What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-18 04:22:22 | Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang (lien direct) | The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new report shared with The | Tool | ||
 |
2022-05-17 21:15:08 | CVE-2022-29162 (lien direct) | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | Tool | ★★★ | |
 |
2022-05-17 15:01:00 | Anomali Cyber Watch: Costa Rica in Ransomware Emergency, Charming Kitten Spy and Ransom, Saitama Backdoor Hides by Sleeping, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Conti ransomware, India, Iran, Russia, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
COBALT MIRAGE Conducts Ransomware Operations in U.S.
(published: May 12, 2022)
Secureworks researchers describe campaigns by Iran-sponsored group Cobalt Mirage. These actors are likely part of a larger group, Charming Kitten (Phosphorus, APT35, Cobalt Illusion). In 2022, Cobalt Mirage deployed BitLocker ransomware on a US charity systems, and exfiltrated data from a US local government network. Their ransomware operations appear to be a low-scale, hands-on approach with rare tactics such as sending a ransom note to a local printer. The group utilized its own custom binaries including a Fast Reverse Proxy client (FRPC) written in Go. It also relied on mass scanning for known vulnerabilities (ProxyShell, Log4Shell) and using commodity tools for encryption, internal scanning, and lateral movement.
Analyst Comment: However small your government or NGO organization is, it still needs protection from advanced cyber actors. Keep your system updated, and employ mitigation strategies when updates for critical vulnerabilities are not available.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Cobalt Mirage, Phosphorous, Cobalt Illusion, TunnelVision, Impacket, wmiexec, Softperfect network scanner, LSASS, RDP, Powershell, BitLocker, Ransomware, Fast Reverse Proxy client, FRP, FRPC, Iran, source-country:IR, USA, target-country:US, Cyberespionage, Government, APT, Go, Log4j2, ProxyShell, CVE-2021-34473, CVE-2021-45046, CVE-2021-44228, CVE-2020-12812, CVE-2021-31207, CVE-2018-13379, CVE-2021-34523, CVE-2019-5591
SYK Crypter Distributing Malware Families Via Discord
(published: May 12, 2022)
Morphisec researchers discovered a new campaign abusing popular messaging platform Discord content distribution network (CDN). If a targeted user activates the phishing attachment, it starts the DNetLoader malware that reaches out to the hardcoded Discord CDN link and downloads a next stage crypter such as newly-discovered SYK crypter. SYK crypter is being loaded into memory where it decrypts its configuration and the next stage payload using hardcoded keys and various encryption methods. It detects and impairs antivirus solutions and checks for d |
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 15 APT 34 | |
 |
2022-05-17 13:00:36 | Zero Trust and SASE: Better Together for Financial Institutions (lien direct) | >A Zero Trust cybersecurity model, enabled by a modern Secure Access Services Edge (SASE) architecture, gives financial institutions powerful tools to support new ways of working without compromising their ability to compete and innovate. | Tool | ||
 |
2022-05-17 10:30:19 | Hackers can steal your Tesla Model 3, Y using new Bluetooth attack (lien direct) | Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. [...] | Tool | ||
 |
2022-05-17 09:05:52 | Use Your Browser Internal Password Vault... or Not?, (Tue, May 17th) (lien direct) | Passwords... a so hot topic&#;x26;#;x21; Recently big players (Microsoft, Apple &#;x26; Google) announced that they would like to suppress (or, at least, reduce)&#;xc2;&#;xa0;the use of classic passwords&#;x5b;1&#;x5d;. In the meantime, they remain the most common way to authenticate users against many online services. Modern Browsers offer lightweight password management tools ("vaults")&#;xc2;&#;xa0;that help users to save their passwords in a central repository. So they don&#;x26;#;39;t have to remember them, and they follow the golden rule that we, infosec people, are recommending for a long time: to not&#;xc2;&#;xa0;share passwords across services.&#;xc2;&#;xa0;But it is really safe? | Tool | ||
|
2022-05-17 01:50:51 | U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (lien direct) | The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the | Ransomware Tool | ||
 |
2022-05-16 17:31:54 | Gradle vs. Maven: DevOps tools comparison (lien direct) | >Gradle and Maven are two of the top build automation tools available for developers. Learn how these tools differ to find the right DevOps tool for your projects. | Tool | ||
 |
2022-05-16 17:21:06 | Researchers Devise New Type of Bluetooth LE Relay Attacks (lien direct) | Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations. | Tool | ||
|
2022-05-15 10:00:00 | Windows admins frustrated by Quick Assist moving to Microsoft Store (lien direct) | Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. [...] | Tool | ||
|
2022-05-13 21:16:51 | (Déjà vu) Google Created \'Open Source Maintenance Crew\' to Help Secure Critical Projects (lien direct) | Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers | Tool Vulnerability | ||
|
2022-05-13 05:26:14 | Google Created \'Open-Source Maintenance Crew\' to Help Secure Critical Projects (lien direct) | Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers | Tool Vulnerability | ||
 |
2022-05-12 22:13:56 | 5 Tips For Creating Bulletproof Passwords (lien direct) | >
While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and...
|
Tool | ||
|
2022-05-12 12:55:35 | How Innovation Turns 5G Security from a Reactive to Proactive Tool (lien direct) | >5G security for enterprise rides on the viability of enterprise-grade security that safeguards the new business-critical operations against cyber threats. | Tool | ||
 |
2022-05-12 09:48:04 | NCSC launches free email security check (lien direct) | The UK’s National Cyber Security Centre (NCSC) has released a free tool designed to help organisations check whether their email security settings are sufficient. The Email Security Check service was released yesterday by the NCSC, an offshoot of the UK spy agency GCHQ. The tool works to look up publicly available information on anti-spoofing standards such as […] | Tool | ★★ | |
 |
2022-05-11 16:05:43 | Mettre les choses en contexte |Campagnes de menace de temps Putting Things in Context | Timelining Threat Campaigns (lien direct) |
La visualisation des données fait partie intégrante de la recherche sur les menaces.Voyez comment nous avons utilisé cet outil d'analyse de la chronologie pour suivre l'activité dans le cyber-conflit ukrainien.
Visualizing data is integral to threat research. See how we used this timeline analysis tool to track activity in the Ukrainian cyber conflict. |
Tool Threat | ★★ | |
|
2022-05-11 15:15:08 | CVE-2021-34605 (lien direct) | A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool. | Tool Vulnerability | ||
|
2022-05-11 15:15:08 | CVE-2021-34606 (lien direct) | A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account. | Tool Vulnerability | ||
|
2022-05-10 17:08:00 | Anomali Cyber Watch: Moshen Dragon Abused Anti-Virus Software, Raspberry Robin Worm Jumps from USB, UNC3524 Uses Internet-of-Things to Steal Emails, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Phishing, Ransomware, Sideloading, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Attackers Are Attempting to Exploit Critical F5 BIG-IP RCE
(published: May 9, 2022)
CVE-2022-1388, a critical remote code execution vulnerability affecting F5 BIG-IP multi-purpose networking devices/modules, was made public on May 4, 2022. It is of high severity (CVSSv3 score is 9.8). By May 6, 2022, multiple researchers have developed proof-of concept (PoC) exploits for CVE-2022-1388. The first in-the-wild exploitation attempts were reported on May 8, 2022.
Analyst Comment: Update your vulnerable F5 BIG-IP versions 13.x and higher. BIG-IP 11.x and 12.x will not be fixed, but temporary mitigations available: block iControl REST access through the self IP address and through the management interface, modify the BIG-IP httpd configuration.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: CVE-2022-1388, F5, Vulnerability, Remote code execution, Missing authentication
Mobile Subscription Trojans and Their Little Tricks
(published: May 6, 2022)
Kaspersky researchers analyzed five Android trojans that are secretly subscribing users to paid services. Jocker trojan operators add malicious code to legitimate apps and re-upload them to Google Store under different names. To avoid detection, malicious functionality won’t start until the trojan checks that it is available in the store. The malicious payload is split in up to four files. It can block or substitute anti-fraud scripts, and modify X-Requested-With header in an HTTP request. Another Android malware involved in subscription fraud, MobOk trojan, has additional functionality to bypass captcha. MobOk was seen in a malicious app in Google Store, but the most common infection vector is being spread by other Trojans such as Triada.
Analyst Comment: Limit your apps to downloads from the official stores (Google Store for Android), avoid new apps with low number of downloads and bad reviews. Pay attention to the terms of use and payment. Avoid granting it too many permissions if those are not crucial to the app alleged function. Monitor your balance and subscription list.
MITRE ATT&CK: [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Data Manipulation - T1565
Tags: Android, Jocker, MobOk, Triada, Vesub, GriftHorse, Trojan, Subscription fraud, Subscription Trojan, Russia, target-country:RU, Middle East, Saudi Arabia, target-country:SA, Egypt, target-country:EG, Thailand, target-country:TH
Raspberry Robin Gets the Worm Early
(published: May 5, 2022)
Since September 2021, Red Canary researchers monitor Raspberry Robin, a new worm |
Ransomware Malware Tool Vulnerability Threat | APT 29 APT 28 | ★★★ |
 |
2022-05-10 03:00:00 | Cohesity launches FortKnox to protect data from ransomware attacks (lien direct) | Data management specialist Cohesity is launching a new data isolation and recovery tool called FortKnox, in a bid to help customers protect their data from ransomware attacks.FortKnox provides an additional layer of off-site protection for customers by keeping data in a secure 'vault,' with physical separation, network and management isolation to keep threat actors from accessing sensitive data.An object lock requires a minimum of two or more people to approve critical actions, such as changes of vault policy, and access can be managed using granular role-based access control, multi-factor authentication, and encryption both in-flight and at rest.To read this article in full, please click here | Ransomware Tool Threat | ||
 |
2022-05-09 10:49:02 | A scanning tool for open-sourced software packages? Yes, please! (lien direct) | OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories. | Tool | ||
 |
2022-05-09 08:29:06 | New tool release: Discovering the origin host to bypass web application firewalls (lien direct) | Pas de details / No more details | Tool | ||
|
2022-05-05 20:26:37 | Vagrant vs Docker: Compare DevOps tools (lien direct) | Finding the right DevOps tool can be tricky. There are a variety of factors to weigh in deciding what solution will work best for your projects. Learn more about two of the top solutions: Vagrant and Docker. | Tool | ||
|
2022-05-05 20:03:50 | What is the ONLYOFFICE Community feature, and why should you use it? (lien direct) | ONLYOFFICE is not only a great web-based office suite and project management tool but an effective platform to keep your teams engaged with one another and the company. | Tool | ||
|
2022-05-05 19:09:54 | Check Point vs Palo Alto: Comparing EDR software (lien direct) | Check Point and Palo Alto are providers of effective endpoint detection and response tools to allow you to surpass detection-based cyber defense and improve your organization's ability to manage cybersecurity risk. But which tool is best for you? | Tool | ||
|
2022-05-05 16:26:47 | How to use KDE Plasma\'s Konsole SSH plugin (lien direct) | Looking for an incredibly easy tool to manage your SSH connections? KDE's terminal application has a handy trick up its sleeve. | Tool | ||
|
2022-05-05 11:00:56 | Les vulnérabilités dans Avast et AVG mettent des millions en danger Vulnerabilities in Avast And AVG Put Millions At Risk (lien direct) |
Deux défauts de haute sévérité dans les outils de sécurité des utilisateurs finaux populaires permettent aux attaquants d'élever les privilèges et les dispositifs de compromis.
Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices. |
Tool Vulnerability | ★★★ | |
|
2022-05-04 18:37:00 | Are moodables the next best thing in IoT? (lien direct) | More Americans are suffering from depression than ever before. With moodable sensors, we might finally have an IoT tool for mental wellness. | Tool | ||
|
2022-05-04 18:14:46 | How to move from an Android phone to an iPhone (lien direct) | You can more easily switch from an Android phone to an iPhone via a tool called Move to iOS. We'll show you how. | Tool | ||
|
2022-05-03 17:20:31 | Notion vs Trello: Project management software comparison (lien direct) | If your company is considering which project management and communication tool to choose, you should compare the features of Notion and Trello. | Tool | ||
|
2022-05-03 16:31:00 | Anomali Cyber Watch: Time-to-Ransom Under Four Hours, Mustang Panda Spies on Russia, Ricochet Chollima Sends Goldbackdoor to Journalists, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, LNK files, Malspam, North Korea, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
A Lookback Under the TA410 Umbrella: Its Cyberespionage TTPs and Activity
(published: April 28, 2022)
ESET researchers found three different teams under China-sponsored umbrella cyberespionage group TA410, which is loosely linked to Stone Panda (APT10, Chinese Ministry of State Security). ESET named these teams FlowingFrog, JollyFrog, and LookingFrog. FlowingFrog uses the Royal Road RTF weaponizer described by Anomali in 2019. Infection has two stages: the Tendyron implant followed by a very complex FlowCloud backdoor. JollyFrog uses generic malware such as PlugX and QuasarRAT. LookingFrog’s infection stages feature the X4 backdoor followed by the LookBack backdoor. Besides using different backdoors and exiting from IP addresses located in three different districts, the three teams use similar tools and similar tactics, techniques, and procedures (TTPs).
