What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-10 13:22:03 | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike (lien direct) | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […] | Ransomware Tool Guideline | ||
 |
2020-11-08 19:11:06 | Memory Forensics using Volatility Workbench (lien direct) | Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating system. You can download it from Here. You can refer to the previous article Memory Forensics: Using Volatility from here, ... Continue reading → | Tool | ||
 |
2020-11-04 19:00:00 | Dans le débordement de tampon critique sauvage, la vulnérabilité de Solaris peut permettre une prise de contrôle à distance - CVE-2020-14871 In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover - CVE-2020-14871 (lien direct) |
Fireeye Mandiant a étudié les machines Oracle Solaris compromises dans les environnements clients.Au cours de nos enquêtes, nous avons découvert un outil d'exploitation sur le système d'un client et l'avons analysé pour voir comment il attaquait leur environnement Solaris.Le groupe de travail offensif de l'équipe Flare \\ a analysé l'exploit pour déterminer comment il a fonctionné, reproduit la vulnérabilité sur différentes versions de Solaris, puis l'a signalée à Oracle.Dans cet article de blog, nous présentons une description de la vulnérabilité, offrons un moyen rapide de tester si un système peut être vulnérable et suggérer des atténuations et
FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer\'s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team\'s Offensive Task Force analyzed the exploit to determine how it worked, reproduced the vulnerability on different versions of Solaris, and then reported it to Oracle. In this blog post we present a description of the vulnerability, offer a quick way to test whether a system may be vulnerable, and suggest mitigations and |
Tool Vulnerability | ★★★ | |
 |
2020-11-04 18:14:43 | MIT researchers develop AI to detect COVID-19 using cough recordings. An app could be on deck (lien direct) | The tool was able to detect nearly 99% of COVID-19 infections using thousands of cough recordings and 100% of asymptomatic cases, per MIT. | Tool | ||
 |
2020-11-03 10:03:00 | Trape – OSINT Analysis Tool For People Tracking (lien direct) |  Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.
Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.
Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.
|
Tool | ||
|
2020-11-02 19:15:00 | Vivre du terrain?Que diriez-vous d'apporter votre propre île?Un aperçu de UNC1945 Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 (lien direct) |
Grâce à une enquête mandiante des intrusions, l'équipe de Flare Advanced Practices a observé un groupe que nous suivons en tant que fournisseurs de services gérés par UNC1945 et opérant contre un ensemble de cibles sur mesure au sein des industries de conseil financière et professionnelle en tirant un accès à des réseaux tiers (voir (voirCe article de blog pour une description approfondie des groupes «UNC»).
UNC1945 Tiré des systèmes d'exploitation Oracle Solaris, utilisé plusieurs outils et utilitaires contre Windows et Systèmes d'exploitation Linux, des machines virtuelles personnalisées chargées et exploitées et utilisé des techniques pour échapper à la détection
Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection |
Tool | ★★★★ | |
|
2020-11-02 14:40:17 | Burp Suite for Pentester – Configuring Proxy (lien direct) | Burp Suite, you might have heard about this great tool and even used it in a number of times in your bug hunting or the penetration testing projects. Though, after writing several articles on web-application penetration testing, we've decided to write a few on the various options and methods provided by this amazing tool which... Continue reading → | Tool | ||
 |
2020-10-29 22:05:27 | In Embryos, Crispr Can Cut Out Whole Chromosomes-That\'s Bad (lien direct) | The DNA-cutting tool has been hailed as a way to fix genetic glitches. But a new study suggests it can remove more than scientists bargained for. | Tool | ||
 |
2020-10-29 18:21:34 | FlowSpec for DDoS (lien direct) | We tend to not announce new features until we’re ready to announce a new version. But 2020 throws the old rules out the window! The Institute for Security and Technology (IST) reached out to me recently to talk about BGP FlowSpec. The topic? Is this a viable tool to help networks defend themselves? [...] | Tool | ||
 |
2020-10-29 13:04:48 | A Software Security Checklist Based on the Most Effective AppSec Programs (lien direct) |  Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.
As the presenters went through the data, it led to a larger discussion about AppSec best practices and what steps organizations can take to mature their programs. Here are the best practices laid out during the presentation as an easy-to-follow checklist as well as supporting data from the ESG report.
Application security controls are highly integrated into the CI/CD toolchain.
In the ESG survey, 43 percent of organizations agreed that DevOps integration is most important to improving AppSec programs, but only 56 percent of respondents answered that they use a highly integrated set of security controls throughout their DevOps process. Integrating security measures into the CI/CD toolchain not only makes it easier for developers to run AppSec tests, but it also helps organizations discover security issues sooner, which speeds up time to deployment.
Application security best practices are formally documented.
In order to have a successful AppSec program, everyone needs to be on the same page regarding best practices. The CISO should help facilitate the formal documentation of AppSec best practices. Developers and security professionals can reference the list and use it to guide their decisions.
Application security training is included as part of the ongoing development security training program.
Developers have been increasingly tasked with implementing security measures, including writing secure code and remediating vulnerabilities. Most developers don???t receive secure code training courses in college, so it is up to organizations to offer security training. But according to the survey, more than 20 percent of organizations only provide training when developers join the team.
Developers should have multiple, at-leisure training opportunities throughout the year, like virtual or hands-on programs ??? such as Veracode Security Labs. Chris Wysopal pointed out the importance of human touchpoints as part of ongoing developer training. If someone is checking in on developers to make sure they???re completing their training, they???ll likely take it more seriously. Consider a security champions program. The security champions are developers who have an interest in learning about security. If you have at least one security champion on every scrum team, that person can help ensure that their peers are up to speed on the latest security training and best practices.
Ongoing developer security training includes formal training programs, and a high percentage of developers participate.
At-leisure security training is a great way for developers to learn on their own time. But it is also important to implement formal security training with a set completion date and a skills assessment. Without formal security training, developers may not develop the skills they need to write secure code and remediate vulnerabilities. This could lead to slower and more expensive deployments because of rework or vulnerable code being pushed to production.
Accordin |
Tool Vulnerability Guideline | Uber | |
 |
2020-10-28 03:57:02 | [Webinar and eBook]: Are You\'re Getting The Best Value From Your EDR Solution? (lien direct) | Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats.
EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2.0 billion in annual revenue globally, expecting it to quadruple over the next five years. The recent introduction of Extended Detection and |
Tool | ||
 |
2020-10-22 10:24:17 | NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco (lien direct) | Cisco Reports Privacy and Security Concerns Increase in Today's Remote World News Summary: Two new global surveys highlight the challenges and opportunities of the accelerated transition to a cloud-first, remote world that demands us to be secure, connected, and productive from anywhere. IT teams were not fully prepared for the sudden transition to remote work. Secure … The ISBuzz Post: This Post NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco | Tool | ||
|
2020-10-21 13:00:00 | A Deepfake Porn Bot Is Being Used to Abuse Thousands of Women (lien direct) | An AI tool that 'removes' items of clothing from photos has targeted more than 100,000 women, some of whom appear to be under the age of 18. | Tool | ||
 |
2020-10-19 17:25:00 | GravityRAT Spyware Targets Android & MacOS in India (lien direct) | The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android. | Tool | ||
 |
2020-10-19 11:37:58 | New Gitjacker tool lets you find .git folders exposed online (lien direct) | Tool can also download your Git repositories, allowing attackers to retrieve sensitive configuration files and source code. | Tool | ||
|
2020-10-16 17:27:51 | How to recover deleted files in Linux with testdisk (lien direct) | If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk. | Tool | ||
 |
2020-10-09 15:42:42 | How Cybersecurity Threat Intelligence Teams Spot Attacks Before They Start (lien direct) | A thorough cybersecurity threat intelligence team can turn a threat into a tool for future protection. Their job is to conduct background research on threat groups’ motivations and capabilities. This way, the intelligence team can be ready to protect an organization with even greater knowledge in the future. Strong cybersecurity threat intelligence about who attackers […] | Tool Threat | ||
 |
2020-10-08 14:02:25 | Data Security and Regulatory Compliance (lien direct) | By Trevor J Morgan, product manager at comforte AG The cloud is an incredibly useful tool for businesses and enterprises that process huge amounts of information. Over recent years, cloud adoption has increased substantially. Indeed, the public cloud service market is expected to reach $623.3 billion by 2023 worldwide as more businesses look to expand […] | Tool | ||
|
2020-10-07 11:00:00 | How to Save Time and Type Faster With AutoHotKey (lien direct) | One simple tool gives you the power to build your own custom time-saving keyboard shortcuts. Here's how to set it up and get through that drudgework faster. | Tool | ||
|
2020-10-07 04:18:46 | trident – Automated Password Spraying Tool (lien direct) |  The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.
trident was designed and built to fulfill several requirements and to provide:
the ability to be deployed on several cloud platforms/execution providers
the ability to schedule spraying campaigns in accordance with a target's account lockout policy
the ability to increase the IP pool that authentication attempts originate from for operational security purposes
the ability to quickly extend functionality to include newly-encountered authentication platforms
Using trident Password Spraying Tool
Usage:
trident-cli campaign [flags]
Flags:
-a, --auth-provider string this is the authentication platform you are attacking (default "okta")
-h, --help help for campaign
-i, --interval duration requests will happen with this interval between them (default 1s)
-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, --passfile string file of passwords (newline separated)
-u, --userfile string file of usernames (newline separated)
-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)
Example output:
$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME | PASSWORD | VALID |
+----+-------------------+------------+-------+
| 1 | alice@example.org | Password1!
Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.
|
Tool | ||
|
2020-10-06 10:00:00 | Covering Comments Is Instagram\'s Newest Anti-Bullying Tool (lien direct) | Harassment takes many forms. The platform's latest update works to address a broader swath of negative interactions, from hiding comments to sending warnings. | Tool | ||
|
2020-10-05 20:15:10 | NASA taps AI to identify "fresh craters" on Mars (lien direct) | NASA's Jet Propulsion Laboratory uses an AI tool on a supercomputer cluster to identify potential craters on the Red Planet. | Tool | ||
|
2020-10-05 10:00:00 | A China-Linked Group Repurposed Hacking Team\'s Stealthy Spyware (lien direct) | The tool attacks a device's UEFI firmware-which makes it especially hard to detect and destroy. | Tool | ||
|
2020-10-05 07:38:05 | Microsoft releases tool to update Defender inside Windows install images (lien direct) | The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | Tool | ||
|
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
|
2020-10-01 13:00:03 | With API attacks rising, Cloudflare launches a free API security tool (lien direct) | Claudflare launches API Shield, a new service to protect web APIs against attacks. | Tool | ||
|
2020-10-01 11:44:03 | Python programming: Microsoft\'s new tool makes app testing easier for developers (lien direct) | Playwright for Python automates end-to-end testing for web apps and works in any browser. | Tool | ||
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat | ||
 |
2020-09-29 05:01:00 | Zero Trust Architecture explained (lien direct) | This blog was written by a third party author. With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access. On top of this, insider threats are on the rise where trusted users take advantage of their access for nefarious purpose. This means that the tried-and-tested concept of perimeter-based security and defenses (where anything located on the corporate network it is assumed to be trusted) is no longer enough. Security teams need to shift their thinking from the perimeter to the authentication and access of resources. This means looking at methods of both restricting access and monitoring access requests to ensure those utilizing the environment are doing so appropriately. This is where a Zero Trust Architecture comes in. What is Zero Trust Architecture? Zero Trust Architecture should be a core part of a company’s cybersecurity planning, combining identify, access policy, authentication, and more. The concept of Zero Trust is “never trust, always verify”, which effectively means assuming that all devices and users represent a potential threat and cannot be trusted until they can be properly authenticated. Once authenticated users are allowed access only to the bare minimum, they need to perform their job efficiently. Therefore, if a device (or user account) is compromised, Zero Trust aims to ensure that the damage is either mitigated (by not allowing access) or, at worst, is limited in scope. The concept of Zero Trust has been growing over the past decade; however, the challenge has been implementing it without sacrificing user experience and productivity. Zero Trust Architecture relies heavily on some critical capabilities – namely identity management, asset management, application authentication, network segmentation, and threat intelligence. The technologies needed to achieve these were once only available to larger organizations but are now readily available in the mainstream. How can an organization implement Zero Trust Architecture? Successfully implementing a Zero Trust Architecture means going beyond rolling out a series of integrated tools and technologies, which are supported by a set of operational policies and authentication requirements. This has to be a strategic initiative that supports the formation of the Zero Trust architecture outside of a tool and technologies acquisition. The latter should outline what Zero Trust will look like as it relates to authorization to specific resources both on-premises and in the cloud, as well as how Zero Trust technologies will interact with data, threat intelligence, public key infrastructure, identity management, and vulnerability management systems. Once this foundation has been established, companies can determine how further to define their Zero Trust Architecture; for example, using software-defined perimeters, micro-segmentation, by identity, or a combination therein. In terms of setting user policy, understating accountability, authority, and capability are critical to establishing the level of trust of an individual user. The implementation of a trust algorithm can involve a score-based approach, as well as contextual based or an approach involving certain criteria that must first be met. When it comes to rolling out the technology to support your Zero Trust environment, it’s advisable to run a pilot program first. This will allow you to get the kinks out, adjust KPIs and teach you how to operate in a ZTA overall with limited impact to your business. Pilot programs should focu | Tool Vulnerability Threat | ||
|
2020-09-25 08:01:52 | FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations (lien direct) | Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.
Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also |
Tool | ||
|
2020-09-23 17:13:02 | tko-subs – Detect & Takeover Subdomains With Dead DNS Records (lien direct) |  tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.
What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?
This tool allows you:
To check whether a subdomain can be taken over because it has:
a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.
|
Tool | ||
|
2020-09-23 05:01:00 | What is mobile device management? MDM explained (lien direct) | This blog was written by a third party author. Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale. For example, 70% of breaches originate on the endpoint, making it the number one target for attacks. Even more concerning, according to a recent study, 60% of breaches were linked to a vulnerability where a patch was available, but not applied. The moral of the story: mobile device management is critical for any corporate network. What is mobile device management? Mobile device management (MDM) is a software tool for IT departments and administrators that allows management of all mobile endpoints, including smartphones, laptops, tablets, and IoT devices. Endpoints can be owned by either the company or the employee, and the MDM solution can be hosted onsite or in the cloud. The goal of an MDM is to find the right balance between management, productivity and policy compliance. As personal devices proliferate onto enterprise networks, MDM plays a vital role in securing corporate networks while allowing employees to continue to work more efficiently. Mobile Device Management software relies on the client/server model to function. Using a management console, the server component allows IT administrators to configure and assign policies. The client component resides on each mobile device and receives whatever directives have been assigned from the management console. MDM is now a mature platform that has seen significant advances. Client-initiated updates are a thing of the past, as modern MDM software can instantly discover any new endpoint making a connection to the network. Today’s MDM is much more streamlined. Managing BYOD with MDM The line between a mobile user and an on-premise employee has blurred as almost everyone brings some type of personal device into the workplace. The BYOD (bring your own device) movement in many organizations is no longer a movement but more of a norm. The need to monitor and manage these endpoints has never been greater. While the benefits of BYOD are clear — lower equipment costs and more time available for IT personnel come to mind — if endpoints are not actively managed and monitored, the security risks are significant. Mobile device management is a critical component of any BYOD policy, as it allows the business to maintain control of their company data and how it is accessed. Tablets and smartphones can be difficult enough to manage in the BYOD era. After all, they’re arguably less secure than laptops and desktops due to a lack of pre-installed malware protection. But when IoT is added to the mix, especially if employees aren’t aware of the security threat it poses, the importance of the MDM multiplies. According to a recent Infoblox report, a staggering 80% of IT professionals surveyed discovered shadow (unreported to the IT department) IoT devices connected to their network, and 29% of them discovered more than 20. These devices could be smart TVs, kitchen devices, cameras, or personal health monitors. We’ve discussed IoT security before; by default, devices are inherently in | Malware Tool Vulnerability Threat | ||
 |
2020-09-22 17:00:37 | New tool helps companies assess why employees click on phishing emails (lien direct) | NIST's tool can help organizations improve the testing of their employees' phish-spotting prowess | Tool | ||
|
2020-09-21 14:00:00 | A New Tool Detects Counterfeit Whiskey-Without Wasting a Drop (lien direct) | Bogus booze has been infiltrating the market, so physicists found a way to test for authenticity while keeping the precious bottles sealed. | Tool | ★★★ | |
|
2020-09-20 09:39:26 | Security Affairs newsletter Round 282 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Gaming hardware manufacturer Razer suffered a data leak CIRWA Project tracks ransomware attacks on critical infrastructure Popular Marketing Tool exposes data of users of dating sites Staples discloses data breach […] | Ransomware Data Breach Tool | ||
|
2020-09-18 17:56:28 | How to encrypt files on your Linux servers with gocryptfs (lien direct) | Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. | Tool | ||
 |
2020-09-15 15:00:00 | Weekly Threat Briefing: APT Group, Malware, Ransomware, and Vulnerabilities (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Conti Ransomware, Cryptominers, Emotet, Linux, US Election, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal
(published: September 14, 2020)
A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system.
Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online.
Tags: China, spying
US Criminal Court Hit by Conti Ransomware; Critical Data at Risk
(published: September 11, 2020)
The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns.
Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks.
Tags: conti, ryuk, ransomware
|
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 28 APT 31 | ★★★ |
|
2020-09-14 15:51:05 | 43% of Orgs Think DevOps Integration Is Critical to AppSec Success (lien direct) |  It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security roadblocks or let flaws slip through the cracks.
We recently dug through the ESG survey report,ツ?Modern Application Development Security, which uncovers some interesting data about the state of DevOps integration in the modern software development process. As the report states, DevOps integration is critical for improving your organization???s application security (AppSec) program, as automating and integrating solutions removes some of the manual work that can slow teams down and moves security testing into critical parts of the development process.
???DevOps integration reduces friction and shifts security further left, helping organizations identify security issues sooner,??? the report says. ???While developer education and improved tools and processes will no doubt also improve programs, automation is central to modern application development practices.???
 ???
According to the survey results, nearly half of organizations agree; 43 percent believe that DevOps integration is the most important piece of the puzzle for improving their AppSec programs. The report also outlines 10 elements of the most successful AppSec programs, and topping that list is ensuring that your AppSec controls are highly integrated into the CI/CD toolchain.
Integration challenges
For some survey respondents, that???s easier said than done. Nearly a quarter (23 percent) said that one of their top challenges with current AppSec testing solutions is that they have poor integration with existing development and DevOps tools, while 26 percent said they experience difficulty with ??? or lack of ??? integration between different AppSec vendor tools.
AppSec tool proliferation is a problem too, with a sizeable 72 percent of organizations using more than 10 tools to test the security of their code. ???Many organizations are employing so many tools that they are struggling to integrate and manage them. This all too often results in a reduction in the effectiveness of the program and directs an inordinate amount of resources to managing tools,??? they explain further.
So where should organizations like yours start? By selecting a vendor with a comprehensive offering of security solutions that integrate to help you cover those bases and consolidate solutions while reducing complexity. That???s where Veracode shines. We bring the security tests and training tools you need together into one suite so that you can consolidate and keep innovating ??? securely. And your organization can scale at a lower cost, too: our range of integrations and Veracode solutions are delivered through the cloud for less downtime and more efficiency.
Simplifying AppSec
We aim to simplify your AppSec program by combining five key analysis types in one solution, all integrated into your develo |
Tool | ||
|
2020-09-14 08:42:52 | (Déjà vu) Popular Marketing Tool exposes data of users of dating sites (lien direct) | Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “vpnMentor's research team recently received a report from […] | Tool | ||
 |
2020-09-10 13:04:00 | Checklist 198: Listener Tracking in Podcasts with Rob Walch (lien direct) | Did you know that some podcasts actually track their listeners? Rob joins us today to talk about how the tracking occurs and about a new tool on the way to fight it. | Tool | ||
|
2020-09-09 21:45:16 | How to fix common Wi-Fi problems with the macOS built-in Wireless Diagnostics app (lien direct) | There's no reason to turn to third-party tools for solutions to your Wi-Fi woes. macOS has a built-in tool that can scan your wireless network and make all the recommendations that a paid tool does. | Tool | ||
|
2020-09-09 16:24:00 | Weekly Threat Briefing: Skimmer, Ransomware, APT Group, and More (lien direct) | The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Baka, DDoS, Netwalker, PyVil, Windows Defender, TA413, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
‘Baka’ Javascript Skimmer Identified
(published: September 6, 2020)
Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory.
Tags: Baka, Javascript, Skimmer
Netwalker Ransomware Hits Argentinian Government, Demands $4 Million
(published: September 6, 2020)
The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Argentina, Government, Netwalker, Ransomware
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
(published: September 3, 2020)
Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY |
Ransomware Malware Tool Vulnerability Threat Medical | APT 38 APT 28 | ★★★★ |
|
2020-09-09 10:58:14 | Weave Scope is now being exploited in attacks against cloud environments (lien direct) | The legitimate cloud infrastructure monitoring tool has been added to attacker arsenals. | Tool | ||
|
2020-09-08 15:45:46 | How to install the oVirt virtual machine manager on CentOS 8 (lien direct) | If you're looking for a web-based virtual machine manager, oVirt might be the tool for you. Jack Wallen shows you how to install this powerful, open source solution on CentOS 8. | Tool | ||
|
2020-09-04 20:24:16 | How to access the Android Battery Usage tool (lien direct) | Not getting the most out of your Android battery life? Jack Wallen show you how you can squeeze a bit more juice from that device. | Tool | ★★ | |
 |
2020-09-04 14:26:51 | NBlog Sept 4 - standardising ISMS data interfaces (lien direct) |  We've been chatting on the ISO27k Forum lately about using various IT systems to support ISO27k ISMSs. This morning, in response to someone saying that a particular tool which had been recommended did not work for them, Simon Day made the point that "Each organisation trying to implement an ISMS will find it's own way based on their requirements."Having surveyed the market for ISMS products recently, I followed-up with my usual blurb about organisations having different information risks and business situations, hence their requirements in this area are bound to differ, and in fact vary dynamically (in part because organisations mature as they gain experience with their ISMS: their needs change). The need for flexibility is why the ISO27k standards are so vague (essentially: figure out your own requirements by identifying and evaluating your information risks using the defined governance structure - the ISMS itself), rather than explicitly demanding particular security controls (as happens with PCI-DSS). ISO27k is designed to apply to any organisation. That thought sparked a creative idea that I've been contemplating ever since: wouldn't it be wonderful if there was a standard for the data formats allowing us to migrate easily between IT systems supporting ISO27k ISMSs?I'm idly thinking about a standard file format with which to specify information risks (threats, vulnerabilities, impacts and probabilities), controls, policies, procedures, metrics, objectives etc. - maybe an XML schema with specified field names and (where applicable) enumerated lists of values.Aside from migrating between ISMS IT support systems and services, standard data formats would facilitate data sharing between application systems, services or sub-functions (e.g. for vulnerability management, incident management and information risk management), and between departments or even organisations (e.g. insurance companies, auditors and advisors and their clients and partners).Perhaps we should develop an outline specification and propose such a standard to ISO/IEC JTC1 SC 27. A New W |
Tool Vulnerability | ||
|
2020-09-04 11:31:55 | AppSec Tools Proliferation Is Driving Investments to Consolidate (lien direct) |  When it comes to application security (AppSec), it???s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs ??? so it???s necessary to employ a mix of testing types.
A good way to think about AppSec testing types is to compare them to health exams. You wouldn???t have a cholesterol test and assume your annual physical was complete. Similarly, you shouldn???t conduct a static analysis scan and assume you???ve covered all the bases.
In the chart below, you???ll notice that static analysis works on any type of application (web, desktop, mobile, etc.) and covers a broad range of programming languages. However, it can???t find business logic flaws or alert you to known vulnerabilities in open source components.
Penetration testing might look like it can uncover every vulnerability, but it too has its downsides. Penetration tests are manual, so not only are they time consuming and expensive but also the results are quickly outdated. And, since penetration testing is conducted in staging or production, it often creates unplanned work for the development team.
Most organizations know that they need to implement several testing types. In fact, a recent survey sponsored by Veracode and conducted by Enterprise Strategy Group (ESG), revealed that more than 71 percent of organizations use more than 10 different AppSec tools. But of these organizations surveyed, 84 percent answered that the number of AppSec tools they employ is posing a challenge.
ツ? ツ?
Multiple testing types are necessary for a mature AppSec program, but they can be challenging to manage.
Why do multiple testing types cause a challenge at many organizations? Because most AppSec vendors only offer one or two testing types. So if an organization chooses a vendor that only offers static analysis, and they want to add more testing types, they have to employ more vendors.
Multiple vendors can be challenging for an organization to manage because the scan metrics will appear on separate dashboards, which makes it difficult to assess risk across the enterprise. The ESG study confirms this challenge with over 40 percent of respondents citing AppSec metrics as an ongoing issue.
34 percent of ESG survey respondents plan to consolidate vendors to alleviate the burden of multiple testing types.
Finding one vendor that offers a comprehensive set of AppSec tools ??? like Veracode ??? can alleviate the burden of vendor management. Veracode offers static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing which, if used together, can enable your organization to drive down risk across the entire application lifetime from development to testing to production.
Veracode Analytics provides metrics for all five offerings in one central location. Having metrics in one place allows organizations to assess the value of their scan types, pinpoint where further investments are needed, and compare the success of their program to similar organizations in the industry. Organizations can share the findings from their analytics with stakeholders or exec |
Tool | ||
|
2020-09-04 11:00:00 | Creepy \'Geofence\' Finds Anyone Who Went Near a Crime Scene (lien direct) | Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case. | Tool | ||
|
2020-09-03 15:44:08 | Microsoft debuts deepfake detection tool (lien direct) | As the US presidential election nears, the company's new tech should also help assure people that an image or video is authentic | Tool | ||
|
2020-09-02 05:01:00 | Red Team testing explained: what is Red Teaming? (lien direct) | This blog was written by a third party author. In the world of cybersecurity preparedness, there are a variety of strategies organizations large and small can take to help protect their networks and data from cyber-attacks. One such strategy involves an organization testing its own environment for security vulnerabilities. But because security weaknesses come in different forms, it’s necessary to have a focused security team that comprehensively searches for vulnerabilities that go beyond simple risk assessments. Part of this dedicated security team can include a Red Team. What is a Red Team? Whether internal or external, Red Teams are responsible for running simulated cyberattacks on either their own organization (in the case of an internal Red Team) or other organizations (in the case of Red Team services as part of contracted external security services) to establish the effectiveness of the organization’s security programs. While Red Teams use many of the same tools and techniques used in penetration tests or “ethical hacking”, the objective of a Red Team is different. Attacks employed by Red Teams are multi-layered simulations designed to gauge how well a company’s people, networks, applications, and physical security controls can detect, alert and respond to a genuine attack. What is Red Team testing? Red Team testing is also known as an Adversary Simulation or simply Red Teaming. During Red Team testing, highly experienced security professionals take on the guise of a real attacker and attempt to breach the organization’s cyber defenses. The attack scenarios they enact are designed to exercise various attack surfaces presented by the organization and identify gaps in preventative, detective, and response related security controls. These attacks leverage a full range of tools available to the most persistent attackers—including social engineering and physical attack vectors, from careful crafted phishing emails to genuine attempts to breach onsite security and gain access to server rooms. Prior to the assessment, rules of engagement are established between the Red Team members and the smallest possible set of participants within the organization to be tested. This number will vary but is typically no more than 5 people in key positions to view the organizations detection and response activities. Based on the rules of engagement, a Red Team may target any or all of the following areas during the exercise: Technology defenses – In order to reveal potential vulnerabilities and risks within hardware and software-based systems like networks, applications, routers, switches, and appliances. Human defenses – Often the weakest link in any organization’s cyber defenses, Red Teaming will target staff, independent contractors, departments, and business partners to ensure they’re all as secure as possible. Physical defenses – Physical security around offices, warehouses, substations, data centers, and buildings are just as important as technology defenses, and as such should be stress tested against a genuine attack. Something as seemingly innocuous as holding a secure door open for someone without having them tap in can provide the gap an attacker needs to gain access to unauthorized systems. Through this process, Red Team testing helps security teams identify any loopholes or weak points that could provide opportunities for attackers (either internal or external) to gain access to a company’s systems, which could then result in a serious data breach. Most importantly, this highlights gaps in the detective and response capabilities of the organization meant to identify and counter such malicious activities on a day to day basis. Who is Red Team testing suitable for? The harsh reality of today’s | Tool Threat |
To see everything:
Our RSS (filtrered)
