What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-02 10:00:00 | Un guide de l'acquisition de données numériques en médecine légale avec l'imageur FTK A guide to digital forensics data acquisition with FTK Imager (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the field of Digital Forensics and Incident Response (DFIR), acquiring a forensic copy of a suspect\'s storage device is a critical first step. This process involves either disk imaging or disk cloning, each with its own distinct purposes and methodologies. In this blog, we\'ll delve into the differences between disk imaging and disk cloning, when to use each method, and provide step-by-step guidance on how to create a forensic disk image using FTK Imager. Disk imaging vs. disk cloning Disk imaging Disk imaging is the process of creating a bit-for-bit copy or snapshot of an entire storage device or a specific partition. In forensic imaging, the goal is to create an exact, bit-for-bit copy of the source disk without making any changes to the original data. The key characteristics of disk imaging include: Non-destructive: Disk imaging is a non-destructive process that doesn\'t alter the original data on the source device. It preserves the integrity of the evidence. File-level access: After imaging, forensic examiners can access and analyze the files and folders within the image using specialized forensic software. This allows for targeted analysis and data recovery. Metadata preservation: Disk imaging retains critical metadata such as file timestamps, permissions, and attributes, which can be crucial in investigations. Flexible storage: Disk images can be stored in various formats (e.g., E01, DD, AFF) and on different media, such as external hard drives or network storage. Disk cloning Disk cloning, on the other hand, involves creating an exact duplicate of the source storage device, including all partitions and unallocated space. Unlike file copying, disk cloning also duplicates the filesystems, partitions, drive meta data and slack space on the drive. The characteristics of disk cloning include: Exact copy: Disk cloning produces an identical copy of the source device. It replicates everything, including empty space and hidden partitions. Quick duplication: Cloning is typically faster than imaging because it doesn\'t involve the creation of a separate image file. It\'s essentially a sector-by-sector copy. Cloning is like making an exact photocopy of a book, smudges and all. It copies everything, even the empty pages. So, if we\'re dealing with a whole computer, it copies the operating system, software, and every file, whether it\'s useful or not. Creating a forensic disk image with FTK Imager FTK Imager is a widely used and trusted tool for creating forensic disk images. Here are the steps to create a disk image using FTK Imager: Download and Install FTK Imager, make sure to use latest stable version available as well mention the version and vendor details in case notes. This is a good practice in digital forensics and incident response (DFIR) as it ensures that you are using the most up-to-date and secure version of the software, and it provides important documentation about the tools and their configurations used in your investigations. Keeping software updated is essential for maintaining the integrity and reliability of your forensic processes. Download and Install FTK Imager on your forensic workstation. It can be downloaded from here. You’ll need to provide some information like name, business email etc., and after you fill in the form the download will start automatically. You can use privacy centric services while filling out the information. Begin the installation. | Tool Tool | ★★★ | |
 |
2023-11-01 20:30:00 | Le Département du commerce promet des garanties pour empêcher les ventes de technologies de surveillance à l'étranger Commerce Department promises safeguards to prevent surveillance tech sales abroad (lien direct) |
Le Département du commerce a mis en œuvre de nouvelles politiques pour arrêter la promotion des technologies de surveillance aux gouvernements étrangers.Dans un lettre au sénateur Ron (D-or) Wyden, qui a exprimé la préoccupation de l'agence sur le spreadParmi les outils en mai, le Département du commerce a fixé les mesures que son Administration du commerce international (ITA) a prises pour freiner
The Commerce Department has implemented new policies to stop the promotion of surveillance technologies to foreign governments. In a letter to Senator Ron (D-OR) Wyden, who expressed concern to the agency about the spread of the tools in May, the Commerce Department laid out the steps its International Trade Administration (ITA) has taken to curb |
Tool | ★★ | |
|
2023-11-01 18:08:00 | Une campagne d'informations sur le voleur cible désormais les utilisateurs de Facebook avec des photos révélatrices An info-stealer campaign is now targeting Facebook users with revealing photos (lien direct) |
Les cybercriminels utilisent des publicités Facebook pour distribuer des logiciels malveillants et des utilisateurs de détournement de logiciels \\ ', des chercheurs ont révélé des chercheurs.Dans la campagne dite de malvertising, les pirates exploitent des outils légitimes pour la distribution d'annonces en ligne et insérer des liens infectés vers des publicités typiques.Pour inciter les utilisateurs à cliquer, la campagne propose des «attracatifs» - dans ce cas, des images obscènes de jeunes
Cybercriminals are using Facebook ads to distribute malware and hijack users\' social media accounts, researchers have found. In the so-called malvertising campaign, hackers exploit legitimate tools for online ad distribution and insert infected links into typical advertisements. To entice users into clicking, the campaign offers “provocative enticements” - in this case, lewd images of young |
Malware Tool Threat | ★★★ | |
 |
2023-11-01 16:45:53 | Docontrol lance l'extension de l'intégration Salesforce DoControl Launches Salesforce Integration Extending (lien direct) |
Docontrol lance l'intégration Salesforce étendant sa plate-forme de sécurité SaaS complète à tous les écosystèmes SaaS de premier plan
Les utilisateurs Salesforce bénéficieront désormais d'une solution consolidée de Docontrol, leur fournissant un éventail complet d'outils pour sauvegarder contre une vaste gamme de menaces
-
revues de produits
DoControl Launches Salesforce Integration Extending Its Comprehensive SaaS Security Platform To All Prominent SaaS Ecosystems Salesforce users will now benefit from DoControl\'s consolidated solution, providing them with a comprehensive array of tools to safeguard against an extensive range of threats - Product Reviews |
Tool Cloud | ★★ | |
 |
2023-11-01 15:10:26 | Outils de premier plan, efficaces et puissants pour identifier les visiteurs du site Leading, effective, and powerful tools for identifying site visitors (lien direct) |
> Par owais sultan
Savoir qui visite votre site Web vous donne des données précieuses que votre équipe de vente peut utiliser ce précieux marketing & # 8230;
Ceci est un article de HackRead.com Lire le post original: Outils de premier plan, efficaces et puissants pour identifier les visiteurs du site
>By Owais Sultan Knowing who visits your website gives you valuable data that your sales team can use this valuable marketing… This is a post from HackRead.com Read the original post: Leading, effective, and powerful tools for identifying site visitors |
Tool | ★★ | |
 |
2023-10-31 19:45:32 | From Albania to the Middle East: The Scarred Manticore is Listening (lien direct) | #### Description
Check Point Research (RCR) surveille une campagne d'espionnage iranienne en cours par Scarred Manticore, un acteur affilié au ministère du renseignement et de la sécurité (MOIS).Les attaques reposent sur Liontail, un cadre de logiciel malveillant passif avancé installé sur les serveurs Windows.À des fins de furtivité, les implants liionnal utilisent les appels directs vers Windows HTTP Stack Driver Http.SYS pour charger les charges utiles des résidents de mémoire.
