, UEM represents this modern evolution. With the dramatic increase of remote connectivity via mobile devices, shift to work from home, and IoT adoption, unified endpoint management has become the solution for modern IT departments looking to secure these environments. Unified endpoint management is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. In addition, UEM offers the abilities for provisioning, detection, deployment, troubleshooting and updating. UEM software gives IT and security departments the visibility and control over their devices as well as their end-users, delivered through a centralized management console. The goal of UEM software is to simplify an organization's endpoint strategy. But when adopting UEM software, it’s critical to approach the implementation with a big-picture view and plan accordingly. UEM security benefits Unified endpoint management offers organizations many benefits, with the most appealing being reduced costs across multiple departments. By comprehensively automating many IT tasks and processing, UEM often lowers overhead costs and hardware expenditures. Other key benefits are as follows: Offers endpoint management integration with multiple platforms One of the major selling points of UEM software is its ability to integrate with a variety of platforms, including Windows 10, macOS, Linux, Chrome OS, iOS, and Android, among others. With UEM, your business can configure, control, and monitor devices on these platforms from a single management console. With this integration, the burden of connecting these systems is reduced, costs are lowered, and risks are mitigated. Provides data and app protection across the attack surface UEM protects corporate data and applications, reducing cybersecurity threats. This protection is accomplished by: Providing conditional user access Enforcing automated rules Enforcing compliance guidelines Providing safeguards for data loss Empowering IT administrators to identify jailbreaks and OS rooting on devices And, when combined with a Mobile Threat Defense (MTD) solution, UEM’s can enforce security policies and take automated remediation steps to further mitigate security risks for iOS and Android devices. Boasts advanced desktop management With UEM, desktop operating systems gain a digital transformation boost that simplifies deployment and helps optimize app delivery and patch automation. Plus, an endpoint’s data and apps can be | Tool Vulnerability Threat Patching | ||
 |
2020-11-15 13:00:00 | Computer Scientists Achieve the \'Crown Jewel\' of Cryptography (lien direct) | For years, a master tool called indistinguishability obfuscation seemed too good to be true. Three researchers have figured out that it can work. | Tool | ||
 |
2020-11-13 10:41:01 | Possible ransomware attack warnings from the Australian government (lien direct) | The Australian government have recently sent out a security alert encouraging health sector organisation to check their cyber-security defences, and most importantly their controls for detecting ransomware attacks. Australia's Cyber Security Centre said that it “observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT).” This warning […] | Ransomware Tool | ||
 |
2020-11-12 15:00:00 | Fortify Your Cyber Defense with the MITRE ATT&CK Framework (lien direct) | Overview In a recent Anomali webinar, experts AJ Nash, Senior Director of Cyber Intelligence Strategy at Anomali, and Roberto Sanchez, Senior Director, Threat and Sharing Analysis at Anomali, presented the importance of the MITRE ATT&CK framework and showed how to use it to better understand threat actors, campaigns, and associated tactics, techniques, and procedures (TTPs). Major Analytical Frameworks The Cyber Kill Chain, developed by Lockheed Martin in 2011, is one of the best known of the cyber threat intelligence frameworks. Based on the military concept of the kill chain, it breaks down an attack into seven stages, so defenders can pinpoint which stage an attack is in and deploy appropriate countermeasures. In 2013, looking for a way to better understand adversary concerns, The Center for Cyber Intelligence Analysis and Threat Research (CCIATR) developed The Diamond Model. This model helps defenders track four aspects of an attack: the attacker, the victims, the attacker’s capabilities, and the infrastructure the attacker uses. Each of the points on the diamond is a pivot point that defenders can use during an investigation to connect one aspect of an attack with the others. Also in 2013, MITRE - a unique United States corporation responsible for managing federal funding for research projects across multiple federal agencies - released the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework as a means of tracking adversarial behavior over time. ATT&CK builds on the Cyber Kill Chain, but rather than describe a