What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-13 17:13:23 | How to install Filerun file share and sync on AlmaLinux (lien direct) | Filerun can help you store and manage files, photos, movies and more. Here's how to install this great tool for any business (or home) that even includes a built-in versioning system. Jack Wallen will show you. | Tool | ||
 |
2022-04-13 15:30:00 | Inconstruire: les nouveaux outils de cyberattaques parrainés par l'État ciblent plusieurs systèmes de contrôle industriel INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (lien direct) |
Au début de 2022, Mandiant, en partenariat avec Schneider Electric, a analysé un ensemble de nouveaux outils d'attaque orientés vers le système de contrôle industriel (ICS) - que nous appelons Inconstroller (aka PipeDream) - construit aux dispositifs d'automatisation des machines cibles.Les outils peuvent interagir avec des équipements industriels spécifiques intégrés dans différents types de machines exploitées dans plusieurs industries.Bien que le ciblage de tout environnement opérationnel utilisant cet ensemble d'outils ne soit pas clair, le malware pose un risque critique pour les organisations tirant parti de l'équipement ciblé.Inconstroller est très probablement parrainé par l'État et contient
In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. INCONTROLLER is very likely state sponsored and contains |
Malware Tool Industrial | ★★★★ | |
 |
2022-04-13 12:35:03 | How to SLSA Part 2 - The Details (lien direct) | Posted by Tom Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we'll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribution and trust.Attestation storageAttestations play a large role in SLSA and it's essential that consumers of artifacts know where to find the attestations for those artifacts.Co-located in repoAttestations could be colocated in the repository that hosts the artifact. This is how Squirrel plans to store attestations for packages. They even want to add support to the Squirrel CLI (e.g. acorn get-attestations foo@1.2.3).Acme really likes this approach because the attestations are always available and it doesn't introduce any new dependencies.RekorMeanwhile, Oppy plans to store attestations in Rekor. They like being able to direct users to an existing public instance while not having to maintain any new infrastructure themselves, and the in-depth defense the transparency log provides against tampering with the attestations.Though the latency of querying attestations from Rekor is likely too high for doing verification at time of use, Oppy isn't too concerned since they expect users to query Rekor at install time.HybridA hybrid model is also available where the publisher stores the attestations in Rekor as well as co-located with the artifact in the repo-along with Rekor's inclusion proof. This provides confidence the data was added to Rekor while providing the benefits of co-locating attestations in the repository.Policy content'Policy' refers to the rules used to determine if an artifact should be allowed for a use case.Policies often use the package name as a proxy for determining the use case. An example being, if you want to find the policy to apply you could look up the policy using the package name of the artifact you're evaluating.Policy specifics may vary based on ease of use, availability of data, risk tolerance and more. Full verification needs more from policies than delegated verification does.Default policyDefault policies allow admission decisions without the need to create specific policies for each package. A default policy is a way of saying “anything that doesn't have a more specific policy must comply with this policy”.Squirrel plans to eventually implement a default policy of “any package without a more specific policy will be accepted as long as it meets SLSA 3”, but they recognize that most packages don't support this yet. Until they achieve critical mass they'll have a default SLSA 0 policy (all artifacts are accepted).While Oppy is leaving verification to their users, they'll suggest a default policy of “any package built by 'https://oppy.example/slsa/builder/v1'”.Specific policySquirrel also plans to allow users to create policies for specific packages. For example, this policy requires that package 'foo' must have been built by GitHub Actions, from github.com/foo/acorn-foo, and be SLSA 4. | Tool | ||
 |
2022-04-12 19:06:00 | Anomali Cyber Watch: Zyxel Patches Critical Firewall Bypass Vulnerability, Spring4Shell (CVE-2022-22965), The Caddywiper Malware Attacking Ukraine and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Caddywiper, Colibri Loader, Gamaredon, SaintBear, SolarMaker and Spring4Shell. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New SolarMaker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
(published: April 8, 2022)
Palo Alto Researchers have released their technical analysis of a new version of SolarMaker malware. Prevalent since September 2020, SolarMaker’s initial infection vector is SEO poisoning; creating malicious websites with popular keywords to increase their ranking in search engines. Once clicked on, an encrypted Powershell script is automatically downloaded. When executed, the malware is installed. SolarMaker’s main functionality is the theft of web browser information such as stored passwords, auto-fill data, and saved credit card information. All the data is sent back to an encoded C2 server encrypted with AES. New features discovered by this technical analysis include increased dropper file size, droppers are always signed with legitimate certificates, a switch back to executables instead of MSI files. Furthermore, the backdoor is now loaded into the dropper process instead of the Powershell process upon first time execution.