La campagne actuelle a culminé à la mi-2023, passant sous le radar pendant au moins un an.La campagne cible les organisations de haut niveau au Moyen-Orient en mettant l'accent sur les secteurs du gouvernement, des militaires et des télécommunications, en plus des fournisseurs de services informatiques, des organisations financières et des ONG.Scarred Manticore poursuit des objectifs de grande valeur depuis des années, utilisant une variété de déambulations basées sur l'IIS pour attaquer les serveurs Windows.Ceux-ci incluent une variété de shells Web personnalisés, de bornes de dos de DLL personnalisées et d'implants basés sur le pilote.Bien que la principale motivation derrière l'opération de Manticore \\ ne soit que l'espionnage, certains des outils décrits dans ce rapport ont été associés à l'attaque destructrice parrainée par MOIS contre l'infrastructure du gouvernement albanais (appelé Dev-0861).
#### URL de référence (s)
1. https://research.checkpoint.com/2023/from-albania-to-the-middle-East-the-scarred-Manticore-is-Listening/
#### Date de publication
31 octobre 2023
#### Auteurs)
Recherche de point de contrôle
#### Description Check Point Research (CPR) is monitoring an ongoing Iranian espionage campaign by Scarred Manticore, an actor affiliated with the Ministry of Intelligence and Security (MOIS). The attacks rely on LIONTAIL, an advanced passive malware framework installed on Windows servers. For stealth purposes, LIONTIAL implants utilize direct calls to Windows HTTP stack driver HTTP.sys to load memory-residents payloads. The current campaign peaked in mid-2023, going under the radar for at least a year. The campaign targets high-profile organizations in the Middle East with a focus on government, military, and telecommunications sectors, in addition to IT service providers, financial organizations and NGOs. Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety of custom web shells, custom DLL backdoors, and driver-based implants. While the main motivation behind Scarred Manticore\'s operation is espionage, some of the tools described in this report have been associated with the MOIS-sponsored destructive attack against Albanian government infrastructure (referred to as DEV-0861). #### Reference URL(s) 1. https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ #### Publication Date October 31, 2023 #### Author(s) Check Point Research |
Malware Tool | APT 34 APT 34 | ★★ |
 |
2023-10-31 19:25:00 | Les États-Unis mènent une alliance de 40 pays pour couper les paiements des ransomwares US Leads 40-Country Alliance to Cut Off Ransomware Payments (lien direct) |
Les parties de l'initiative internationale contre les ransomwares ont l'intention d'utiliser des outils de partage d'informations et une IA pour atteindre leurs objectifs de coupe des ressources financières des acteurs de la menace.
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors. |
Ransomware Tool Threat | ★★ | |
 |
2023-10-31 18:55:37 | Google prévoit RISC-V Android Tools en 2024, veut que les développeurs «soient prêts» Google plans RISC-V Android tools in 2024, wants developers to “be ready” (lien direct) |
Nous avons un support RISC-V OS, des puces entrantes et bientôt, un écosystème d'applications.
We\'ve got RISC-V OS support, incoming chips, and soon, an app ecosystem. |
Tool | ★★ | |
 |
2023-10-31 10:56:45 | Déstaurer la saga Manticore marquée: une épopée fascinante d'espionnage à enjeux élevés qui se déroule au cœur du Moyen-Orient Unraveling the Scarred Manticore Saga: A Riveting Epic of High-Stakes Espionage Unfolding in the Heart of the Middle East (lien direct) |
> Faits saillants: 1. Intrudeurs silencieux: Manticore marqué, un groupe de cyber-menaces iranien lié à Mois (Ministère des renseignements & # 38; Security), gère tranquillement une opération d'espionnage sophistiquée furtive au Moyen-Orient.En utilisant leur dernier cadre d'outils de logiciels malveillants, Liontail, ils volent sous le radar depuis plus d'un an.2. Secteurs ciblés: La campagne se concentre sur les grands joueurs-gouvernement, militaire, télécommunications, informatique, finance et ONG au Moyen-Orient.Manticore marqué est une question de données systématiquement en train de saisir des données, montrant leur engagement envers les cibles de grande valeur.3. Évolution des tactiques: le livre de jeu de Manticore Scarre est passé des attaques de base de shell sur les serveurs Windows à [& # 8230;]
>Highlights: 1. Silent Intruders: Scarred Manticore, an Iranian cyber threat group linked to MOIS (Ministry of Intelligence & Security), is quietly running a stealthy sophisticated spying operation in the Middle East. Using their latest malware tools framework, LIONTAIL, they have been flying under the radar for over a year. 2. Targeted Sectors: The campaign focuses on big players-government, military, telecom, IT, finance, and NGOs in the Middle East. Scarred Manticore is all about systematically nabbing data, showing their commitment to high-value targets. 3. Evolution of Tactics: Scarred Manticore’s playbook has evolved from basic web shell attacks on Windows Servers to […] |
Malware Tool Threat | APT 34 | ★★ |
 |
2023-10-31 10:37:38 | CISA dévoile la journalisation facilitée: la solution à guichet unique pour les systèmes basés sur Windows CISA Unveils Logging Made Easy: The One-Stop Solution for Windows-Based Systems (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié la journalisation Made Easy (LME), un outil de gestion de journaux robuste et gratuit conçu pour renforcer les mesures de cybersécurité pour [plus ...]
The Cybersecurity and Infrastructure Security Agency (CISA) has released Logging Made Easy (LME), a robust, cost-free log management tool designed to reinforce cybersecurity measures for [more...] |
Tool | ★★ | |
 |
2023-10-31 08:00:27 | Turbolehe – Un peu d\'OSINT pour trouver des emails cachés (lien direct) | Turbolehe, un outil puissant pour les enquêtes OSINT, facilite la génération et la validation d'adresses e-mail à partir d'un nom et prénom. Basé sur Python, il teste les combinaisons possibles et vérifie leur existence, permettant un gain de temps considérable. Turbolehe offre également des fonctionnalités supplémentaires, telles que le filtrage par domaine, et prévoit des améliorations futures pour optimiser son efficacité. | Tool | ★★★★ | |
|
2023-10-30 18:30:00 | L'outil de piratage russe inonde les réseaux sociaux avec des robots, disent les chercheurs Russian hacking tool floods social networks with bots, researchers say (lien direct) |
Les cybercriminels à faible teneur en compétence utilisent un nouvel outil pour créer des centaines de faux comptes de médias sociaux en quelques secondes, ont découvert des chercheurs.Appelé Kopeechka («Penny» en russe), le service aide à contourner deux «obstacles» principaux pour quelqu'un qui essaie de créer un faux compte - une vérification par e-mail et par téléphone.Les cybercriminels pourraient utiliser Kopeechka pour transporter
Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds, researchers have discovered. Called Kopeechka (“penny” in Russian), the service helps to bypass two main “hurdles” for someone trying to create a fake account - email and phone verification. Cybercriminals could use Kopeechka to carry |
Tool | ★★★ | |
|
2023-10-30 15:12:49 | Une augmentation exponentielle de 1265% des e-mails de phishing retracés aux outils d'IA Exponential 1265% Surge in Phishing Emails Traced to AI Tools (lien direct) |
La nouvelle normale: une augmentation de 1265% des e-mails de phishing Le paysage des menaces a subi un changement sismique au cours de la dernière année, et un nouveau rapport [plus ...]
The New Normal: A 1265% Increase in Phishing Emails The threat landscape has undergone a seismic shift over the past year, and a new report [more...] |
Tool Threat | ★ | |
|
2023-10-30 14:15:45 | Outils OSINT qui travaillent pour Facebook Working OSINT Tools for Facebook (lien direct) |
Le paysage numérique est en constante évolution et, avec lui, les méthodes pour extraire des informations précieuses à diverses fins.Les outils de renseignement open source (OSINT) sont devenus indispensables [plus ...]
The digital landscape is ever-evolving, and with it, the methods to extract valuable information for various purposes. Open Source Intelligence (OSINT) tools have become indispensable [more...] |
Tool | ★★★★ | |
 |
2023-10-30 10:41:17 | Métiers IT – Développeur front end : fonction, formation et salaire (lien direct) | Le développeur front end est en charge de la création et du développement de l'interface utilisateur (UI) de pages, applications et sites web. Il maîtrise les principaux outils et les langages du développement web. | Tool | ★★ | |
|
2023-10-30 10:00:00 | Soins de santé & # 8211;Naviguer sur votre chemin vers le bien-être du bien-être Healthcare – Navigating your path to cyber wellness (lien direct) |
The healthcare industry is progressing towards a more mature cybersecurity posture. However, given it remains a popular attack target, more attention is needed. Results from The Cost of a Data Breach Report 2023 reported that healthcare has had the highest industry cost of breach for 13 consecutive years, to the tune of $10.93M. In 2022, the top 35 global security breaches exposed 1.2 billion records, and 34% of those attacks hit the public sector and healthcare organizations.
Regulators have responded by requiring more guidance to the healthcare industry. The Cybersecurity Act of 2015 (CSA), Section 405(d), Aligning Health Care Industry Security Approaches, is the government’s response to increase collaboration on healthcare industry security practices. Lead by HHS, the 405(d) Program\'s mission is to provide resources and tools to educate, drive behavioral change, and provide cybersecurity best practices to strengthen the industry\'s cybersecurity posture.
Additionally, Section 13412 of the HITECH Act was amended in January 2022 that requires that HHS take "Recognized Security Practices" into account in specific HIPAA Security Rule enforcement and audit activities when a HIPAA-regulated entity is able to demonstrate Recognized Security Practices have been in place continuously for the 12 months prior to a security incident. This voluntary program is not a safe harbor, but could help mitigate fines and agreement remedies and reduce the time and extent for audits.
The Recognized Security Practices
Recognized Security Practices are standards, guidelines, best practices, methodologies, procedures, and processes developed under:
The National Institute of Standards and Technology (NIST) Cybersecurity Framework
Section 405(d) of the Cybersecurity Act of 2015, or
Other programs that address cybersecurity that are explicitly recognized by statute or regulation
It is apparent that healthcare organizations are being guided and even incentivized to follow a programmatic approach to cybersecurity and adopt a recognized framework.
How can a cybersecurity framework help?
By creating a common language: Adopting a cybersecurity framework and developing a strategy to implement it allows key stakeholders to start speaking a common language to address and manage cybersecurity risks. The strategy will align business, IT, and security objectives. The framework is leveraged as a mechanism in which to implement the cybersecurity strategy across the organization, which will be monitored, progress and budget reported upon to senior leaders and the board, communication, and synergies with control owners and staff. Individual users and senior executives will start to speak a common cybersecurity language, which is the first step to creating a cyber risk-aware culture.
By sustaining compliance: Adherence to a cybersecurity framework ensures that healthcare organizations comply with relevant regulations and industry standards, such as HIPAA. Compliance can help organizations avoid legal penalties, financial losses, and reputational damage.
By improving cybersecurity risk management practices: The core of implementing cybersecurity risk management is understanding the most valuable assets to the organization so that appropriate safeguards can be implemented based upon the threats. A key challenge to the healthcare industry\'s cybersecurity posture is knowing what data needs to be protected and where that data is. Accepted frameworks are built on sound risk management principles.
By increasing resilience: Cyberattacks can disrupt critical he |
Data Breach Tool Threat Medical | ★★ | |
|
2023-10-30 09:00:59 | Burpsuite pour Penter: Logger ++ Burpsuite for Pentester: Logger++ (lien direct) |
Dans cet article, nous apprendrons un puissant outil cool d'extension de burp appelé & # 8220; burp logger ++ & # 8221;.C'est comme un super détective pour les sites Web, toujours sur
In this article, we\'ll learn about a powerful Burp Extension cool tool called “Burp Logger++”. It is like a super detective for websites, always on |
Tool | ★★ | |
|
2023-10-30 01:05:25 | ADAPTATION DE CODE A-AI: Révolution des trackers de ransomwares dans le Darkweb AI-Driven Code Adaptation: Revolutionizing Ransomware Trackers in the Darkweb (lien direct) |
Le Darkweb sert de foyer pour les activités de ransomware.Les trackers de ransomware, souvent créés à l'aide de robots Web codés dans des langages comme Python, sont des outils essentiels qui [Plus ...]
The darkweb serves as a hotbed for ransomware activities. Ransomware trackers, often created using web crawlers coded in languages like Python, are essential tools that [more...] |
Ransomware Tool | ★★ | |
 |
2023-10-27 20:27:00 | Le groupe coréen Lazarus cible le fournisseur de logiciels utilisant des défauts connus N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (lien direct) |
Le groupe de Lazare aligné nord-en Corée a été attribué comme derrière une nouvelle campagne dans laquelle un fournisseur de logiciel sans nom a été compromis par l'exploitation de défauts de sécurité connus dans un autre logiciel de haut niveau.
Selon Kaspersky, les séquences d'attaque ont abouti au déploiement de familles de logiciels malveillants tels que Signbt et Lpeclient, un outil de piratage connu utilisé par l'acteur de menace pour
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for |
Malware Tool Threat | APT 38 APT 38 | ★★★ |
|
2023-10-27 17:26:21 | Addons de Firefox pour la pentistation Firefox Addons for Pentesting (lien direct) |
Dans cet article, nous apprendrons à personnaliser le navigateur Firefox pour des tests de stylo efficaces ainsi que des extensions que vous pouvez utiliser dans le même but.
In this article, we will learn how to customise the Firefox browser for efficient pen-testing along with extensions you can use for the same purpose. |
Tool | ★★★★ | |
 |
2023-10-27 14:12:11 | Advanced \\ 'stripedfly \\' malware avec 1 million d'infections montrent des similitudes avec les outils liés à la NSA Advanced \\'StripedFly\\' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools (lien direct) |
Le malware Stripedfly a des capacités de type APT, mais est resté inaperçu pendant cinq ans, se faisant passer pour un mineur de crypto-monnaie.
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. |
Malware Tool | ★★ | |
|
2023-10-27 14:00:00 | Ce qui se cache dans l'obscurité: prendre le but de Shadow Ai What Lurks in the Dark: Taking Aim at Shadow AI (lien direct) |
Les outils génératifs de l'intelligence artificielle ont déclenché une nouvelle ère de terreur aux cisos qui luttent toujours sur les risques de sécurité informatique de longue date.
Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks. |
Tool | ★★ | |
 |
2023-10-27 13:51:17 | Outils VMware de haute sévérité et vulnérabilités de serveur VCenter adressées avec des correctifs récents (CVE-2023-34057, CVE-2023-34058, CVE-2023-34048) High-Severity VMware Tools and vCenter Server Vulnerabilities Addressed with Recent Patches (CVE-2023-34057, CVE-2023-34058, CVE-2023-34048) (lien direct) |
VMware a abordé deux vulnérabilités critiques dans les outils VMware, CVE-2023-34057 et CVE-2023-34058, tous deux portant un haut ...
VMware has addressed two critical vulnerabilities in VMware Tools, CVE-2023-34057 and CVE-2023-34058, both carrying high... |
Tool Vulnerability | ★★★ | |
 |
2023-10-27 13:00:00 | L'évolution de 20 ans de conscience de la cybersécurité The evolution of 20 years of cybersecurity awareness (lien direct) |
> Depuis 2004, la Maison Blanche et le Congrès ont désigné le Mois national de sensibilisation à la cybersécurité d'octobre.Cette année marque le 20e anniversaire de cet effort pour sensibiliser à l'importance de la cybersécurité et de la sécurité en ligne.Comment la cybersécurité et les logiciels malveillants ont-ils évolué au cours des deux dernières décennies?Quels types d'outils de gestion des menaces ont fait surface et quand?Le [& # 8230;]
>Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The […] |
Malware Tool Threat | ★★ | |
 |
2023-10-27 11:30:00 | # ISC2Congress: Génératif Ai une aubaine pour les organisations malgré les risques, disent les experts #ISC2Congress: Generative AI A Boon for Organizations Despite the Risks, Experts Say (lien direct) |
Les experts ont souligné les façons dont les outils d'IA génératifs peuvent aider les équipes de sécurité et comment atténuer les risques qu'ils posent
Experts highlighted the ways generative AI tools can help security teams, and how to mitigate the risks they pose |
Tool | ★★ | |
 |
2023-10-27 11:01:00 | Service d'écoute électronique Découvert via le certificat TLS expiré Messaging Service Wiretap Discovered through Expired TLS Cert (lien direct) |
fascinant Story d'un écoute secrète qui a été découverte à cause d'un expiréCertificat TLS:
L'attaque suspectée de l'homme au milieu a été identifiée lorsque l'administrateur de Jabber.ru, le plus grand service XMPP russe, a reçu une notification selon laquelle l'un des serveurs \\ '' avait expiré.
Cependant, Jabber.ru n'a trouvé aucun certificat expiré sur le serveur, & timide;Comme expliqué dans un article de blog par Valdikss, un chercheur anti-censurL'enquête.
Le certificat expiré a plutôt été découvert sur un seul port utilisé par le service pour établir une connexion TLS de sécurité de la couche de transport cryptée (TLS) avec les utilisateurs.Avant qu'il ne soit expiré, cela aurait permis à quelqu'un de décrypter le trafic échangé sur le service ...
Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers\' certificates had expired. However, jabber.ru found no expired certificates on the server, as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service... |
Tool | ★★★★ | |
 |
2023-10-27 09:36:08 | Au-delà du statu quo, partie 3: comment réduire les risques humains en changeant les mentalités et les comportements des utilisateurs Beyond the Status Quo, Part 3: How to Reduce Human Risk by Changing Users\\' Mindsets and Behaviors (lien direct) |
This is the final installment in a blog series where we cover topics from our Wisdom 2023 sessions. In each blog, we have explored creative techniques for inspiring engagement in security awareness and building a strong security culture. In the first article, we covered how to personalize and invigorate your curriculum for your users using threat intelligence. Then, last week we learned about impactful ways to keep users and security practitioners engaged in continuous learning. Security teams have long believed that people who take risky actions lack security awareness. So, when users fail trainings or phishing assessments, they assign them more trainings and assessments in the hopes that they will improve. But our recent survey found that the majority of users who took risky action in the past tend to bypass security guidelines on purpose. Given this finding, it would seem that more training alone will do little to help change user behavior. At our annual customer conference, 2023 Proofpoint Protect, our customer panelists delved deep into the top behaviors that increase risk for companies. They also discussed the reasons that training alone is not as effective as people expect it to be. And they shared various ways to motivate employees to prioritize security and take a holistic approach to reducing people risk. Let\'s look at some of their key insights and advice. 3 types of users represent the biggest risk People remain attackers\' primary target. Everyone could pose risk to a business, but some users tend to be a higher risk than others. Our panelists called out the following types of users who require extra attention or could use more help or communication: Click-happy users. Email remains the number one threat vector, and attackers rely heavily on social engineering tactics to target people. So, click-happy users can pose a higher risk to businesses even if they don\'t have access to critical data or systems. Negligent users. These employees believe security has nothing to do with them. They see it as someone else\'s job. And they don\'t think they play a role in securing the business other than to complete mandatory training assigned to them. Frustrated users. These employees view security as a barrier. They overlook the importance of following security best practices and try to go around security controls to meet other objectives. Think outside the box to identify your people risk The most common ways to identify vulnerable users include conducting a phishing simulation and a knowledge assessment. Our customers told us they went beyond phishing tests and used threat intelligence to better identify risky users and quantify people risk. They talked about using Very Attacked People™ (VAPs) insights derived from the Proofpoint Aegis threat protection platform to uncover their most attacked users and top clickers. They also reviewed users who repeatedly failed phishing tests, and those who have business privileges to access sensitive data. Our panelists shared how they factored in the results from gamified training and survey tools to enrich the people risk score. Measuring employees\' attitudes toward security can help security teams get an idea of cultural shift. Nandita Bery, our panelist from Equinix, went above and beyond to connect with the security operations team to track user actions blocked by each security control and factor those security events into individuals\' risk scores. (There are tools in the market to generate user risk scores based on specific user behavior. Social media scraping tools and Proofpoint Nexus People Risk Explorer are examples.) The key is to think outside of the box because there are more effective and meaningful ways to identify and quantify people risk than tracking the training completion rate. Motivate employees by making security easy and personal “It\'s easy for security people to forget that our colleagues have a day job that isn\'t security. If security is perceived as a barrier to that, it\'s going to b | Tool Threat | ★★ | |
 |
2023-10-27 08:15:31 | CVE-2023-46093 (lien direct) | Auth.(Admin +) Vulnérabilité des scripts inter-sites stockés (XSS) dans le plugin d'outils de webmaster lionscripts.com | Tool Vulnerability | ||
|
2023-10-27 05:15:38 | CVE-2023-34058 (lien direct) | VMware Tools contient une vulnérabilité de dérivation de signature de jeton SAML.0e5e-4ccf-9d2a-90948ff643ec.html & acirc; & nbsp; dans une machine virtuelle cible peut être en mesure d'élever leurs privilèges si cette machine virtuelle cible a été affectée à une plus grande partieAlias invité privilégié https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.ust.uliaster.html.
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . |
Tool | ||
|
2023-10-27 05:15:38 | CVE-2023-34057 (lien direct) | VMware Tools contient une vulnérabilité d'escalade locale de privilèges. & Acirc; & nbsp; un acteur malveillant avec un accès utilisateur local à une machine virtuelle invitée peut augmenter les privilèges au sein de la machine virtuelle.
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. |
Tool | ||
|
2023-10-26 10:28:01 | Ransomware : Big Game Hunting, exfiltration… les attaquants se tournent vers le plus rentable et affutent leurs outils (lien direct) | Cette tendance est motivée par l'intérêt persistant à maximiser la monétisation et fait écho à l'adoption massive de la technique de double extorsion, plus rentable, observée ces deux dernières années, et qui se poursuit en 2023. | Ransomware Tool | ★★ | |
|
2023-10-26 10:00:00 | Ensuring robust security of a containerized environment (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s rapidly evolving digital landscape, containerized microservices have become the lifeblood of application development and deployment. Resembling miniature virtual machines, these entities enable efficient code execution in any environment, be it an on-premises server, a public cloud, or even a laptop. This paradigm eliminates the criteria of platform compatibility and library dependency from the DevOps equation. As organizations embrace the benefits of scalability and flexibility offered by containerization, they must also take up the security challenges intrinsic to this software architecture approach. This article highlights key threats to container infrastructure, provides insights into relevant security strategies, and emphasizes the shared responsibility of safeguarding containerized applications within a company. Understanding the importance of containers for cloud-native applications Containers play a pivotal role in streamlining and accelerating the development process. Serving as the building blocks of cloud-native applications, they are deeply intertwined with four pillars of software engineering: the DevOps paradigm, CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap | Tool Vulnerability Threat Cloud | Uber | ★★★ |
 |
2023-10-26 08:49:41 | Increasing transparency in AI security (lien direct) | Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST)New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google\'s Secure AI Framework (SAIF) can help chart a path for creating AI applications that users can trust. Today, we\'re highlighting two new ways to make information about AI supply chain security universally discoverable and verifiable, so that AI can be created and used responsibly. The first principle of SAIF is to ensure that the AI ecosystem has strong security foundations. In particular, the software supply chains for components specific to AI development, such as machine learning models, need to be secured against threats including model tampering, data poisoning, and the production of harmful content. Even as machine learning and artificial intelligence continue to evolve rapidly, some solutions are now within reach of ML creators. We\'re building on our prior work with the Open Source Security Foundation to show how ML model creators can and should protect against ML supply chain attacks by using | Malware Tool Vulnerability Threat Cloud | ★★ | |
|
2023-10-26 08:00:33 | Google\\'s reward criteria for reporting bugs in AI products (lien direct) | Eduardo Vela, Jan Keller and Ryan Rinaldi, Google Engineering In September, we shared how we are implementing the voluntary AI commitments that we and others in industry made at the White House in July. One of the most important developments involves expanding our existing Bug Hunter Program to foster third-party discovery and reporting of issues and vulnerabilities specific to our AI systems. Today, we\'re publishing more details on these new reward program elements for the first time. Last year we issued over $12 million in rewards to security researchers who tested our products for vulnerabilities, and we expect today\'s announcement to fuel even greater collaboration for years to come. What\'s in scope for rewards In our recent AI Red Team report, we identified common tactics, techniques, and procedures (TTPs) that we consider most relevant and realistic for real-world adversaries to use against AI systems. The following table incorporates shared learnings from | Tool Vulnerability | ★★ | |
|
2023-10-26 06:00:18 | Break the Attack Chain with Identity Threat Protection (lien direct) | “The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat | Ransomware Malware Tool Threat Prediction Cloud | ★★ | |
 |
2023-10-25 13:00:00 | Blogpost |Changement à droite pour les plates-formes sécurisées et les devops BlogPost | Shifting Right for Secure Platforms and DevOps (lien direct) |
Les outils de développement contribuent non seulement à des problèmes de déplacement, mais les outils aident également à identifier les problèmes qui se produisent plus tard, ou à droite, dans le cycle de vie du développement.Comme la détection des secrets avant de passer à des problèmes de production ou de configuration de la plate-forme.
Dev tooling is not only helping shift issues left, but the tools also help identify issues that happen later, or to the right, in the development lifecycle. Like detecting secrets before they go into production or platform configuration issues. |
Tool | ★★ | |
|
2023-10-25 08:35:31 | Hausse des sinistres cyber : les outils de détection et de réponse, de plus en plus importants (lien direct) | Hausse des sinistres cyber : les outils de détection et de réponse, de plus en plus importants • Les incidents de ransomware repartent à la hausse, les pirates utilisant les exfiltrations de données et les attaques contre les chaînes d'approvisionnement pour maximiser leur efficacité. • L'analyse des grands sinistres cyber effectuée par Allianz Commercial met en évidence l'augmentation des exfiltrations de données, mais aussi des incidents rendus publics. • Les violations de données peuvent devenir 1 000 fois plus coûteuses si elles ne sont pas détectées et contenues rapidement. • En matière de cybersécurité, les entreprises doivent notamment s'attacher à renforcer leurs capacités de détection et de réponse. - Investigations | Ransomware Tool | ★★ | |
|
2023-10-24 19:50:31 | Technique de téléchargement à double DLL de Quasar Rat \\ Quasar RAT\\'s Dual DLL Sideloading Technique (lien direct) |
#### Description
Quasarrat, également connu sous le nom de Cinarat ou Yggdrasil, est un outil d'administration à distance léger écrit en C #.Cet outil est ouvertement accessible en tant que projet GitHub.Cet outil est capable de diverses fonctions telles que la collecte de données système, l'exécution d'applications, le transfert de fichiers, l'enregistrement des touches, la prise de captures d'écran ou les captures de caméra, la récupération de mots de passe du système et la supervision des opérations comme le gestionnaire de fichiers, le gestionnaire de startup, le bureau distant et l'exécution de commandes de shell.
Dans la phase initiale, l'attaquant exploite "ctfmon.exe", qui est un fichier Microsoft authentique.Ce faisant, ils chargent une DLL malveillante qui, à l'œil non formé, semblerait bénin en raison de son nom déguisé.Lors de l'exécution du binaire "ctfmon.exe", l'étape est définie lorsque l'attaquant acquiert une charge utile de stade 1 \\ '.Cette charge utile initiale est cruciale, agissant comme la passerelle pour les actions malveillantes suivantes.À ce stade, l'acteur de menace met en jeu le fichier "calcc.exe" qui, dans ce contexte, n'est pas juste une application de calculatrice simple.Parallèlement à "Calc.exe", la DLL malveillante est également mise en mouvement.Lors de l'exécution de «calcc.exe», la DLL malveillante est déclenchée.Cette action se termine dans l'infiltration de la charge utile "quasarrat" dans la mémoire de l'ordinateur, reflétant la sensibilité de l'attaquant à contourner les mécanismes de sécurité.
#### URL de référence (s)
1.Hets: //www.uptcs.kum/blag/koker-rut
#### Date de publication
Octobre ౨౪, ౨౦౨౩
#### థ థ థ థ థ థ థ థ థ థ థ థ థ థ
Tejaswini Sandapolla
#### Description QuasarRAT, also known as CinaRAT or Yggdrasil, is a lightweight remote administration tool written in C#. This tool is openly accessible as a GitHub project. This tool is capable of various functions such as gathering system data, running applications, transferring files, recording keystrokes, taking screenshots or camera captures, recovering system passwords, and overseeing operations like File Manager, Startup Manager, Remote Desktop, and executing shell commands. In the initial phase, the attacker harnesses "ctfmon.exe," which is an authentic Microsoft file. By doing so, they load a malicious DLL which, to the untrained eye, would seem benign because of its disguised name. Upon execution of the "ctfmon.exe" binary, the stage is set as the attacker acquires a \'stage 1\' payload. This initial payload is crucial, acting as the gateway for the subsequent malicious actions. At this juncture, the threat actor brings into play the "calc.exe" file, which in this context, isn\'t just a simple calculator application. Alongside "calc.exe," the malicious DLL is also set into motion. On executing "calc.exe," the malicious DLL is triggered. This action culminates in the infiltration of the "QuasarRAT" payload into the computer\'s memory, reflecting the attacker\'s adeptness at circumventing security mechanisms. #### Reference URL(s) 1. https://www.uptycs.com/blog/quasar-rat #### Publication Date October 24, 2023 #### Author(s) Tejaswini Sandapolla |
Tool Threat | ★★★ | |
 |
2023-10-24 14:12:30 | Cinq raisons pour lesquelles les outils de prévention des pertes de données hérités ne parviennent pas à livrer Five Reasons Why Legacy Data Loss Prevention Tools Fail to Deliver (lien direct) |
Comme tant de technologies héritées, les outils de prévention de la perte de données (DLP) hérités ne parviennent pas à offrir la protection aujourd'hui que les organisations ont besoin.Les défis de mise en œuvre, les lacunes de visibilité et les politiques incohérentes ont un impact négatif sur les clients et rendent les violations de données beaucoup trop faciles aux adversaires.Les coûts de violation des données américains sont en moyenne de 4,45 millions de dollars l'année dernière, les organisations ont besoin d'un moyen de [& # 8230;]
Like so many legacy technologies, legacy data loss prevention (DLP) tools fail to deliver the protection today\'s organizations need. Implementation challenges, visibility gaps and inconsistent policies negatively impact customers and make data breaches far too easy for adversaries. With U.S. data breach costs averaging a staggering $4.45 million last year, organizations need a way to […] |
Data Breach Tool Guideline | ★★★ | |
|
2023-10-24 10:00:00 | Comment établir une grande culture de sensibilisation à la sécurité How to establish a great security awareness culture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As we mark another Cybersecurity Awareness Month, it\'s essential to recognize that this is more than a calendar event; it\'s a wake-up call for proactive vigilance in the digital age. In an environment rife with technological threats, the cornerstone of robust cybersecurity isn\'t just advanced systems and firewalls—it\'s informed and empowered individuals. There are three most important insights organizations can learn before implementing any cybersecurity awareness-raising campaign: More than a reminder: Each October, organizations and individuals worldwide pause to reflect on the ever-evolving digital cybersecurity. But it’s not just about ticking off a box or recognizing threats. The month serves as an empowering signal, urging everyone, from top-tier management to the newest intern, to equip themselves with knowledge and best practices. The central role of individuals: While the technological landscape continually shifts, one factor remains constant—the human element. Properly informed individuals stand as the first and often most crucial line of defense against a myriad of cyber threats. From awareness to action: True cybersecurity is about transitioning from passive recognition to active defense. Cybersecurity Awareness Month lays the foundation, but the responsibility is on each of us to translate that knowledge into tangible actions. This involves understanding the risks inherent in the digital space and cultivating a culture of security within our spheres of influence. When diving deeper into the various digital vulnerabilities in this article, always remember that every individual, armed with awareness - can make a difference. Cultivating a culture of cybersecurity awareness Creating a culture where security awareness is a top priority demands actionable steps, consistent reinforcement, and collective responsibility. Here\'s how: Security-first leadership—Leading by example Leaders play a pivotal role in shaping organizational culture. When top management emphasizes cybersecurity, it cascades down the ranks, instilling a security-first mindset across all tiers. Security as a shared responsibility—Beyond the IT department Security isn\'t a realm exclusive to the IT department. Every employee, irrespective of their role, has a stake in maintaining a secure digital environment. Promoting this understanding can foster collective ownership, ensuring that everyone feels responsible for and participates in the company\'s security efforts. Feedback-driven fortifications—Sharpening defense with dialogue Open channels of communication can be powerful tools for refining security strategies. A two-way dialogue encourages employees to voice concerns and observations, resulting in a dynamic defense system that\'s constantly refined based on ground realities. Learning from the landscape—Stay updated, stay safe The cyber landscape is in flux, shaped by emerging technologies and evolving threats. Organizations can preemptively adjust strategies by actively monitoring global trends and incidents, ensuring they\'re always a step ahead. Architecting a bespoke security culture—Beyond templates Organizations are as unique as fingerprints. A one-size-fits-all approach may not capture the specific needs of a particular enterprise. Tailoring security measures to an organization\'s unique characteristics ensures precision protection, leaving no blind spots. Maintaining awareness—The marathon mindset Cybersecurity isn\'t about sprinting through a checklist; it\'s a marathon of maintaining awareness. With | Tool Vulnerability | ★★★ | |
|
2023-10-24 07:48:01 | Au-delà du statu quo, partie 2: 6 approches percutantes pour maintenir les personnes engagées dans la sensibilisation à la sécurité Beyond the Status Quo, Part 2: 6 Impactful Approaches to Keeping People Engaged in Security Awareness (lien direct) |
This is the second installment of a three-part blog series where we cover topics from our Wisdom 2023 sessions. In each blog, we explore creative techniques for inspiring engagement in security awareness and building a strong security culture. In the first article, we covered how to personalize and invigorate your curriculum for your users using threat intelligence. Every October, security professionals use Cybersecurity Awareness Month to promote best practices and the shared responsibility for behaving safely. But to stay safe, you have to stay vigilant. And that requires people to constantly be engaged. So in our second Wisdom session, we explored ways to inspire engagement in security awareness for both users and practitioners. Typically, when we\'re talking about engagement, we mean end users-and we all know how challenging it is to keep them engaged. In our 2023 State of the Phish Report, for instance, over 30% said security isn\'t priority at work for them. That\'s why in this session we discussed three ways to motivate and inspire your employees. We also addressed a group of people who are typically overlooked-security awareness practitioners! When you push yourself to find enthusiasm in security awareness, your attitude can have a cascading effect on how your employees engage. So we also covered three ways to find inspiration. This article recaps the insights we gained in conversation with Janet Roberts, former SVP/global head of security education and awareness at Zurich Insurance Company, and Brian Roberts (no relation), solution manager of information security awareness for Campbell\'s Soup Company. (Quotes have been lightly edited for clarity.) 3 impactful ways to engage employees If you\'re looking for creative ways to motivate and inspire your employees, Janet Roberts and Brian Roberts have some tips: 1: Build and nurture an ambassador program At Zurich, Janet launched an ambassador program that is now used by 32 of the company\'s teams around the globe. Every month, her security awareness team creates a toolkit to distribute “grass roots,” always covering one simple topic that is customizable to the ambassadors\' culture, language and policies. Zurich has five regional CISOs and a global CISO, each of whom decide the strategy for delivering this material within their region. in their region. When it comes to measuring program outcomes, metrics will most likely be qualitative not quantitative because when it\'s done right it will be highly tailored to people and places. According to Janet, “[An ambassador] program helps you to meet people where they go for their daily information. Make sure you map it to the structure of your company…and [make sure] your ambassadors are working within their regional strategy or country strategy.” Brian agreed the ambassador program should target a local audience. At Campbell\'s, his security awareness team reaches both inside and outside the organization to cultivate a group of volunteers. Brian\'s advice is to start small, create a volunteer pathway, and build each relationship as you scale up. “The more you make that personal, the more you drive an organization that will create change. When you see ambassadors sharing stuff they did in their communities and at home, that\'s when you know it\'s connecting.” When asked by attendees during the Q&A about how to get those first volunteers, Brian said, “Be very open so people feel you\'re approachable and they can bring personal stories to you. That\'s where you find that first pool of people that you can then send out to find more people.” Janet added that at Zurich, “We started with people whose job was to lower the human risk factor, like security officers and service executives. From there, they added their own connections and built their teams.” 2: Create a people-focused messaging strategy In this part of the session, our panelists shared ideas about how to build effective messaging and tailor the content so that everyone can und | Tool Threat | ★★ | |
|
2023-10-23 17:04:00 | Qui expérimente les outils d'IA dans votre organisation? Who\\'s Experimenting with AI Tools in Your Organization? (lien direct) |
Avec la croissance record des outils de productivité d'IA axés sur les consommateurs comme Chatgpt, l'intelligence artificielle formant le domaine des équipes de science et d'ingénierie des données devient une ressource disponible pour chaque employé.
Du point de vue de la productivité, c'est fantastique.Malheureusement pour les équipes informatiques et de sécurité, cela signifie également que vous pouvez avoir des centaines de personnes dans votre organisation en utilisant un nouvel outil
With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence-formerly the realm of data science and engineering teams-has become a resource available to every employee. From a productivity perspective, that\'s fantastic. Unfortunately for IT and security teams, it also means you may have hundreds of people in your organization using a new tool in |
Tool | ChatGPT | ★★ |
|
2023-10-23 16:15:09 | CVE-2023-46122 (lien direct) | SBT est un outil de construction pour Scala, Java et autres.Étant donné un fichier zip ou jar spécialement conçu, `io.unzip` permet l'écriture d'un fichier arbitraire.Cela aurait le potentiel de remplacer `/ root / .ssh / autorisé_keys`.Dans le code principal de SBT \\, `io.unzip` est utilisé dans la tâche` PulreMoteCache` et `résolvers.remote`;Cependant, de nombreux projets utilisent «io.unzip (...)» directement pour implémenter des tâches personnalisées.Cette vulnérabilité a été corrigée dans la version 1.9.7.
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt\'s main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7. |
Tool Vulnerability | ||
|
2023-10-23 13:00:45 | Dans le cyber-abîme: les prédictions de Riveting 2024 de Check Point \\ révèlent une tempête de l'IA, du hacktivisme et des fasks profonds armés Into the Cyber Abyss: Check Point\\'s Riveting 2024 Predictions Reveal a Storm of AI, Hacktivism, and Weaponized Deepfakes (lien direct) |
 Les activités criminelles ont bondi au premier semestre, avec des recherches sur le point de contrôle (RCR) signalant une augmentation de 8% des cyberattaques hebdomadaires mondiales au deuxième trimestre, marquant le volume le plus élevé en deux ans.Les menaces familières telles que le ransomware et le hacktivisme ont évolué, les gangs criminels modifiant leurs méthodes et outils pour infecter et affecter les organisations du monde entier.Même les technologies héritées telles que les périphériques de stockage USB ont repris la popularité en tant que véhicule pour répandre les logiciels malveillants.L'un des développements les plus importants de cette année a été l'évolution du paysage des ransomwares.Les données dérivées de plus de 120 «sites de honte» ransomwares ont révélé que dans le premier [& # 8230;]
Criminal activities surged in the first half of the year, with Check Point Research (CPR) reporting an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware. One of the most significant developments this year was the evolution of the ransomware landscape. Data derived from over 120 ransomware “shame-sites” revealed that in the first […]
|
Ransomware Tool Prediction | ★★★ | |
|
2023-10-23 10:00:00 | Planification de la continuité des activités: en regardant en arrière ou à l'avance Business continuity planning: Looking back or ahead (lien direct) |
In September 2023, cybercriminals launched an extensive ransomware attack that disrupted several major businesses in the Las Vegas Casino Business/District. The attack shook the city and stopped consumer goods and services for several hours. The attack influenced security, visitor services, and financial activities. Businesses lost money and long-term reputational risks ensued. Increasing op tempo A company can keep running after a disruption if it has a comprehensive Business Continuity Plan (BCP) that includes risk assessments, Business Impact Assessments (BIAs), and recovery strategies. A BCP is needed to minimize risk apprehensions, reduce financial loss, and maintain continuous business operations. A business impact analysis (BIA) must be part of Business Continuity Plans (BCPs). The plan sets recovery time and point goals, ranks the most important processes, and figures out how delays will affect business functions. BIAs help organizations figure out what tools and plans they need for recovery. Disaster Recovery Plans, or DRPs, lay out how a business will handle and rebound from a disaster. It includes tools for recovering systems, data, and infrastructure. A complete, well-tested DRP is necessary to keep problems to a minimum and get services back up and running quickly. To stay safe from cyber threats, businesses need to put their operating security footprint at the top of their list of priorities. In this way, networks, systems, apps, and data are kept safe. Data breaches and unauthorized access are less likely to happen with firewalls, intrusion detection systems, and encryption methods. Rearview The ransomware attack on the Las Vegas Casino Business/District in September 2023 shows that current risk management methods need to be looked at and updated. These steps cut down on operational disruptions, keep customer goods and services safe, and speed up the recovery of mission-critical systems. Being operationally ready is important for protecting your business and preparing for the unexpected. The most common way for threat players to take over a company\'s resources, assets, and people is through ransomware attacks. Recent statistics show that strong holding the most sought-after security principles can disrupt present business operations: The State of Ransomware Report in the US says that the average ransomware attack costs $8.1 million and takes 287 days to fix (Emsisoft, 2021). The number of ransom payments made by victims rose by 311% in 2020 (Crypto Crime Report, 2021). Going forward Ransomware attacks affect people all over the world, resulting in huge financial losses costs - compiled worldwide topping $20 billion in 2020. The COVID-19 pandemic has given hackers new avenues and threat vectors to hack, crack, and exploit. It is imperative for businesses to strengthen the home front to gain home-field advantage against cyber threat actors. Having a comprehensive, repeatable, verifiable disaster recovery and business continuity plan minimizes the economic im | Ransomware Tool Vulnerability Threat | ★★ | |
|
2023-10-20 19:15:09 | CVE-2023-46117 (lien direct) | ReconftW est un outil conçu pour effectuer une reconnaissance automatisée sur un domaine cible en exécutant le meilleur ensemble d'outils pour effectuer la numérisation et la recherche de vulnérabilités.Une vulnérabilité a été identifiée dans ReconftW où une validation inadéquate des sous-domaines récupérés peut conduire à une attaque d'exécution de code distante (RCE).Un attaquant peut exploiter cette vulnérabilité en fabriquant une entrée CSP malveillante sur le domaine de celui-ci.Une exploitation réussie peut conduire à l'exécution d'un code arbitraire dans le contexte de l'application, compromettant potentiellement le système.Ce problème a été résolu dans la version 2.7.1.1 et tous les utilisateurs sont invités à mettre à niveau.Il n'y a pas de solution de contournement connu pour cette vulnérabilité.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it\'s own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
Tool Vulnerability Threat | ||
|
2023-10-20 18:58:00 | Les pirates vietnamiens ciblent le Royaume-Uni, les États-Unis et l'Inde avec Darkgate Malware Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware (lien direct) |
Attaques tirant parti des entités de ciblage de logiciels malveillants de Darkgate Commodity au Royaume-Uni, aux États-Unis et en Inde a été liée à des acteurs vietnamiens associés à l'utilisation du tristement célèbre voleur en queue-canards.
"Le chevauchement des outils et des campagnes est très probablement dû aux effets d'un marché de cybercriminalité", a déclaré Withesecure dans un rapport publié aujourd'hui."Les acteurs de la menace peuvent acquérir et utiliser plusieurs
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure said in a report published today. "Threat actors are able to acquire and use multiple |
Malware Tool | ★★ | |
|
2023-10-20 18:49:47 | Des acteurs soutenus par le gouvernement exploitant la vulnérabilité de Winrar Government-Backed Actors Exploiting WinRAR Vulnerability (lien direct) |
#### Description
Au cours des dernières semaines, les menaces de Google \'s Menace Analysis Group \'s (TAG) ont observé plusieurs groupes de piratage soutenus par le gouvernement exploitant la vulnérabilité connue, CVE-2023-38831, dans Winrar, qui est un outil de fichiers populaire pour Windows.Un correctif est maintenant disponible, mais de nombreux utilisateurs semblent toujours vulnérables.Tag a observé des acteurs soutenus par le gouvernement d'un certain nombre de pays exploitant la vulnérabilité Winrar dans le cadre de leurs opérations.
Le CVE-2023-38831 est une vulnérabilité logique dans Winrar provoquant une expansion temporaire étrangère lors du traitement des archives fabriquées, combinées à une bizarrerie dans l'implémentation de Windows \\ 'Shellexcucute lors de la tentative d'ouvrir un fichier avec une extension contenant des espaces.La vulnérabilité permet aux attaquants d'exécuter du code arbitraire lorsqu'un utilisateur tente d'afficher un fichier bénin (comme un fichier PNG ordinaire) dans une archive zip.
#### URL de référence (s)
1. https://blog.google/thereat-analysis-group/government-backed-actors-expoiting-winrar-vulnerabilité/
2. https://ti.defender.microsoft.com/cves/cve-2023-38831
3. https://ti.defender.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb/description
#### Date de publication
18 octobre 2023
#### Auteurs)
Kate Morgan
#### Description In recent weeks, Google\'s Threat Analysis Group\'s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. A patch is now available, but many users still seem to be vulnerable. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations. CVE-2023-38831 is a logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows\' ShellExecute when attempting to open a file with an extension containing spaces. The vulnerability allows attackers to execute arbitrary code when a user attempts to view a benign file (such as an ordinary PNG file) within a ZIP archive. #### Reference URL(s) 1. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/ 2. https://ti.defender.microsoft.com/cves/CVE-2023-38831 3. https://ti.defender.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb/description #### Publication Date October 18, 2023 #### Author(s) Kate Morgan |
Tool Vulnerability Threat | ★★★ | |
|
2023-10-20 18:39:23 | Les pirates ont volé des jetons d'accès à l'unité de support d'Okta \\ Hackers Stole Access Tokens from Okta\\'s Support Unit (lien direct) |
Okta, une entreprise qui fournit des outils d'identité comme l'authentification multi-facteurs et l'authentification unique à des milliers d'entreprises, a subi une violation de sécurité impliquant un compromis de son unité de support client, a appris KrebsSoncurity.Okta dit que l'incident a affecté un "très petit nombre" de clients, mais il semble que les pirates responsables ont eu accès à la plate-forme de support d'Okta \\ pendant au moins deux semaines avant que la société ne contienne pleinement l'intrusion.
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of customers, however it appears the hackers responsible had access to Okta\'s support platform for at least two weeks before the company fully contained the intrusion. |
Tool | ★★★ | |
|
2023-10-19 15:15:09 | CVE-2023-5654 (lien direct) | L'extension React Developer Tools enregistre un auditeur de message avec Window.AddeventListener (\\ 'message \', ) dans un script de contenu accessible à toute page Web active dans le navigateur.Au sein de l'auditeur se trouve un code qui demande une URL dérivée du message reçu via fetch ().L'URL n'est pas validée ou désinfectée avant qu'elle ne soit récupérée, permettant ainsi à une page Web malveillante de récupérer arbitrairement URL & acirc; & euro; & échange via le navigateur de la victime.
The React Developer Tools extension registers a message listener with window.addEventListener(\'message\', ) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim\'s browser. |
Tool |
To see everything:
Our RSS (filtrered)
