What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-17 14:18:04 | Cisco addressed a critical flaw in networks management tool Prime Infrastructure (lien direct) | Cisco had issued security updates to address 57 security flaw, including three flaws in networks management tool Prime Infrastructure. One of the flaws addressed by Cisco in the Prime Infrastructure management tool could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on PI devices. “Multiple vulnerabilities in the web-based management […] | Tool | ||
|
2019-05-16 13:08:02 | Microsoft renewed its Attack Surface Analyzer, version 2.0 is online (lien direct) | Microsoft has renewed its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies. The first version of the Attack Surface Analyzer 1.0 was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. The Analyzer has been released on GitHub, it […] | Tool | ||
 |
2019-05-16 11:11:05 | Microsoft Releases Attack Surface Analyzer 2.0 (lien direct) | Microsoft has rewritten its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies, the company announced this week. | Tool | ||
 |
2019-05-13 18:50:03 | US Government Unveils New North Korean Hacking Tool (lien direct) | It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public … The ISBuzz Post: This Post US Government Unveils New North Korean Hacking Tool | Malware Tool Medical | APT 38 | |
 |
2019-05-10 17:15:02 | The Week in Ransomware - May 10th 2019 - MegaCortex, Jokeroo, and More (lien direct) | This week the biggest news was the analysis of MegaCortex by Sophos. Then we had Dharma utilizing an ESET Remover tool as a distraction while the ransomware encrypted a victim's files. Finally, we had the Jokeroo RaaS pull an exit scam. [...] | Ransomware Tool | ||
|
2019-05-10 16:36:00 | Nigerian BEC Scammers Shifting to RATs As Tool of Choice (lien direct) | Scammers running business email compromise (BEC) fraud have grown in number, attack more often, and turn to remote access trojans as the preferred malware type to accompany their raids. [...] | Malware Tool | ||
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
 |
2019-05-10 10:41:04 | North Korea debuts new Electricfish malware in Hidden Cobra campaigns (lien direct) | The tool is used to forge covert pathways out of infected Windows PCs. | Malware Tool | APT 38 | |
|
2019-05-08 19:49:00 | Google\'s Web Packaging standard arises as a new tool for privacy enthusiasts (lien direct) | Web Packaging will let site owners create signed versions of their pages to distribute via alternative channels. | Tool | ||
 |
2019-05-08 12:01:03 | Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats (lien direct) | Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources. | Tool | ||
|
2019-05-08 10:16:01 | Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims (lien direct) | A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. [...] | Ransomware Tool | ||
|
2019-05-08 06:54:03 | Cisco addresses a critical flaw in Elastic Services Controller (lien direct) | Cisco released security updates to address a critical vulnerability in its virtualized function automation tool Elastic Services Controller (ESC). Cisco has released security updates to address a critical vulnerability affecting its virtualized function automation tool, Cisco Elastic Services Controller (ESC). The flaw could be exploited by a remote attacker could be exploited by an unauthenticated, […] | Tool Vulnerability | ||
 |
2019-05-07 13:52:02 | PowerCat -A PowerShell Netcat (lien direct) | The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines. Table of Content Requirement & Installations Testing PowerShell Communication Bind Shell Execute Shell Tunnelling or port forwarding... Continue reading → | Tool | ||
 |
2019-05-07 13:21:04 | Evil Clippy Makes Malicious Office Docs that Dodge Detection. (lien direct) | Security researchers brought to life and released a wicked variant of Clippy, the recently resurfaced assistant in Microsoft Office that we all loved so much to hate, that makes it more difficult to detect a malicious macro in documents. Dubbed Evil Clippy, the tool modifies Office documents at file format level to spew out malicious versions that […] | Tool | ||
 |
2019-05-07 11:56:04 | Cynet\'s Free Incident Response Tool - Stop Active Attacks With Greater Visibility (lien direct) | The saying that there are two types of organizations, those that have gotten breached and those who have but just don't know it yet, has never been more relevant, making the sound incident response a required capability in any organization's security stack.