Analyst Comment: Never click on suspicious links, always inspect the url for any anomalies. Untrusted executables should never be executed, nor privileges assigned to them. Monitor network traffic to assist in the discovery of non standard outbound connections which may indicate c2 activity.
MITRE ATT&CK: [MITRE ATT&CK] Data Obfuscation - T1001 | [MITRE ATT&CK] Encrypted Channel - T1573 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: SolarMaker, Jupyter, Powershell, AES, C2, SEO poisoning
Google is on Guard: Sharks shall not Pass!
(published: April 7, 2022)
Check Point researchers have discovered a series of malicious apps on the Google Play store that infect users with the info stealer Sharkbot whilst masquerading as AV products. The primary functionality of Sharkbot is to steal user credentials and banking details which the user is asked to provide upon launching the app. Furthermore, Sharkbot asks the user to permit it a wide array of permissions that grant the malware a variety of functions such as reading and sending SMS messages and uninstalling other applications. Additionally, the malware is able to evade detection through various techniques. Sharkbot is geofenced, therefore it will stop functioning if it detects the user is from Belarus, China, India, Romania, Russia or Ukraine. Interestingly for Android malware, Sharkbot also utilizes domain generation algorithm (DGA). This allows the malware to dynamically generate C2 domains to help the malware function after a period of time even i |
Malware Tool Vulnerability Threat Patching | APT-C-23 | |
 |
2022-04-12 16:35:29 | OpenSSH Moves to Prevent \'Capture Now, Decrypt Later\' Attacks (lien direct) | OpenSSH has joined the high-stakes fight to protect data from quantum computers. The latest version of the widely used encryption and connectivity tool has been fitted with new features to prevent "capture now, decrypt later" attacks linked to advancements in quantum computing. | Tool | ||
|
2022-04-11 18:03:43 | How to list Linux services with systemctl for easier troubleshooting (lien direct) | If you serve as an admin over Linux systems, one tool that you'll fall back on daily is systemctl. Jack Wallen shows you how easy it is to list services with this command. | Tool | ||
|
2022-04-11 17:58:36 | How to repair a Microsoft Outlook PST or OST file with the Inbox Repair tool (lien direct) | Microsoft's Inbox Repair tool can solve certain problems with your Outlook file. Find out how you can fix issues that may arise from a corrupt personal folder file. | Tool | ||
|
2022-04-11 17:26:45 | How to convert all your Snap packages to Flatpak on Ubuntu with Unsnap (lien direct) | For anyone who wants to dump Snap in favor of Flatpak, a new tool has surfaced to make this process simple. Let Jack Wallen introduce you to Unsnap. | Tool | ||
 |
2022-04-11 10:28:22 | Malware Evasion - Detecting Security and Forensic Tools (lien direct) |
This is the third post in our evasion techniques blog series. Feel free to view the other posts which discussed Sandbox Evasion and Living Off the Land techniques. |
Tool | ||
|
2022-04-11 10:11:53 | Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang (lien direct) | Conti ransomware gang claimed responsibility for cyberattack on Wisconsin-based tool maker | Ransomware Tool | ||
 |
2022-04-11 10:01:39 | Fraudsters stole £58m with RATs in 2021 (lien direct) | 2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […] | Tool | ★★★ | |
 |
2022-04-09 16:57:55 | A Detailed Guide on Responder (LLMNR Poisoning) (lien direct) | Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The | Tool | ||
|
2022-04-08 22:56:18 | Asana vs ClickUp: Project management software comparison (lien direct) | Selecting the best project management tool can be challenging, especially with so many options available. Check out this guide to learn the differences between Asana and ClickUp. | Tool | ||
|
