What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-20 09:33:00 | New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers (lien direct) | Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute ' | Malware Threat | ||
 |
2022-08-20 08:28:30 | TA558 cybercrime group targets hospitality and travel orgs (lien direct) | >TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] | Malware Threat | ||
 |
2022-08-19 16:26:25 | SEABORGIUM APT Group Targets NATO Members and European Countries (lien direct) | FortiGuard Labs is aware of a report published by Microsoft of a threat actor named "SEABORGIUM", which the vendor attributed to Russia, that targeted organizations in NATO member countries as well as in Northern and Eastern Europe for espionage. Also referred as Callisto, TA446 and COLDRIVER, the threat actor has been active since 2015 and reportedly used a spyware developed by infamous HackingTeam in their earlier campaigns.Why is this Significant?This is significant because the "SEABORGIUM" threat actor has been active since 2015 and reportedly targeted various industries including defense contractors, think tanks, Non-Governmental Organizations (NGOs) and Intergovernmental Organizations (IGOs) in NATO member countries as well as other European countries for espionage.What is SEABORGIUM APT Group?SEABORGIUM is a threat actor that has reportedly targeted organizations that are associated with foreign and security policy making in Europe for at least seven years. Countries of interest include NATO partner nations as well as countries in Northern, Southern and Eastern Europe. The Microsoft blog indicates that the APT group targeted Ukraine's public sector prior to the ongoing Russo-Ukrainian war.The SEABORGIUM APT threat actor is also known as Callisto Group (Callisto), COLDRIVER, TA446, and is potentially related to Gamaredon Group.Infection tactics of SEABORGIUM include credential phishing attacks, sending a Word doc attachment with malware embedded or malicious macros, and sending emails with themes that the target is likely interested in; also establishing relationships on Social Networking Service (SNS), all presumably for email credential theft. The stolen credentials allow the threat actor to gain access to the victim's mailbox and exfiltrate information. The attacker also is believed to set up email rules in the victim's mailboxes that automatically forward incoming messages to the attacker's email address for data gathering.In earlier campaigns, the SEABORGIUM APT group is believed to have used the Scout implant from Galileo, one of the Remote Control Systems (RCS) developed by the infamous Italy based HackingTeam. The Scout agent sends victim's machine information and screen captures to the attacker's infrastructure.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage for the samples believed to be related with the SEABORGIUM APT group:W32/Agent.AAAI!trW32/Agent.AACX!trW32/Trojan.I!trPDF/Agent.A9BA!trVBA/Agent.ADO!trAll network IOCs associated with this attack are blocked by the WebFiltering client. | Malware Threat | ★★★ | |
 |
2022-08-19 14:58:29 | Grandoreiro banking malware targets manufacturers in Spain, Mexico (lien direct) | The notorious 'Grandoreiro' banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico. [...] | Malware | ||
 |
2022-08-19 14:35:51 | (Déjà vu) Hackers Using Bumblebee Loader To Compromise Active Directory Services (lien direct) | The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up. | Malware Threat | ||
|
2022-08-19 14:31:42 | New PyPi Malware Pkgs Steal Discord And Roblox Credential & Payment Info, Expert Weighs In (lien direct) | A dozen malicious PyPi packages have been discovered by researchers at Snyk installing malware that modify the Discord client to steal data from web browsers and Roblox. The popular online chat application, Discord, is also a target. The malware exfiltrates Discord tokens and injects a persistent malicious agent in the process. This malicious code, known […] | Malware | ||
|
2022-08-19 09:04:18 | Cisco fixes High-Severity bug in Secure Web Appliance (lien direct) | >Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] | Malware Vulnerability | ||
|
2022-08-19 07:04:21 | DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (lien direct) | The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold | Malware Threat | ||
|
2022-08-19 06:35:28 | Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations (lien direct) | A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, | Malware Threat | ||
 |
2022-08-18 21:42:26 | Spyware Hunters Are Expanding Their Toolset (lien direct) | This invasive malware isn't just for phones-it can target your PC, too. But a new batch of algorithms aims to weed out this threat. | Malware | ||
 |
2022-08-18 16:00:26 | Une chanson de Janet Jackson reconnue officiellement comme un malware (lien direct) | >
Certaines fréquences du titre " Rythm Nation " ont le pouvoir de faire entrer en résonance certains disques durs d'ordinateur et donc de le faire planter.
