What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-06 16:17:00 | Attacker groups adopt new penetration testing tool Brute Ratel (lien direct) | Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development -- Cobalt Strike and Metasploit's Meterpreter have been used by threat groups for years -- Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams."The emergence of a new penetration testing and adversary emulation capability is significant," researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. "Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities."To read this article in full, please click here | Tool Threat | ||
 |
2022-07-06 15:20:36 | Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild (lien direct) | >Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and […] | Tool | ||
 |
2022-07-06 15:01:00 | Anomali Cyber Watch: Russian KillNet DDoSed Lithuania, Building Automation Systems Targeted to Install ShadowPad, China-Sponsored Group Jumps from Home Routers to Connected Machines, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, DDoS, Industrial Control Systems, Phishing, Russia, Toll fraud, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Toll Fraud Malware: How an Android Application Can Drain Your Wallet
(published: June 30, 2022)
Toll fraud malware (subcategory of billing fraud) subscribes users to premium services without their knowledge or consent. It is one of the most prevalent types of Android malware, accounting for 35% of installed harmful applications from the Google Play Store in the first quarter of 2022. Microsoft researchers describe evolution of the toll fraud malware techniques used to abuse the Wireless Application Protocol (WAP) billing. Toll malware can intercept one-time passwords (OTPs) over multiple protocols (HTTP, SMS, or USSD). It suppresses notifications and uses dynamic code loading to hide its malicious activities.
Analyst Comment: Mobile applications should only be downloaded from official trusted locations such as the Google Play Store. Users should be mindful when granting unusual, powerful permissions such as SMS permissions, notification listener access, or accessibility access. Replace older Android phones if they no longer receive updates.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204
Tags: Toll fraud, Android, Billing fraud, Wireless Application Protocol, WAP billing
ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
(published: June 28, 2022)
Black Lotus Labs discovered a China-sponsored, years-long campaign that exploits small office/home office (SOHO) routers for initial access. When exploiting Ruckus JCG-Q20 routers in Hong Kong, the attackers leveraged CVE-2020-26878 and CVE-2020-26879 vulnerabilities. Other exploits are yet to be uncovered with the most targeted devices being from ASUS, Cisco, DrayTek and NETGEAR mostly in Canada, the UK, and the US. The attackers were installing a heavily modified version of Mirai botnet dubbed ZuoRAT. ZuoRAT collects information on target networks, collects traffic (credentials passed in the clear, browsing activity) and hijacks network communication. Then the attackers move laterally targeting Windows and other machines on the same network and installing one of the three agents: Cobalt Strike, CBeacon, or GoBeacon.
Analyst Comment: SOHO router users should regularly reboot routers and install security updates. Businesses should ensure robust detection on network-based communications.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Component Object Model Hijacking - T1122 |
Malware Tool Vulnerability Threat | ||
 |
2022-07-06 10:00:32 | Dynamic analysis of firmware components in IoT devices (lien direct) | We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. | Tool | ||
 |
2022-07-06 06:00:00 | Obtenez vos coups de pied sur la route Soixante-Sink: Identifier les vulnérabilités à l'aide d'une analyse statique automatisée Get Your Kicks on Route Sixty-Sink: Identifying Vulnerabilities Using Automated Static Analysis (lien direct) |
 Introduction
Aujourd'hui, nous publions route Soixante-Sink , un outil open-source qui permet aux défenseurs et aux chercheurs en sécurité d'identifier rapidement les vulnérabilités dans n'importe quel assemblage .NET en utilisant automatiséAnalyse source à casque. Route Soixty-Sink a déjà été utilisé pour trouver et exploiter des dizaines de problèmes de sécurité critiques, dont un exemple sera discuté dans cet article de blog.
Contexte: analyse source à casque
L'identification des vulnérabilités dans les binaires d'application ou le code source est souvent un processus long et fastidieux.Pour aider à cela, une analyse source-sink est utilisée - une forme de données
 Introduction
Today, we are releasing Route Sixty-Sink, an open-source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. Route Sixty-Sink has already been used to find and exploit dozens of critical security issues, an example of which will be discussed in this blog post.
