What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-09-20 09:39:26 | Security Affairs newsletter Round 282 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Gaming hardware manufacturer Razer suffered a data leak CIRWA Project tracks ransomware attacks on critical infrastructure Popular Marketing Tool exposes data of users of dating sites Staples discloses data breach […] | Ransomware Data Breach Tool | ||
 |
2020-09-18 17:56:28 | How to encrypt files on your Linux servers with gocryptfs (lien direct) | Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose. | Tool | ||
 |
2020-09-15 15:00:00 | Weekly Threat Briefing: APT Group, Malware, Ransomware, and Vulnerabilities (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Conti Ransomware, Cryptominers, Emotet, Linux, US Election, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal
(published: September 14, 2020)
A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system.
Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online.
Tags: China, spying
US Criminal Court Hit by Conti Ransomware; Critical Data at Risk
(published: September 11, 2020)
The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns.
Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks.
Tags: conti, ryuk, ransomware
|
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 28 APT 31 | ★★★ |
 |
2020-09-14 15:51:05 | 43% of Orgs Think DevOps Integration Is Critical to AppSec Success (lien direct) |  It???s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it???s easy to hit security roadblocks or let flaws slip through the cracks.
We recently dug through the ESG survey report,ツ?Modern Application Development Security, which uncovers some interesting data about the state of DevOps integration in the modern software development process. As the report states, DevOps integration is critical for improving your organization???s application security (AppSec) program, as automating and integrating solutions removes some of the manual work that can slow teams down and moves security testing into critical parts of the development process.
???DevOps integration reduces friction and shifts security further left, helping organizations identify security issues sooner,??? the report says. ???While developer education and improved tools and processes will no doubt also improve programs, automation is central to modern application development practices.???
 ???
According to the survey results, nearly half of organizations agree; 43 percent believe that DevOps integration is the most important piece of the puzzle for improving their AppSec programs. The report also outlines 10 elements of the most successful AppSec programs, and topping that list is ensuring that your AppSec controls are highly integrated into the CI/CD toolchain.
Integration challenges
For some survey respondents, that???s easier said than done. Nearly a quarter (23 percent) said that one of their top challenges with current AppSec testing solutions is that they have poor integration with existing development and DevOps tools, while 26 percent said they experience difficulty with ??? or lack of ??? integration between different AppSec vendor tools.
AppSec tool proliferation is a problem too, with a sizeable 72 percent of organizations using more than 10 tools to test the security of their code. ???Many organizations are employing so many tools that they are struggling to integrate and manage them. This all too often results in a reduction in the effectiveness of the program and directs an inordinate amount of resources to managing tools,??? they explain further.
So where should organizations like yours start? By selecting a vendor with a comprehensive offering of security solutions that integrate to help you cover those bases and consolidate solutions while reducing complexity. That???s where Veracode shines. We bring the security tests and training tools you need together into one suite so that you can consolidate and keep innovating ??? securely. And your organization can scale at a lower cost, too: our range of integrations and Veracode solutions are delivered through the cloud for less downtime and more efficiency.
Simplifying AppSec
We aim to simplify your AppSec program by combining five key analysis types in one solution, all integrated into your develo |
Tool | ||
|
2020-09-14 08:42:52 | (Déjà vu) Popular Marketing Tool exposes data of users of dating sites (lien direct) | Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication. The unsecured database was discovered by security researchers from vpnMentor at the end of August. “vpnMentor's research team recently received a report from […] | Tool | ||
 |
2020-09-10 13:04:00 | Checklist 198: Listener Tracking in Podcasts with Rob Walch (lien direct) | Did you know that some podcasts actually track their listeners? Rob joins us today to talk about how the tracking occurs and about a new tool on the way to fight it. | Tool | ||
|
2020-09-09 21:45:16 | How to fix common Wi-Fi problems with the macOS built-in Wireless Diagnostics app (lien direct) | There's no reason to turn to third-party tools for solutions to your Wi-Fi woes. macOS has a built-in tool that can scan your wireless network and make all the recommendations that a paid tool does. | Tool | ||
|
2020-09-09 16:24:00 | Weekly Threat Briefing: Skimmer, Ransomware, APT Group, and More (lien direct) | The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Baka, DDoS, Netwalker, PyVil, Windows Defender, TA413, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
‘Baka’ Javascript Skimmer Identified
(published: September 6, 2020)
Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory.
Tags: Baka, Javascript, Skimmer
Netwalker Ransomware Hits Argentinian Government, Demands $4 Million
(published: September 6, 2020)
The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Argentina, Government, Netwalker, Ransomware
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
(published: September 3, 2020)
Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY |
Ransomware Malware Tool Vulnerability Threat Medical | APT 38 APT 28 | ★★★★ |
 |
2020-09-09 10:58:14 | Weave Scope is now being exploited in attacks against cloud environments (lien direct) | The legitimate cloud infrastructure monitoring tool has been added to attacker arsenals. | Tool | ||
|
2020-09-08 15:45:46 | How to install the oVirt virtual machine manager on CentOS 8 (lien direct) | If you're looking for a web-based virtual machine manager, oVirt might be the tool for you. Jack Wallen shows you how to install this powerful, open source solution on CentOS 8. | Tool | ||
|
2020-09-04 20:24:16 | How to access the Android Battery Usage tool (lien direct) | Not getting the most out of your Android battery life? Jack Wallen show you how you can squeeze a bit more juice from that device. | Tool | ★★ | |
 |
2020-09-04 14:26:51 | NBlog Sept 4 - standardising ISMS data interfaces (lien direct) |  We've been chatting on the ISO27k Forum lately about using various IT systems to support ISO27k ISMSs. This morning, in response to someone saying that a particular tool which had been recommended did not work for them, Simon Day made the point that "Each organisation trying to implement an ISMS will find it's own way based on their requirements."Having surveyed the market for ISMS products recently, I followed-up with my usual blurb about organisations having different information risks and business situations, hence their requirements in this area are bound to differ, and in fact vary dynamically (in part because organisations mature as they gain experience with their ISMS: their needs change). The need for flexibility is why the ISO27k standards are so vague (essentially: figure out your own requirements by identifying and evaluating your information risks using the defined governance structure - the ISMS itself), rather than explicitly demanding particular security controls (as happens with PCI-DSS). ISO27k is designed to apply to any organisation. That thought sparked a creative idea that I've been contemplating ever since: wouldn't it be wonderful if there was a standard for the data formats allowing us to migrate easily between IT systems supporting ISO27k ISMSs?I'm idly thinking about a standard file format with which to specify information risks (threats, vulnerabilities, impacts and probabilities), controls, policies, procedures, metrics, objectives etc. - maybe an XML schema with specified field names and (where applicable) enumerated lists of values.Aside from migrating between ISMS IT support systems and services, standard data formats would facilitate data sharing between application systems, services or sub-functions (e.g. for vulnerability management, incident management and information risk management), and between departments or even organisations (e.g. insurance companies, auditors and advisors and their clients and partners).Perhaps we should develop an outline specification and propose such a standard to ISO/IEC JTC1 SC 27. A New W |
Tool Vulnerability | ||
|
2020-09-04 11:31:55 | AppSec Tools Proliferation Is Driving Investments to Consolidate (lien direct) |  When it comes to application security (AppSec), it???s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs ??? so it???s necessary to employ a mix of testing types.
A good way to think about AppSec testing types is to compare them to health exams. You wouldn???t have a cholesterol test and assume your annual physical was complete. Similarly, you shouldn???t conduct a static analysis scan and assume you???ve covered all the bases.
In the chart below, you???ll notice that static analysis works on any type of application (web, desktop, mobile, etc.) and covers a broad range of programming languages. However, it can???t find business logic flaws or alert you to known vulnerabilities in open source components.
Penetration testing might look like it can uncover every vulnerability, but it too has its downsides. Penetration tests are manual, so not only are they time consuming and expensive but also the results are quickly outdated. And, since penetration testing is conducted in staging or production, it often creates unplanned work for the development team.
Most organizations know that they need to implement several testing types. In fact, a recent survey sponsored by Veracode and conducted by Enterprise Strategy Group (ESG), revealed that more than 71 percent of organizations use more than 10 different AppSec tools. But of these organizations surveyed, 84 percent answered that the number of AppSec tools they employ is posing a challenge.
ツ? ツ?
Multiple testing types are necessary for a mature AppSec program, but they can be challenging to manage.
Why do multiple testing types cause a challenge at many organizations? Because most AppSec vendors only offer one or two testing types. So if an organization chooses a vendor that only offers static analysis, and they want to add more testing types, they have to employ more vendors.
Multiple vendors can be challenging for an organization to manage because the scan metrics will appear on separate dashboards, which makes it difficult to assess risk across the enterprise. The ESG study confirms this challenge with over 40 percent of respondents citing AppSec metrics as an ongoing issue.
34 percent of ESG survey respondents plan to consolidate vendors to alleviate the burden of multiple testing types.
Finding one vendor that offers a comprehensive set of AppSec tools ??? like Veracode ??? can alleviate the burden of vendor management. Veracode offers static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing which, if used together, can enable your organization to drive down risk across the entire application lifetime from development to testing to production.
Veracode Analytics provides metrics for all five offerings in one central location. Having metrics in one place allows organizations to assess the value of their scan types, pinpoint where further investments are needed, and compare the success of their program to similar organizations in the industry. Organizations can share the findings from their analytics with stakeholders or exec |
Tool | ||
 |
2020-09-04 11:00:00 | Creepy \'Geofence\' Finds Anyone Who Went Near a Crime Scene (lien direct) | Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case. | Tool | ||
 |
2020-09-03 15:44:08 | Microsoft debuts deepfake detection tool (lien direct) | As the US presidential election nears, the company's new tech should also help assure people that an image or video is authentic | Tool | ||
 |
2020-09-02 05:01:00 | Red Team testing explained: what is Red Teaming? (lien direct) | This blog was written by a third party author. In the world of cybersecurity preparedness, there are a variety of strategies organizations large and small can take to help protect their networks and data from cyber-attacks. One such strategy involves an organization testing its own environment for security vulnerabilities. But because security weaknesses come in different forms, it’s necessary to have a focused security team that comprehensively searches for vulnerabilities that go beyond simple risk assessments. Part of this dedicated security team can include a Red Team. What is a Red Team? Whether internal or external, Red Teams are responsible for running simulated cyberattacks on either their own organization (in the case of an internal Red Team) or other organizations (in the case of Red Team services as part of contracted external security services) to establish the effectiveness of the organization’s security programs. While Red Teams use many of the same tools and techniques used in penetration tests or “ethical hacking”, the objective of a Red Team is different. Attacks employed by Red Teams are multi-layered simulations designed to gauge how well a company’s people, networks, applications, and physical security controls can detect, alert and respond to a genuine attack. What is Red Team testing? Red Team testing is also known as an Adversary Simulation or simply Red Teaming. During Red Team testing, highly experienced security professionals take on the guise of a real attacker and attempt to breach the organization’s cyber defenses. The attack scenarios they enact are designed to exercise various attack surfaces presented by the organization and identify gaps in preventative, detective, and response related security controls. These attacks leverage a full range of tools available to the most persistent attackers—including social engineering and physical attack vectors, from careful crafted phishing emails to genuine attempts to breach onsite security and gain access to server rooms. Prior to the assessment, rules of engagement are established between the Red Team members and the smallest possible set of participants within the organization to be tested. This number will vary but is typically no more than 5 people in key positions to view the organizations detection and response activities. Based on the rules of engagement, a Red Team may target any or all of the following areas during the exercise: Technology defenses – In order to reveal potential vulnerabilities and risks within hardware and software-based systems like networks, applications, routers, switches, and appliances. Human defenses – Often the weakest link in any organization’s cyber defenses, Red Teaming will target staff, independent contractors, departments, and business partners to ensure they’re all as secure as possible. Physical defenses – Physical security around offices, warehouses, substations, data centers, and buildings are just as important as technology defenses, and as such should be stress tested against a genuine attack. Something as seemingly innocuous as holding a secure door open for someone without having them tap in can provide the gap an attacker needs to gain access to unauthorized systems. Through this process, Red Team testing helps security teams identify any loopholes or weak points that could provide opportunities for attackers (either internal or external) to gain access to a company’s systems, which could then result in a serious data breach. Most importantly, this highlights gaps in the detective and response capabilities of the organization meant to identify and counter such malicious activities on a day to day basis. Who is Red Team testing suitable for? The harsh reality of today’s | Tool Threat | ||
 |
2020-09-01 19:43:43 | Threat Hunting: Velociraptor for Endpoint Monitoring (lien direct) | Velociraptor is a tool for collecting host-based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on https://www.velocidex.com/docs Table of Content Introduction to Velociraptor Architecture What is VQL Prerequisites Velociraptor Environment Velociraptor installation Addition of host forensics investigation / Threat Hunting Introduction to Velociraptor Velociraptor is a free... Continue reading → | Tool Threat | ||
|
2020-09-01 10:00:23 | Microsoft Teams: This ambitious low-code tool will change how you use data and share applications (lien direct) | Microsoft's Project Oakdale plan for data applications inside Teams is starting to shape up. | Tool | ||
|
2020-08-30 11:29:55 | Security Affairs newsletter Round 279 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A Google Drive weakness could allow attackers to serve malware Adobe released open- source tool Stringlifier to identify randomly generated strings Canadian delivery company Canpar Express suffered a ransomware attack […] | Ransomware Malware Tool | ||
 |
2020-08-28 15:14:38 | How to choose a SAST tool to secure your development? (lien direct) | When it comes to secure development, how do you integrate a code scanner into the process, what are the traps and pitfalls? Аll developers face static analysis (static application security testing or SAST, which means code analysis without execution). However, we still rarely see full-fledged SAST solutions in use capable of detecting advanced vulnerabilities. Well-known […] | Tool | ||
|
2020-08-28 12:00:00 | What Virtual Reality for Flies Teaches Us About Human Vision (lien direct) | Optical illusions can be a useful tool for studying how we see stuff, but it's hard to uncover just how they work. Unless, that is, you show them to flies. | Tool | ||
 |
2020-08-27 15:55:00 | Old Malware Tool Acquires New Tricks (lien direct) | Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients. | Malware Tool | ★★ | |
|
2020-08-23 06:56:08 | Adobe released open- source tool Stringlifier to identify randomly generated strings (lien direct) | Adobe has released an open-source tool, dubbed Stringlifier, that allows users to identify randomly generated strings in any plain text, it can be used to sanitize logs. Adobe has released an open-source tool, dubbed Stringlifier, which was designed to identify randomly generated strings in any plain text. The Stringlifier tool was written in Python and […] | Tool | ||
|
2020-08-19 11:00:00 | How to check the effectiveness of phishing (lien direct) | This blog was written by an independent guest blogger. You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem. The purpose of such studies is not only to understand how hackers deceive the staff and which hooks do they use but also to draw the right conclusions about what type of security awareness training to use and how often it is needed. One of the security companies I work with sent more than 15 thousand “phishing” emails to corporate mailboxes in 2019. Let’s see their results. What is inside the phishing email? According to statistics, last year, phishing became the most popular tool for penetrating the companies’ infrastructure. Attackers used this method in 70% of attacks. The second place took RDP hacking. Globally, all phishing emails are trying to provoke a user to one of two actions - click on a phishing link or open a malicious attachment. During pentest projects, depending on the final task, researchers send employees several letters with a link to a web form for entering account credentials or Microsoft Office documents with malicious macros. Most messages use harmless files that allow researchers to track only the fact of following the links or opening attachments. But sometimes, researchers send documents that contain macros that allow them to get remote access to workstations. Using such messages, researchers can check not only the vigilance of employees but also the reliability of the means of protection. The main task of each such project is to make the “phishing” email to look as realistic as possible. Researchers try to craft letters and build the overall logic of the attack in the way a real cybercriminal would do it, assuming, for example, that the goal of the attacker is to gain access to the correspondence of the company’s top management personnel. Usually, attackers start with harvesting information about the company using open sources. In one of the cases, our “attackers” discovered Outlook Web App, as well as news about the presence of a 0-day vulnerability in a browser used by this company. An attacker, preparing for an attack, considers all possible ways to achieve the desired goal and selects the most suitable and effective way. What was found? From our experience, users are more likely to open file attachments rather than provide their data via a web form. In each of the companies that were tested, several employees open attachments without any delay. Among email topics used, corporate bonus programs (employee discounts, corporate offers from partner companies) turned out to be the most effective. About 33% of addressees reacted to such letters. The second place took letters that asked employees to read the new corporate rules or other important corporate documents. Especially successful are attacks that have to do with current events. For example, in December, it is highly effective to offer the victims to check the work schedule for the upcoming holidays or find out about discounts on holiday events. This spring, the hottest topic, of course, was COVID-19. 15% of the | Malware Tool Studies | ||