single attack, it focuses on the indicators and tactics associated with specific adversaries. MITRE ATT&CK MITRE ATT&CK can provide a better understanding of adversaries by quantifying and categorizing them. Universal nomenclature and taxonomy of specific tactics, techniques, and procedures enable a shared understanding of threat actors. Recognizing these advantages, Anomali has integrated this framework into their platform. There are four main issues that MITRE ATT&CK is designed to address: Adversary Behaviors – Tactics, techniques, and procedures (TTPs) are tracked, which are more durable than indicators of compromise (IOCs). Improved Lifecycle Model - MITRE ATT&CK has the ability to map specific behaviors back to an organization’s defenses to understand how it relates to that specific environment. Real-World Applicability - TTPs are based on observed incidents. Common Taxonomy – TTPs need to be comparable across adversary groups using the same terminology. It enables the comparison of adversaries from different nation-states, etc. MITRE ATT&CK’s approach uses behavioral methodology guided by five principles: Include Post-compromise Detection – This is necessary for when threats bypass established defenses or use new means to enter a network. Focus on Behavior - Signatures become unreliable, as they change frequently. Behaviors tend to remain more stable, enabling better profiling of adversaries. Use of Threat-based Model - An accurate and well-scoped threat model that captures adversaries’ tools and how they overlap with each other enables preventative actions. Iterate by Design - Constant | Malware Tool Threat | ||
|
2020-11-11 17:54:08 | You can use RPA to help with data cleansing for analytics (lien direct) | This tool doesn't work for big data, but it can help you get your data ready to be analyzed. Here's why. | Tool | ||
 |
2020-11-10 13:22:03 | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike (lien direct) | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […] | Ransomware Tool Guideline | ||
 |
2020-11-08 19:11:06 | Memory Forensics using Volatility Workbench (lien direct) | Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating system. You can download it from Here. You can refer to the previous article Memory Forensics: Using Volatility from here, ... Continue reading → | Tool | ||
 |
2020-11-04 19:00:00 | Dans le débordement de tampon critique sauvage, la vulnérabilité de Solaris peut permettre une prise de contrôle à distance - CVE-2020-14871 In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover - CVE-2020-14871 (lien direct) |
Fireeye Mandiant a étudié les machines Oracle Solaris compromises dans les environnements clients.Au cours de nos enquêtes, nous avons découvert un outil d'exploitation sur le système d'un client et l'avons analysé pour voir comment il attaquait leur environnement Solaris.Le groupe de travail offensif de l'équipe Flare \\ a analysé l'exploit pour déterminer comment il a fonctionné, reproduit la vulnérabilité sur différentes versions de Solaris, puis l'a signalée à Oracle.Dans cet article de blog, nous présentons une description de la vulnérabilité, offrons un moyen rapide de tester si un système peut être vulnérable et suggérer des atténuations et
FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer\'s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team\'s Offensive Task Force analyzed the exploit to determine how it worked, reproduced the vulnerability on different versions of Solaris, and then reported it to Oracle. In this blog post we present a description of the vulnerability, offer a quick way to test whether a system may be vulnerable, and suggest mitigations and |
Tool Vulnerability | ★★★ | |
|
2020-11-04 18:14:43 | MIT researchers develop AI to detect COVID-19 using cough recordings. An app could be on deck (lien direct) | The tool was able to detect nearly 99% of COVID-19 infections using thousands of cough recordings and 100% of asymptomatic cases, per MIT. | Tool | ||
 |
2020-11-03 10:03:00 | Trape – OSINT Analysis Tool For People Tracking (lien direct) |  Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.
Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.
Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.
|
Tool | ||
|
2020-11-02 19:15:00 | Vivre du terrain?Que diriez-vous d'apporter votre propre île?Un aperçu de UNC1945 Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 (lien direct) |
Grâce à une enquête mandiante des intrusions, l'équipe de Flare Advanced Practices a observé un groupe que nous suivons en tant que fournisseurs de services gérés par UNC1945 et opérant contre un ensemble de cibles sur mesure au sein des industries de conseil financière et professionnelle en tirant un accès à des réseaux tiers (voir (voirCe article de blog pour une description approfondie des groupes «UNC»).
