What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-04-22 19:43:00 | Who\'s Behind the RevCode WebMonitor RAT? (lien direct) | The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. | Malware Tool Guideline | ||
 |
2019-04-22 12:00:00 | Carbanak Week Première partie: un événement rare CARBANAK Week Part One: A Rare Occurrence (lien direct) |
Il est très inhabituel pour Flare d'analyser une porte dérobée en privé prolifique et développée pour que le code source et les outils d'opérateur tombent dans nos tours.Pourtant, c'est la circonstance extraordinaire qui ouvre la voie à Carbanak Week, une série de blogs en quatre parties qui commence par ce post.
Carbanak est l'une des délais les plus complets du monde.Il a été utilisé pour perpétrer des millions de dollars de délits financiers, en grande partie par le groupe que nous suivons comme |
Tool | ★★★ | |
 |
2019-04-19 22:21:04 | Checklist 134: Many Things, Revisited! (lien direct) | On this week's Checklist by SecureMac: Worried about your internet of things things? Princeton has a tool for that!, Worried about hotels and data security? You should be!, Apple's new steps against scammy subscriptions,and Facebook: amiright...? | Tool | ||
 |
2019-04-16 08:17:00 | Adobe Flash security tool Flashmingo debuts in open source community (lien direct) | Flashmingo can be used to automatically search for Flash vulnerabilities and weaknesses. | Tool | ||
 |
2019-04-16 06:13:04 | Command & Control: Ares (lien direct) | In this article, we will learn how to use Ares tool. This tool performs the Command and Control over the Web Interface. This tool can be found on GitHub. Table of Content: Introduction Installation Exploiting Target Command Execution Capturing Screenshot File Download Compressing Files Persistence Agent Clean Up Introduction Ares is a Python Remote Access... Continue reading → | Tool | ||
|
2019-04-14 18:40:03 | \'Land Lordz\' Service Powers Airbnb Scams (lien direct) | Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. | Tool | ||
|
2019-04-14 06:30:02 | Command & Control: WebSocket C2 (lien direct) | In this article, we will learn how to use WebSocket C2 tool. It is also known as WSC2. Table of Content: Introduction Installation Exploiting Target Command Execution File Download Introduction WSC2 is primarily a tool for post-exploitation. WSC2 uses the WebSocket and a browser process. This serves as a C2 communication channel between an agent,... Continue reading → | Tool | ||
 |
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
 |
2019-04-11 13:00:00 | DNS cache poisoning part 2 (lien direct) |
My last blog on DNS cache poisoning only covered the superficial aspects of this long-standing issue. This installment aims to give a bit more technical detail, and expose some of the tactics used by the "bad-actors" looking to leverage a poisoned DNS cache against you and your network. In a worst-case scenario, the results of a poisoned DNS cache could lead to more than just a headache: civil liability, phishing, increased DNS overhead, and other kinds of nightmares are too easy to overlook with this type of 'attack'.
So, you may be wondering, "What exactly makes a DNS cache poisoning attack so dangerous, and what can we do to prevent it?" Well, as outlined in my first article, not answering DNS requests on the web is a great place to start. If you're only running an internal DNS infrastructure, your attack-surface is much lower. However, this comes with a caveat; "internal-only" DNS attacks are much harder to detect, and can often go weeks or months before even the keenest of sysops recognize them. This has to do with the fundamental structure of DNS. Let me explain.
Fundamental structure of DNS
In a typical DNS server (e.g. Windows DNS, or BIND) there is little mechanism (e.g. NONE) to provide any sanity checking. In its simplest form, a DNS query will look to its local database (the 'cache') first, upon finding no answer for the request it will then send a lookup request to its configured DNS server (the one you hopefully manage) and see if it can find an answer for the request.