Analyst Comment: Organizations should keep their web-facing applications such as Microsoft Exchange or SharePoint secured and updated. Educate your employees on handling suspected spearphishing attempts. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Native API - T1106 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Inter-Process Communication - T1559 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Rootkit - T1014 | [MITRE ATT&CK] Process Injection - T1055 | |
Ransomware Malware Tool Vulnerability Threat Guideline Cloud | APT 37 APT 10 APT 10 | |
|
2022-05-03 14:36:25 | Amazon CloudWatch vs Pingdom: Monitoring tool comparison (lien direct) | Let's compare the features of two popular website monitoring tools, Pingdom and Amazon CloudWatch, to determine what makes each one unique and what you should consider before adopting each tool. | Tool | ||
|
2022-05-03 14:08:13 | The COVID-19 gender gap: Addressing bias at work can help bring women back to the office (lien direct) | The global pandemic highlighted inequities at the workplace and the greater stresses women face. Here's how a new tool that uses science to uncover bias at work can improve workplaces for women. | Tool | ||
 |
2022-05-03 06:08:45 | Package Analysis dynamic analyzes packages in open-source repositories (lien direct) | The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis, to perform dynamic analysis of the packages uploaded to popular open-source repositories. […] | Tool | ||
|
2022-05-02 22:46:55 | CyberArk vs BeyondTrust: Compare IAM solutions (lien direct) | It's time to upgrade your IAM software, but which security tool should you choose? See how the features of CyberArk and BeyondTrust compare. | Tool | ||
|
2022-05-02 20:15:08 | CVE-2021-41810 (lien direct) | Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | Tool | ||
 |
2022-05-02 09:30:00 | UNC3524: Eye Spy sur votre e-mail UNC3524: Eye Spy on Your Email (lien direct) |
Mise à jour (novembre 2022): Nous avons fusionné UNC3524 avec APT29. L'activité UNC3524 décrite dans ce post est désormais attribuée à APT29.
Depuis décembre 2019, Mandiant a observé que les acteurs avancés des menaces augmentent leur investissement dans des outils pour faciliter la collecte de courriels en vrac dans les environnements de victime, en particulier en ce qui concerne leur soutien aux objectifs d'espionnage présumés.Les e-mails et leurs pièces jointes offrent une riche source d'informations sur une organisation, stockée dans un emplacement centralisé pour les acteurs de menace à collecter.La plupart des systèmes de messagerie, qu'ils soient sur site ou dans le cloud, offrent
UPDATE (November 2022): We have merged UNC3524 with APT29. The UNC3524 activity described in this post is now attributed to APT29. Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives. Email messages and their attachments offer a rich source of information about an organization, stored in a centralized location for threat actors to collect. Most email systems, whether on-premises or in the cloud, offer |
Tool Threat | APT 29 | ★★ |
|
2022-05-01 21:51:22 | Here\'s a New Tool That Scans Open-Source Repositories for Malicious Packages (lien direct) | The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the | Tool | ||
|
2022-04-29 21:12:21 | Datadog vs New Relic: Compare DevOps tools (lien direct) | Datadog vs. New Relic: Which is the best DevOps tool for your business? This guide will help you choose. | Tool | ||
 |
2022-04-29 17:32:59 | Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage (lien direct) |  socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.
Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.
Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.
|
Tool | ||
|
2022-04-29 14:45:19 | LogMeIn vs GoToMyPC: Compare remote desktop software (lien direct) | LogMeIn and GoToMyPC are two of the top remote access software solutions. Read this feature comparison to learn which remote desktop tool is right for your business. | Tool | ||
|
2022-04-29 13:09:34 | OneLogin vs Okta: Comparing IAM solutions (lien direct) | Which identity and access management software should you choose? Compare the features of OneLogin and Okta to see if either is the right IAM tool for your business. | Tool | ||
|
2022-04-28 11:00:00 | More Tools, More Problems: Why It\'s Important to Ensure Security Tools Work Together (lien direct) | Welcome to blog #six as I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience. In the last blog, I wrote about the challenges that organizations have with disparate tools, highlighted by the fact that mature enterprise organizations deployed over 130 security tools on average. That blog is a perfect introduction to number five on our list of challenges enterprise organizations face: ‘Solutions not customized to the types of risks we face.’ More Tools, More Problems Most security teams use several security management tools to help them manage their security infrastructure. While each tool was acquired for a specific reason and purpose, introducing each tool into an existing security tech stack poses a different challenge. Unfortunately, there’s no one size fits all approach. Every new security tool introduced requires integration to use the tool effectively. It takes a lot of time and effort to implement a tool properly into your environment and processes. There would most likely need training involved for those analysts who would be using the new tools. While necessary, these tasks take time and attention away from everyday activities and can significantly decrease a security team’s effectiveness before they’re fully integrated into their workflow. Increasing in Multiple Tools Increases Security Complexity The increasing adoption of cybersecurity solutions has created more consequences and challenges for organizations and their IT teams. With each addition of a new solution, another problem emerges Tool sprawl. Tool sprawl is when an organization invests in various tools that make it harder for IT teams to manage and orchestrate the solution. Time is a precious commodity, especially in cybersecurity. It takes time to collect information from multiple tools and disparate data sources, then correlate it manually with the necessary intelligence. Instead of responding quickly to an attack, analysts will waste time collecting the data and relevant intelligence needed to understand what kind of attacks they are dealing with and which actions they should take. Instead of fixing a problem, security teams may suddenly find that they’ve added more. How Cybersecurity Tools Grew Out of Control Traditional cybersecurity operations were designed to manage anti-viruses, install and monitor firewalls, protect data, and help users manage passwords. It was evident by the mid-1990s that investing in cybersecurity would be necessary. Organizations now had a budget for security and had to figure out which parts of their infrastructure were most vulnerable. As their strategy evolved, organizations began investing in hiring cybersecurity experts but realized people are expensive. They then began buying various tools to complement their security professionals. They soon realized that there was a security tool you could buy that could help resolve the situation for any potential problem. The desire to throw tools at a situation continues today. Cybersecurity budgets have increased since the pandemic sped up digital transformation efforts and increased an organization’s attack surface. Board members and Executives realize the need to invest more in cybersecurity. New security products continue to spring up, promising to solve problems and secure all the various parts of businesses’ technology stacks. Unfortunately, when adding tools, too many organizations make the mistake of looking for a quick fix, working in silos to solve one problem rather than t | Tool Threat Guideline | ||
|
2022-04-27 16:15:11 | CVE-2022-22521 (lien direct) | In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. | Tool | ||
|
2022-04-26 16:24:00 | Anomali Cyber Watch: Gamaredon Delivers Four Pterodos At Once, Known-Plaintext Attack on Yanlouwang Encryption, North-Korea Targets Blockchain Industry, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, CatalanGate, Cloud, Cryptocurrency, Information stealers, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
(published: April 25, 2022)
Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables.
Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | |
Ransomware Malware Tool Vulnerability Threat Guideline Medical | Uber APT 38 APT 28 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-22 19:32:36 | Chef vs Terraform: DevOps tool comparison (lien direct) | Server configuration, automation and infrastructure development are at the heart of every IT business operation. Read this feature comparison of two DevOps tools, Chef and Terraform, to enhance your IT efficiency. | Tool | ||
 |
2022-04-22 18:30:28 | A Detailed Guide on Hydra (lien direct) | Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent | Tool | ||
|
2022-04-21 19:15:08 | CVE-2021-43708 (lien direct) | The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | Tool | ||
|
2022-04-21 16:54:59 | Terraform vs Puppet: DevOps tool comparison (lien direct) | Not all software tools are created equal, and one solution may be more beneficial to your DevOps needs than another. Read on to learn more about two popular DevOps tools: Terraform and Puppet. | Tool |
To see everything:
Our RSS (filtrered)
