What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-13 14:54:27 | How to benchmark your websites with the open source Apache Bench tool (lien direct) | To always be ahead of the network admin game, you should be benchmarking your websites. Jack Wallen shows you how with the Apache Bench tool. | Tool | ||
 |
2021-05-13 13:00:00 | (Déjà vu) Microsoft build tool abused to deliver password-stealing malware (lien direct) | Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] | Malware Tool Threat | ||
|
2021-05-13 13:00:00 | Attackers abuse Microsoft dev tool to deploy Windows malware (lien direct) | Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] | Malware Tool Threat | ||
 |
2021-05-11 15:07:35 | Babuk Claims Yamabiko Cyberattack (lien direct) | TechNadu is sharing images from a reported Babuk cyberattack on Japanese Power Tool Maker Yamabiko (who has not yet issued a statement on the attack). The threat actors claim to… | Tool Threat | ||
 |
2021-05-11 14:53:51 | AI Security Risk Assessment Tool (lien direct) | Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog. | Tool | ||
 |
2021-05-11 12:29:05 | (Déjà vu) Google open sources cosign tool for verifying containers (lien direct) | Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI […] | Tool | ||
 |
2021-05-10 19:15:08 | CVE-2021-21428 (lien direct) | Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | Tool | ||
 |
2021-05-10 17:14:57 | Google Releases Open Source Tool for Verifying Containers (lien direct) | Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images. | Tool | ||
 |
2021-05-09 15:47:35 | Active Directory Enumeration: RPCClient (lien direct) | In this article, we are going to focus on the enumeration of the Domain through the SMB and RPC channels. The tool that we will be using for all the enumerations and manipulations will be rpcclient. The article is focused on Red Teamers but Blue Teamers and Purple Teamers can | Tool | ||
|
2021-05-07 18:56:11 | How to take advantage of Zoom\'s chat tool (lien direct) | The chat tool in Zoom offers several handy tricks. Here's how to use them. | Tool | ||
|
2021-05-07 16:32:02 | US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal (lien direct) | Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The report reveals that the hackers started using the open-source adversary simulation framework Sliver after some of their operations were exposed. | Tool | ★★★★ | |
 |
2021-05-05 10:45:19 | “Agricomb” is the perfect tool for measuring gases from cow burps (lien direct) | More precise measurements could help boost yields and enable design of cleaner farms | Tool | ||
 |
2021-05-04 17:16:10 | Synopsys Launches New Tool for Automated Application Security (lien direct) | Synopsys has today announced it will showcase the Software Integrity Group's new Intelligent Orchestration solution at RSA Conference on May 17th – 20th. Intelligent Orchestration is a dedicated application security automation pipeline, optimized for speed and efficiency, that ensures the right security tests are performed at the right time. Intelligent Orchestration, which runs in parallel to […] | Tool | ||
 |
2021-05-04 15:25:00 | Anomali Cyber Watch: Microsoft Office SharePoint Servers Targeted with Ransomware, New Commodity Crypto-Stealer and RAT, Linux Backdoor Targeting Users for Years, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data Theft, Backdoor, Ransomware, Targeted Ransomware Attacks and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Python Also Impacted by Critical IP Address Validation Vulnerability
(published: May 1, 2021)
Researchers have recently discovered that a bug previously discovered in netmask (a tool to assist with IP address scoping) is also present in recent versions of Python 3. The bug involves the handling of leading zeroes in decimal represented IP addresses. Instead of interpreting these as octal notation as specified in the standard, the python ipaddress library strips these and interprets the initial zero and interprets the rest as a decimal. This could allow unauthenticated remote attackers to perform a number of attacks against programs that rely on python's stdlib ipdaddress library, including Server-Side Request Forgery (SSRF), Remote File Inclusion (RFI), and Local File Inclusion (LFI).
Analyst Comment: Best practices for developers include input validation and sanitization, which in this case would avoid this bug by validating or rejecting IP addresses. Additionally regular patch and update schedules will allow for rapid addressing of bugs as they are discovered and patches delivered. Proper network monitoring and policies are also an important part of protecting against these types of attacks.
Tags: CVE-2021-29921, python
Codecov Begins Notifying Affected Customers, Discloses IOCs
(published: April 30, 2021)
Codecov has disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information (environment variables) from the affected customers. The company disclosed a supply-chain breach on April 15, 2021, and has now begun notifying customers. The breach went undiscovered for 2 months, and leveraged the Codecov Bash Uploader scripts used by a large number of projects.
Analyst Comment: In light of the increasing frequency and sophistication of supply chain attacks, companies should carefully audit, examine, and include in their threat modelling means of mitigating and detecting third party compromises. A resilient and tested backup and restore policy is an important part of the overall security strategy.
Tags: North America, Codecov, supply chain
FBI Teams up with ‘Have I Been Pwned’ to Alert Emotet Victims
(published: April 30, 2021)
The FBI has shared more than 4.3 million email addresses with data breach tracking site Have I Been Pwned. The data breach notification site allows you to check if your login credentials may have been compromised by Emotet. In total, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies.
Analyst Comment: Frequently updated endpoint detection policies as well as network security |
Ransomware Data Breach Malware Tool Vulnerability Threat Patching Guideline | ||
 |
2021-05-04 12:00:00 | I Battle My Panic Disorder by Mowing Virtual Lawns (lien direct) | It's Literally Just Mowing, a simple mobile game, has become part of my mental health tool kit. May it inspire you to find one that works for you. | Tool | ||
|
2021-05-04 09:34:31 | Windows 10: This new tool makes it easier to manage remote workers in the cloud (lien direct) | As organisations prepare for the future of hybrid and remote work, they're looking for a simpler way to follow best practice for managing Windows and devices. | Tool | ||
 |
2021-05-03 18:22:23 | Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool (lien direct) | Researchers warned that unpatched versions of HPE's Edgeline Infrastructure Manager are open to remote authentication-bypass attacks. | Tool | ||
|
2021-04-30 19:01:05 | WeSteal: A Cryptocurrency Stealing Tool That Does Just That (lien direct) | The developer of the WeSteal cryptocurrency stealer can't be bothered with fancy talk: they say flat-out that it's “the leading way to make money in 2021”. | Tool Guideline | ||
|
2021-04-30 18:41:41 | Active Directory Enumeration: BloodHound (lien direct) | In the article, we will focus on the Active Directory Enumeration tool called BloodHound. It takes the data from any device on the network and then proceeds to plot the graph that can help the attacker to strategize their way to the Domain Admins. Table of Content Introduction Linux Installation | Tool | ★★★★★ | |
 |
2021-04-30 12:11:34 | PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (lien direct) |
The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. |
Tool Threat | ||
|
2021-04-29 21:15:08 | CVE-2021-29468 (lien direct) | Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio. | Tool Vulnerability | ||
 |
2021-04-29 16:28:56 | Developer Training Checklist: 5 Best Practices (lien direct) |  The role of the developer has evolved over the past several years. Developers are not only responsible for writing code and releasing new software rapidly but also for securing code. By implementing security in the software development lifecycle, you can reduce risk and cost without slowing down time to production.
But the developer role is already stretched so thin and many developers don???t have a background in security. How can you get developers up to speed on security measures in an engaging manner that doesn???t add too much extra work? And how can you ensure that your developers are successfully implementing the security learnings?
Leveraging findings from a recent Enterprise Strategy Group report, Modern Application Development Security, and tips from our Director of Development Enablement, Fletcher Heisler, we were able to establish a list of best practices to follow when training developers in security.
Make security training a real requirement. Developers are very busy. If they???re not required to take secure coding training, it???s highly unlikely that they will. So, make it part of their goals. And to ensure that they???re paying attention to the trainings, consider adding knowledge checks.
ツ?
Make sure the training is relevant and engaging. As Fletcher states in Four Fundamentals of Education The Sticks, use training tool like Security Labs that ???bring magic, adventure, and exploration back to security so that developers can actually explore when something goes wrong.??? And make sure the examples are relevant to the developer???s day-to-day work. The more realistic, the more serious they take the training.
ツ?
Measure the effectiveness of the training. Don???t just assume that developer training is working, track it. To ensure that your developers are implementing the learnings from their security training, you should track both issue introduction and continuous improvement metrics for both scrum teams and individual developers. By keeping track of these metrics, you can tailor future security trainings toward areas of weakness. [As you can see in the chart below from Enterprise Strategy Group, only 41 percent of organizations are tracking the continuous improvement of development teams.]ツ?
ツ?
 ???
ツ?
Offer a mix of training types. Not everyone learns the same way. Some developers might prefer instructor-led courses while others might like on-demand courses or hands-on training tools. It???s also important to keep in mind that developers likely have different levels of security knowledge. A new developer might need an introductory course to secure code training while a more experienced developer might benefit from a more technical course.
ツ?
Implement a security champions program. Many organizations benefit from implementing a security champions program. To start a security champions program, select interested volunteers from each development team and give them extra tools and training needed to be security experts on their scrum teams. They???ll be able to pass along their additional security skills to peers on their team. |
Tool | ||
|
2021-04-29 01:39:41 | US Government Taking Creative Steps to Counter Cyberthreats (lien direct) | An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it | Hack Tool | ||
|
2021-04-27 17:24:00 | Anomali Cyber Watch: HabitsRAT Targeting Linux and Windows Servers, Lazarus Group Targetting South Korean Orgs, Multiple Zero-Days and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Android Malware, RATs, Phishing, QLocker Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Zero-day Vulnerabilities in SonicWall Email Security Actively Exploited
(published: April 21, 2021)
US cybersecurity company SonicWall said fixes have been published to resolve three critical issues in its email security solution that are being actively exploited in the wild. The vulnerabilities are tracked as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, impacting SonicWall ES/Hosted Email Security (HES) versions 10.0.1 and above.
Analyst Comment: The patches for these vulnerabilities have been issued and should be applied as soon as possible to avoid potential malicious behaviour. SonicWall’s security notice can be found here https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/. It is important that your company has patch-maintenance policies in place. Once a vulnerability has been publicly reported,, threat actors will likely attempt to incorporate the exploitation of the vulnerability into their malicious operations. Patches should be reviewed and applied as soon as possible to prevent potential malicious activity.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] File and Directory Discovery - T1083
Tags: CVE-2021-20021, CVE-2021-20023, CVE-2021-20022
Massive Qlocker Ransomware Attack Uses 7zip to Encrypt QNAP Devices
(published: April 21, 2021)
The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021. All victims are told to pay 0.01 Bitcoins, which is approximately $557.74, to get a password for their archived files. While the files are being locked, the Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable.
Analyst Comment: Attackers are using legitimate tools like 7zip to evade detections by traditional antiviruses. EDR solutions can help tracking suspicious command line arguments and process creations to potentially detect such attacks. Customers should use backup solutions to be able recover encrypted files.
MITRE ATT&CK: [MITRE ATT&CK] Credentials in Files - T1081
Tags: Tor, Qlocker, CVE-2020-2509, CVE-2020-36195
Novel Email-Based Campaign Targets Bloomberg Clients with RATs
(published: April 21, 2021)
A new e-mail-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg's industry-based services. Attacks start in the form of targeted emails to c |
Ransomware Malware Tool Vulnerability Threat Medical | Wannacry Wannacry APT 38 APT 28 | |
|
2021-04-27 13:29:38 | Adobe Releases Open Source Anomaly Detection Tool "OSAS" (lien direct) | Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop' (OSAS), a new tool designed to help security teams discover anomalies in datasets. | Tool | ||
|
2021-04-27 11:57:14 | Security Vulnerabilities in Cellebrite (lien direct) | Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is riddled with vulnerabilities. (The one example he gives is that it uses FFmpeg DLLs from 2012, and have not been patched with the 100+ security updates since then.) …we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed... | Tool | ||
 |
2021-04-27 10:00:00 | Priority on people - An argument against the excessive use of Cybersecurity technology (lien direct) | Introduction Despite what many advertisements and salespeople would like you to think, you don’t need to (and in many cases shouldn’t) spend a fortune on security tools to achieve a robust cybersecurity program. Some tools are essential, such as a ticketing tool or Security Information and Event Management (SIEM) system, but the best security programs are built off the employees that run the business. Without their support and understanding, even the most secure system or software suite could be brought tumbling down with little effort. Every member of an organization with access to computers or data is a potential source of compromise and a potential source of system failure. Almost every component, system, or workflow, down to the fundamental building blocks of society, rely on the fair and accurate participation of those involved in it. Accordingly, any deviance, whether intentional or not, from this set state can cause significant issues to arise. It is vital that the security team realize that the purpose of security is, foremost, to promote the ability of the business to do business. Excessively complex or costly security measures that do not serve the needs of the organization or support it in its mission are worse than no security at all. Staff over software One of the first categories of people to focus on is your security (or IT) staff. Some technology requires specific skills, knowledge, or time, any one of which your team may lack. Without first considering the available resources needed to implement, use, or even maintain any given software solution, you would be missing a critical component in the evaluation process. Any software or tool is only as good as the person using it, regardless of how expensive or cutting edge it may be. Each software implemented, outside of the standard ‘install and forget’ type, requires planning, reviews, training, and maintenance to be effective. Given the state of most IT and Cybersecurity teams, there is likely not enough hours to go around to properly execute the necessary tasks needed to meet the above requirements. Implementation and maintenance requirements will vary based on the type of software, but it will always be present and should be factored into the overall cost of the solution being considered. The second category is, of course, the employees of the organization. Not all tools will solely reside in the domain of the IT or Security teams and may be rolled out to broad swathes of the organization. As anyone who works in cybersecurity knows, we walk a careful line between security and functionality. The software we pick, therefore, must be secure enough without being overly complex or burdensome. Any solution must be ‘right-sized’ to the institution, both in cost and effectiveness, but also in adoptability. If staff refuse to, or are unable to, use the new tool it serves very little purpose in the overall mission of security. Instead of prioritizing software, it is recommended to focus first on user training on key security issues and on the acceptable use of technology. Part of this training should include active testing such as phishing campaigns or other social engineering endeavors. Focusing on employee training has been seen to lead to a far higher return security-wise when compared to equivalent software solutions. When to use software To be clear, it is not being argued that organizations shouldn’t use any software. In order to have a fully mature and functional security program, there are several critical components that any organization should adopt. Specific requirements will vary per organization, industry, and regulatory requirements, but a general list of ‘must-haves’ is: SIEM software End-point protection software Vulnerability scanning software Mobile Device Management (MDM) software (as needed) Backup software Encryption te | Tool Guideline | ||
 |
2021-04-26 03:38:20 | How to Test and Improve Your Domain\'s Email Security? (lien direct) | No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers.
Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, |
Tool | ||
|
2021-04-23 11:00:00 | Now for AI\'s Latest Trick: Writing Computer Code (lien direct) | Programs such as GPT-3 can compose convincing text. Some people are using the tool to automate software development and hunt for bugs. | Tool | ||
|
2021-04-22 15:47:16 | Cellebrite \'s forensics tool affected by arbitrary code execution issue (lien direct) | Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie Marlinspike, the creator of the popular encrypted messaging app Signal, announced that Cellebrite mobile forensics tools developed by Cellebrite are affected by multiple vulnerabilities that could be exploited to achieve arbitrary code execution. Cellebrite develops […] | Tool | ||
|
2021-04-22 15:46:00 | How AIOps can help IT developers manage applications (lien direct) | IBM's new OEM Application Resource Management offers a tool to improve applications by using automation. | Tool | ||
|
2021-04-22 14:30:52 | How to get real-time network statistics for your Linux servers with Guider (lien direct) | Jack Wallen introduces you to a tool that will help you to better troubleshoot network issues on Linux servers. | Tool | ||
|
2021-04-22 12:43:02 | Reporting Live From Collision Conference 2021: Part One! (lien direct) |  This week, Collision (virtually) kicked off its annual conference, bringing together creatives, builders, influencers, innovators, and other great minds to cover some of the hottest topics in business and technology. Known as ???America???s fastest-growing tech conference,??? this year Collision featured over 450 speakers with more than 100 hours of content to consume across the three-day event.
With a sizable group of 40,000-plus attendees to entertain, the team behind Collision came prepared with a packed schedule. The lineup included speakers from some brand heavy-hitters ??? Amazon, Twitter, TikTok, and PayPal to name a few ??? as well as our very own Chris Wysopal representing the application security (AppSec) space for Veracode!
AI, AI??ヲOh!
Chris first led a hodgepodge of talent from security and tech to moderate Collision???s AI, AI??ヲ Oh!: AI, Security and Privacy in Online Society session. For this roundtable, Chris was joined by Jeff Moss of DEF CON, Jordan Fisher of Standard Cognition, Katie Moussouris of Luta Security, Alexander Vindman of Lawfare, Gary Harbison of Bayer, and Window Snyder of Thistle Technologies. The topic at hand? Just how major the impacts of AI and machine learning are on all industries today, and the risks this technology can bring if left unchecked.
The roundtable dug into important issues like allocating organizational resources to security, privacy, and transparency to monitor AI, as well as what can go wrong when companies don???t quite get it right. Chris kicked off the conversation by asking, how can we have technology figure out exactly what algorithms are doing so that we know when something is going awry, and who is to blame when it does? Gary Harbison brought up the idea of self-driving cars, which take data from their environment and make decisions in the moment. At some point, if there is a decision made by the algorithm that pits the safety of the driver against a pedestrian, who is to blame and what is the ramification? Gary followed up that we as an industry need to think this through sooner rather than later.
Another risky implication of this technology, the group suggested, is that in cases where AI is used to track consumer behavior, such a tool can quickly become an invasion of privacy. Window Snyder noted that implementing security (and being able to measure it) is a critical first step. She posed the question, how are we going to measure efficacy and improvements in security around AI technologies so that we can see what is actually providing value to consumers? ???Consumers will feel understandably uncomfortable knowing that a brand is tracking what they do inside of a store, and they may feel like they???re being watched everywhere they go,??? she said.
Window went on to explain that, if we want to create a trust between technology companies and the people we???re observing, we need to make sure that we???re creating clear business requirements and metrics, reducing the scope and time for tracking, and doing as much as possible to reduce the granularity of the data that is collected. Another important step, she says, is that when you build a mechanism to collect data, you also need to build a mechanism to remove it after extracting as much granularity as possible. Doing so tells consumers that the technology was built with their privacy in mind.ツ?
There???s an economic and geopolitical aspect to the risks of AI te |
Tool | ||
 |
2021-04-22 00:00:00 | Travailler à domicile: une année en revue les entreprises sont obligées de permettre à leurs employés de travailler à distance, la surface d'attaque devient plus large. Working From Home: A Year in ReviewAs companies are obliged to allow their employees to work remotely, the attack surface becomes broader.Read More (lien direct) |
Cyber Trends, Risks and the Global PandemicAs we mark a year of working from home through the global pandemic, this is a good time to discuss and delve into the IT changes and trends in our day-to-day work environment and their implications for user privacy, corporate cyber security and cyber insurance. The 3 main categories of software and applications that saw a significant increase in usage over the past year include:Video Conferencing and online communication platformsVPNs and Remote Desktop (RDP) softwaresTwo Factor (2FA) and Multiple Factor Authentication (MFA) applicationsWorking from home has increased the usage of the aforementioned technologies as well as other similar applications, broadened the attack surface and provided new opportunities for various malicious actors as there are more external-internal connections compared to the past, meaning more types of services to keep track of and monitor. This also implies a heavier traffic load due to video streaming, database connections and more. âEasier communication, but at what cost?Away from our colleagues and offices, employees have had to adapt quickly to various methods of online communication and meetings in order to keep things running, whether itâs Zoom, Webex, Microsoft Teams, Google meet or any other platform, co-workers are now able to chat, share video and documents easily from computers and phones. Right from the start of the pandemic, Zoom solidified itself as the dominant platform for video conferencing with an increase of 67% in usage between January and the middle of March 2020. By April 2020 it already had more than 300 million daily Zoom meeting participants in comparison to 10 million meeting participants in December 2019.(1)Number of daily Zoom users, December 2019 - April 2020This convenience comes with significant underlying risks to users and corporate networks, as poorly implemented encryption protocols and other security measures can result in unauthorized participants access to otherwise personal or confidential calls. This sort of intrusion, commonly referred to as âZoom Bombingâ, can be at best innocent trolling and cause annoyance but at worst allow access to a malicious actor who can gather sensitive information on the company for espionage purposes(2), harvest participants\' credentials and other PII and leak the callâs content and video as well as use the meeting chat to send phishing links which could escalate to a full-blown ransomware attack on the company\'s network(3). This sort of attack can be carried out by an attacker exploiting vulnerabilities such as (or similar to) CVE-2019-13450(4) which would allow them to forcefully join a meeting. âMultiple Factor Authentication - double the safety but not without risks Multiple Factor Authentication (MFA) and Two Factor Authentication (2FA) have been adopted in recent years as an additional security tool to ensure the safety of oneâs accounts and personal information. As previously mentioned, the migration to a remote work routine necessitated a secure and verified method for each employee to access their companyâs assets online on a daily basis. This basic work necessity came with restrictions and guidelines such as remote desktop applications to create a virtual work environment and 2FA applications in an attempt to strengthen the companyâs cybersecurity posture. By May 2020, around 70% of British businesses were already using some type of MFA and a VPN for better cyber security risk management of the changed work environment(5).There are numerous ways by which MFA or 2FA methods can be bypassed, either through brute force (if the requested code is between 4-6 numbers), social engineering or a conventional session management in which attackers use the password reset function. This is due to the fact that 2FA is often not implemented on the systemâs login page after a password reset.VPNs and RDPs - work from anywhere and be attacked from anywhereVi | Ransomware Data Breach Malware Tool Vulnerability | ★★★ | |
 |
2021-04-21 13:12:39 | Instagram debuts new tool to stop abusive message salvos made through new accounts (lien direct) | DMs are the next area the firm wants to focus on in controlling abusive behavior. | Tool | ||
|
2021-04-20 12:17:02 | Why To Codecov Breach? Experts Weigh In (lien direct) | Following media reports that hackers who tampered with a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks belonging to the San… | Tool | ||
|
2021-04-20 12:00:04 | VMware announces new Anywhere Workspace tool to help businesses make remote work easier (lien direct) | The new platform is a combination of SASE, access control and cloud-native endpoint security that the company said is the only solution of its kind on the market. | Tool | ||
 |
2021-04-19 19:00:00 | How VPNs Are Changing to Manage Zero Trust Network Access (lien direct) | What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […] | Tool | ||
|
2021-04-19 13:48:50 | Nonprofit provides help to hospitals battling ransomware (lien direct) | The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity. | Ransomware Tool | ||
|
2021-04-19 09:05:28 | DevSecOps in Practice: How to Embed Security into the DevOps Lifecycle (lien direct) |  You???ve heard of DevOps. And by now, you???ve probably also heard of DevSecOps, which extends DevOps principles into the realm of security. In DevSecOps, security breaks out of its ???silo??? and becomes a core part of the DevOps lifecycle.
That, at least, is the theory behind DevSecOps. What???s often more challenging for developers to figure out is how to apply DevSecOps in practice. Which tools and processes actually operationalize DevSecOps? Until you can answer that question, DevSecOps will be just another buzzword.
To help bridge the gap between theory and practice, let???s walk through what DevSecOps means from a practical perspective, and how to go about embedding it into your development workflows.
DevSecOps, defined
If you???re familiar with DevOps (which encourages collaboration between developers and IT operations engineers in order to speed application delivery), then the meaning of DevSecOps is easy enough to understand. DevSecOps adds security operations teams into the equation so that they can collaborate seamlessly with developers and IT engineers.
DevSecOps places a DevOps spin on basic security concepts. Just as DevOps encourages continuous delivery, DevSecOps is all about continuous security ??? meaning the constant and holistic management of security across the software development lifecycle. Similarly, DevSecOps encourages continuous improvement in the realm of security ??? meaning that no matter how secure you believe your environment is, you should always be looking for ways to improve your security posture even further.
DevSecOps in practice
These are all great ideas to talk about, and it???s easy to see why they are valuable. Security postures are indeed stronger when developers, IT engineers, and security engineers work together, rather than working in isolation. It???s much easier to optimize security when developers prioritize security with every line of code they write, and when IT engineers think about the security implications of every deployment they push out, rather than viewing security as something that someone else will handle down the line.
The big question for teams that want to embrace DevSecOps, though, is how to go about putting these ideas into practice. That???s where things can get tougher. There is no simple methodology that allows you to ???do??? DevSecOps. Nor is there a specific tool that you can deploy or a particular role that you can add to your team.
Instead, operationalizing DevSecOps means building holistic combinations of processes and tools that make it possible to integrate security into DevOps workflows. While the best approach to this will vary from team to team, the following are some general best practices for implementing DevSecOps.
Scanning early and often
One basic step toward implementing DevSecOps is to ensure that you perform security tests and audits at the beginning of the software delivery pipeline. You don???t want to wait until code is written and built to start testing it for flaws (and you certainly don???t want to let it get into production before testing it). Instead, you should be scanning code as it is written, by integrating security tooling directly into your IDEs if possible.
Importantly, security scanning should continue as code ???flows??? down the pipeline. You should scan your test builds and application release candidates before deployment. Security monitoring and auditing should also continue once code is in production.
Automation
Automation is a founding principle of DevOps, and it???s just as important to DevSecOps. Automation not only makes processes faster and more efficient, but also helps reduce friction between the different stakeholders in DevSecOps |
Tool | Uber | ★★★ |
|
2021-04-16 20:07:24 | Backdoored developer tool that stole credentials escaped notice for 3 months (lien direct) | AWS credentials and private repository tokens could allow self-perpetuating attacks. | Tool | ||
|
2021-04-16 10:44:37 | Popular Codecov code coverage tool hacked to steal dev credentials (lien direct) | Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment. [...] | Tool Threat | ||
|
2021-04-16 10:00:00 | Considerations for performing IoMT Risk Assessments (lien direct) | What are Internet of Medical Things (IoMT) products? Internet of Medical Things (IoMT) products refer to a combination of medical applications and devices connected to healthcare information technology systems through an online computer network or a wireless network. IoMT devices rely heavily on biosensors, critical in detecting an individual's tissue, respiratory, and blood characteristics. Non-bio sensors are also used to measure other patient characteristics such as heart and muscle electrical activity, motion, and body temperature. IoMT product classifications One needs to gain insight into what makes a device a medical device. In the U.S., the sale of medical devices is regulated by the Food and Drug Administration (FDA). As required by the FDA, medical devices are classified as being Class I, Class II, or Class III based on the risk posed by the device. Therefore, one must understand the risk level of a medical device and its intended use and indications of use. IoMT layers and the threat-driven approach to security Like IoT, IoMT has several layers, including the business, application, application, middleware, network, and perception layers. Notably, the perception layer in IoMT is tasked with the transfer of medical data acquired from sensors to the network layer. Medical things types that fall under the perception layer can be classified as: wearable (muscle activity sensors, pressure and temperature sensors, smartwatches); implantable (implantable cardioverter defibrillators (ICD); swallowable (camera capsule); ambient (vibration and motion sensors), and; stationary devices (surgical devices, CT scan). Likewise, IoMT devices are subject to attacks based on their architecture or application. That is, IoMT devices can suffer layer-specific attacks. While hackers can target any layer for an attack, they typically focus on either the perception or network layer attacks. Perception layer attacks focus on devices that acquire data from sensors. Hackers use perception layer attacks to defeat the device administrator's ability to track the sensor and discover that it has been cloned or otherwise tampered with. Conversely, at the network layer, IoMT devices can be subject to DoS attacks, Rogue access, Man-in-the-Middle (MiTM), replay, and Eavesdropping. Common IoMT vulnerabilities arise from the challenges experienced during IoMT device development, such as the lack of a threat-driven approach to security. The threat-driven approach to security corresponds to modeling the relationship between threats, the risk to the asset, and the security controls that should govern them. For example, Bluetooth Low Energy (BLE) technology, whose applications range from home entertainment to healthcare, is associated with many threats such as network communication decryption, replay attacks, and Man-in-the-Middle attacks. Primary considerations in performing IoMT Risk Assessments Threat modeling is the tool best fitted for addressing perception and network-layer threats. Cybersecurity practitioners commonly use the STRIDE threat modeling technique to help solve IoMT-related security challenges at both layers. STRIDE is a threat model suitably fitted for helping cybersecurity practitioners identify and analyze threats in an IoMT environment. More specifically, STRIDE is the most adept tool for answering the question 'what can go wrong in the IoMT environment that can adversely affect patient safety?' The STRIDE model allows cybersecurity practitioners to determine what threat is a violation of a desirable property for an IoMT system. Desirable properties preserve privacy, data protection and contribute to the security of an IoMT asset. Desirable properties align with the STRIDE model as illustrated below: | Tool Threat | ||
|
2021-04-16 02:47:55 | Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (lien direct) | Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. | Hack Tool | ||
|
2021-04-15 21:39:18 | Popular software development tool Docker gets Apple M1 support (lien direct) | Another one of the most popular development tools now supports the M1. | Tool | ||
|
2021-04-15 12:18:29 | Outpost24 report finds Top 10 US Credit Unions all have web application issues (lien direct) | A report released this week by Outpost24, that examined the security posture of web applications amongst the Top 10 US Credit Unions, has revealed that they all have security issues. Using Outpost24's attack surface discovery tool called Scout, Outpost24 was able to analyse each Credit Union's public-facing web security environments against the seven most common attack vectors […] | Tool | ★★★★ | |
|
2021-04-15 11:13:33 | DNI\'s Annual Threat Assessment (lien direct) | The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity. Authoritarian and illiberal regimes around the world will increasingly exploit digital tools to surveil their citizens, control free expression, and censor and manipulate information to maintain control over their populations. ... | Tool Threat | ||
|
2021-04-14 10:00:00 | Phishing towards failed trust (lien direct) | This blog was written by an independent guest blogger. Phishing exercises are an important tool towards promoting security awareness in an organization. Phishing is effective, simply because it works. However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test. Sometimes, the phish can be sent at a time of day that catches the recipient off-guard, which causes a person to click the malicious link. These techniques are so effective, that even the most experienced people have gotten fooled, not only by phishing tests, but also by real scams. As social engineers, it is easy to play on people’s vulnerabilities; their fears, hopes, and dreams. Fears, such as those used in scams against the elderly; hopes, such as those used against the optimistically trusting; and dreams, such as those used against the wistfully romantic. However, with any security practice, we have to temper our thrill of victory, that is, the adrenaline rush of the “gotcha” moment when a person falls for our brilliantly crafted phishing test, with the reality of our true purpose, which is to educate, and build trust. With that in mind, we must ask ourselves, when have we gone too far? For example, according to a report that was published at the height of the pandemic, Covid-related scams rose to an all-time high. The cybercriminals have been hard at work, trying to capitalize on our fears, and our desires to seek information, and more recently, our desire to become vaccinated. Has your organization used the pandemic in any recent phishing exercises? How effective were they? Was the “hit” rate high? More importantly, did the people who failed the test thank you for showing them the error of their ways? I doubt it. I am not stating this merely to make enemies in the security community. As a 20+ year veteran in the industry, I too understand the struggles and the frustrations of building a security culture in an organization. However, let’s look to the legal profession for a moment to try to understand why Covid-based phishing exercises are simply wrong. The problem at hand is one of our freedom to act recklessly. If we look to the landmark U.S. Supreme Court case of Schenck v. United States, we are met with the famous quote about how freedom of speech does not give one the right to “Yell ‘Fire!’ in a crowded theater”. In a later case, Rochin v. California, the phrase “Shocks the conscience” became part of legal doctrine. An action is understood to "shock the conscience" if it is "grossly unjust to the observer." Contrary to helping an already stressed staff, does a Covid-based phishing exercise succeed in anything other than violating the senses, as well as bordering on a cavalier abuse of our “expertise”? There are so many ways to educate | Tool | ||
 |
2021-04-13 10:00:00 | Piratage de la technologie opérationnelle pour la défense: leçons apprises de l'infrastructure de contrôle des compteurs intelligents en équipe d'OT Red Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure (lien direct) |
Les incidents de sécurité très médiatisés au cours de la dernière décennie ont apporté un examen minutieux à la cybersécurité pour la technologie opérationnelle (OT).Cependant, il existe une perception continue entre les organisations d'infrastructures critiques que les réseaux OT sont isolés de réseaux publics tels que Internet.Dans l'expérience de mandiant, le concept d'un \\ 'Air Gap \' séparant les actifs des réseaux externes est rarement vrai dans la pratique.
En 2018, nous avons publié un article de blog présentant les outils et techniques qui Temp.veles utilisé pendant l'incident de Triton pour traverser un compromis externe des informations
High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks-such as the Internet. In Mandiant\'s experience, the concept of an \'air gap\' separating OT assets from external networks rarely holds true in practice. In 2018, we released a blog post presenting the tools and techniques that TEMP.Veles used during the TRITON incident to traverse from an external compromise of the information |
Tool Industrial | ★★★★ | |
|
2021-04-12 12:00:03 | Oracle adds employee experience product to its HCM suite (lien direct) | Citing the growing importance of worker happiness, Oracle's HR suite is adding Oracle Journeys, a workflow tool tailored to individuals. | Tool |
To see everything:
Our RSS (filtrered)