If this lookup fails a 2nd time, there is a 'forwarder' configuration that kicks in, and the request goes to a list of pre-specified DNS hosts that your server will send the request to, looking for a resolution to the name. If this final 'forward' lookup fails, the final lookup happens out on the internet, on one of the 'Root' nameservers that share a distributed list of all the DNS hosts that make up the TCP/IPv4 internet. If this final lookup fails, the original requesting client is returned with a 'DNS Name not found' answer, and the name will not resolve. At any point during this journey, a "faked" response can be issued, and the initiator will accept it. No questions asked.
Problems with the model
This model is good when we can trust each one of the segments in the process. However, even during the early days of the web - there were some issues that became apparent with the way DNS works. For example, what if the root servers are unavailable? Unless your local DNS server has a record of ALL of the domains on the web, or one of your 'forwarders' does - the DNS name will not resolve. Even if it is a valid domain, DNS will simply not be able to lookup your host.
There was an "attack" on several of the root servers in the late 1990's. Several of the root servers were knocked offline, effectively taking down the internet for a large portion of the USA. It was during this outage that many network operators realized a large oversight of the DNS system, and a push was made to distribute control of these systems to a variety of trustworthy and capable internet entities. At the time of this attack, much of the internet name resolution duties fell to a single entity: Yahoo. A DDoS of Yahoo effectively killed the internet. Sure, we could still get to our desired hosts via IP, but e-mail, for example, was not as resilient. It was a great learning lesson for the web community at-large.
This was just a denial-of-service at the highest level of the infrastructure. What would happen if the localized database on every computer in your organization had different "answers" for DNS lookups? Instead of consistent |
Tool Guideline | Yahoo | |
 |
2019-04-10 16:35:03 | Google DLP Makes It Easier to Safeguard Sensitive Data Troves (lien direct) | Google's Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible. | Tool | ||
 |
2019-04-10 15:18:02 | Exodus Android spyware discovered in Apple\'s iOS platform (lien direct) | Android version of Exodus malware finds its way to iOS devices Researchers at cybersecurity firm Lookout recently discovered an iOS version of a powerful mobile phone spyware tool that is aimed at targeting iPhone users. Last month, researchers from a non-profit security organization, 'Security Without Borders', had reported the discovery of several Android versions (nearly 25) […] | Malware Tool | ||
 |
2019-04-10 13:44:05 | How Mozilla uses AI to manage Firefox bug reports (lien direct) | The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report. | Tool | ||
 |
2019-04-10 09:12:00 | Yoroi Welcomes “Yomi: The Malware Hunter” (lien direct) | Yomi's malware engine implements a multi-analysis approach that is able to exploit both: static analysis and behavioral analysis, enjoy it” Nowadays malware represents a powerful tool for cyber attackers and cyber criminals all around the world, with over 856 million of distinct samples identified during the last year it is, with no doubt, one of […] | Malware Tool | ||
 |
2019-04-08 14:15:02 | NSA Releases Reverse Engineering Tool\'s Source Code (lien direct) | The National Security Agency (NSA) has made the source code for its "Ghidra" reverse engineering tool available for everyone. | Tool | ||
|
2019-04-04 16:19:02 | Kage: Graphical User Interface for Metasploit (lien direct) | Kage is a GUI for Metasploit RCP servers. It is a good tool for beginners to understand the working of Metasploit as it generates payload and lets you interact with sessions. As this tool is on the process of developing, till now it only supports windows/meterpreter and android/meterpreter. For it to work, you should have... Continue reading → | Tool | ||
|
2019-04-03 19:02:00 | Canadian Authorities Raid RAT Developer (lien direct) | Canadian authorities last week raided a residence in connection with Orcus Technologies, the developer of Orcus RAT, a tool sold on underground markets for its remote access capabilities. | Tool | ||
|
2019-04-02 17:41:00 | dnscat2: Command and Control over the DNS (lien direct) | In this article, we learn DNS tunnelling through an amazing tool i.e. DNScat2 Table of Content : Introduction to DNS Introduction to DNScat Installation DNS tunnelling Conclusion Introduction to DNS The Domain Name System (DNS) associate's URLs with their IP address. With DNS, it’s conceivable to type words rather than a series of numbers into... Continue reading → | Tool | ||
 |
2019-03-29 03:58:00 | Here\'s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack (lien direct) | EXCLUSIVE - While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.
Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search |
Malware Hack Tool | ||
|
2019-03-28 08:00:00 | Commando VM: la première distribution offensive Windows de son genre Commando VM: The First of Its Kind Windows Offensive Distribution (lien direct) |
Pour les testeurs de pénétration à la recherche d'une plate-forme de test Linux stable et prise en charge, l'industrie convient que Kali est la plate-forme incontournable.Cependant, si vous préférez utiliser Windows comme système d'exploitation, vous avez peut-être remarqué qu'une plate-forme digne n'existait pas.En tant que chercheurs en sécurité, chacun de nous a probablement passé des heures à personnaliser un environnement Windows au moins une fois et nous utilisons tous les mêmes outils, services publics et techniques pendant les engagements des clients.Par conséquent, le maintien d'un environnement personnalisé tout en conservant tous nos ensembles d'outils à jour peut être une corvée monotone pour tous
For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you\'d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn\'t exist. As security researchers, every one of us has probably spent hours customizing a Windows working environment at least once and we all use the same tools, utilities, and techniques during customer engagements. Therefore, maintaining a custom environment while keeping all our tool sets up-to-date can be a monotonous chore for all |
Tool | ★★★ | |
|
2019-03-28 07:32:00 | ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer (lien direct) | ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. The Operation ShadowHammer took […] | Malware Tool Threat | ||
 |
2019-03-27 15:24:02 | (Déjà vu) Asus pushes out urgent security update after its own automatic Live Update tool was hacked (lien direct) |  Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus's own Live Update software tool.
Read more in my article on the Tripwire State of Security blog.
|
Malware Tool | ||
 |
2019-03-27 15:03:04 | Fix released for ASUS live update tool. (lien direct) | ASUS released today a new version of the Live Update tool that contains fixes for vulnerabilities that were exploited by a nation-state group to deploy the ShadowHammer backdoor on up to one million Windows PCs. Source: ZDNet | Tool | ||
 |
2019-03-27 15:01:04 | ASUS pushes out urgent security update after attackers hacked its automatic Live Update tool (lien direct) | Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS’s own Live Update software tool. As Motherboard reported earlier this week, researchers at Kaspersky discovered […]… Read More | Malware Tool | ||
|
2019-03-26 14:37:00 | ASUS releases fix for Live Update tool abused in ShadowHammer attack (lien direct) | ASUS releases Live Update 3.6.8. Also says that "a very small" number of users were impacted. | Tool | ||
|
2019-03-26 06:13:02 | Microsoft experts found high severity flaws in Huawei PCManager (lien direct) | Microsoft experts discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. Microsoft researchers discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei, both flaws were classified as “high severity.” The experts discovered the flaws because the kernel sensors in Microsoft Defender Advanced Threat Protection (ATP) detected an […] | Tool Threat | ||
|
2019-03-25 22:56:00 | Windows logo keyboard shortcuts: The complete list (lien direct) | The Windows logo key, which is common on most keyboards these days, can be a powerful tool if you know the right shortcuts. Here's an updated list to speed your work. | Tool | ★★★ | |
 |
2019-03-25 22:05:00 | How to hack your own Wi-Fi network (lien direct) | One way to bolster your understanding of Wi-Fi security is to do some hacking yourself. That doesn't mean you should infiltrate a company's network or snoop on a neighbor's setup. Rather, ethical hacking and legitimate Wi-Fi penetration testing – done in cooperation with the network owner – can help you learn more about the strengths and limitations of wireless security. Understanding potential Wi-Fi vulnerabilities can help you to better protect the networks you manage and ensure safer connections when you access other wireless networks.Start with a Wi-Fi stumbler General purpose Wi-Fi stumblers are the simplest and most innocent tools to add to your pen testing kit. Though typically passive tools, they serve an important purpose. They allow you to see what access points (AP) are nearby and their details, such as the signal level, security/encryption type, and media access control (MAC) address. It's a tool even a hacker would utilize to find the next victim. | Hack Tool | ||
|
2019-03-25 20:15:00 | How to Check Your Computer for Hacked Asus Software Update (lien direct) | Hackers compromised Asus's Live Update tool to distribute malware to almost a million people. Here's how to find out if your computer has it. | Malware Tool | ||
|
2019-03-25 19:17:00 | Microsoft Finds Privilege Escalation, Code Execution Flaws in Huawei Tool (lien direct) | Microsoft researchers have identified potentially serious privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. The vendor has released updates that should patch the flaws. | Tool | ||
|
2019-03-25 13:26:05 | Free Tools: spotting APTs through Malware streams (lien direct) | Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as […] | Malware Tool | ||
|
2019-03-25 13:00:00 | The odd case of a Gh0stRAT variant (lien direct) |
This is a guest post by independent security researcher James Quinn. This will be Part 1 of a series titled Reversing Gh0stRAT Variants.
As 2018 drew to a close and 2019 took over, I began to see a different behavior from SMB malware authors. Instead of massive, multi-staged cryptocurrency miners, I began to see more small, covert RATs serving as partial stage1’s. Of these samples, there was one specific sample that stood out to me. A Gh0stRAT variant, this sample not only changed the Gh0stRAT header from “Gh0st” to “nbLGX”, it also hid its traffic with an encryption algorithm over the entire TCP segment, in addition to the standard Zlib compression on the Gh0stRAT data. Some key functionality is below:
Can download more malware
Offline Keylogger
Cleans Event logs.
[Screenshot 1] Encrypted Login Packet sent by Gh0stRAT infected PC
In addition to a standard malware analysis blog post, I’d also like to take this time to document and describe my methods for analysis, in the hopes that you as a reader will use these techniques in the future.
Malware Analysis
Before we begin the analyses, I’d like to clarify on some of the terms used.
Stage1 - Typically the first contact or entry point for malware. This is the first part of the malware to arrive on a system.
SMB Malware - Any malware that uses the SMB protocol to spread. SMB is typically used for file sharing between printers and other computers, however in recent years malware authors have been able to leverage this protocol to remotely infect hosts.
RAT - Remote Access Trojan. This type of malware allows for the complete control of an infected computer.
Gh0stRAT - An open source RAT used primarily by Chinese actors. A more detailed analysis of the standard Gh0stRAT can be found here.
Despite being a Gh0stRAT sample, this variant is very different than your standard Gh0stRAT sample. One of the most noticeable differences is the use of encryption over the entire TCP segment, as a way for it to evade detection. Additionally, this seems to be a lightweight version of Gh0stRAT, as it only has 12 commands, compared to the 73 for a full Gh0stRAT sample; 3 of those commands are undocumented. Also, unlike most samples that I receive on my honeypot, this sample did not start as a DLL that communicates to a distribution server in order to download the stage1. Instead, dropped on my honeypot was a full exe that served as the dropper.
Domains
http://mdzz2019.noip[.]cn:19931
http://mdzz2019.noip[.]cn:3654/
From my analyses, I was able to identify http://mdzz2019.noip[.]cn:19931 as its main C2 url. This is a dynamic DNS, meaning the actual IP changes quite frequently. Additionally, on that same url, http://mdzz2019.noip[.]cn:3654/ is used to distribute more versions of this Gh0stRAT sample, along with a .zip file containing ASPXSpy, a web shell.
Exploits
CVE-2017-0143, SMB exploit
CVE-2017-0146, SMB exploit
These 2 exploits are EternalBlue/Doublepulsar and are used to drop the Stage1 Dropper onto a |
Tool | ||
|
2019-03-24 09:56:01 | Malware Static Analysis (lien direct) | Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. The following interface stands in front of a live engine which takes binary files and runs them against a plethora of hundreds of YARA rules. Some of them are publicly available […] | Malware Tool | ||
|
2019-03-21 15:38:04 | How to encrypt files with FinalCrypt (lien direct) | If you're looking for an encryption tool that offers a unique approach and a well-designed GUI, FinalCrypt might be just the tool. | Tool | ||
|
2019-03-21 14:01:01 | Command & Control: Silenttrinity Post-Exploitation Agent (lien direct) | In this article, we will learn to use Silent Trinity tool to exploit windows. Table of content: Introduction Installation Windows exploitation Windows post exploitation Silent trinity to meterpreter Introduction Silent trinity is a command and control tool dedicated to windows. It is developed by byt3bl33d3r in python, iron python, C# and .net. as it is... Continue reading → | Tool | ||
|
2019-03-21 08:33:03 | Experts found a critical vulnerability in the NSA Ghidra tool (lien direct) | A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is […] | Tool Vulnerability | ||
|
2019-03-20 19:23:02 | Vulnerability in NSA\'s Reverse Engineering Tool Allows Remote Code Execution (lien direct) | A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. | Tool Vulnerability | ||
 |
2019-03-20 08:03:00 | (Déjà vu) Best Android antivirus? The top 11 tools (lien direct) | The following are the 11 best antivirus tools for Android, according to AV-TEST's November 2018 evaluations of 18 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six point max), usability (six points max) and features (one point max). Ten of the 11 Android antivirus software apps listed below received perfect protection and usability scores of 6.0. The other, F-Secure Mobile Security, lost a half point on the usability score. The apps are in alphabetical order. | Tool | ||
|
2019-03-19 15:26:04 | Researcher Says NSA\'s Ghidra Tool Can Be Used for RCE (lien direct) | Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. | Tool Vulnerability | ||
|
2019-03-19 13:00:00 | The NIST cybersecurity framework (CSF) and what it can do for you (lien direct) |
The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count). In addition, international organizations such as the Italian government, as well as private sector organizations including technology and education are using the framework.
Why is this?
If there’s one overarching theme of the NIST CSF when it comes to implementation, it’s that there’s no one-size-fits-all solution. Your risk profile, regulatory requirements, and financial and time constraints are unique, and the NIST CSF allows each organization to take these factors into account when implementing the CSF. Moreover, implementation is not an all-or-nothing proposition. Without the restrictions of a formal compliance regulation to hold you back, you are free to implement the NIST framework in whatever way best fits your business needs. Once you establish your unique, current profile and target profile, you can use the gaps between them as a tool to help prioritize improvement actions, based upon your budget and resources.
The NIST CSF allows you to establish or build upon your foundation by identifying what needs to be protected, implementing safeguards, and detecting, responding to, and recovering from events and incidents. In the simplest terms, NIST CSF defines outcomes based upon your unique threats and risks, as well as how you manage risks within your organization:
Know what you have and what you are facing
The NIST CSF calls on organizations to identify your data and the devices that store, transmit, and process information. This means you must have an inventory of data, the devices, the applications, and the underlying infrastructure that process and store that data.
Now that you know what data you have, you can identify threats and vulnerabilities in the environment. This allows you to focus on protecting the ‘riskiest’ assets or what is most valuable to your organization.
Put protection measures in place
Once you know what you need to protect, put measures in place to safeguard that data. Taking the approach of "We have a firewall. Our data is protected" is long gone. A layered approach to security is imperative protecting the connectivity layer, the application layer, and the device itself.
Monitor, monitor, monitor
There are always changing circumstances, even with the most mature security programs. That is why you must continually monitor the environment to detect events and potential incidents. Not only must you monitor but you must improve your monitoring strategy and technologies that you use. Detection must be efficient and effective - your organization can fall into one of these two buckets: you have been breached and you know it or you have been breached and you don’t know it. Continually optimize and tune the technologies and processes you have in place. You cannot respond to what you can’t detect.
Have a plan
Like we all know, it’s not if you get breached, it’s when. Having a formal, tested response plan that is known by the organization, its stakeholders, and responders is crucial. |
Tool | ||
|
2019-03-19 10:12:01 | Command & Control Tool: Pupy (lien direct) | In this article, we will learn to exploit Windows, Linux and Android with pupy command and control tool. Table of Content : Introduction Installation Windows Exploitation Windows Post Exploitation Linux Exploitation Linux Post Exploitation Android Exploitation Android Post Exploitation Introduction Pupy is a cross-platform, post exploitation tool as well as a multi-function RAT. It's written... Continue reading → | Tool | ||
|
2019-03-18 13:00:00 | All about security analytics (lien direct) |
With or without a security operations center, and whether your network is on premises, in the cloud, or a hybrid, you need to determine which events and indicators correlate with cyber attacks. Organizations these days face a wider range and greater frequency of cyber threats than ever before. These threats can be from APTs (advanced persistent threats), cyberwarfare, promiscuous attacks through bots and botnets, script kiddies, malware-as-a-service via the Dark Web, or even internal attacks from entities within your organization. Everything from distributed denial of service attacks (DDoS) to cryptojacking, from man-in-the-middle attacks to spear phishing, from ransomware to data breaches hit businesses of all sizes and in all industries constantly and every single day. It’s perfectly normal to find it all to be overwhelming!
But implementing the right tools and practices can help you make sense of all of the cacophony. That’s where cybersecurity analytics can be useful. Several years ago, security analytics became something of a buzzword, but it’s as relevant now as ever.
Cybersecurity data analytics explained
So what is it exactly? It’s actually quite simple.
Security analytics isn’t one particular type of tool or system. It is a way of thinking about cybersecurity proactively. It involves analyzing your network’s data from a multitude of sources in order to produce and maintain security measures. It’s all about aggregating data from every possible source and finding the “forests” that all of those “trees” of logs and other recorded details are a part of. Of course, being able to identify the “forests” can make it easier to not only put out “forest fires” of cyber attacks, but also prevent “forest fires” in the future.
Security analytics sources and tools
Here are some of the different types of data sources which can be used in your cybersecurity analytics practices:
Cloud resources
User data acquired from endpoints
Logs from network security appliances, such as firewalls, IPS, and IDS
Network traffic and its patterns
Identity and access management logs
Threat intelligence
Geolocation data
Mobile devices and storage mediums connected via WiFi, Ethernet, and USB
Antivirus applications
Business specific applications
There are some types of tools which your network can deploy which pertain to cybersecurity analytics. They include:
Code analysis applications to find vulnerabilities in software and scripting
File analysis tools to explore files in ways which may go beyond malware detection
Log analysis applications for firewalls, IDS, IPS, networked print devices, servers, and endpoints
SOC (security operations center) specific applications to organize data in a way which is useful for their functions
DLP (data loss prevention) tools
Security analytics use cases
Properly implemented cybersecurity analytics can not only improve your network’s security posture, but also help your organization with regulatory compliance needs. There are many industry-specific regulations which require log data collection and activity monitoring. HIPAA and PCI-DSS are just a couple of them.
It can even help show your organization’s stakeholders and management which security measures and policies are useful and worthy of investment.
Using an analytics approach and the right tools have the benefit of being able to |
Ransomware Malware Tool Threat Guideline | ||
|
2019-03-15 12:00:00 | Facebook debuts AI tool to tackle revenge porn (lien direct) | A new support service has also been launched to tackle the spread of intimate images without consent. | Tool | ||
|
2019-03-15 11:00:00 | Dissection d'une campagne de phishing de réseau Dissecting a NETWIRE Phishing Campaign\\'s Usage of Process Hollowing (lien direct) |
Introduction
Les auteurs de logiciels malveillants tentent d'échapper à la détection en exécutant leur charge utile sans avoir à écrire le fichier exécutable sur le disque.L'une des techniques les plus couramment vues de cette exécution "sans fil" est l'injection de code.Plutôt que d'exécuter directement les logiciels malveillants, les attaquants injectent le code de malware dans la mémoire d'un autre processus qui est déjà en cours d'exécution.
En raison de sa présence sur toutes les machines Windows 7 et ultérieures et le grand nombre de fonctionnalités prises en charge, PowerShell est un outil préféré des attaquants depuis un certain temps.Fireeye a publié plusieurs rapports où PowerShell était
Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the malware code into the memory of another process that is already running. Due to its presence on all Windows 7 and later machines and the sheer number of supported features, PowerShell has been a favorite tool of attackers for some time. FireEye has published multiple reports where PowerShell was |
Malware Tool | ★★★ | |
|
2019-03-14 16:41:05 | Code Execution Flaw Found in Sonatype Nexus Repository Manager (lien direct) | A critical remote code execution vulnerability has been found and patched in Sonatype's Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. | Tool Vulnerability | ||
|
2019-03-13 14:04:02 | Mozilla\'s Iodide tool helps data scientists write interactive reports (lien direct) | The experimental data science tool is meant to help professionals create interactive documents using web technologies within a familiar workflow. | Tool | ||
|
2019-03-13 11:00:00 | Breaking the Bank: faiblesse des demandes d'IA financières Breaking the Bank: Weakness in Financial AI Applications (lien direct) |
Actuellement, les acteurs de la menace ont un accès limité à la technologie requise pour mener des opérations perturbatrices contre les systèmes d'intelligence artificielle financière (IA) et le risque de ce type de ciblage reste faible.Cependant, il existe un risque élevé d'acteurs de la menace tirant parti de l'IA dans le cadre des campagnes de désinformation pour provoquer une panique financière.À mesure que les outils financiers de l'IA deviennent plus courants, les méthodes contradictoires pour exploiter ces outils deviendront également plus disponibles, et les opérations ciblant l'industrie financière seront de plus en plus probables à l'avenir.
composés AI à la fois l'efficacité et le risque
financi
Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence (AI) systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation campaigns to cause financial panic. As AI financial tools become more commonplace, adversarial methods to exploit these tools will also become more available, and operations targeting the financial industry will be increasingly likely in the future. AI Compounds Both Efficiency and Risk Financi |
Tool Threat | ★★★ | |
|
2019-03-12 10:00:00 | Aller atomique: regroupement et association de l'activité des attaquants à grande échelle Going ATOMIC: Clustering and Associating Attacker Activity at Scale (lien direct) |
À Fireeye, nous travaillons dur pour détecter, suivre et arrêter les attaquants.Dans le cadre de ce travail, nous apprenons beaucoup d'informations sur le fonctionnement des divers attaquants, y compris des détails sur les logiciels malveillants couramment utilisés, les infrastructures, les mécanismes de livraison et d'autres outils et techniques.Ces connaissances sont construites plus de centaines d'enquêtes et de milliers d'heures d'analyse chaque année.Au moment de la publication, nous avons 50 groupes APT ou FIN, chacun ayant des caractéristiques distinctes.Nous avons également collecté des milliers de grappes \\ 'non caractérisées \' d'activité connexe sur laquelle nous n'avons pas encore fait
At FireEye, we work hard to detect, track, and stop attackers. As part of this work, we learn a great deal of information about how various attackers operate, including details about commonly used malware, infrastructure, delivery mechanisms, and other tools and techniques. This knowledge is built up over hundreds of investigations and thousands of hours of analysis each year. At the time of publication, we have 50 APT or FIN groups, each of which have distinct characteristics. We have also collected thousands of uncharacterized \'clusters\' of related activity about which we have not yet made |
Tool | ★★★★ | |
|
2019-03-12 09:12:02 | Command and Control Guide to Merlin (lien direct) | In this article, we learn how to use Merlin C2 tool. It is developed by Russel Van Tuyl in Go language. Table of content: Introduction Installation Windows exploitation Windows post exploitation Linux exploitation Linux post exploitation Introduction Merlin is great cross platform Command and control tool written in Go language. It's made of two elements... Continue reading → | Tool | ||
|
2019-03-11 17:24:05 | How to install the OpenVAS security audit tool on Ubuntu Server 18.04 (lien direct) | Learn how to install the open source security audit tool, OpenVAS, on the Ubuntu Server platform. | Tool | ||
|
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability |
To see everything:
Our RSS (filtrered)