UNC1945 Tiré des systèmes d'exploitation Oracle Solaris, utilisé plusieurs outils et utilitaires contre Windows et Systèmes d'exploitation Linux, des machines virtuelles personnalisées chargées et exploitées et utilisé des techniques pour échapper à la détection
Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection |
Tool | ★★★★ | |
|
2020-11-02 14:40:17 | Burp Suite for Pentester – Configuring Proxy (lien direct) | Burp Suite, you might have heard about this great tool and even used it in a number of times in your bug hunting or the penetration testing projects. Though, after writing several articles on web-application penetration testing, we've decided to write a few on the various options and methods provided by this amazing tool which... Continue reading → | Tool | ||
|
2020-10-29 22:05:27 | In Embryos, Crispr Can Cut Out Whole Chromosomes-That\'s Bad (lien direct) | The DNA-cutting tool has been hailed as a way to fix genetic glitches. But a new study suggests it can remove more than scientists bargained for. | Tool | ||
 |
2020-10-29 18:21:34 | FlowSpec for DDoS (lien direct) | We tend to not announce new features until we’re ready to announce a new version. But 2020 throws the old rules out the window! The Institute for Security and Technology (IST) reached out to me recently to talk about BGP FlowSpec. The topic? Is this a viable tool to help networks defend themselves? [...] | Tool | ||
 |
2020-10-29 13:04:48 | A Software Security Checklist Based on the Most Effective AppSec Programs (lien direct) |  Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.
As the presenters went through the data, it led to a larger discussion about AppSec best practices and what steps organizations can take to mature their programs. Here are the best practices laid out during the presentation as an easy-to-follow checklist as well as supporting data from the ESG report.
Application security controls are highly integrated into the CI/CD toolchain.
In the ESG survey, 43 percent of organizations agreed that DevOps integration is most important to improving AppSec programs, but only 56 percent of respondents answered that they use a highly integrated set of security controls throughout their DevOps process. Integrating security measures into the CI/CD toolchain not only makes it easier for developers to run AppSec tests, but it also helps organizations discover security issues sooner, which speeds up time to deployment.
Application security best practices are formally documented.
In order to have a successful AppSec program, everyone needs to be on the same page regarding best practices. The CISO should help facilitate the formal documentation of AppSec best practices. Developers and security professionals can reference the list and use it to guide their decisions.
Application security training is included as part of the ongoing development security training program.
Developers have been increasingly tasked with implementing security measures, including writing secure code and remediating vulnerabilities. Most developers don???t receive secure code training courses in college, so it is up to organizations to offer security training. But according to the survey, more than 20 percent of organizations only provide training when developers join the team.
Developers should have multiple, at-leisure training opportunities throughout the year, like virtual or hands-on programs ??? such as Veracode Security Labs. Chris Wysopal pointed out the importance of human touchpoints as part of ongoing developer training. If someone is checking in on developers to make sure they???re completing their training, they???ll likely take it more seriously. Consider a security champions program. The security champions are developers who have an interest in learning about security. If you have at least one security champion on every scrum team, that person can help ensure that their peers are up to speed on the latest security training and best practices.
Ongoing developer security training includes formal training programs, and a high percentage of developers participate.
At-leisure security training is a great way for developers to learn on their own time. But it is also important to implement formal security training with a set completion date and a skills assessment. Without formal security training, developers may not develop the skills they need to write secure code and remediate vulnerabilities. This could lead to slower and more expensive deployments because of rework or vulnerable code being pushed to production.
Accordin |
Tool Vulnerability Guideline | Uber | |
 |
2020-10-28 03:57:02 | [Webinar and eBook]: Are You\'re Getting The Best Value From Your EDR Solution? (lien direct) | Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats.
EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2.0 billion in annual revenue globally, expecting it to quadruple over the next five years. The recent introduction of Extended Detection and |
Tool | ||
 |
2020-10-22 10:24:17 | NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco (lien direct) | Cisco Reports Privacy and Security Concerns Increase in Today's Remote World News Summary: Two new global surveys highlight the challenges and opportunities of the accelerated transition to a cloud-first, remote world that demands us to be secure, connected, and productive from anywhere. IT teams were not fully prepared for the sudden transition to remote work. Secure … The ISBuzz Post: This Post NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco | Tool | ||
|
2020-10-21 13:00:00 | A Deepfake Porn Bot Is Being Used to Abuse Thousands of Women (lien direct) | An AI tool that 'removes' items of clothing from photos has targeted more than 100,000 women, some of whom appear to be under the age of 18. | Tool | ||
 |
2020-10-19 17:25:00 | GravityRAT Spyware Targets Android & MacOS in India (lien direct) | The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android. | Tool | ||
 |
2020-10-19 11:37:58 | New Gitjacker tool lets you find .git folders exposed online (lien direct) | Tool can also download your Git repositories, allowing attackers to retrieve sensitive configuration files and source code. | Tool | ||
|
2020-10-16 17:27:51 | How to recover deleted files in Linux with testdisk (lien direct) | If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk. | Tool | ||
 |
2020-10-09 15:42:42 | How Cybersecurity Threat Intelligence Teams Spot Attacks Before They Start (lien direct) | A thorough cybersecurity threat intelligence team can turn a threat into a tool for future protection. Their job is to conduct background research on threat groups’ motivations and capabilities. This way, the intelligence team can be ready to protect an organization with even greater knowledge in the future. Strong cybersecurity threat intelligence about who attackers […] | Tool Threat | ||
|
2020-10-08 14:02:25 | Data Security and Regulatory Compliance (lien direct) | By Trevor J Morgan, product manager at comforte AG The cloud is an incredibly useful tool for businesses and enterprises that process huge amounts of information. Over recent years, cloud adoption has increased substantially. Indeed, the public cloud service market is expected to reach $623.3 billion by 2023 worldwide as more businesses look to expand […] | Tool | ||
|
2020-10-07 11:00:00 | How to Save Time and Type Faster With AutoHotKey (lien direct) | One simple tool gives you the power to build your own custom time-saving keyboard shortcuts. Here's how to set it up and get through that drudgework faster. | Tool | ||
|
2020-10-07 04:18:46 | trident – Automated Password Spraying Tool (lien direct) |  The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.
trident was designed and built to fulfill several requirements and to provide:
the ability to be deployed on several cloud platforms/execution providers
the ability to schedule spraying campaigns in accordance with a target's account lockout policy
the ability to increase the IP pool that authentication attempts originate from for operational security purposes
the ability to quickly extend functionality to include newly-encountered authentication platforms
Using trident Password Spraying Tool
Usage:
trident-cli campaign [flags]
Flags:
-a, --auth-provider string this is the authentication platform you are attacking (default "okta")
-h, --help help for campaign
-i, --interval duration requests will happen with this interval between them (default 1s)
-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, --passfile string file of passwords (newline separated)
-u, --userfile string file of usernames (newline separated)
-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)
Example output:
$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME | PASSWORD | VALID |
+----+-------------------+------------+-------+
| 1 | alice@example.org | Password1!
Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.
|
Tool | ||
|
2020-10-06 10:00:00 | Covering Comments Is Instagram\'s Newest Anti-Bullying Tool (lien direct) | Harassment takes many forms. The platform's latest update works to address a broader swath of negative interactions, from hiding comments to sending warnings. | Tool | ||
|
2020-10-05 20:15:10 | NASA taps AI to identify "fresh craters" on Mars (lien direct) | NASA's Jet Propulsion Laboratory uses an AI tool on a supercomputer cluster to identify potential craters on the Red Planet. | Tool | ||
|
2020-10-05 10:00:00 | A China-Linked Group Repurposed Hacking Team\'s Stealthy Spyware (lien direct) | The tool attacks a device's UEFI firmware-which makes it especially hard to detect and destroy. | Tool | ||
|
2020-10-05 07:38:05 | Microsoft releases tool to update Defender inside Windows install images (lien direct) | The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | Tool | ||
|
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
|
2020-10-01 13:00:03 | With API attacks rising, Cloudflare launches a free API security tool (lien direct) | Claudflare launches API Shield, a new service to protect web APIs against attacks. | Tool | ||
|
2020-10-01 11:44:03 | Python programming: Microsoft\'s new tool makes app testing easier for developers (lien direct) | Playwright for Python automates end-to-end testing for web apps and works in any browser. | Tool | ||
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat | ||
|
2020-09-29 05:01:00 | Zero Trust Architecture explained (lien direct) | This blog was written by a third party author. With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access. On top of this, insider threats are on the rise where trusted users take advantage of their access for nefarious purpose. This means that the tried-and-tested concept of perimeter-based security and defenses (where anything located on the corporate network it is assumed to be trusted) is no longer enough. Security teams need to shift their thinking from the perimeter to the authentication and access of resources. This means looking at methods of both restricting access and monitoring access requests to ensure those utilizing the environment are doing so appropriately. This is where a Zero Trust Architecture comes in. What is Zero Trust Architecture? Zero Trust Architecture should be a core part of a company’s cybersecurity planning, combining identify, access policy, authentication, and more. The concept of Zero Trust is “never trust, always verify”, which effectively means assuming that all devices and users represent a potential threat and cannot be trusted until they can be properly authenticated. Once authenticated users are allowed access only to the bare minimum, they need to perform their job efficiently. Therefore, if a device (or user account) is compromised, Zero Trust aims to ensure that the damage is either mitigated (by not allowing access) or, at worst, is limited in scope. The concept of Zero Trust has been growing over the past decade; however, the challenge has been implementing it without sacrificing user experience and productivity. Zero Trust Architecture relies heavily on some critical capabilities – namely identity management, asset management, application authentication, network segmentation, and threat intelligence. The technologies needed to achieve these were once only available to larger organizations but are now readily available in the mainstream. How can an organization implement Zero Trust Architecture? Successfully implementing a Zero Trust Architecture means going beyond rolling out a series of integrated tools and technologies, which are supported by a set of operational policies and authentication requirements. This has to be a strategic initiative that supports the formation of the Zero Trust architecture outside of a tool and technologies acquisition. The latter should outline what Zero Trust will look like as it relates to authorization to specific resources both on-premises and in the cloud, as well as how Zero Trust technologies will interact with data, threat intelligence, public key infrastructure, identity management, and vulnerability management systems. Once this foundation has been established, companies can determine how further to define their Zero Trust Architecture; for example, using software-defined perimeters, micro-segmentation, by identity, or a combination therein. In terms of setting user policy, understating accountability, authority, and capability are critical to establishing the level of trust of an individual user. The implementation of a trust algorithm can involve a score-based approach, as well as contextual based or an approach involving certain criteria that must first be met. When it comes to rolling out the technology to support your Zero Trust environment, it’s advisable to run a pilot program first. This will allow you to get the kinks out, adjust KPIs and teach you how to operate in a ZTA overall with limited impact to your business. Pilot programs should focu | Tool Vulnerability Threat | ||
|
2020-09-25 08:01:52 | FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations (lien direct) | Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.
Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also |
Tool | ||
|
2020-09-23 17:13:02 | tko-subs – Detect & Takeover Subdomains With Dead DNS Records (lien direct) |  tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.
What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?