 |
2020-08-18 20:00:52 | 9th September – Faster Detection and Response with MITRE ATT&CK (lien direct) | The MITRE ATT&CK framework is a tool to help security teams create a more effective security defense. ATT&CK uses open standards and is essentially a database of documented threat behaviors. Using the ATT&CK framework, analysts can track threat actor behavior to speed up incident response and investigation. When combined with a SIEM or UEBA solution, [...] | Tool Threat | ★★ | |
|
2020-08-18 19:44:03 | XCSSET: New Mac malware infects Xcode projects (lien direct) | Security researchers have discovered an interesting new variety of macOS malware that spreads by attacking Xcode projects. It's called XCSSET, and in this article, we'll tell you what you need to know about this unusual threat in order to stay safe. What is XCSSET? XCSSET is a suite of malicious components that spreads through infected Xcode projects. Xcode is a tool used by app developers to write software for Apple platforms. An Xcode ... | Malware Tool Threat | ||
 |
2020-08-17 08:03:23 | Arcane – Tool To Backdoor iOS Packages (iPhone ARM) (lien direct) |  Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.
How Arcane Tool To Backdoor iOS Package Works
It's possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files.
Read the rest of Arcane – Tool To Backdoor iOS Packages (iPhone ARM) now! Only available at Darknet.
|
Tool | ||
|
2020-08-15 13:00:00 | The NSA and FBI Expose Fancy Bear\'s Sneaky Hacking Tool (lien direct) | Plus: TikTok tracking, Russian SIMs, and more of this week's top security news. | Tool | APT 28 | |
|
2020-08-14 16:25:00 | DHS CISA Warns of Phishing Emails Rigged with KONNI Malware (lien direct) | Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code. | Malware Tool | ||
|
2020-08-13 21:47:11 | Forensic Investigation: Autopsy Forensic Browser in Linux (lien direct) | Introduction Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is an open-source tool for digital forensics which was developed by Basis Technology. This tool is free to use and is very efficient in nature investigation of hard drives. It also consists of features like multi-user... Continue reading → | Tool | ||
|
2020-08-13 11:00:00 | AlienApps and plug-ins combined into one framework (lien direct) |
The heart of any detection and response solution is the ability to collect events from the environment, perform corrective response actions, and integrate with customer workflows. Today, we’re proud to announce the launch of a complete redesign of the user interface for these third party integrations. We’ve updated our design to make it easier for customers to find the integrations they need, centralize the configuration of them, and identify any operational problems with the integrations.
What exactly have we done?
Previously, we’ve had two types of integrations with other security and IT products - plug-ins and AlienApps. Plug-ins were basic data collection tools used to collect, normalize, and enhance event logs from your environment. AlienApps performed a variety of functions including collection of event data via API polling, requesting third party response actions such as blocking dangerous internet destinations, and sending notifications to ticketing systems such as Jira or ServiceNow®.
Now, we’ve streamlined the entire process by combining plug-ins and AlienApps into one framework. We have also simplified finding the right tool by combining redundant or overlapping ones. For example, some products previously had different plugins for handling different log formats. We’ve collapsed all these into one for the sake of simplicity, without any functional changes in event handling.
From a practical perspective, all AlienApps provide one or more of the following capabilities:
Data Collection - capable of collecting events from your environment, including processing syslog messages, retrieving from log aggregation services (such as CloudWatch Logs, or an S3 bucket) and polling API’s.
Response - will help your security team “do things” - or, as we say, orchestrate the response - by taking action to investigate or respond to threats. Examples include things like querying an agent for additional host telemetry, adding an IP or domain to a block list, or disabling a cloud service account.
Notification - help the SOC team be more productive by sending data to third party services and applications such as Jira, ServiceNow, or Box Notes. The most common use case here is opening a case in your existing workflow.
Head over to “Data Sources>Alien Apps” for a look at the new GUI. The apps currently in use will be shown on this page, along with some useful graphs about application use. If any of the apps have configuration errors, you’ll see a red bar along with information about what needs to be fixed. See figure 1.
To add new integrations to a USM deployment, click “available apps” and search for the vendor. This will reveal all the apps available for that vendor. Note that there can be more than one app per vendor - there is one for every product or product line, depending on how that vendor organizes their products. See figure 2 for an example.
Using Response and Notification Actions
Nothing has changed about how AlienApp response actions work. If you haven’t tried them before, manual response actions can be taken in the event or alarm view by clicking on an individual event or alarm, then clicking “Select Action”. This will bring up a series of dialogs asking you to select the AlienApp you’d like to use, along with other relevant information such as the IP address or host, and any fields needed such as the case name if you are opening a ticket. Once everything is configured, simply click “run” and the response action will be initiated |
Tool Threat | ||
|
2020-08-09 13:00:00 | A British AI Tool to Predict Violent Crime Is Too Flawed to Use (lien direct) | A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate. | Tool | ||
|
2020-08-08 07:00:08 | DEF CON: New tool brings back \'domain fronting\' as \'domain hiding\' (lien direct) | After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding." | Tool | ||
|
2020-08-06 15:32:17 | IBM creates an open source tool to simplify API documentation (lien direct) | OpenAPI Comment Parser for developers aims to make good API documentation easy to write and read. | Tool | ||
|
2020-08-03 16:45:00 | DHS Urges \'Highest Priority\' Attention on Old Chinese Malware Threat (lien direct) | "Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008. | Malware Tool Threat | ||
 |
2020-08-03 16:00:27 | How Employing Encryption for Data Security Changed History (lien direct) | Human history is full of examples of encryption playing pivotal roles in war, competition and transitions of power. Throughout recorded time, people have employed encryption as a tactical tool to keep information private. That data could involve military campaigns, plots to overthrow political leaders or political dealings. In some cases, the use of encryption actually resulted […] | Tool Guideline | ||
|
2020-08-03 15:00:08 | BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks (lien direct) | One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone. | Malware Tool | ||
|
2020-08-03 15:00:06 | BlackBerry releases new security tool for reverse-engineering PE files (lien direct) | BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files. | Malware Tool | ||
|
2020-08-03 11:00:00 | (Déjà vu) Digital signatures security explained (lien direct) | This blog was written by an independent guest blogger. Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the security value of digital signatures, why they matter, and their relationship to encryption. We thought we'd do the same. In this article, we'll give you a refresher course on how digital signatures work, why they are important for security, and what the future holds. How do digital signatures work? Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message. This "message" could be an email, a credit card transaction, or a digital document. Digital signatures create a virtual "fingerprint" that is completely unique to a person (or other entity), and can therefore be used not just to protect the contents of messages, but also to ensure that they were written by who they claim to have been. At a deeper level, digital signatures work by applying a hash function to a message. In most cases, a user's private key will be used to create a "hash," which is a fixed-length string of numbers and letters. The way in which hash functions work means that this string is totally unique to the message being hashed. In addition, hash functions are also one-way functions — a computed hash cannot be reversed to find other files that may generate the same hash value. The most popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5). The importance of digital signatures The value of digital signatures has been long recognized, but recent events have meant that they are being deployed at an unprecedented rate. This is because digital signatures afford the ability for users to securely communicate when working remotely – which more than half of US workers did even before the pandemic – without the need for a permanent, sustained encrypted connection. More specifically, digital signatures allow three factors about a message to be verified: Authentication. Because, in most implementations, digital signatures are created using the sender's private encryption key, it is possible to verify the identity of the message source. Data Integrity. Because hash functions produce a digital signature by looking at the entirety of a particular message, if any part of the message changes, so does the hash function. This means that if a message is intercepted in transit and changed, the digital certificate verification performed by the recipient fails. This means that the recipient has an easy way to check if data security has been breached. | Tool | ||
|
2020-08-03 11:00:00 | Digital signatures 101: A powerful and underused cybersecurity ally (lien direct) | This blog was written by an independent guest blogger. Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the value of digital signatures, why they matter, and their relationship to encryption. We thought we'd do the same. In this article, we'll give you a refresher course on how digital signatures work, why they are important, and what the future holds. How do digital signatures work? Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message. This "message" could be an email, a credit card transaction, or a digital document. Digital signatures create a virtual "fingerprint" that is completely unique to a person (or other entity), and can therefore be used not just to protect the contents of messages, but also to ensure that they were written by who they claim to have been. At a deeper level, digital signatures work by applying a hash function to a message. In most cases, a user's private key will be used to create a "hash," which is a fixed-length string of numbers and letters. The way in which hash functions work means that this string is totally unique to the message being hashed. In addition, hash functions are also one-way functions — a computed hash cannot be reversed to find other files that may generate the same hash value. The most popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5). The importance of digital signatures The value of digital signatures has been long recognized, but recent events have meant that they are being deployed at an unprecedented rate. This is because digital signatures afford the ability for users to securely communicate when working remotely – which more than half of US workers did even before the pandemic – without the need for a permanent, sustained encrypted connection. More specifically, digital signatures allow three factors about a message to be verified: Authentication. Because, in most implementations, digital signatures are created using the sender's private encryption key, it is possible to verify the identity of the message source. Data Integrity. Because hash functions produce a digital signature by looking at the entirety of a particular message, if any part of the message changes, so does the hash function. This means that if a message is intercepted in transit and changed, the digital certificate verification performed by the recipient fails. This means that the recipient has an easy way to check if data security has been breached. | Tool | ||
|
2020-08-03 10:06:32 | New Data Reveals How AppSec Is Adapting to New Development Realities (lien direct) |  In today???s fast-paced world, companies are racing to bring new, innovative software to market first. In order to keep up with the speed of innovation, many organizations are shifting toward DevSecOps. DevSecOps brings security to the front of the software development lifecycle (SDLC), allowing for both fast deployments and secure applications.
Even though DevSecOps is able to meet the needs of both developers and security professionals, the teams are laser-focused on their own metrics and objectives, making it a challenge to align. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices and most developers lack secure code training.
Veracode recently sponsored Enterprise Strategy Group???s (ESG) research on modern developers and security professionals in North America to better understand the dynamic between the roles and to find ways to bridge the gap. The main objectives of the research were to: ツ?ツ?
Examine the buying intentions of application security (AppSec) teams and developers regarding application security solutions. Gauge buyer preferences for different types of vendors??? application security solutions.
Determine the extent to which security teams understand modern development and deployment practices, and where security controls are required to mitigate risk.
Understand the trigger points influencing application security investments and how decision-makers are prioritizing and timing purchasing decisions.
Gain insight into the dynamics between development teams and security teams with respect to the deployment and management of application security solutions.
The research shows that AppSec scans are widely used across organizations, and ??? in most cases ??? organizations are happy with the current state of their programs. But, the research also supports the misalignment between developers and security professionals, reinforcing the lack of security training for developers and promoting the need for security tools to be further integrated and automated into existing developer processes. Here are some of the key findings:
Most organization believe their AppSec programs are effective.
When asked to rate the efficacy of their organizations??? AppSec program on a scale of zero to 10, zero being ???we continually have security issues??? and 10 being ???we feel confident in the efficacy and efficiency of our program,??? 69 percent of organizations rated their programs as an eight or higher. And, not only are organizations pleased with the current state of their AppSec programs, but also a sizeable 71 percent are using their scans on more than half of their codebase. These numbers are reassuring; but, despite AppSec tool usage, 81 percent of organizations are still experiencing exploits.
When digging further, we found one major reason for the exploits ??ヲ more than 85 percent of respondents admitted to releasing vulnerable code to production due to time constraints. When asked who makes the decision to push code to production, the answer varied from development managers to security professionals, or both.
Developers do not have the tools and training needed to be successful. ツ?
Arguably one of the most shocking findings from the research ??? only 15 percent of organizations reported that all of their development teams are participating in formal security training. And developers??? top challenges were identified as the ability to mitigate code issues and the lack of integration between AppSec tools and vendor tools. Given that developers are involved in the decision to push code live at more than 68 p |
Tool | ★★★ | |
 |
2020-07-31 16:55:30 | Microsoft PowerToys update fixes launcher, adds color picker (lien direct) | Microsoft today updated the Windows 10 PowerToys toolset with a new Color Picker utility that adds a system-wide tool to help you pick colors from anywhere on your screen and copy them to your clipboard. [...] | Tool | ★★★★★ | |
|
2020-07-31 12:00:02 | How to create your first data story in Tableau (lien direct) | The Story feature in Tableau can be a useful data visualization tool when you are drilling down on a dataset from general to specific. This tutorial shows you the basics. | Tool | ||
|
2020-07-31 09:58:51 | Got MDM? You still need mobile security (lien direct) | It is common practice for businesses to implement some kind of central tool to manage smartphones and tablets. Normally, this is done through solutions referred to as mobile device management (MDM), which can ensure mobile devices are configured properly for business use. MDMs can also be used to mandate certain built-in device security settings, such […] | Tool | ||
|
2020-07-31 09:25:00 | \'Hidden Property Abusing\' Allows Attacks on Node.js Applications (lien direct) | A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities. | Tool | ||
|
2020-07-30 19:01:56 | KDE archive tool flaw let hackers take over Linux accounts (lien direct) | A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...] | Tool Vulnerability | ||
|
2020-07-30 18:54:50 | AI-powered tool aims to help reduce bias and racially charged language on websites (lien direct) | 22% of more than 500,000 business websites contain some form of racial and gender bias, according to UserWay. | Tool | ||
|
2020-07-30 10:25:39 | Announcing Veracode Security Labs Community Edition (lien direct) |  We recently partnered with Enterprise Strategy Group (ESG) to survey software development and security professionals about modern application development and how applications are tested for security. The soon-to-be-announced survey found that 53% of organizations provide security training for developers less than once a year, which is woefully inadequate for the rapid pace of change in software development. At the same time, 41% say that it???s up to security analysts to educate developers to try to prevent them from introducing significant security issues. So, where???s the disconnect?
Communication breakdowns and misaligned training priorities between security and development teams are part of the problem. As developers are being asked to ???Shift Left??? to take on more responsibility for secure code earlier in the software development lifecycle, it???s increasingly more important for developers to get the training they need to not just create world-class applications ??? ones that have security designed in from the beginning.
Enterprise-grade tools for all developers
Veracode Security Labs Enterprise Edition is perfect for engineering teams, but we wanted every individual developer to have access to the same quality of training, from casual hobbyists to professionals interested in improving their secure coding skills. I???m excited to announce Veracode Security Labs Community Edition, where developers worldwide can hack and patch real applications to learn the latest tactics and security best practices with guidance while exploring actual code on their own time; and it???s free!
With Veracode Security Labs Community Edition, you now have the tools you need to close any gaps in security knowledge that are holding you back. It???s a module that fits within the Veracode Developer Training product family, featuring tools and robust programs built with interactivity in mind so that developers can get their hands on a practical training tool at a moment???s notice.
Here are the differences between the Community Edition and Enterprise Edition:
 ???
While the Enterprise Edition has features that support the efforts of development teams with full compliance-based curricula, rollout strategies, and progress reporting, the Community Edition offers selected topics and one-off labs for individuals who are looking to strengthen their security knowledge. Though there are differences that enable scalability for organizations and teams, the benefits for individual developers remain the same:
The ability to exploit and remediate real-world vulnerabilities to learn what to look for in insecure code.
Fast and relevant remediation guidance in the context of the most popular programming languages.
Easy and fun hands-on training that provides professional growth.
Improved security knowledge while building confidence through interactive trial and error.
When you practice breaking and fixing real applications using real vulnerabilities, you become a sharper, more efficient developer ??? especially with a variety of challenges to choose from as you go. We plan to expand the number of labs and challenges over time but initially, the Community Edition will cover topics ranging from beginner to advanced, including:
|
Hack Tool Vulnerability | ★★★★ | |
|
2020-07-29 14:00:05 | New tool detects shadow admin accounts in AWS and Azure environments (lien direct) | CyberArk releases new SkyArk tool for scanning AWS and Azure infrastructure for misconfigured accounts. | Tool | ||
|
2020-07-27 14:50:13 | SharpHose – Asynchronous Password Spraying Tool (lien direct) |  SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. The tool takes into consideration the domain password policy, including fine-grained password policies, in an attempt to avoid account lockouts.
Read the rest of SharpHose – Asynchronous Password Spraying Tool now! Only available at Darknet.
|
Tool |
To see everything:
Our RSS (filtrered)