2022-04-08 13:05:39 | Stitch vs Fivetran: ETL tool comparison (lien direct) | Read this feature comparison of popular ETL software solutions Stitch and Fivetran. Automation, compliance, and more features are explored. | Tool | ||
 |
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-08 05:15:24 | Alteryx vs Tableau: BI tool comparison (lien direct) | Find out how the business intelligence tools Atleryx and Tableau compare when it comes to features. | Tool | ||
|
2022-04-07 17:50:31 | A Detailed Guide on Cewl (lien direct) | Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. | Tool | ||
|
2022-04-07 15:32:38 | Domo vs Tableau: BI tool comparison (lien direct) | Choosing the best data analysis tool means comparing features to determine how well each product suit your needs. Learn which features you should consider when deciding between Domo and Tableau. | Tool | ||
|
2022-04-07 12:09:29 | BlackCat Ransomware Targets Industrial Companies (lien direct) | A data theft tool used by the ransomware group tracked as BlackCat, ALPHV and Noberus suggests that the cybercriminals are increasingly interested in targeting industrial organizations. | Ransomware Tool | ||
|
2022-04-05 21:59:46 | BigQuery vs Snowflake: Which ETL tool is best? (lien direct) | ETL tools can help you gain more actionable insights from your data sets across multiple sources. Read this comparison of popular solutions BigQuery and Snowflake for your data processing needs. | Tool | ||
|
2022-04-05 18:17:00 | Anomali Cyber Watch: AcidRain Wiped Viasat Modems, BlackMatter Rewritten into BlackCat Ransomware, SaintBear Goes with Go, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Information stealers, Phishing, Russia, Ukraine, Vulnerabilities, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
AcidRain | A Modem Wiper Rains Down on Europe
(published: March 31, 2022)
On February 24, 2022, Viasat KA-SAT modems became inoperable in Ukraine after threat actors exploited a misconfigured VPN appliance, compromised KA-SAT network, and were able to execute management commands on a large number of residential modems simultaneously. SentinelOne researchers discovered that a specific Linux wiper, dubbed AcidRain, likely used in that attack as it shows the same targeting and the same overwriting method that was seen in a Viasat’s Surfbeam2 modem targeted in the attack. AcidRain shows code similarities with VPNFilter stage 3 wiping plugin called dstr, but AcidRain’s code appears to be sloppier, so the connection between the two is still under investigation.
Analyst Comment: Internet service providers are heavily targeted due to their trust relationships with their customers and they should harden their configurations and access policies. Devices targeted by AcidRain can be brought back to service through flash memory/factory reset. Organizations exposed to Russia-Ukrainian military conflict should plan for backup options in case of a wiper attack.
MITRE ATT&CK: [MITRE ATT&CK] Data Destruction - T1485 | [MITRE ATT&CK] System Shutdown/Reboot - T1529 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Supply Chain Compromise - T1195
Tags: AcidRain, Viasat KA-SAT, Russia, Ukraine, Germany, target-country:UA, target-country:DE, Wiper, Modem, Supply-chain compromise, VPN appliance, VPNFilter
BlackCat Ransomware
(published: March 31, 2022)
BlackCat (ALPHV) ransomware-as-a-service surfaced on Russian-speaking underground forums in late 2021. The BlackCat ransomware is perhaps the first ransomware written entirely in Rust, and is capable of targeting both Windows and Linux machines. It targeted multiple industries in the US, Europe, the Philippines, and other regions, and Polyswarm researchers expect it to expand its operations. It is attributed to the BlackMatter/DarkSide ransomware threat group. BlackCat used some known BlackMatter infrastructure and shared the same techniques: reverse SSH tunnels and scheduled tasks for persistence, LSASS for credential access, lmpacket, RDP, and psexec for command and control.
