What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-03 12:30:24 | IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack (lien direct) | Supply chain cyberattack by REvil ransomware gang on IT management tool could have wide blast radius | Ransomware Tool | ||
 |
2021-07-02 02:56:26 | New Google Scorecards Tool Scans Open-Source Software for More Security Risks (lien direct) | Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis.
"With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open |
Tool | ||
 |
2021-07-01 12:58:11 | (Déjà vu) CISA Ransomware Assessment Tool Released (lien direct) | BACKGROUND: The Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). RRA is a security audit self-assessment… | Ransomware Tool | ||
 |
2021-07-01 11:33:44 | (Déjà vu) US CISA releases a Ransomware Readiness Assessment (RRA) tool (lien direct) | The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET). RRA could be used by organizations to determine […] | Ransomware Tool | ||
|
2021-07-01 11:28:24 | (Déjà vu) CISA Adds Ransomware Module to Cyber Security Evaluation Tool (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA). | Ransomware Tool | ||
 |
2021-07-01 07:49:00 | (Déjà vu) US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool (lien direct) | Pas de details / No more details | Ransomware Tool | ||
 |
2021-06-30 19:01:14 | Leaked Babuk Locker ransomware builder used in new attacks (lien direct) | A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. [...] | Ransomware Tool Threat | ||
|
2021-06-30 16:59:19 | IBM Gifts Threat Hunting Tool to Open Cybersecurity Alliance (lien direct) | IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance (OCA). | Tool Threat | ||
|
2021-06-30 16:26:33 | CISA releases new ransomware self-assessment security audit tool (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). [...] | Ransomware Tool | ||
|
2021-06-30 15:43:11 | Windows 11 makes TPM Diagnostics tool its first optional feature (lien direct) | Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor. [...] | Tool | ||
|
2021-06-30 00:10:13 | GitHub Launches \'Copilot\' - AI-Powered Code Completion Tool (lien direct) | GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go.
Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on |
Tool | ||
 |
2021-06-29 18:06:17 | How legitimate security tool Cobalt Strike is being used in cyberattacks (lien direct) | Normally used by organizations for penetration testing, Cobalt Strike is exploited by cybercriminals to launch attacks, says Proofpoint. | Tool | ||
|
2021-06-29 17:39:43 | How to scan your RHEL-based Linux servers for outdated libraries with CloudLinux UChecker (lien direct) | Your Linux server libraries might be out of date, leading to security issues. CloudLinux has a tool that can quickly list those out-of-date libraries on AlamaLinux or a similar distribution. | Tool Guideline | ||
 |
2021-06-29 16:29:00 | Anomali Cyber Watch: Microsoft Signs Malicious Netfilter Rootkit, Ransomware Attackers Using VMs, Fertility Clinic Hit With Data Breach and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, NetFilter, Ransomware, QBot, Wizard Spider, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Microsoft Signed a Malicious Netfilter Rootkit
(published: June 25, 2021)
Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver.
Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running.
MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130
Tags: Netfilter, China
Dell BIOSConnect Flaws Affect 30 Million Devices
(published: June 24, 2021)
Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws.
Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120
Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect
Malicious Spam Campaigns Delivering Banking Trojans
(published: June 24, 2021)
Analysis from two mid-March 2021 spam campaignts revealed that th |
Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching | APT 30 | |
 |
2021-06-29 11:30:29 | Speed or Security? Don\'t Compromise (lien direct) | “Speed is the new currency of business.” Chairman and CEO of Salesforce Marc R. Benioff's words are especially potent today as many organizations small and large look for ways to speed up production during their shifts to digital. In software development, speed is a critical factor. Everything from shifting priorities to manual processes and siloed teams can seriously impede deployment schedules. One of the biggest obstacles, however, is a lack of security throughout every step of the production process to ensure that coding mistakes and flaws are found and fixed before they turn into project-derailing problems. A lack of an efficient and flexible AppSec program becomes an issue when you look at the data: Cyberattacks occur every 39 seconds. 60 percent of developers are releasing code 2x faster than before. 76 percent of applications have least at least one security flaw on first scan. 85 percent of orgs admit to releasing vulnerable code to production because of time restraints. A mere 15 percent of orgs say that all of their development teams participate in formal security training. But there's good news, too. We know from our annual State of Software Security report that frequent scanning with the right tools in the right parts of your software development lifecycle can help your team close security findings much faster. For example, scanning via API alone cuts remediation time for 50 percent of flaws by six days, slamming that window of opportunity shut for cyberattackers. The Veracode Static Analysis family helps you do just that. It plugs into critical parts of your software development lifecycle (SDLC), providing automated feedback right in your IDE and pipeline so that your developers can improve the quality of their code while they work. You can also run a full policy scan before deployment to understand what your developers need to focus on and to prove compliance. Together, these scans throughout My Code, Our Code, and Production Code boost quality and security to reduce the risk of an expensive and time-consuming breach down the road. Automation and developer education In addition to having the right scans in the right places, there are supporting steps you can take to ensure the quality of your code without sacrificing speed. Automation through integrations is an important piece of the puzzle because it speeds everything up and boosts efficiency. The automated feedback from Veracode Static Analysis means your team of developers has clear insight into existing flaws so they can begin prioritization to eliminate the biggest risks first. Automation also sets the standard for consistency which, as you go, improves speed. Developer education also helps close gaps in information and communication with security counterparts so that they can work towards a common goal. It goes both ways – if the security leaders at your organization can walk the walk and talk the talk of the developer, everyone will have an easier time communicating goals and solving security problems. One way to close those gaps is through hands-on developer education with a tool like Veracode Security Labs. The platform utilizes real applications in contained environments that developers can hack or patch in real-time so that they learn to think like an attacker and stay one step ahead. Like Static Analysis, Security Labs helps meet compliance needs too, with customized education in the languages your developers use most. The prioritization conundrum Security debt can feel like a horror movie villain as it lingers in the background. But it isn't always teeming with high-risk flaws that should be tackled first, and so it's important to carefully consider how to approach prioritization. A recent analyst report, Building an Enterprise DevSecOps Program, found that everything can feel like a priority: “During our research many security pros told us that all vulnerabilities started looking like high priorities, and it was incredibly difficult to differentiate a vulnerability with impact on the organization from one which | Hack Tool Vulnerability Guideline | ||
 |
2021-06-29 09:00:51 | Cobalt Strike Usage Explodes Among Cybercrooks (lien direct) | The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.” | Tool | ||
 |
2021-06-28 10:00:00 | Asset management in the age of digital transformation (lien direct) | Over the past year or so, organizations have rapidly accelerated their digital transformation by employing technologies like cloud and containers to support the shift to IoT and address the expanding remote workforce. Visibility Matters: This digital shift calls for a new approach to asset visibility as traditional asset administration responsibilities like inventory, software support, and license oversight are often the purview of IT and addressed with IT inventory-focused tools. Along the way, many organizations have lost control over their IT asset inventory as they rush to adopt new transformation technologies that have blurred the boundaries of their traditional network perimeters. This lack of visibility into an IT environment undermines the foundations of enterprise security and compliance infrastructure and puts an organization at serious risk of a breach. What you don't know can hurt you! Fundamentally, security teams need to monitor IT asset health from a cybersecurity perspective to help detect security tool blind spots and responding to exposures quickly. It isn't easy to secure something in the world of cybersecurity if you don't know it exists. That's why cybersecurity asset management (or CSAM) is a critical component of the foundation of cybersecurity operations across businesses of all types. By providing a security team a real-time directory of IT assets and their associated security risks, CSAM is one of the building blocks of a proactive, end-to-end security strategy. Asset inventory challenges: Overall, the process of getting asset inventory can be cumbersome and time-consuming for an organization, but a few immediate challenges are: Collecting data from multiple sources, especially in a large, distributed environment. Over the past year, organizations have rapidly accelerated their digital transformation by utilizing technologies such as cloud and container that support the shift to IoT and a remote workforce. Many organizations have lost control over their IT asset inventory as they rush to adopt these new strategies that have blurred the boundaries of their network perimeters. Testing/validating compliance More and more compliance / best practices frameworks are moving towards a risk-based or maturity-focused goal. This requires organizations to know where they stand concerning control objectives, not "at some point in time" but rather "at any point in time." Without a comprehensive and almost real-time inventory of all assets within an organization, it is nearly impossible to validate compliance in a programmatic fashion. Implementing cyber asset inventory management To maintain a complete, detailed, and continuously updated inventory of all your IT assets, wherever they reside (on-premises, in cloud instances, or mobile endpoints), you need an automated, cloud-based system that gives you the following capabilities It needs to provide complete visibility of your IT environment – all IT assets include hardware and software It needs to perform continuous and automatic updates of the IT and security data It needs to be rapidly scalable without the need for additional hardware It needs to help highlight and rank the criticality of assets It needs interactive and customizable reporting features so you can slice/dice the data as required and ensure the reporting is consumable across multiple audiences. Cybersecurity is a team sport. Having the ability to identify tooling that can consolidate workloads and meet cross-organizational functional requirements can be a massive win for the organization. Asset management crucial to Zero T | Tool | ||
|
2021-06-28 09:40:27 | Too Many Vulnerabilities and Too Little Time: How Do I Ship the Product? (lien direct) | The percentage of open source code in the enterprise has been estimated to be in the 40 percent to 70 percent range. This doesn't make the headlines anymore, but even if your company falls in the average of this range, there is no dearth of work to do to clean up, comply with AppSec policies, and ship the product. Phew! So where do you start when it comes to resolving all the vulnerabilities uncovered in your open source libraries? By prioritizing the findings from your scans and addressing the most critical and relevant vulnerabilities first. How do you prioritize? CVSS severities are an obvious choice, but considering the percentage of open source code you are dealing with, and depending on the language under the scanner, this alone might not bring the vulnerabilities to be addressed to a manageable number within your resource and time constraints. We will look at some common prioritization approaches before looking at Veracode's recommendation based on our deep expertise gathered from advising hundreds of customers about this aspect of their AppSec program. Common prioritization approaches You can resolve your findings to comply with your AppSec policy by prioritizing alongside one of a few dimensions. Here is the list of most common prioritization approaches: Threat-focused approach: This zeroes in on the flaws that are actively targeted in the wild through malware, exploit kits, ransomware, or threat actors. Vulnerability-focused approach: This prioritizes flaws and vulnerabilities according to how critical they are. For example, how easy they are to exploit, what their exploitation impact looks like, or if there is a public exploit available. Asset-focused approach: This gives the highest priorities to vulnerabilities that are associated with critical assets, and then orders the rest by how dangerous they are. Some organizations measure the exploitability of different flaws and vulnerabilities, taking a threat-focused approach as outlined above. This can also factor in the