What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-10-24 12:46:37 | After quietly infecting a million devices, Reaper botnet set to be worse than Mirai (lien direct) | Reaper is on track to become one of the largest botnets recorded in recent years - and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack. | Cloud | APT 37 | |
 |
2017-10-23 19:42:42 | Reaper: Calm Before the IoT Security Storm? (lien direct) | It's been just over a year since the world witnessed some of the world's top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware -- variously named "Reaper" and "IoTroop" -- that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. Reaper isn't attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks. | Cloud | APT 37 | |
 |
2017-10-21 00:49:26 | New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet (lien direct) | Just a year after Mirai-biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks-completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet.
Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits
|
Cloud | APT 37 | |
 |
2017-10-20 09:30:39 | A Gigantic IoT Botnet Has Grown in the Shadows in the Past Month (lien direct) | Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices. [...] | Cloud | APT 37 | |
 |
2017-08-23 13:14:19 | NBlog August 23 - Information Security outreach (lien direct) |  Further to yesterday's ISO27k Forum thread and blog piece, I've been contemplating the idea of extending the security awareness program into an "outreach" initiative for Information Security, or at least viewing it in that way. I have in mind a planned, systematic, proactive approach not just to spread the information risk and security gospel, but to forge stronger more productive working relationships throughout the organization, perhaps even beyond. Virtually every interaction between anyone from Information Security and The Business is a relationship-enhancing opportunity, a chance to inform, communicate/exchange information in both directions, assist, guide, and generally build the credibility and information Security's brand. Doing so has the potential to:Drive or enhance the corporate security culture through Information Security becoming increasingly respected, trusted, approachable, consulted, informed and most of all used, rather than being ignored, feared and shunned (the "No Department");Improve understanding on all sides, such as identifying business initiatives, issues, concerns and demands for Information Security involvement, at an early enough stage to be able to specify, plan, resource and deliver the work at a sensible pace rather than at the last possible moment with next to no available resources; also knowing when to back-off, leaving the business to its own devices if there are other more pressing demands, including situations where accepting information risks is necessary or appropriate for various business reasons;Encourage and facilitate collaboration, cooperation and alignment around common goals;Improve the productivity and effectiveness of Information Security by being more customer-oriented - always a concern with ivory-tower expert functions staffed by professionals who think they (OK, we!) know best;Improve the management and treatment of information risks as a whole through better information security, supporting key business objectives such as being able to exploit business opportunities that would otherwise be too risky, while complying with applicable laws and regulations. |
Cloud | APT 37 | |
 |
2017-08-17 13:00:00 | The Upgraded AlienVault OTX API & Ways to Score Swag! (lien direct) | We've made a number of improvements to the depth of data in OTX recently, which are now available via the free API tool. Some of the API functions now include: Malware anti-virus and sandbox reports (example) A Whois API, including reverse whois and reverse SSL (example) View IP addresses that our telemetry indicates a specific network signature has fired on (example) The HTTP contents of a domain or URL (example), as well as finding all pages that link to it (example) Passive DNS history (example) Find malware samples that talk to a domain or ip (example) Retrieve malware samples by anti-virus detection (example) Lists of malicious URLs on domains (example) Download all indicators from users that you subscribe to (example) Find pulses based on the adversary, industry or keywords that interest you (example) What could you build? This depth of data could be used for countless things, but here are a couple of examples the API could used for: Actor Tracking Let’s say you want to get daily updates on an attacker that has targeted your sector before. With the new API, you will get a daily email on name servers they use, domain registration emails they use, and servers that have fired network alerts for their malware. Malicious File Alerting Another common task is when you want to know if files that pass your network or mail gateway (either at the MX or Inbox) are malicious. You can easily extract these files, then check them against OTX to see if they are malicious. Examples Our Python SDK page includes some simple examples of using the API, such as: Storing a feed of malicious indicators on OTX Telling if a Domain, IP, File hash or URL is malicious | Cloud | APT 37 | |
 |
2017-06-12 19:07:51 | An Introduction to VolUtility, (Mon, Jun 12th) (lien direct) | If you would like to practicememory forensics using Volatility but you dont like command line tools and you hate to remmber plugins then VolUtility is your friend. Volutility1is a web frontend for Volatility framework. Installation In this dairy, I will install VolUtlity on Linux SIFT2workstation. Update your SIFT workstation and install django margin-right:210.0pt">$ sudo apt-get update margin-right:0in"> Install MongoDB : In this dairy I am not going to discuss how to install MongoDB , for futher details about margin-left:.5in"> $ git clone https://github.com/volatilityfoundation/volatility $ cd volatility $ sudo python setup.py install margin-left:.5in"> $ git clone https://github.com/kevthehermit/VolUtility Configuration In this diary I am going to use the default config file volutility.conf.sample border:solid windowtext 1.0pt"> $ ./manage.py runserver 0.0.0.0:8000 width:400px" /> Enter a name for the session and the location of the memory image ,for the profile you can either specify it or you can choose autodetect, then click on submit button width:400px" /> You have to wait for few minutest till it finishes from processing the image, once it finished the status will change to Complete width:400px" /> To examine the image click on the session name , in this the dairy its SANS ISC width:400px" /> Now let width:400px" /> And you can of course filter your result using tools such as MS Excel. _______________________________________________________ [1] https://github.com/kevthehermit/VolUtility/wiki [1] https://digital-forensics.sans.org/community/downloads (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Cloud | APT 37 | |
 |
2016-06-17 10:00:38 | ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks (lien direct) | The ScarCruft APT gang has made use of a Flash zero day patched Thursday by Adobe to attack more than two dozen high-profile targets in Russia and Asia primarily. | Cloud | APT 37 | |
 |
2016-06-14 03:00:49 | Don\'t Fear the Reaper – Getting the Most Out of Your Penetration Tests (lien direct) | PCI-DSS v3.2 will be in full-force this October. At that time, service providers will be required to complete penetration tests by an external third party twice a year. The term “service provider” leaves significant room for interpretation. Discuss PCI-DSS v3.2 with your QSA to determine how changes may impact your organization. Whether to be PCI […]… Read More | Cloud | APT 37 | |
 |
2015-12-01 13:00:00 | Le groupe de cyber-menaces basé en Chine utilise Dropbox pour les communications de logiciels malveillants et cible les médias de Hong Kong China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets (lien direct) |
Fireeye Intelligence Centerfireeye Threat Intelligence Analysts a identifié une campagne de phishing de lance réalisée en août 2015 en ciblant les organisations de médias basées à Hong Kong.Un groupe de cyber-menaces basé en Chine, que Fireeye suit en tant que groupe de menaces persistantes avancé (APT) non classé et d'autres chercheurs appellent «admin @ 338», peut avoir mené l'activité. [1] Les e-mails contenaient des documents malveillants avec une charge utile malveillante appelée lowball.Lowball abuse du service de stockage cloud Dropbox pour la commande et le contrôle (CNC).Nous avons collaboré avec Dropbox pour enquêter sur la menace, et
FireEye Intelligence CenterFireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat (APT) group and other researchers refer to as “admin@338,” may have conducted the activity.[1] The email messages contained malicious documents with a malware payload called LOWBALL. LOWBALL abuses the Dropbox cloud storage service for command and control (CnC). We collaborated with Dropbox to investigate the threat, and |
Malware Threat Cloud Technical | ★★★★ | |
|
2015-04-18 11:10:00 | Opération Russiandoll: Adobe & Windows Exploits zéro-day Probablement exploités par APT28 de Russie dans une attaque très ciblée Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia\\'s APT28 in Highly-Targeted Attack (lien direct) |
Fireeye Labs a récemment détecté une campagne APT limitée exploitant les vulnérabilités zéro-jours dans Adobe Flash et une toute nouvelle à Microsoft Windows.En utilisant le Dynamic Keen Intelligence Cloud (DTI) , les chercheurs de Fireeye ont détecté un modèle d'attaques commençant le 13 avril Th , 2015. Adobe a indépendamment corrigé la vulnérabilité (CVE-2015-3043) dans APSB15-06 .Grâce à la corrélation des indicateurs techniques et des infrastructures de commandement et de contrôle, FireEye évalue que l'APT28 est probablement responsable de cette activité.
Microsoft est conscient de la vulnérabilité d'escalade locale exceptionnelle dans Windows
FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in APSB15-06. Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity. Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows |
Vulnerability Threat Cloud | APT 28 APT 28 | ★★★★ |
To see everything:
Our RSS (filtrered)