Analyst Comment: It is crucial for your company to ensure that servers are always running the most current software version. Your company should have policies in place in regards to the proper configurations needed for your servers in order to conduct your business needs safely. Additionally, always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). Furthermore, a business continuity plan should be in place in the case of a |
Ransomware Malware Tool Vulnerability Threat Guideline | VPNFilter VPNFilter | |
 |
2022-04-05 17:31:41 | Infosec control attributes paper completed (lien direct) |  Yesterday, I completed and published the white paper on information security control attributes. Today I drafted a set of comments on ISO/IEC JTC 1/SC 27's proposed Preliminary Work Item for ISO/IEC 27028, using content from the white paper to build a 'donor document' with fairly minor changes in accordance with ISO's rquired structure and format. It includes the following summary: "This document extends the concept of 'control attributes' introduced in ISO/IEC 27002:2022, discussing a wider variety of factors potentially worth bearing in mind when considering, selecting, designing, using and reviewing information security controls. Control attributes are a powerful and flexible tool for information security management purposes, a novel way to design, manage and improve an organisation's approach to mitigating unacceptable information risks, supplementing more traditional or conventional methods. The document includes pragmatic suggestions on how to make use of control attributes in the business context, with a worked example illustrating the approach." Once the comments are submitted, we must wait patiently to see how much of it (if any!) makes it through to the Working Draft, blended with inputs and comments from other committee members. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.Meanwhile, I'm actively looking for opportunities for clients to start using control attributes as an integral part of their ISO27k information risk and security management activities - designing better, more relevant and meaningful security metrics for instance. If that or any other ideas in the paper catch your imagination, please comment below or email me (Gary@isect.com). I see a lot of potential business value in control attributes: how about you? |
Tool | ||
 |
2022-04-05 10:50:32 | GitHub now scans for secret leaks in developer workflows (lien direct) | The new tool aims to protect developers against API and token exposure. | Tool | ||
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-04 22:42:16 | Azure Synapse vs Snowflake: ETL tool comparison (lien direct) | Azure Synapse and Snowflake are both good ETL platforms, so how do you choose between them? See how their features stack up and which one is more suitable for your use cases. | Tool | ||
|
2022-04-04 15:46:16 | Easily manage your Google activity with this handy tool (lien direct) | Try this very useful tool to manage all your activity on Google and increase your privacy. Jack Wallen shows you how. | Tool | ||
 |
2022-04-04 00:00:00 | MITRE Engenuity ATT&CK Tests (lien direct) | Trend Micro Vision One achieved a protection score of 100% in this year's evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
|
Tool | ||
 |
2022-04-01 23:15:08 | CVE-2019-14839 (lien direct) | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | Tool | ||
|
2022-03-31 19:08:37 | Qlik vs Tableau: BI tool comparison (lien direct) | Qlik Sense and Tableau are business intelligence tools that have a lot to offer. See the BI tools' features compare. | Tool | ||
|
2022-03-31 18:36:01 | Looker vs Tableau: BI tool comparison (lien direct) | Choosing the right BI tool for your needs requires thorough consideration of features and capabilities. See which of these two top-notch solutions, Looker and Tableau, might be a good fit for your organization. | Tool | ||
|
2022-03-31 17:09:23 | Asana vs Monday: Project management software comparison (lien direct) | Building tasks and projects in a project management software tool doesn't have to be difficult. Asana and monday.com are easy-to-use platforms with robust PM features. Compare them now. | Tool | ||
|