To assist in this critical mission, Cynet is launching a free IR tool offering, applicable to both IR service providers in need of a |
Tool | ||
|
2019-05-07 11:15:00 | Buckeye APT group used Equation Group tools prior to ShadowBrokers leak (lien direct) | China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. China-linked APT group tracked as APT3 (aka Buckeye, APT3, UPS Team, Gothic Panda, and TG-0110) was using a tool attributed to the NSA-linked Equation Group more than one year prior […] | Tool | APT 3 | |
 |
2019-05-07 03:00:00 | How to get started using Ghidra, the free reverse engineering tool (lien direct) | The National Security Agency (NSA), the same agency that brought you blockbuster malware Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field. | Malware Tool | ||
 |
2019-05-06 11:00:00 | This Programming Tool Makes It Easier for Apps to Work Anywhere (lien direct) | WebAssembly was created by Mozilla to build applications for browsers, but it's increasingly finding a home in cloud computing centers. | Tool | ||
 |
2019-05-03 18:42:02 | How to create custom quick actions with Automator in macOS (lien direct) | Using the macOS Automator tool can simplify your mobile workflow. | Tool | ★★★★ | |
|
2019-04-29 16:49:01 | How to troubleshoot Apple mail connectivity issues with Connection Doctor (lien direct) | When you need to troubleshoot Apple Mail connectivity issues, the Connection Doctor tool will help you diagnose the problem. | Tool | ||
|
2019-04-29 16:44:00 | Botnet of Over 100K Devices Used to DDoS Electrum Servers (lien direct) | The malicious actors behind the DDoS attacks against Electrum Bitcoin wallet users have switched to a new malware loader for their botnet Trojan, after previously using the Smoke Loader tool and the RIG exploit kit. [...] | Malware Tool | ||
|
2019-04-27 12:55:02 | Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan (lien direct) | Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...] | Tool | ||
 |
2019-04-25 08:01:01 | Carbanak Week Four partie partie: le joueur vidéo de bureau de Carbanak CARBANAK Week Part Four: The CARBANAK Desktop Video Player (lien direct) |
La première partie , la deuxième partie et la troisième partie de la semaine de Carbanak sont derrière nous.Dans ce dernier article de blog, nous plongeons dans l'un des outils les plus intéressants qui fait partie de l'ensemble d'outils Carbanak.Les auteurs de Carbanak ont écrit leur propre joueur vidéo et nous avons rencontré une capture vidéo intéressante de Carbanak d'un opérateur de réseau préparant un engagement offensant.Pouvons-nous le rejouer?
sur le lecteur vidéo
La porte dérobée de Carbanak est capable d'enregistrer la vidéo du bureau de la victime.Les attaquants auraient Viches de bureau enregistrées du flux de travail opérationnel de
Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBANAK of a network operator preparing for an offensive engagement. Can we replay it? About the Video Player The CARBANAK backdoor is capable of recording video of the victim\'s desktop. Attackers reportedly viewed recorded desktop videos to gain an understanding of the operational workflow of |
Tool | ★★★ | |
|
2019-04-24 14:50:04 | MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks (lien direct) | Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe's GDPR, NYDFS's cybersecurity requirements or even California's newly minted Consumer Privacy Act. What does this mean for company decision makers, going forward, especially as digital transformation and expansion of the […] | Tool | ||
 |
2019-04-22 19:43:00 | Who\'s Behind the RevCode WebMonitor RAT? (lien direct) | The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. | Malware Tool Guideline | ||
|
2019-04-22 12:00:00 | Carbanak Week Première partie: un événement rare CARBANAK Week Part One: A Rare Occurrence (lien direct) |
Il est très inhabituel pour Flare d'analyser une porte dérobée en privé prolifique et développée pour que le code source et les outils d'opérateur tombent dans nos tours.Pourtant, c'est la circonstance extraordinaire qui ouvre la voie à Carbanak Week, une série de blogs en quatre parties qui commence par ce post.
Carbanak est l'une des délais les plus complets du monde.Il a été utilisé pour perpétrer des millions de dollars de délits financiers, en grande partie par le groupe que nous suivons comme |
Tool | ★★★ | |
 |
2019-04-19 22:21:04 | Checklist 134: Many Things, Revisited! (lien direct) | On this week's Checklist by SecureMac: Worried about your internet of things things? Princeton has a tool for that!, Worried about hotels and data security? You should be!, Apple's new steps against scammy subscriptions,and Facebook: amiright...? | Tool | ||
|
2019-04-16 08:17:00 | Adobe Flash security tool Flashmingo debuts in open source community (lien direct) | Flashmingo can be used to automatically search for Flash vulnerabilities and weaknesses. | Tool | ||
|
2019-04-16 06:13:04 | Command & Control: Ares (lien direct) | In this article, we will learn how to use Ares tool. This tool performs the Command and Control over the Web Interface. This tool can be found on GitHub. Table of Content: Introduction Installation Exploiting Target Command Execution Capturing Screenshot File Download Compressing Files Persistence Agent Clean Up Introduction Ares is a Python Remote Access... Continue reading → | Tool | ||
|
2019-04-14 18:40:03 | \'Land Lordz\' Service Powers Airbnb Scams (lien direct) | Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. | Tool | ||
|
2019-04-14 06:30:02 | Command & Control: WebSocket C2 (lien direct) | In this article, we will learn how to use WebSocket C2 tool. It is also known as WSC2. Table of Content: Introduction Installation Exploiting Target Command Execution File Download Introduction WSC2 is primarily a tool for post-exploitation. WSC2 uses the WebSocket and a browser process. This serves as a C2 communication channel between an agent,... Continue reading → | Tool | ||
|
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
 |
2019-04-11 13:00:00 | DNS cache poisoning part 2 (lien direct) |
My last blog on DNS cache poisoning only covered the superficial aspects of this long-standing issue. This installment aims to give a bit more technical detail, and expose some of the tactics used by the "bad-actors" looking to leverage a poisoned DNS cache against you and your network. In a worst-case scenario, the results of a poisoned DNS cache could lead to more than just a headache: civil liability, phishing, increased DNS overhead, and other kinds of nightmares are too easy to overlook with this type of 'attack'.
So, you may be wondering, "What exactly makes a DNS cache poisoning attack so dangerous, and what can we do to prevent it?" Well, as outlined in my first article, not answering DNS requests on the web is a great place to start. If you're only running an internal DNS infrastructure, your attack-surface is much lower. However, this comes with a caveat; "internal-only" DNS attacks are much harder to detect, and can often go weeks or months before even the keenest of sysops recognize them. This has to do with the fundamental structure of DNS. Let me explain.
Fundamental structure of DNS
In a typical DNS server (e.g. Windows DNS, or BIND) there is little mechanism (e.g. NONE) to provide any sanity checking. In its simplest form, a DNS query will look to its local database (the 'cache') first, upon finding no answer for the request it will then send a lookup request to its configured DNS server (the one you hopefully manage) and see if it can find an answer for the request.
If this lookup fails a 2nd time, there is a 'forwarder' configuration that kicks in, and the request goes to a list of pre-specified DNS hosts that your server will send the request to, looking for a resolution to the name. If this final 'forward' lookup fails, the final lookup happens out on the internet, on one of the 'Root' nameservers that share a distributed list of all the DNS hosts that make up the TCP/IPv4 internet. If this final lookup fails, the original requesting client is returned with a 'DNS Name not found' answer, and the name will not resolve. At any point during this journey, a "faked" response can be issued, and the initiator will accept it. No questions asked.
Problems with the model
This model is good when we can trust each one of the segments in the process. However, even during the early days of the web - there were some issues that became apparent with the way DNS works. For example, what if the root servers are unavailable? Unless your local DNS server has a record of ALL of the domains on the web, or one of your 'forwarders' does - the DNS name will not resolve. Even if it is a valid domain, DNS will simply not be able to lookup your host.
There was an "attack" on several of the root servers in the late 1990's. Several of the root servers were knocked offline, effectively taking down the internet for a large portion of the USA. It was during this outage that many network operators realized a large oversight of the DNS system, and a push was made to distribute control of these systems to a variety of trustworthy and capable internet entities. At the time of this attack, much of the internet name resolution duties fell to a single entity: Yahoo. A DDoS of Yahoo effectively killed the internet. Sure, we could still get to our desired hosts via IP, but e-mail, for example, was not as resilient. It was a great learning lesson for the web community at-large.
This was just a denial-of-service at the highest level of the infrastructure. What would happen if the localized database on every computer in your organization had different "answers" for DNS lookups? Instead of consistent |
Tool Guideline | Yahoo | |
|
2019-04-10 16:35:03 | Google DLP Makes It Easier to Safeguard Sensitive Data Troves (lien direct) | Google's Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible. | Tool | ||
 |
2019-04-10 15:18:02 | Exodus Android spyware discovered in Apple\'s iOS platform (lien direct) | Android version of Exodus malware finds its way to iOS devices Researchers at cybersecurity firm Lookout recently discovered an iOS version of a powerful mobile phone spyware tool that is aimed at targeting iPhone users. Last month, researchers from a non-profit security organization, 'Security Without Borders', had reported the discovery of several Android versions (nearly 25) […] | Malware Tool | ||
|
2019-04-10 13:44:05 | How Mozilla uses AI to manage Firefox bug reports (lien direct) | The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report. | Tool | ||
|
2019-04-10 09:12:00 | Yoroi Welcomes “Yomi: The Malware Hunter” (lien direct) | Yomi's malware engine implements a multi-analysis approach that is able to exploit both: static analysis and behavioral analysis, enjoy it” Nowadays malware represents a powerful tool for cyber attackers and cyber criminals all around the world, with over 856 million of distinct samples identified during the last year it is, with no doubt, one of […] | Malware Tool | ||
|
2019-04-08 14:15:02 | NSA Releases Reverse Engineering Tool\'s Source Code (lien direct) | The National Security Agency (NSA) has made the source code for its "Ghidra" reverse engineering tool available for everyone. | Tool | ||
|
2019-04-04 16:19:02 | Kage: Graphical User Interface for Metasploit (lien direct) | Kage is a GUI for Metasploit RCP servers. It is a good tool for beginners to understand the working of Metasploit as it generates payload and lets you interact with sessions. As this tool is on the process of developing, till now it only supports windows/meterpreter and android/meterpreter. For it to work, you should have... Continue reading → | Tool | ||
|
2019-04-03 19:02:00 | Canadian Authorities Raid RAT Developer (lien direct) | Canadian authorities last week raided a residence in connection with Orcus Technologies, the developer of Orcus RAT, a tool sold on underground markets for its remote access capabilities. | Tool | ||
|
2019-04-02 17:41:00 | dnscat2: Command and Control over the DNS (lien direct) | In this article, we learn DNS tunnelling through an amazing tool i.e. DNScat2 Table of Content : Introduction to DNS Introduction to DNScat Installation DNS tunnelling Conclusion Introduction to DNS The Domain Name System (DNS) associate's URLs with their IP address. With DNS, it’s conceivable to type words rather than a series of numbers into... Continue reading → | Tool | ||
|
2019-03-29 03:58:00 | Here\'s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack (lien direct) | EXCLUSIVE - While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.
Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search |
Malware Hack Tool | ||
|
2019-03-28 08:00:00 | Commando VM: la première distribution offensive Windows de son genre Commando VM: The First of Its Kind Windows Offensive Distribution (lien direct) |
Pour les testeurs de pénétration à la recherche d'une plate-forme de test Linux stable et prise en charge, l'industrie convient que Kali est la plate-forme incontournable.Cependant, si vous préférez utiliser Windows comme système d'exploitation, vous avez peut-être remarqué qu'une plate-forme digne n'existait pas.En tant que chercheurs en sécurité, chacun de nous a probablement passé des heures à personnaliser un environnement Windows au moins une fois et nous utilisons tous les mêmes outils, services publics et techniques pendant les engagements des clients.Par conséquent, le maintien d'un environnement personnalisé tout en conservant tous nos ensembles d'outils à jour peut être une corvée monotone pour tous
For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you\'d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn\'t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all |
Tool | ★★★ | |
|
2019-03-28 07:32:00 | ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer (lien direct) | ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. The Operation ShadowHammer took […] | Malware Tool Threat | ||
 |
2019-03-27 15:24:02 | (Déjà vu) Asus pushes out urgent security update after its own automatic Live Update tool was hacked (lien direct) |  Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus's own Live Update software tool.
Read more in my article on the Tripwire State of Security blog.
|
Malware Tool | ||
|
2019-03-27 15:03:04 | Fix released for ASUS live update tool. (lien direct) | ASUS released today a new version of the Live Update tool that contains fixes for vulnerabilities that were exploited by a nation-state group to deploy the ShadowHammer backdoor on up to one million Windows PCs. Source: ZDNet | Tool | ||
 |
2019-03-27 15:01:04 | ASUS pushes out urgent security update after attackers hacked its automatic Live Update tool (lien direct) | Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS’s own Live Update software tool. As Motherboard reported earlier this week, researchers at Kaspersky discovered […]… Read More | Malware Tool | ||
|
2019-03-26 14:37:00 | ASUS releases fix for Live Update tool abused in ShadowHammer attack (lien direct) | ASUS releases Live Update 3.6.8. Also says that "a very small" number of users were impacted. | Tool | ||
|
2019-03-26 06:13:02 | Microsoft experts found high severity flaws in Huawei PCManager (lien direct) | Microsoft experts discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. Microsoft researchers discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei, both flaws were classified as “high severity.” The experts discovered the flaws because the kernel sensors in Microsoft Defender Advanced Threat Protection (ATP) detected an […] | Tool Threat | ||
|
2019-03-25 22:56:00 | Windows logo keyboard shortcuts: The complete list (lien direct) | The Windows logo key, which is common on most keyboards these days, can be a powerful tool if you know the right shortcuts. Here's an updated list to speed your work. | Tool | ★★★ |
To see everything:
