What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-01 17:00:00 | Microsoft Spots Updated Cryptomining Malware Tool Targeting Linux Systems (lien direct) | The malware also reportedly features self-propagating capabilities | Malware Tool | ||
 |
2022-07-01 05:27:57 | Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct) | MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack... | Malware Tool | ||
 |
2022-07-01 02:03:44 | New \'SessionManager\' Backdoor Targeting Microsoft IIS Servers in the Wild (lien direct) | A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after | Malware Tool | ||
 |
2022-06-30 20:45:20 | USB installer tool removes Windows 11\'s Microsoft account requirements (and more) (lien direct) | Tool can also patch out the CPU, TPM, and Secure Boot install requirements. | Tool | ||
 |
2022-06-30 19:16:29 | How traditional security tools fail to protect companies against ransomware (lien direct) | >Most organizations surveyed by Titaniam have existing security prevention and backup tools, but almost 40% have still been hit by ransomware attacks in the last year. | Ransomware Tool | ||
 |
2022-06-30 16:57:48 | Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion (lien direct) | Titaniam's 'State of Data Exfiltration & Extortion Report' also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands. | Ransomware Tool | ||
 |
2022-06-30 16:00:08 | Google battles bots, puts Workspace admins on alert (lien direct) | No security alert fatigue here Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.… | Tool | ||
|
2022-06-30 15:17:15 | Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) | An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. | Tool Vulnerability | ||
 |
2022-06-30 12:33:39 | Augment your Windows and EDR telemetry with Sysmon (lien direct) | >by Bhabesh Raj Rai, Security ResearchSysmon (System Monitor) is one of the popular tools from Sysinternals for monitoring and logging system activity to the Windows event logs.Of course, you can say Windows already has its native event logs, so why bother? And, we already have an endpoint detection and response (EDR) solution installed on our [...] | Tool | ||
 |
2022-06-30 10:00:00 | Dealing with the Cybersecurity Challenges of Digital Transformation (lien direct) | We’re back after a little hiatus with this week’s blog in the series in which I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience. Coming in at number two on our list: Dealing with the speed and complexity of digital transformation. During the COVID-19 crisis, digital transformation became even more critical. To describe digital transformation in economic terms means integrating digital technologies into every aspect of a business, resulting in fundamental changes to how companies operate and provide value to their customers. Technology has changed from supporting business processes to becoming integral to a company’s customer value proposition. A study by McKinsey found that companies accelerated their digital transformation efforts by three to seven years within just months, fearing that they would lose their competitive advantage and be left behind by competitors already ahead. Organizations need to rethink what they mean when saying “digital transformation.” It’s not just about making your website responsive, adding digital capabilities, or creating a mobile app for your business. It’s about changing your mindset when thinking about your customers, empowering your staff, and powering business. And ensuring your security program can adapt to that mindset to ensure the security of your enterprise. Digital Transformation Increases Cyber Risk Security teams continue to face unique challenges daily. Their organization’s digital transformation initiatives continue to increase the complexity, expanding their attack surface with a distributed infrastructure. Because of this, cybersecurity postures should be updated and adjusted to support transformation goals to defend against this new level of complexity. In addition to the ever-changing threat landscape, security teams face more concerns due to a more distributed workforce. They also need to evaluate the risks associated with a growing number of connected devices and the disappearing perimeter. The increased adoption of cloud infrastructures also poses unique challenges to organizations, forcing them to transform their security posture to protect against cloud infrastructure vulnerabilities. Securing a Remote Work Force Remote work is here to stay and will only increase. Global Workplace Analytics calculates that 22% of the workforce (i.e., 36.2 million Americans) will work remotely by 2025. The significant uptick in remote work setups and digital business is pushing organizations to apply for secure access no matter where their users, applications, or devices are located. To provide the level of security necessary to protect the variety of new systems implemented, many enterprises are shifting to more cloud-friendly and behavior-based security approaches. New Challenges and Security Vulnerabilities As mentioned above, studies show that a large portion of those working from home will likely stay that way for the long term. Corporate leaders attempting to coax employees back to the office have broadly accepted the inevitability of the hybrid work model. To ensure their defensive measures remain in place and to maintain business as usual safely, it’s critical for IT teams to develop strategic plans to safeguard employees, facilities, data, | Tool Threat Studies Guideline | ||
 |
2022-06-29 18:35:27 | Falcon OverWatch Elite in Action: Tailored Threat Hunting Services Provide Individualized Care and Support (lien direct) | The threat presented by today's adversaries is as pervasive as it is dangerous - eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals. While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and […] | Tool Threat | ||
|
2022-06-29 17:00:00 | Cybersecurity Researchers Launch New Malware Hunting Tool YARAify (lien direct) | The defensive tool is designed to scan suspicious files against a large repository of YARA rules | Malware Tool | ||
 |
2022-06-29 16:24:35 | Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (lien direct) | Avast, a global leader in digital security and privacy, has discovered an online community of minors constructing, exchanging and spreading malware, including ransomware and a mix of information stealers and cryptominers. The group lures young users by advertising access to different malware builders and tool kits that allow laypeople to construct malware easily. In some cases, people […] | Ransomware Malware Tool Guideline | ||
|
2022-06-29 15:16:14 | What are the top cross-platform app development frameworks in 2022? (lien direct) | >With so many cross-platform app development frameworks available, it can be overwhelming to find the best fit for you. We've compiled a list of five tools you can use within your organization. | Tool | ||
 |
2022-06-29 10:47:40 | (Déjà vu) Evilnum Hackers Return With New Activity Targeting International Migration Campaigns (lien direct) | The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Evilnum is an advanced persistent threat (APT) that has been active since at least 2019 and had its campaign and tools exposed in 2020. In 2020, ESET published a technical report […] | Tool Threat | ||
|
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
 |
2022-06-28 19:15:09 | CVE-2022-31108 (lien direct) | Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. | Tool Guideline | ||
|
2022-06-28 19:11:00 | Anomali Cyber Watch: API Hammering Confuses Sandboxes, Pirate Panda Wrote in Nim, Magecart Obfuscates Variable Names, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: API hammering, APT, China, Phishing, Ransomware, Russia, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed
(published: June 24, 2022)
ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection.
Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562
Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware
There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families
(published: June 24, 2022)
Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes.
Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network.
MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: malware:BazarLoad |
Ransomware Spam Malware Tool Vulnerability Threat | APT 28 APT 23 | |
|
2022-06-28 15:00:00 | Android Spyware \'Revive\' Upgraded to Banking Trojan (lien direct) | Dubbed 'Revive' because of its ability to automatically restart in case it stops working, the tool seems to be designed for persistent campaigns. | Tool | ||
|
2022-06-28 14:25:40 | How to use monday work management for project management (lien direct) | >Jack Wallen shows you how to set up monday work management as your next project management tool to keep your teams working efficiently and effectively. | Tool | ||
|
2022-06-28 13:19:02 | Best agile project management software for 2022 (lien direct) | >With so many agile project management tools available, it can be overwhelming to find the best fit for you. We've compiled a list of ten tools you can use to take advantage of agile within your organization. | Tool | ||
|
2022-06-27 20:15:08 | CVE-2022-31036 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. | Tool Vulnerability | Uber | |
|
2022-06-27 19:15:08 | CVE-2022-31034 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | Tool Vulnerability | Uber | |
|
2022-06-27 19:15:08 | CVE-2022-31035 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | Tool Vulnerability | Uber | |
 |
2022-06-27 06:00:12 | Hackers: The third pillar of security (lien direct) | >Every business knows that to maintain security, you need the primary pillar: the right employees. Some businesses know that these employees also need the second pillar: the right tools such as Acunetix and Invicti. However, still, not enough businesses know how to deal with hackers... Read more | Tool | ★★★★ | |
|
2022-06-27 02:21:46 | Italy Data Protection Authority Warns Websites Against Use of Google Analytics (lien direct) | Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that | Tool | ||
 |
2022-06-25 09:50:40 | Malicious Code Passed to PowerShell via the Clipboard, (Sat, Jun 25th) (lien direct) | Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting. The script has a VT score of 16/54 ( )[1]. The script uses the Windows command-line tool "clip.exe" which is often unknown to people: | Tool | ||
 |
2022-06-24 16:21:38 | Microsoft will start banning players from all private Minecraft servers (lien direct) | New moderation tools will let players be permanently "banned from online play." | Tool | ||
 |
2022-06-24 15:00:00 | What is iOS Hermit spyware? (lien direct) | >iOS Hermit spyware is a commercial-grade surveillance tool derived from a known Android surveillance tool. Learn more + how to stay safe. | Tool Cloud | APT 37 | |
 |
2022-06-24 13:00:47 | Instagram\'s new age verification tool – Week in security with Tony Anscombe (lien direct) | >As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet? | Tool | ||
 |
2022-06-24 08:41:34 | Apple And Android Phones Hacked By Italian Spyware, Confirms Google (lien direct) | >Alphabet’s Google Inc. on Thursday confirmed in a report that hacking tools from an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan citing that the commercial spyware industry is thriving and growing at a significant rate. According to the report, the spy tools were developed by Milan-based RCS […] | Tool | ||
 |
2022-06-24 04:00:00 | Assessment and knowledge: Your key tools to secure suppliers (lien direct) | Pas de details / No more details | Tool | ||
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
 |
2022-06-23 20:31:01 | Apple, Android Phones Targeted by Italian Spyware: Google (lien direct) | An Italy-based firm's hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a "flourishing" spyware industry. | Tool | ||
 |
2022-06-23 18:40:55 | Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor (lien direct) | >China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] | Malware Tool | APT 23 | |
 |
2022-06-23 17:31:50 | Musings of a Former State CTO Part 3: The Cybersecurity Evolution (lien direct) | Claire Bailey had a front-row seat to the evolution of cybersecurity. Since the 1980s, when she started in the field, security challenges have grown in number and complexity. She learned that the best strategy for mitigating software vulnerabilities and strengthening cybersecurity has come to be summarized in two little words. “Shift left,” Claire says. “Shifting left” is the concept of taking a security task that traditionally occurs in the later stages of the software development process and performing it earlier. This concept is particularly timely given the fact sheet released by the Biden Administration which warns against the likely rise of potential cyberattacks. It recommends building application security into products from the ground up and using modern tools to consistently monitor for potential vulnerabilities. To that end, Claire recommends that CIOs and CTOs look toward the adoption of agile workforces and development processes, converging steps into smaller bites that… | Tool | ||
|
2022-06-23 17:15:14 | CVE-2022-33127 (lien direct) | The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | Tool | ||
|
2022-06-23 14:27:35 | Security Orchestration: Beware of the Hidden Financial Costs (lien direct) | Among the many improvements in cybersecurity technology and tools we've seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) solutions broadened to include automation and orchestration capabilities to accelerate threat detection and response. | Tool Threat | ★★★★★ | |
|
2022-06-23 12:00:00 | Anomali Launches Differentiated Cloud-Native XDR SaaS Solution with Support from AWS SaaS Factory (lien direct) | Click here for more information on AWS Partner Network blog. By Ranjith Raman, Sr. Partner Solutions Architect – AWS By Oded Rosenmann, Global Practice Lead, SaaS Partners – AWS Organizations are increasingly looking for new ways to defend themselves against cyber threats, fraud, and ransomware attacks. Many enterprises and government agencies turn to cyber security solutions that provide efficient and effective detection and response capabilities to proactively prevent attackers from breaching their networks and applications. To help organizations overcome these challenges, Anomali, a leader in intelligence-driven cybersecurity solutions, has recently launched its Cloud-Native extended detection and response (XDR) solution, The Anomali Platform. Building upon its leadership position in the cyber threat intelligence space, The Anomali Platform provides customers with a new dimension of security visibility across all log telemetry from endpoints to the cloud. The Anomali Platform provides precision detection and optimized response capabilities that extends across their entire security infrastructure. With the support of AWS SaaS Factory, Anomali has built the Anomali Cloud-Native XDR offering as a software-as-a-services (SaaS) solution that helps improve organizational efficiencies, providing security teams with the tools and insights needed to detect relevant threats, make informed decisions, and respond effectively. “The AWS SaaS Factory team was instrumental in helping us identify appropriate service options aligned with our enterprise customer requirements. Working with the team, we saved months of engineering efforts to build a powerful platform that meets our current needs and allows us to scale.” Mark Alba, Chief Product Officer, Anomali Mark Alba, Chief Product Officer, Anomali The cloud-native XDR solution is fueled by big data management, machine learning, and the world’s largest repository of global intelligence. With the new SaaS model, The Anomali Platform can be easily integrated with existing security infrastructures, enabling CIOs, CISOs, and other business leaders to optimize their overall security investments and create more efficient and effective detection and response programs that proactively address advanced cyber threats. The SaaS Factory team spoke with Mark Alba, Chief Product Officer at Anomali, to learn more about Anomali Cloud-Native XDR SaaS, the value its new solution brings to customers, and the key lessons learned from the journey to SaaS on AWS. Check out the new Anomali Cloud-Native XDR SaaS solution >> Q&A with Anomali AWS SaaS Factory: Mark, thank you for taking the time to speak with us today. Could you share a bit about your background and role at Anomali? Mark Alba: My name is Mark Alba, and I’m the Chief Product Officer at Anomali. I’ve been with Anomali since April 2020 and am responsible for product management, user experience, threat research, and technology incubator functions. My background includes over 20 years of experience building, managing, and marketing disruptive products and services. I brought to market the security industry’s first fully-integrated applian | Ransomware Tool Threat Guideline | ||
 |
2022-06-23 10:00:00 | All you need to know about data security and its benefits for small businesses (lien direct) | This blog was written by an independent guest blogger. Cyberthreats don't affect only large enterprises and governments – they can also affect small businesses. According to research, nearly half of small businesses have experienced a cyberattack, and 69% are concerned about future attacks. Small businesses should be aware of cyber security statistics and take tangible steps to protect their businesses against cyberattacks. Employee records, customer information, loyalty schemes, transactions, and data collection are critical pieces of information that businesses need to protect. This is to prevent third parties from using the information for fraudulent purposes, such as phishing scams and identity theft. It's crucial to safeguard your company from cyberattacks, but some business owners are unsure how to do it. This article is intended to help small business owners navigate the realm of cyber threats and fortify their data security. The benefits of data security for small businesses are also discussed. Data security Data security is the practice of keeping data safe from unauthorized access or corruption. Data protection entails safeguarding not only your company's data but also that of your customers and vendors. Data encryption, hashing, tokenization, and key management are data security strategies that safeguard data across all applications and platforms. Small firms, unfortunately, appear to be a much easier target for hackers, as their security systems are typically less advanced than those of a medium or large company. Despite this fact, most small business owners believe they are not vulnerable to a data breach. Why data security? To secure their essential assets, organizations all over the world are investing extensively in information technology (IT) cyber security capabilities. Every business has to protect its brand, intellectual capital, and customer information. It also needs to provide controls for essential infrastructure. However, incident detection and response have three fundamental elements: people, processes, and technology. Cyber security problems and their effect on small businesses Security risks faced by small businesses? Small businesses may not have the operational know-how or employees to protect their IT systems and networks appropriately. Small firms confront a variety of cyber security challenges, including: Attacks by phishers: Phishing refers to a type of social engineering attack that is frequently used to obtain personal data from users; such data includes login credentials and credit card details. Malware attack: Malware attacks are common cyberattacks in which malware (usually malicious software) performs unauthorized actions on the victim's system. Ransomware: Ransomware is a sort of crypt | Ransomware Malware Tool Threat | Satori | |
|
2022-06-23 06:52:14 | FLOSS 2.0 Has Been Released, (Thu, Jun 23rd) (lien direct) | When you have to deal with malware in your day job, for research purposes, or just for fun, one of the key points is to have a lab ready to be launched. Your sandbox must be properly protected and isolated to detonate your samples in a safe way but it must also be fulfilled with tools, and scripts.&#;x26;#;xc2;&#;x26;#;xa0;This toolbox is yours and will be based on your preferred tools but starting from zero is hard, that&#;x26;#;39;s why there are specific Linux distributions built for this purpose. The one that I use in FOR610 and for my daily investigations is REMnux[1], created and maintained by Lenny Zeltser[2]. This environment offers tons of tools that help to perform all the malware analysis steps from static analysis up to code reversing and debugging. | Malware Tool | ||
|
2022-06-23 03:08:07 | NSO Confirms Pegasus Spyware Used by at least 5 European Countries (lien direct) | The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. | Tool | ||
|
2022-06-23 03:07:58 | Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation (lien direct) | When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report. The survey report, | Tool | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 | |
|
2022-06-22 13:17:05 | Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain (lien direct) | Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark. | Tool | ||
|
2022-06-22 13:00:00 | RSA 2022: Cyber Attacks Continue to Come in Ever-Shifting Waves (lien direct) | Supply chains, trust, and the Internet itself remain prime targets. When Russia launched wide-ranging cyber-attacks while its army invaded Ukraine, it also deployed waves of wiper malware to destroy data. The first wave targeted the data on the disks. As Ukraine fortified its defenses in that area, the second wave left the data on the disks alone and went after the metadata. The third wave bypassed the two previous targets and attacked the file systems. As depicted in global news and during sessions of the RSA conference, this was a very methodical and effective approach designed to inflict maximum amounts of damage, and it reflects the methodical, often relentless, attack approaches shaping the threat landscape. In particular, as organizations fortify their defenses, adversaries will continue to focus on trust to gain access, using your partners, your vendors, and your employees against you. What does this mean for enterprise users? As we discussed in our previous post on cyber threats, organizations must find new and novel defenses against adversaries who increasingly shift tactics. As adversaries become more nuanced, we must understand their moves and motivations to try to get one step ahead of them. Let’s Recap: Several high-profile security incidents in the recent past altogether grimly encapsulate the myriad challenges companies now face. NotPetya, the most expensive cyber incident in history, demonstrated how attackers are masquerading their efforts. NotPetya targeted a tax software company in Ukraine in 2017. At first, the effort appeared to be ransomware. However, its intent was purely destructive as it was designed to inflict damage as quickly and effectively as possible. The C Cleaner attack, a few months later, demonstrated how complex and patient actors who were focused on IP level threats had become. The targets were system administrative tools that, if compromised, already had an increased level of access. C Cleaner showed that all software supply chain attacks aren’t created equal. It’s dependent on the level of access of the systems and the users that you’re compromising. Some 3 million versions of the compromised C Cleaner software were downloaded. However, only 50 of the downloaded software received additional payloads. This was an adversary that was willing to compromise more than 3 million systems to just get a foothold into 50. This gives you a clear idea of the challenges that we face as enterprises from these types of sophisticated actors. Attackers are also being more flagrant and doing a better job of covering their tracks. In the past, nation states focused on covert activities. Olympic Destroyer, which targeted the 2018 Olympics in South Korea, showed how attacks are now being brought to the public eye. False flags, tactics applied to deceive or misguide attribution attempts, were also put into Olympic Destroyer. Six months after the attack, it was attributed to multiple different nations, because such care had been put into throwing off attribution. More recently, VPN Filter/Cyber Blink demonstrated how adversaries are targeting different types of equipment. While attacks have historically focused on office equipment, these incidents shifted to home routers, in tandem with the increase in remote work. At home, people often use combination modem routers. These devices challenge detection capabilities. A foothold into home routers also allows actors to analyze all traffic moving in and out of the network. It’s incredibly difficult to detect an attack. You have to treat a home Wi-Fi like a public Wi-Fi at a coffee shop. Threat actors are targeting the foundational infrastructure of the internet as well. Sea T | Malware Tool Threat | NotPetya NotPetya | |
 |
2022-06-22 00:00:00 | Azure vs. AWS Developer Tools (lien direct) | Both AWS and Azure developer tools provide key efficiencies in your DevOps environment, learn the comparison between tools, any overlap, and use cases for both. | Tool | ||
|
2022-06-21 21:44:58 | Viva Goals helps teams align around priorities and helps management communicate (lien direct) | >Remote and hybrid work makes it more important than ever to track what people are getting done rather than the hours they work: Microsoft's new tool for setting and tracking goals might help | Tool | ||
|
2022-06-21 20:57:06 | China-Linked ToddyCat APT Pioneers Novel Spyware (lien direct) | ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says. | Tool | ||
|
2022-06-21 20:52:55 | Asana: Project management software review (lien direct) | >Asana is a leading project management tool with the potential to transform business processes for teams of all sizes. Learn the best features, pricing and more in this review. | Tool Guideline |
To see everything:
Our RSS (filtrered)