This tool allows you:
To check whether a subdomain can be taken over because it has:
a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.
|
Tool | ||
|
2020-09-23 05:01:00 | What is mobile device management? MDM explained (lien direct) | This blog was written by a third party author. Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale. For example, 70% of breaches originate on the endpoint, making it the number one target for attacks. Even more concerning, according to a recent study, 60% of breaches were linked to a vulnerability where a patch was available, but not applied. The moral of the story: mobile device management is critical for any corporate network. What is mobile device management? Mobile device management (MDM) is a software tool for IT departments and administrators that allows management of all mobile endpoints, including smartphones, laptops, tablets, and IoT devices. Endpoints can be owned by either the company or the employee, and the MDM solution can be hosted onsite or in the cloud. The goal of an MDM is to find the right balance between management, productivity and policy compliance. As personal devices proliferate onto enterprise networks, MDM plays a vital role in securing corporate networks while allowing employees to continue to work more efficiently. Mobile Device Management software relies on the client/server model to function. Using a management console, the server component allows IT administrators to configure and assign policies. The client component resides on each mobile device and receives whatever directives have been assigned from the management console. MDM is now a mature platform that has seen significant advances. Client-initiated updates are a thing of the past, as modern MDM software can instantly discover any new endpoint making a connection to the network. Today’s MDM is much more streamlined. Managing BYOD with MDM The line between a mobile user and an on-premise employee has blurred as almost everyone brings some type of personal device into the workplace. The BYOD (bring your own device) movement in many organizations is no longer a movement but more of a norm. The need to monitor and manage these endpoints has never been greater. While the benefits of BYOD are clear — lower equipment costs and more time available for IT personnel come to mind — if endpoints are not actively managed and monitored, the security risks are significant. Mobile device management is a critical component of any BYOD policy, as it allows the business to maintain control of their company data and how it is accessed. Tablets and smartphones can be difficult enough to manage in the BYOD era. After all, they’re arguably less secure than laptops and desktops due to a lack of pre-installed malware protection. But when IoT is added to the mix, especially if employees aren’t aware of the security threat it poses, the importance of the MDM multiplies. According to a recent Infoblox report, a staggering 80% of IT professionals surveyed discovered shadow (unreported to the IT department) IoT devices connected to their network, and 29% of them discovered more than 20. These devices could be smart TVs, kitchen devices, cameras, or personal health monitors. We’ve discussed IoT security before; by default, devices are inherently in | Malware Tool Vulnerability Threat | ||
 |
2020-09-22 17:00:37 | New tool helps companies assess why employees click on phishing emails (lien direct) | NIST's tool can help organizations improve the testing of their employees' phish-spotting prowess | Tool | ||
|
2020-09-21 14:00:00 | A New Tool Detects Counterfeit Whiskey-Without Wasting a Drop (lien direct) | Bogus booze has been infiltrating the market, so physicists found a way to test for authenticity while keeping the precious bottles sealed. | Tool | ★★★ | |
|
2020-09-20 09:39:26 | Security Affairs newsletter Round 282 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Gaming hardware manufacturer Razer suffered a data leak CIRWA Project tracks ransomware attacks on critical infrastructure Popular Marketing Tool exposes data of users of dating sites Staples discloses data breach […] | Ransomware Data Breach Tool | ||
|
2020-09-18 17:56:28 | How to encrypt files on your Linux servers with gocryptfs (lien direct) | Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. | Tool | ||
|
2020-09-15 15:00:00 | Weekly Threat Briefing: APT Group, Malware, Ransomware, and Vulnerabilities (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Conti Ransomware, Cryptominers, Emotet, Linux, US Election, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal
(published: September 14, 2020)
A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system.
Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online.
Tags: China, spying
US Criminal Court Hit by Conti Ransomware; Critical Data at Risk
(published: September 11, 2020)
The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns.
Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks.
Tags: conti, ryuk, ransomware
|
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 28 APT 31 | ★★★ |
|
2020-09-14 15:51:05 | 43% of Orgs Think DevOps Integration Is Critical to AppSec Success (lien direct) |  It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security roadblocks or let flaws slip through the cracks.