maturity of known flaws which sometimes impacts how easy it is to remediate, or how exploitable it is out in the wild. While these approaches are a good starting point and cover the broad base of risk, there is an additional piece of information that can make it easy for security stakeholders and developers to prioritize their Software Composition Analysis (SCA) scan findings when operating under tight resource and time constraints. Vulnerable methods: a powerful arrow in your AppSec quiver If the goal of AppSec is to ship clean code fast, then Veracode's vulnerable methods feature is a powerful arrow in your quiver to hit that target. Veracode's vulnerable methods feature goes beyond severities and exploitability to answer the key question for prioritization: How is this finding from the SCA scan relevant to my code? It answers that question by pointing to the precise function/method that makes a library vulnerable. This allows you to quickly assess whether it is worth the effort to remediate an SCA finding. Once a library is known to be vulnerable, our security research team researches and documents the exact function/method that makes it vulnerable. This team (say hello to them if you visit Singapore) of security experts, data scientists, and programmers continue to add new languages to our repository of languages for which we provide vulnerable methods coverage. When you're ready to tackle your security backlog, examine how particular applications use vulnerable methods and prioritize them in a way that reduces the immediate threat quickly. Getting ahead of possible exploits while reducing debt Security debt and unresolved vulnerabilities can feel daunting to developers and security professionals, especially as open source code only continues to increase its footprint in enterprise applications. But with a powerful tool like Veracode's vulnerable methods, you can go beyond severity or exploitability and focus on what really matters to your organization. Learn more about Veracode's Software Composition Analysis solution by readi | Tool Threat | ||
 |
2021-06-26 10:15:39 | (Déjà vu) A well-meaning feature leaves millions of Dell PCs vulnerable (lien direct) | Firmware security tool flaws affect as many as 30m desktops, laptops, and tablets. | Tool | ||
|
2021-06-24 10:00:00 | A mid-year update for Cybersecurity – 4 trends to watch (lien direct) | This blog was written by an independent guest blogger. It is nearing the mid-year point of 2021, and already it can be characterized as” the year of the breach.” Many companies and institutions saw their security perimeters pierced by hackers including the mega-breaches of Solar Winds and the Colonial Pipeline. The scale of penetration and exfiltration of data by hackers and the implications are emblematic of the urgency for stronger cybersecurity. Although there are a variety of trends emerging in the first six months, below are four that stand out as barometers of what lies ahead. 1. Ransomware attacks are taking center stage as Cyber-threats There is ample evidence that ransomware has become a preferred method of cyber-attack choice by hackers in 2021. As of May 2021, there has been a 102% surge in ransomware attacks compared to the beginning of 2020, according to a report from Check Point Research. Hackers have found ransomware ideal for exploiting the COVID-19 expanded digital landscape. The transformation of so many companies operating is a digital mode has created many more targets for extortion. One office with 4,000 employees has become 4,000 offices. In addition to an expanding attack surface, hackers are more active than before because they can get paid easier for their extortion via cryptocurrencies that are more difficult for law enforcement to trace. Criminal hacker groups are becoming more sophisticated in their phishing exploits by using machine learning tools. They are also more coordinated among each other sharing on the dark web and dark web forums. In 2020, according to the cybersecurity firm Emsisoft, ransomware gangs attached more than 100 federal, state, and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses. As a result of the Colonial Pipeline Ransomware attack and others, the U.S. Department of Justice and the FBI have prioritized investigating and prosecuting hackers who deploy ransomware. The impact for the rest of 2021 will be more ransomware attacks against institutions and corporations who are less cyber secure, especially to targets that cannot afford to have operations impeded such as health care, state & local governments, educational institutions, and small and medium sized businesses. See: The New Ransomware Threat: Triple Extortion - Check Point Software Why Ransomware is So Dangerous and Difficult to Prevent | Manufacturing.net 2. Cyber-attacks are a real threat to commerce and economic prosperity So far this year, cyber-attacks have grown in number and sophistication, repeating a trend of the last several years. The recent cycle of major industry and governmental cyber breaches is emblematic of growing risk. The attacks are also becoming more lethal and costly to industry. A new NIST report was released on the economic impact to the U.S. economy by breaches, and it is alarming. The report suggests that the U.S. Loses hundreds of billions to cybercrime, possibly as much as 1 % to 4 % of GDP annually. The beach stats are part of a bigger global trend. The firm Cybersecurity Ventures predicts that global cybercrime damages will reach $6 trillion annually by this end of this year. The firm’s damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface. In both the public and private sectors, there is a | Ransomware Malware Tool Threat | ||