2022-03-31 10:00:00 | The Need to Share (lien direct) | The Benefits of Sharing Threat Intelligence Inside and Outside Your Organization Welcome to this week’s blog. I hope you’re enjoying this series and what you’ve read so far if you’ve been following along. If you’re new, welcome as I dive deeper into the Top 10 Cybersecurity Challenges enterprise organizations face, as found in our recently released Cybersecurity Insights Report 2022: The State of Cyber Resilience. Coming in at number seven on our Top 10 List of the Challenges Cybersecurity Professionals Face is "Lack of ability to share threat intelligence cross-functionally." In an August blog, I wrote about President Biden’s Executive Order that sought to ensure that IT service providers share threat information about incidents with the federal government and collect and preserve data that could aid threat detection, investigation, and response. My comment was that before we share information as an industry, organizations need to break down their silos to share threat intelligence internally. It was not surprising to see this surface as one of the Top 10 Challenges organizations face. (I know, a clock is right twice a day, too, I’m taking the win here. Even if no one else is reading, I enjoy writing these.) Digital transformation has quickly expanded attack surfaces. Now more than ever, global organizations must balance a rapidly evolving cybersecurity threat landscape against business requirements. Threat information sharing is critical for security teams and organizations to protect themselves from cyber-attacks. The problem with sharing threat intelligence is that most organizations don’t know where to start. Enter Cyber Fusion Thirty years ago, military intelligence organizations developed the concept of cyber fusion, which combines HUMINT (human Intelligence) with COMINT (computer intelligence). They used the idea to collaborate with different intelligence communities and gain an in-depth understanding of the threat landscape. Cyber fusion is becoming increasingly popular in the cybersecurity industry, with organizations creating cyber fusion centers or using technologies like threat intelligence management or XDR (extended detection and response) solutions to eliminate silos, enhance threat visibility, and increase cyber resilience and collaboration between security teams. Cyber fusion offers a unified approach to cybersecurity by combining the intelligence from different teams into one cohesive picture. It also helps to integrate contextualized strategic, tactical, and operational threat intelligence for immediate threat prediction, detection, and analysis. How to Start Sharing Threat Intelligence Internally Cyber fusion takes a proactive approach to cybersecurity that helps organizations break down barriers and open communications across their entire organization to help them identify and address cyber risks before they become an issue. A cyber fusion approach helps foster collaboration among different departments within the company to focus on areas that ensure protection against relevant threats. By getting more people involved in keeping up with security issues and cyber incidents, organizations can ensure their investments and resources focus right where they need to be. Click on the image below to download our new ebook to learn more about how you can utilize cyber fusion to help break down silos within your organization. | Tool Threat Guideline | ||
|
2022-03-30 19:19:10 | How to benchmark a website with the Siege command-line tool (lien direct) | Need to stress-test your websites to see how well they're performing? Jack Wallen shows you how with the command-line Siege tool. | Tool | ||
|
2022-03-30 17:15:10 | CVE-2021-44310 (lien direct) | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | Tool | ||
|
2022-03-30 17:15:10 | CVE-2021-44312 (lien direct) | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. | Tool | ||
|
2022-03-30 15:15:08 | CVE-2022-25619 (lien direct) | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | Tool Vulnerability | ||
|
2022-03-30 15:08:45 | How to install the Matomo web analytics platform on Ubuntu Server 20.04 (lien direct) | Website analysis is an important aspect of administration. If your company needs to track such data, there's an open-source tool for that very purpose. Jack Wallen shows you how to deploy Matomo. | Tool | ||
|
2022-03-30 09:40:44 | This new ransomware targets data visualization tool Jupyter Notebook (lien direct) | Misconfigured environments are the entry point for the ransomware strain. | Ransomware Tool | ||
|
2022-03-29 18:14:00 | Anomali Cyber Watch: North Korean APTs Used Chrome Zero-Day, Russian Energy Sector SCADA Targeting Unsealed, Lapsus$ Breached Microsoft - Finally Arrested, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Drive-by, ICS, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hive Ransomware Ports Its Linux VMware ESXi Encryptor to Rust
(published: March 27, 2022)
The Hive ransomware operators actively copy features first introduced in the BlackCat/ALPHV ransomware to make their ransomware samples more efficient and harder to reverse engineer. They have converted all their builds (targeting Windows, Linux, VMware ESXi) from Golang to the Rust programming language. They also moved from storing the victim's Tor negotiation page credentials in the encryptor executable to requiring the attacker to supply the user name and login password as a command-line argument when launching the malware.
Analyst Comment: Ransomware is an evolving threat, and the most fundamental defense is having proper backup processes in place. Follow the 1-2-3 rule: 3 copies, 2 devices, and 1 stored in a secure location. Data loss is manageable as long as regular backups are maintained.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140
Tags: Hive, Ransomware, BlackCat, VMware ESXi, Rust, Tor
US Says Kaspersky Poses Unacceptable Risk to National Security
(updated: March 25, 2022)
On March 25, 2022, the US Federal Communications Commission (FCC) added three new entities to its Covered List: China Mobile International USA Inc., China Telecom (Americas) Corp, and AO Kaspersky Labs. The action is aimed to secure US networks from threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests. Previously the FCC Covered List had five Chinese entities added in March 2021 including Huawei and ZTE. Kaspersky denied the allegations and stressed that the company “will continue to assure its partners and customers on the quality and integrity of its products, and remains ready to cooperate.” Earlier the same day, HackerOne blocked Kaspersky from its bug bounty program.
Analyst Comment: It seems that the FCC decision does not directly affect private parties using Kaspersky antivirus and other security products. There is no public data showing directly that Kaspersky is currently involved in cyberespionage or some malware distribution activity, but such suspicions were raised in previous years. Direct connections of Kaspersky to Russia and its own Federal Security Services (FSB) makes it both a potential security risk and a reputation risk as the military conflict in Ukraine leads to new sanctions and increased cyber activity.
Tags: Russia, USA, China, Ukraine, Kaspersky, FCC, FSB, Huawei, ZTE, China Mobile, China Telecom
|
Ransomware Malware Tool Vulnerability Threat Guideline | ★★★★★ | |
|
2022-03-25 20:44:17 | Zoho Analytics vs. Qlik Sense: BI tool comparison (lien direct) | Business intelligence tools are vital to organizations seeking information to make sound decisions. This comparison of BI platforms Zoho Analytics and Qlik Sense will help you determine if either is the best choice for you. | Tool | ★★★ | |
|
2022-03-25 19:15:10 | CVE-2022-1049 (lien direct) | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | Tool | ||
|
2022-03-25 18:15:22 | CVE-2022-24778 (lien direct) | The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user. | Tool | ||
|
2022-03-25 17:23:38 | SaaS startup aims to eliminate digital friction in remote transactions and reduce tool overload (lien direct) | Reach combines video chat, document collaboration and e-signature into one platform with no download required. | Tool | ||
|
2022-03-25 16:54:44 | LogRhythm vs. SolarWinds: SIEM tool comparison (lien direct) | In a world of escalating security threats, organizations need a solid platform to defend their critical assets. As you weigh your options, consider the features that LogRhythm and SolarWinds offer. | Tool | ||
|
2022-03-25 13:06:32 | How to use the Google Meet quality tool to solve conferencing problems (lien direct) | With the Meet quality tool, a Google Workspace administrator may help people in the organization troubleshoot conferencing challenges. | Tool | ||
|
2022-03-25 03:08:04 | IBM QRadar vs. LogRhythm: SIEM tool comparison (lien direct) | Organizations rely on security information and event management tools to detect, analyze and respond to security threats. Compare the features offered by two top SIEM platforms: IBM QRadar and LogRhythm. | Tool | ||
|
2022-03-24 22:25:58 | Focalboard is a kanban tool that anyone can use for better task management (lien direct) | If you're looking for a kanban board that's simple to install and use to help you get control over your mounting tasks, Jack Wallen believes Focalboard might be just the ticket. | Tool | ||
|
2022-03-24 17:57:19 | SolarWinds vs. Splunk: SIEM tool comparison (lien direct) | SIEM tools help IT pros get ahead of potential threats with features for monitoring, detecting, analyzing and responding to attacks. See what SolarWinds and Splunk have to offer your security team. | Tool | ||
|
2022-03-24 17:48:08 | Tableau vs. Databox: BI tool comparison (lien direct) | Organizations are turning data into actionable insights thanks to business intelligence platforms, but it's critical to select the right BI platform for the job. See how Tableau vs. Databox compare. | Tool | ||
|
2022-03-24 17:10:08 | Exabeam vs. Splunk: SIEM tool comparison (lien direct) | Security information and event management software has become increasingly essential for any modern business. See the similarities and differences of two top offerings: Exabeam and Splunk. | Tool |
To see everything:
Our RSS (filtrered)