Background: Source-to-Sink Analysis
Identifying vulnerabilities within application binaries or source code is often a long and tedious process. To help with this, source-to-sink analysis is used-a form of data |
Tool Vulnerability | ★★★ | |
 |
2022-07-06 05:27:10 | Near-undetectable malware linked to Russia\'s Cozy Bear (lien direct) | The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business.… | Malware Tool Threat | APT 29 | |
 |
2022-07-06 04:40:27 | Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection (lien direct) | Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint | Tool | ||
|
2022-07-06 02:00:00 | How to keep attackers from using PowerShell against you (lien direct) | Living off the land is not the title of a gardening book. It's the goal of attackers going after your network. Rather than installing malicious software on your network that antivirus software might flag, attackers use the code already there to launch attacks. The tools that you use to monitor, maintain and access your network are often the same code that attackers use to attack your network. PowerShell is a prime example.The U.S. National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), New Zealand's NCSC, and the UK NCSC recently released a document called Keeping PowerShell: Security Measures to Use and Embrace. This guidance recommends keeping PowerShell in your network rather than blocking but offers the following advice to keep it secure.To read this article in full, please click here | Tool | ||
 |
2022-07-05 23:56:37 | (Déjà vu) NIST Picks Four Quantum-Resistant Cryptographic Algorithms (lien direct) | The US Department of Commerce's National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard. | Tool | ||
 |
2022-07-05 17:21:00 | NIST Acknowledges First Four Quantum-Resistant Encryption Tools (lien direct) | The four algorithms will now become part of NIST's post-quantum cryptographic standard | Tool | ||
 |
2022-07-05 07:00:03 | GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever (lien direct) | Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the '101' for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all … (more…) | Tool | ||
 |
2022-07-04 03:01:00 | The Need of Privacy Certifications for Lawyers (lien direct) | >The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as credentialed privacy […]… Read More | Tool | ||
|
2022-07-03 16:10:18 | Security Affairs newsletter Round 372 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […] | Ransomware Tool | ||
|
2022-07-02 19:41:06 | Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool (lien direct) | >Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Plus tool. The tool allows monitoring activities of […] | Tool | ||
 |
2022-07-01 17:15:07 | CVE-2022-31113 (lien direct) | Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken's history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. | Tool Vulnerability | ||
|
2022-07-01 17:00:00 | Microsoft Spots Updated Cryptomining Malware Tool Targeting Linux Systems (lien direct) | The malware also reportedly features self-propagating capabilities | Malware Tool | ||
|
2022-07-01 05:27:57 | Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct) | MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack... | Malware Tool | ||
|
2022-07-01 02:03:44 | New \'SessionManager\' Backdoor Targeting Microsoft IIS Servers in the Wild (lien direct) | A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after | Malware Tool | ||
 |
2022-06-30 20:45:20 | USB installer tool removes Windows 11\'s Microsoft account requirements (and more) (lien direct) | Tool can also patch out the CPU, TPM, and Secure Boot install requirements. | Tool | ||
 |
2022-06-30 19:16:29 | How traditional security tools fail to protect companies against ransomware (lien direct) | >Most organizations surveyed by Titaniam have existing security prevention and backup tools, but almost 40% have still been hit by ransomware attacks in the last year. | Ransomware Tool | ||
|
2022-06-30 16:57:48 | Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion (lien direct) | Titaniam's 'State of Data Exfiltration & Extortion Report' also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands. | Ransomware Tool | ||
|
2022-06-30 16:00:08 | Google battles bots, puts Workspace admins on alert (lien direct) | No security alert fatigue here Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.… | Tool | ||
|
2022-06-30 15:17:15 | Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) | An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. | Tool Vulnerability | ||
 |
2022-06-30 12:33:39 | Augment your Windows and EDR telemetry with Sysmon (lien direct) | >by Bhabesh Raj Rai, Security ResearchSysmon (System Monitor) is one of the popular tools from Sysinternals for monitoring and logging system activity to the Windows event logs.Of course, you can say Windows already has its native event logs, so why bother? And, we already have an endpoint detection and response (EDR) solution installed on our [...] | Tool | ||
|
2022-06-30 10:00:00 | Dealing with the Cybersecurity Challenges of Digital Transformation (lien direct) | We’re back after a little hiatus with this week’s blog in the series in which I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience. Coming in at number two on our list: Dealing with the speed and complexity of digital transformation. During the COVID-19 crisis, digital transformation became even more critical. To describe digital transformation in economic terms means integrating digital technologies into every aspect of a business, resulting in fundamental changes to how companies operate and provide value to their customers. Technology has changed from supporting business processes to becoming integral to a company’s customer value proposition. A study by McKinsey found that companies accelerated their digital transformation efforts by three to seven years within just months, fearing that they would lose their competitive advantage and be left behind by competitors already ahead. Organizations need to rethink what they mean when saying “digital transformation.” It’s not just about making your website responsive, adding digital capabilities, or creating a mobile app for your business. It’s about changing your mindset when thinking about your customers, empowering your staff, and powering business. And ensuring your security program can adapt to that mindset to ensure the security of your enterprise. Digital Transformation Increases Cyber Risk Security teams continue to face unique challenges daily. Their organization’s digital transformation initiatives continue to increase the complexity, expanding their attack surface with a distributed infrastructure. Because of this, cybersecurity postures should be updated and adjusted to support transformation goals to defend against this new level of complexity. In addition to the ever-changing threat landscape, security teams face more concerns due to a more distributed workforce. They also need to evaluate the risks associated with a growing number of connected devices and the disappearing perimeter. The increased adoption of cloud infrastructures also poses unique challenges to organizations, forcing them to transform their security posture to protect against cloud infrastructure vulnerabilities. Securing a Remote Work Force Remote work is here to stay and will only increase. Global Workplace Analytics calculates that 22% of the workforce (i.e., 36.2 million Americans) will work remotely by 2025. The significant uptick in remote work setups and digital business is pushing organizations to apply for secure access no matter where their users, applications, or devices are located. To provide the level of security necessary to protect the variety of new systems implemented, many enterprises are shifting to more cloud-friendly and behavior-based security approaches. New Challenges and Security Vulnerabilities As mentioned above, studies show that a large portion of those working from home will likely stay that way for the long term. Corporate leaders attempting to coax employees back to the office have broadly accepted the inevitability of the hybrid work model. To ensure their defensive measures remain in place and to maintain business as usual safely, it’s critical for IT teams to develop strategic plans to safeguard employees, facilities, data, | Tool Threat Studies Guideline | ||
 |
2022-06-29 18:35:27 | Falcon OverWatch Elite in Action: Tailored Threat Hunting Services Provide Individualized Care and Support (lien direct) | The threat presented by today's adversaries is as pervasive as it is dangerous - eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals. While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and […] | Tool Threat | ||
|
2022-06-29 17:00:00 | Cybersecurity Researchers Launch New Malware Hunting Tool YARAify (lien direct) | The defensive tool is designed to scan suspicious files against a large repository of YARA rules | Malware Tool | ||
 |
2022-06-29 16:24:35 | Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (lien direct) | Avast, a global leader in digital security and privacy, has discovered an online community of minors constructing, exchanging and spreading malware, including ransomware and a mix of information stealers and cryptominers. The group lures young users by advertising access to different malware builders and tool kits that allow laypeople to construct malware easily. In some cases, people […] | Ransomware Malware Tool Guideline | ||
|
2022-06-29 15:16:14 | What are the top cross-platform app development frameworks in 2022? (lien direct) | >With so many cross-platform app development frameworks available, it can be overwhelming to find the best fit for you. We've compiled a list of five tools you can use within your organization. | Tool | ||
 |
2022-06-29 10:47:40 | (Déjà vu) Evilnum Hackers Return With New Activity Targeting International Migration Campaigns (lien direct) | The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Evilnum is an advanced persistent threat (APT) that has been active since at least 2019 and had its campaign and tools exposed in 2020. In 2020, ESET published a technical report […] | Tool Threat | ||
|
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
|
2022-06-28 19:15:09 | CVE-2022-31108 (lien direct) | Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. | Tool Guideline | ||
|
2022-06-28 19:11:00 | Anomali Cyber Watch: API Hammering Confuses Sandboxes, Pirate Panda Wrote in Nim, Magecart Obfuscates Variable Names, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: API hammering, APT, China, Phishing, Ransomware, Russia, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed
(published: June 24, 2022)
ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection.
Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562
Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware
There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families
(published: June 24, 2022)
Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes.
Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network.
MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: malware:BazarLoad |
Ransomware Spam Malware Tool Vulnerability Threat | APT 28 APT 23 | |
|
2022-06-28 15:00:00 | Android Spyware \'Revive\' Upgraded to Banking Trojan (lien direct) | Dubbed 'Revive' because of its ability to automatically restart in case it stops working, the tool seems to be designed for persistent campaigns. | Tool | ||
|
2022-06-28 14:25:40 | How to use monday work management for project management (lien direct) | >Jack Wallen shows you how to set up monday work management as your next project management tool to keep your teams working efficiently and effectively. | Tool | ||
|
2022-06-28 13:19:02 | Best agile project management software for 2022 (lien direct) | >With so many agile project management tools available, it can be overwhelming to find the best fit for you. We've compiled a list of ten tools you can use to take advantage of agile within your organization. | Tool | ||
|
2022-06-27 20:15:08 | CVE-2022-31036 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. | Tool Vulnerability | Uber | |
|
2022-06-27 19:15:08 | CVE-2022-31034 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | Tool Vulnerability | Uber | |
|
2022-06-27 19:15:08 | CVE-2022-31035 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | Tool Vulnerability | Uber | |
 |
2022-06-27 06:00:12 | Hackers: The third pillar of security (lien direct) | >Every business knows that to maintain security, you need the primary pillar: the right employees. Some businesses know that these employees also need the second pillar: the right tools such as Acunetix and Invicti. However, still, not enough businesses know how to deal with hackers... Read more | Tool | ★★★★ | |
|
2022-06-27 02:21:46 | Italy Data Protection Authority Warns Websites Against Use of Google Analytics (lien direct) | Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that | Tool | ||
 |
2022-06-25 09:50:40 | Malicious Code Passed to PowerShell via the Clipboard, (Sat, Jun 25th) (lien direct) | Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting. The script has a VT score of 16/54 ( )[1]. The script uses the Windows command-line tool "clip.exe" which is often unknown to people: | Tool | ||
 |
2022-06-24 16:21:38 | Microsoft will start banning players from all private Minecraft servers (lien direct) | New moderation tools will let players be permanently "banned from online play." | Tool | ||
 |
2022-06-24 15:00:00 | What is iOS Hermit spyware? (lien direct) | >iOS Hermit spyware is a commercial-grade surveillance tool derived from a known Android surveillance tool. Learn more + how to stay safe. | Tool Cloud | APT 37 | |
 |
2022-06-24 13:00:47 | Instagram\'s new age verification tool – Week in security with Tony Anscombe (lien direct) | >As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet? | Tool | ||
 |
2022-06-24 08:41:34 | Apple And Android Phones Hacked By Italian Spyware, Confirms Google (lien direct) | >Alphabet’s Google Inc. on Thursday confirmed in a report that hacking tools from an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan citing that the commercial spyware industry is thriving and growing at a significant rate. According to the report, the spy tools were developed by Milan-based RCS […] | Tool | ||
 |
2022-06-24 04:00:00 | Assessment and knowledge: Your key tools to secure suppliers (lien direct) | Pas de details / No more details | Tool | ||
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
 |
2022-06-23 20:31:01 | Apple, Android Phones Targeted by Italian Spyware: Google (lien direct) | An Italy-based firm's hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a "flourishing" spyware industry. | Tool | ||
|
2022-06-23 18:40:55 | Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor (lien direct) | >China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] | Malware Tool | APT 23 |
To see everything:
Our RSS (filtrered)