 |
2021-06-24 10:00:00 | A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (lien direct) | Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets. | Tool | ||
 |
2021-06-24 08:01:46 | Homes, Not Just Devices: The New Consumer Cybersecurity (lien direct) | 
Over the last year, our relationship with digital technology has changed completely, and probably irrevocably. The pandemic has been bruising in many different ways, but it has been clear from the very start how important the internet has been as a tool to help us through it. Even just a few years ago, the behavioural […]
|
Tool | ★★★ | |
|
2021-06-23 16:59:34 | iPhone Hacking Tool GrayKey Techniques Outlined in Leaked Instructions (lien direct) | Appleinsider report iPhone hacking tool GrayKey techniques outlined in leaked instructions “Leaked instructions for GrayShift’s GrayKey iPhone unlocking device have surfaced, giving an idea of what the device intended for law enforcement… | Tool | ★★ | |
|
2021-06-22 20:30:03 | The Android 12 Privacy Dashboard is an at-a-glance permissions tool (lien direct) | Android 12 has a new Privacy Dashboard that makes it easier for users to check up on and manage the permissions on their devices. Jack Wallen gives you a peek into this new tool. | Tool | ||
 |
2021-06-22 20:15:00 | How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool (lien direct) | Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread […] | Tool Vulnerability Guideline | ||
|
2021-06-22 15:21:09 | Google Cloud launches AI dedicated to quality control and inspections (lien direct) | The new tool aims to help companies to reduce product defects and manage costs, the company says. | Tool | ||
 |
2021-06-22 11:17:00 | New Tool Launched to Remove Nude Images of Children Online (lien direct) | Children worried about nude content appearing online can now access a tool to restrict content being shared | Tool | ||
|
2021-06-22 10:10:19 | Research Shows Many Security Products Fail to Detect Android Malware Variants (lien direct) | A group of academic researchers has created a tool that can be used to clone Android malware and test the resilience of these new variants against anti-malware detection. | Malware Tool | ||
|
2021-06-22 07:05:17 | DroidMorph tool generates Android Malware Clones that (lien direct) | Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) […] | Malware Tool | ||
|
2021-06-21 07:17:48 | 5 Critical Steps to Recovering From a Ransomware Attack (lien direct) | Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.
A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021.
Businesses must prepare for the possibility of a ransomware attack affecting their |
Ransomware Tool | ||
 |
2021-06-18 20:15:07 | CVE-2021-33824 (lien direct) | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | Tool | ||
|
2021-06-18 19:15:07 | CVE-2021-33822 (lien direct) | An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | Tool | ||
|
2021-06-18 19:15:07 | CVE-2021-33818 (lien direct) | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | Tool | ||
 |
2021-06-18 13:03:34 | Open redirects ... and why Phishers love them, (Fri, Jun 18th) (lien direct) | Working from home, did you get a meeting invite recently that pointed to https://meet.google.com &#;x26;#;x3f;&#;x26;#;xc2;&#;x26;#;xa0; Well, that&#;x26;#;39;s indeed where Google&#;x26;#;39;s online meeting tool is located. But potentially the URL you got is not "only" leading you there. | Tool Guideline | ||
|
2021-06-18 13:00:00 | A New Tool Wants to Save Open Source from Supply Chain Hacks (lien direct) | Sigstore will make code signing free and easy for software developers, providing an important first line of defense. | Tool | ★★ | |
|
2021-06-18 10:12:58 | Microsoft\'s new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices (lien direct) | Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert. | Tool | ||
|
2021-06-18 10:00:00 | Risk-based security now more important than ever for Energy and Utilities! (lien direct) | This is the third of three blogs in a series to help the energy and utility industries. You can read the first blog on Ransomware and Energy and Utilities and the second blog on Threat Intelligence and Energy and Utilities as well. Convergence of IT/OT is now a reality: Whether intentional or accidental, IT and operational technology (OT) are converging to support business outcomes of reducing costs and taking advantage of efficiencies. IT assets are being used in OT environments and with the transformation of Industry 4.0 for utilizing IoT. Given the convergence and increased attack surface, NSA has issued guidance around stopping malicious cyber activity against OT. CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF (defense.gov) Security First mindset There is a need for a mindset shift in protecting OT assets given the ineffective traditional approaches and priorities regarding how IT assets are protected. Legacy infrastructure has been in place for decades and is now being combined as part of the convergence of IT and OT. This can be challenging for organizations that previously used separate security tools for each environment and now require holistic asset visibility to prevent blind spots. Today's cybercriminals can attack from all sides, and attacks are laterally creeping across IT to OT and vice versa. Beyond technology, focus on risk and resilience It can be all too easy to deploy security technology and think you've mitigated risk to your business. Still, sadly technology investment is no guarantee of protection against the latest threats. It is critical to take a risk-based approach to security. This means that to decrease enterprise risk, leaders must identify and focus on specific elements of cyber risk to target. More specifically, the many components of cyber risk must be understood and prioritized for enterprise cybersecurity efforts. Organizations are increasingly aiming to shift from cybersecurity to cyber resilience. This means they must understand the threats they face, measure the potential financial impact of cyber exposures, compare this against the company's risk appetite level, and proactively manage cyber risks by having clear action plans based on their capabilities and capacities to protect against cybercrime. Focus on a risk-based approach The risk-based approach does two critical things at once. First, it designates risk reduction as the primary goal. This enables the organization to prioritize investment, including in implementation-related problem solving based squarely on a cyber program's effectiveness at reducing risk. Second, the program distills top management's risk-reduction targets into specific, pragmatic implementation programs with precise alignment from senior executives to the front line. Following the risk-based approach, a company will no longer "build the control everywhere"; rather, the focus will be on building the appropriate controls for the worst vulnerabilities to defeat the most significant threats that target the business' most critical areas. The risk-based approach to cybersecurity is thus ultimately interactive and a dynamic tool to support strategic decision-making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implemen | Ransomware Tool Threat Guideline | ||
|
2021-06-17 23:33:55 | [eBook] 7 Signs You Might Need a New Detection and Response Tool (lien direct) | It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns.
In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight.
This combination usually results in one of two things – organizations |
Tool | ||
|
2021-06-17 12:15:07 | CVE-2021-0143 (lien direct) | Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. | Tool | ||
|
2021-06-16 22:15:07 | CVE-2021-32690 (lien direct) | Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on. | Tool Vulnerability | Uber | |
|
2021-06-16 16:55:21 | Google Rolls out E2EE For Android Messages App (lien direct) | Google has finally enabled end-to-end encryption (E2EE) for the Messages app in Android but the privacy-enhancing tool remains somewhat limited. Google announced end-to-end encryption is now available in Android, but only for one-on-one conversations between users of the Messages app. | Tool | ||
|
2021-06-15 15:00:03 | Box launches new free self-service cloud migration tool (lien direct) | Businesses moving less than 10TB that meet certain other conditions can take advantage of Box Shuttle to move data from on-premise systems to its cloud services without cost, but others may still have to pay. | Tool | ||
|
2021-06-15 13:20:07 | Accenture crowdsources 25 signals of business change (lien direct) | The firm offers an interactive tool to guide companies trying to navigate change in the "era of compressed transformation." | Tool | ||
|
2021-06-15 11:54:20 | Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web (lien direct) | The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls The Resecurity® HUNTER unit has identified a new tool available for sale in the Dark Web called MASQ, enabling bad actors to emulate device fingerprints thus allowing them to bypass fraud protection controls, including authentication mechanisms. One of the […] | Tool | ||
|
2021-06-14 21:00:28 | CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack (lien direct) | Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach. | Hack Tool | ||
|
2021-06-14 16:06:52 | IBM Watson Orchestrate uses AI to help improve sales, HR and operations (lien direct) | A new, personal interactive tool for professionals was recently unveiled at IBM's Think conference. | Tool | ||
|
2021-06-14 15:01:00 | SOAR is an Architecture, Not a Product (lien direct) | Over the past several years, the rising star of security orchestration, automation, and response (SOAR) tools keeps climbing higher. As organizations struggle to handle the crush of alerts surging out of their security controls with not enough cybersecurity professionals to manage the work, SOAR products promise to bring some sanity to the process.
The promise is that SOAR platforms can help security operations teams to sail through the massive volume of alerts they face and better coordinate their security incident response lifecycle with custom playbooks tailored to an organization’s response policies. Many organizations are already starting to reap these benefits.
But as SOAR use cases evolve to real world situations and industry analysts adjust their definition of the market, it's becoming increasingly clear that SOAR is less of a singular platform and more of a comprehensive architecture for tying a lot of threads in the security stack together in a meaningful fashion, including threat intelligence platform (TIP) capabilities.
What is SOAR?
SOAR is part of the cybersecurity industry's long-term push toward improved security automation. As the name suggests, there are three core functions that SOAR products have historically delivered to security teams:
Orchestration: Customized security orchestration helps integrate the dozens of best-of-breed security tools that the typical SOC has accumulated over the years. These tools often do very specialized tasks but teams struggle because they don’t play nicely with one another. Orchestration within a SOAR product is usually used to aggregate data from a number of different sources to enrich alerts, consolidate and deduplicate alert data, and initiate remediation actions on third-party systems.
Automation: In the context of SOAR, security automation executes a sequence of tasks related to a security workflow without requiring much human intervention. It’s typically implemented via ‘playbooks’ that script automated processes to replace time-consuming but relatively simple processes, leaving skilled analysts freed up to carry out more advanced threat mitigation activities.
Response: Incident response consists of alert triage, case management, security incident investigation, threat indicator enrichment, and response actions. For example, a security event or alert should automatically pull in contextual data like IPs, domains, file hashes, user names, and email addresses to provide the analyst a rapid understanding of the security scenario. Then the analyst should be able to issue investigative, containment or response actions against the data.
To accomplish these tasks, SOAR uses threat intelligence to prioritize and enrich the incidents that they manage.
TIP and Gartner's Latest Definition of SOAR
This vital role of threat intelligence management in SOAR has grown to such prominence that many SOAR tools have started building in limited threat intelligence capabilities that mirror some of what a more fully featured TIP would offer.
In fact, Gartner's latest definition of SOAR now names the operationalization of threat intelligence as "table stakes" for SOAR tools. Its 2020 market guide says that SOAR convergence is now not only roping in security incident response platform (SIRP) and security orchestration and automation (SOA) technology, but also TIP technology.
Soar architectures are comprised of a combination of proven technologies, with threat intelligence platforms (TIPs) and the integrations they provide serving as a cornerstone.
But here's the thing, while SOAR is certainly enriched by TIP and while SOAR tools depend on native threat intelligence functionality, true SOAR benefits f |
Tool Threat | ||
|
2021-06-14 11:30:48 | Get your software ready for the next Windows update with this tool (lien direct) | Instead of running your own fleet of test PCs for software updates, why not let Microsoft manage them in the cloud? | Tool | ||
 |
2021-06-14 10:26:17 | Wireless Penetration Testing: Fern (lien direct) | Fern is a python based Wi-Fi cracker tool used for security auditing purposes. The program is able to crack and recover WEP/WPA/WPS keys and also run other network-based attacks on wireless or ethernet based networks. The tool is available both as open source and a premium model of the free | Tool | ||
|
2021-06-11 12:32:49 | Canada Privacy Watchdog Slams Police Use of Facial Recognition Tool (lien direct) | Federal police broke Canada's privacy laws by using a US company's controversial facial recognition software in hundreds of searches, an independent parliamentary watchdog ruled Thursday. | Tool |
To see everything:
Our RSS (filtrered)