We recently dug through the ESG survey report,ツ?Modern Application Development Security, which uncovers some interesting data about the state of DevOps integration in the modern software development process. As the report states, DevOps integration is critical for improving your organization???s application security (AppSec) program, as automating and integrating solutions removes some of the manual work that can slow teams down and moves security testing into critical parts of the development process.
???DevOps integration reduces friction and shifts security further left, helping organizations identify security issues sooner,??? the report says. ???While developer education and improved tools and processes will no doubt also improve programs, automation is central to modern application development practices.???
 ???
According to the survey results, nearly half of organizations agree; 43 percent believe that DevOps integration is the most important piece of the puzzle for improving their AppSec programs. The report also outlines 10 elements of the most successful AppSec programs, and topping that list is ensuring that your AppSec controls are highly integrated into the CI/CD toolchain.
Integration challenges
For some survey respondents, that???s easier said than done. Nearly a quarter (23 percent) said that one of their top challenges with current AppSec testing solutions is that they have poor integration with existing development and DevOps tools, while 26 percent said they experience difficulty with ??? or lack of ??? integration between different AppSec vendor tools.
AppSec tool proliferation is a problem too, with a sizeable 72 percent of organizations using more than 10 tools to test the security of their code. ???Many organizations are employing so many tools that they are struggling to integrate and manage them. This all too often results in a reduction in the effectiveness of the program and directs an inordinate amount of resources to managing tools,??? they explain further.
So where should organizations like yours start? By selecting a vendor with a comprehensive offering of security solutions that integrate to help you cover those bases and consolidate solutions while reducing complexity. That???s where Veracode shines. We bring the security tests and training tools you need together into one suite so that you can consolidate and keep innovating ??? securely. And your organization can scale at a lower cost, too: our range of integrations and Veracode solutions are delivered through the cloud for less downtime and more efficiency.
Simplifying AppSec
We aim to simplify your AppSec program by combining five key analysis types in one solution, all integrated into your develo |
Tool | ||
|
2020-09-14 08:42:52 | (Déjà vu) Popular Marketing Tool exposes data of users of dating sites (lien direct) | Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “vpnMentor's research team recently received a report from […] | Tool | ||
 |
2020-09-10 13:04:00 | Checklist 198: Listener Tracking in Podcasts with Rob Walch (lien direct) | Did you know that some podcasts actually track their listeners? Rob joins us today to talk about how the tracking occurs and about a new tool on the way to fight it. | Tool | ||
|
2020-09-09 21:45:16 | How to fix common Wi-Fi problems with the macOS built-in Wireless Diagnostics app (lien direct) | There's no reason to turn to third-party tools for solutions to your Wi-Fi woes. macOS has a built-in tool that can scan your wireless network and make all the recommendations that a paid tool does. | Tool | ||
|
2020-09-09 16:24:00 | Weekly Threat Briefing: Skimmer, Ransomware, APT Group, and More (lien direct) | The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Baka, DDoS, Netwalker, PyVil, Windows Defender, TA413, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
‘Baka’ Javascript Skimmer Identified
(published: September 6, 2020)
Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory.
Tags: Baka, Javascript, Skimmer
Netwalker Ransomware Hits Argentinian Government, Demands $4 Million
(published: September 6, 2020)
The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Argentina, Government, Netwalker, Ransomware
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
(published: September 3, 2020)
Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY |
Ransomware Malware Tool Vulnerability Threat Medical | APT 38 APT 28 | ★★★★ |
|
2020-09-09 10:58:14 | Weave Scope is now being exploited in attacks against cloud environments (lien direct) | The legitimate cloud infrastructure monitoring tool has been added to attacker arsenals. | Tool | ||
|
2020-09-08 15:45:46 | How to install the oVirt virtual machine manager on CentOS 8 (lien direct) | If you're looking for a web-based virtual machine manager, oVirt might be the tool for you. Jack Wallen shows you how to install this powerful, open source solution on CentOS 8. | Tool |
To see everything:
Our RSS (filtrered)