L'article Une chanson de Janet Jackson reconnue officiellement comme un malware est à retrouver sur 01net.com. |
Malware | ||
 |
2022-08-18 15:58:00 | From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers (lien direct) | >A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat […] | Malware Threat | ||
|
2022-08-18 15:19:28 | Android malware apps with 2 million installs found on Google Play (lien direct) | A new batch of thirty-five Android malware apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims' mobile devices. [...] | Malware | ||
|
2022-08-18 15:02:08 | Research And Expert Comments On TA558 Targeting Hospitality. (lien direct) | Cybersecurity researchers at Proofpoint have today published new threat intelligence detailing how cybercriminal group TA558 has been targeting hospitality, hotel, and travel organisations to deploy malware and steal data such as credit card numbers and hotel customer data for financial gain. During a busy summer for international travel in the wake of the pandemic, TA558 […] | Malware Threat | ||
 |
2022-08-18 15:00:00 | ATMZOW JS Sniffer Campaign Linked to Hancitor Malware (lien direct) | ATMZOW infected at least 483 websites across four continents since the beginning of 2019 | Malware | ||
 |
2022-08-18 14:38:22 | Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors (lien direct) | The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history. | Malware | ||
|
2022-08-18 13:24:31 | North Korean Threat Group Lazarus Up To Old Tricks With New Malware Attack Targeting Mac OS Systems (lien direct) | The news broke that ESET researchers have identified a new cyberespionage campaign by North Korean APT group Lazarus, targeting Apple and Intel chip systems via a fake engineering job post supposedly from Coinbase. Identified in a series of tweets, the job description claims to be seeking an engineering manager for product security, before dropping a […] | Malware Threat | APT 38 | |
 |
2022-08-18 12:54:17 | North Korean Hackers Use Fake Job Offers to Deliver New macOS Malware (lien direct) | Researchers with cybersecurity company ESET have observed a new macOS malware sample developed by the infamous North Korean advanced persistent threat (APT) actor Lazarus. | Malware Threat | APT 38 | |
 |
2022-08-18 12:12:22 | 1,3 million d\'internautes ont été exposés à des menaces provenant d\'extensions de navigateur au cours du premier semestre de 2022 (lien direct) | Kaspersky - malware - menaces cyber - données personnelles - Malwares | Malware | ||
|
2022-08-18 11:41:44 | Evasive \'DarkTortilla\' Crypter Delivers RATs, Targeted Malware (lien direct) | Secureworks security researchers have analyzed 'DarkTortilla', a .NET-based crypter used to deliver both popular malware and targeted payloads. | Malware | ||
|
2022-08-18 10:11:07 | Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware (lien direct) | A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It | Malware Threat | ||
|
2022-08-18 02:20:52 | Hackers Using Bumblebee Loader to Compromise Active Directory Services (lien direct) | The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and | Malware Threat | ||
 |
2022-08-18 00:26:46 | (Déjà vu) ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks... | Ransomware Malware | ||
 |
2022-08-17 18:41:18 | After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) | .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… | Malware Threat | ||
|
2022-08-17 18:39:51 | \'DarkTortilla\' Malware Wraps in Sophistication for High-Volume RAT Infections (lien direct) | The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip. | Malware | ||
 |
2022-08-17 15:07:53 | APT Lazarus Targets Engineers with macOS Malware (lien direct) | The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. | Malware | APT 38 | |
|
2022-08-17 14:25:29 | 81% of Malware Seen on USB Drives in Industrial Facilities Can Disrupt ICS: Honeywell (lien direct) | 
|
Malware | ||
|
2022-08-17 13:01:42 | North Korean hackers use signed macOS malware to target IT job seekers (lien direct) | North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. [...] | Malware Medical | APT 38 | |
|
2022-08-17 12:11:18 | (Déjà vu) Malicious PyPi packages turn Discord into password-stealing malware (lien direct) | A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. [...] | Malware | ||
|
2022-08-17 12:11:18 | A dozen PyPI packages turn Discord into an info-stealing backdoor (lien direct) | A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. [...] | Malware | ||
 |
2022-08-17 11:11:17 | Zoom Exploit on MacOS (lien direct) | This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges. When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test—so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege... | Malware | ||
|
2022-08-17 10:00:00 | Malware devs already bypassed Android 13\'s new security feature (lien direct) | Android malware developers are already adjusting their tactics to bypass a new 'Restricted settings' security feature introduced by Google in the newly released Android 13. [...] | Malware | ||
 |
2022-08-17 09:33:15 | (Déjà vu) Job Seekers Targeted in Lazarus Group Hack (lien direct) | The North Korea state-backed Lazarus Group has been observed to be targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. ESET, a Slovak cybersecurity firm, linked these events to a campaign dubbed “Operation In(ter)ception” that was first disclosed in June 2020 and involved using social engineering tactics to […] | Malware Hack Medical | APT 38 | |
|
2022-08-17 08:31:52 | North Korea-linked APT targets Job Seekers with macOS malware (lien direct) | >The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] | Malware Medical | APT 38 | |
|
2022-08-17 06:59:58 | Cybercriminals Developing BugDrop Malware to Bypass Android Security Features (lien direct) | In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals | Malware | ||
|
2022-08-17 03:01:05 | Open source VideoLAN media player asks why it\'s blocked in India (lien direct) | Rubbishes suggestions poisoned clones or ancient malware are worthy reasons for ban Developers of the open source VideoLAN media player have started sniping at India's government over an apparent block on the project's website.… | Malware | ||
|
2022-08-17 01:43:10 | (Déjà vu) ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is... | Ransomware Malware | ||
|
2022-08-16 23:20:26 | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware (lien direct) | The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into | Malware Medical | APT 38 | |
 |
2022-08-16 17:56:37 | How to protect your industrial facilities from USB-based malware (lien direct) | >USB-borne malware can infect your industrial equipment unless you take the proper precautions, says Honeywell. | Malware | ||
 |
2022-08-16 15:06:00 | Anomali Cyber Watch: Ransomware Module Added to SOVA Android Trojan, Bitter APT Targets Mobile Phones with Dracarys, China-Sponsored TA428 Deploys Six Backdoors at Once, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, China, Cyberespionage, India, Malspam, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
APT-C-35: New Windows Framework Revealed
(published: August 11, 2022)
The DoNot Team (APT-C-35) are India-sponsored actors active since at least 2016. Morphisec Labs researchers discovered a new Windows framework used by the group in its campaign targeting Pakistani government and defense departments. The attack starts with a spearphishing RTF attachment. If opened in a Microsoft Office application, it downloads a malicious remote template. After the victim enables editing (macroses) a multi-stage framework deployment starts. It includes two shellcode stages followed by main DLL that, based on victim fingerprinting, downloads a custom set of additional information-stealing modules.
Analyst Comment: The described DoNot Team framework is pretty unique in its customisation, fingerprinting, and module implementation. At the same time, the general theme of spearphishing attachment that asks the targeted user to enable editing is not new and can be mitigated by anti-phishing training and Microsoft Office settings hardening.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 | [MITRE ATT&CK] Template Injection - T1221 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Data from Local System - T1005 | [MITRE ATT&CK] Data from Removable Media - T1025 | [MITRE ATT&CK] Data from Network Shared Drive - T1039 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059
Tags: APT-C-35, DoNot Team, APT, India, source-country:IN, Government, Military, Pakistan, target-country:PK, Windows |
Ransomware Malware Tool Vulnerability Threat Guideline Medical | APT 38 | |
 |
2022-08-16 14:24:32 | Malware Evasion – Memory Injection (lien direct) | >This is the third part of our malware evasion techniques series. If you'd like, you can also review our other articles on sandbox evasion and Living off the Land. This article introduces a set of evasion techniques wherein malware takes advantage of running processes. These techniques fall under the broad category of malware evasion techniques known as | Malware | ★★★ | |
|
2022-08-16 13:33:15 | Attention, ce malware vise plus de 200 applications Android de banques et de cryptomonnaies (lien direct) | >
Un malware baptisé SOVA menace les smartphones Android. De plus en plus sophistiqué, le virus cible plus de 200 applications, dont des apps bancaires ou d'échange de cryptomonnaies. Le maliciel est conçu pour voler l'argent des victimes et siphonner toutes leurs données personnelles. Il peut également se transformer en ransomware.
L'article Attention, ce malware vise plus de 200 applications Android de banques et de cryptomonnaies est à retrouver sur 01net.com. |
Malware | ★★★★★ | |
|
2022-08-16 08:15:55 | Russia-linked Gamaredon APT continues to target Ukraine (lien direct) | >Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] | Malware | ||
|
2022-08-15 23:36:41 | Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware (lien direct) | Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated | Malware Threat | ||
 |
2022-08-15 16:00:00 | JSSLoader: the shellcode edition (lien direct) | In this deep dive analysis, we look at the latest version of the JSSLoader malware tied to the FIN7 group. (Read more...) | Malware | ||
|
2022-08-15 15:22:28 | SOVA Android malware now also encrypts victims\' files (lien direct) | Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the […] | Ransomware Malware | ||
|
2022-08-15 14:00:00 | Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories (lien direct) | >Categories: BusinessWe're excited to announce Malwarebytes Cloud Storage Scanning, a new service which extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organization's digital ecosystem. (Read more...) | Malware | ||
 |
2022-08-15 12:00:45 | (Déjà vu) IT threat evolution in Q2 2022. Mobile statistics (lien direct) | In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans. | Ransomware Malware Threat | ||
|
2022-08-15 12:00:43 | (Déjà vu) IT threat evolution in Q2 2022. Non-mobile statistics (lien direct) | Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. | Malware Threat | ||
 |
2022-08-15 10:00:00 | Everything you need to know about the new features in VSS & MVP (lien direct) | This blog was written by an independent guest blogger. Since AT&T launched its Vulnerability Scanning Service (VSS) in 2012, in partnership with DDI/HelpSystems, over 30 million devices have been scanned. The VSS provides vulnerability management services that help organizations identify vulnerabilities on their network and manage their swift remediation. Similarly, the AT&T Managed Vulnerability Program (MVP), launched in late 2020, allows organizations to assess their network without hiring IT professionals. Both services are designed to simplify vulnerability management and improve clients’ security posture. Loyal clients who have trusted these services for years will be pleased to learn of the new features that have been added in June 2022. These include: Improvements to business groups Enhancements to reporting Credentials validation These new features allow IT administrators to perform scans remotely, receive real-time reports on system vulnerabilities detected, and report them to third-party vendors for further action. Improvements to business groups The first significant upgrade in this release was the enhancement of business groups for data segmentation. This improves an organization's ability to restrict asset visibility by group membership. Previously, data segmentation was done only by IP definition. While functional for limiting access, it lacked flexibility. Business groups allow organizations to create logical breakouts of asset ownership to follow the principle of least privilege. Business groups can be restricted by office locations or more granular by departmental or team. Additionally, business group members can now be dynamically assigned. Assets within predefined criteria will be added to business groups as they are discovered via scans. With this solution, individual users will only have access to the assets and results that are relevant to their work without being able to see assets and data outside of their permissions. This closes a security gap from insider threats or stolen credentials, decreasing the overall threat landscape. Enhanced reporting Reporting is one of the core functionalities of any vulnerability management solution. These recent reporting upgrades have added significant quality of life and streamlining functionality to make reporting even easier for organizations. Previous incarnations of the solution had reporting as a manual process that users executed on-demand. While this met the needs of most organizations, it was still an additional step that had to be completed. Our latest release has both scheduled and completion-triggered reporting to automate this common task. With scheduled reporting, your organization can set the filters ahead of time and then define a set cadence such as weekly or monthly to generate a report. With completion-triggered reporting, organizations can select a preferred report or reports to be auto-generated when a scan finishes, removing an additional step for users. In addition to automatic report generation, organizations can now select to have reports emailed to them on completion. This functionality is not enabled by default, and organizations must opt-in specifically to have it available to them. To increase the security of this process, we will also be adding a passwording capability in the next release to ensure that even misaddressed reports are not accessible to those without appropriate access. Authenticated credential validation Credential management can be challenging. A simple typo could derail anticipated scan results and delay the identification or validation of vulnerabilities. With our new credential testing feature, a user can immediately test whether the credentials entered into the system are valid or not. This feature is built right into the process of adding new authentication credentials for scanning. In addition to identifying the use of a se | Malware Vulnerability Threat |
To see everything:
