What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-06 09:32:33 | This service allows checking if your mobile is included in the Facebook leak (lien direct) | Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant. The […] | Tool | ||
|
2021-04-06 07:20:39 | (Déjà vu) Experts found critical flaws in Rockwell FactoryTalk AssetCentre (lien direct) | Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The American provider of industrial automation Rockwell Automation on Thursday informed customers that it has patched nine critical vulnerabilities in its FactoryTalk AssetCentre product. FactoryTalk AssetCentre provides customers with a centralized tool for securing, managing, versioning, […] | Tool | ||
 |
2021-04-05 18:28:38 | Adult content from hundreds of OnlyFans creators leaked online (lien direct) | After a shared Google Drive was posted online containing the private videos and images from many OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. [...] | Tool | ||
|
2021-04-03 12:39:48 | Activision warns of Call of Duty Cheat tool used to deliver RAT (lien direct) | The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that […] | Tool Threat | ||
 |
2021-04-02 23:49:52 | How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection (lien direct) | Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. |
Tool | ||
 |
2021-04-02 11:00:05 | Malware Hidden in Call of Duty Cheating Software (lien direct) | News article: Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times. They have also been seen advertised in YouTube videos, where instructions were provided on how gamers can run the “cheats” on their devices, and the report says that “comments [on the videos] seemingly indicate people had downloaded and attempted to use the tool.”... | Tool | ||
 |
2021-04-01 15:22:17 | Secure Coding Urban Myths and Their Realities (lien direct) |  ???Science and technology revolutionize our lives, but memory, tradition, and myth frame our response.??? ??? Author Arthur M. Schlesinger
Urban myths rely on their communities of origin to thrive and survive. Perpetuated by offhand anecdotes, sensational news stories, and friend-of-a-friend legends, urban myths about secure coding are no different; as developers share tidbits of information around common struggles and issues in application security, those conundrums quickly become myths that can make secure coding seem daunting.
Schlesinger???s quote is even more important today as so much of the world is powered by modern applications, yet at the same time myths clouding the development community often frame how developers respond to (or avoid) issues with their code. The reality is clear: when you take ownership over your code and rally around your team???s security efforts to squash these myths, your apps carry far less risk than before. And once you recognize these myths for what they are, you have the power to reframe how you approach similar challenges in the future.
Popular myths in programming
So what are some of the common urban myths in software development? They can range from the security of open source code to relying solely on developer tools and why PHP is considered a ???dying language??? ??? did you know 80% of all websites built on known programming languages are powered by PHP? Some of today???s heavyweights like Etsy, Facebook, and Wikipedia were built on PHP, and PHP-based publishing platforms like WordPress and Drupal are still extremely popular. It isn???t going anywhere anytime soon.
Maybe you???ve also heard the urban myth that fixing flaws in your open source code is too time-consuming? Myth busted: almost 75 percent of known vulnerabilities in open source code are fixable with a simple library update to patch the exploits. Even better, tools like Veracode Software Composition Analysis provide immediate and actionable guidance to help you remediate flaws in your open source code before they add risk to your organization.
Or, perhaps you???ve seen comments on Reddit that your favorite developer tool is all you need to secure your code, but security features in basic developer tools typically lack the comprehensiveness required for ample coverage. In reality, you need the right testing types in the right places throughout your SDLC, ensuring coverage for your CI/CD pipeline and giving you peace of mind while you work. ツ?
 ???
We???ve only scratched the surface when it comes to urban myths about secure coding! To learn more about some of these common conundrums (and their realities), download our eBook: 6 Urban Myths About Secure Coding. |
Tool | ||
 |
2021-03-31 17:23:10 | How to use Google\'s Password Checkup tool (lien direct) | Google offers a password checking service that will check all of your Chrome-saved passwords for weaknesses and against known breaches. Jack Wallen shows you how to use this tool. | Tool | ||
|
2021-03-31 14:33:43 | Electric vehicle company announces first open charging platform (lien direct) | EVPassport unveiled a tool that helps drivers find charger locations and click directly through to start a charging session without having to download an additional app or create a separate account. | Tool | ||
 |
2021-03-30 17:07:00 | Anomali Cyber Watch: Malware, Phishing, Ransomware and More. (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackKingdom, Chrome Extensions, Microsoft, REvil, PurpleFox, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google removes privacy-focused ClearURLs Chrome extension
(published: March 24, 2021)
Researchers at Cato Networks have discovered two dozen malicious Google Chrome browser extensions and 40 associated malicious domains that were previously unidentified. Some extensions were found to steal users’ names and passwords, whilst others were stealing financial data. Spoofed extensions posing as legitimate ones were common, amongst them a fake ‘Postman’ extension harvesting companies API credentials to target company applications. The security vendor discovered the extensions on networks belonging to hundreds of its customers and found that they were not being flagged as malicious by endpoint protection tools and threat intelligence systems. Malicious extensions have been previously used in malicious campaigns, in 2020 researchers from Awake Security discovered over 100 malicious extensions engaged in a global campaign to steal credentials, take screenshots, and carry out other malicious activity. It was estimated that there were at least 32 million downloads of the malicious extensions.
Analyst Comment: This story illustrates the complexities of using modern life as Google is a monolithic corporation that is integrated into everyone’s daily lives, both personal and business. Whilst many may find it difficult to do much without Google, the cost of using this software can often be your own privacy. Users should be aware that Google’s policies and usage of your data is not malicious and is perfectly legal but you are giving up your information. If something is free, you are the product.
Tags: Google, Chrome, browser extension, privacy, Firefox, ClearURL
Purple Fox Malware Targets Windows Machines With New Worm Capabilities
(published: March 24, 2021)
Purple Fox, which first appeared in 2018, is an active malware campaign that targeted victims through phishing and exploit kits, it required user interaction or some kind of third-party tool to infect Windows machines. However, the attackers behind the campaign have now upped their game and added new functionality that can brute force its way into victims' systems on its own, according to new research from Guardicore Labs. The researchers identified a new infection vector through Server Message Block (SMB) password brute force and the addition of a rootkit, allowing the actors to hide the malware on a machine making it more difficult to detect and remove. Purple Fox is believed to have compromised around 3,000 servers, the vast majority of which were old versions of Windows Server IIS version 7.5. It was very active in Spring and Summer 2020 before going quiet and then ramping up activity in early 2021.
Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe).
MITRE ATT&CK: |
Ransomware Malware Tool Vulnerability Threat | ||
|
2021-03-30 15:59:00 | CyberPanel makes one-click installing of web-hosted apps and services simple (lien direct) | If you're looking for a replacement for cPanel, CyberPanel might be exactly what you need. Jack Wallen shows you how easy this tool is to deploy. | Tool | ★★★★★ | |
 |
2021-03-28 19:24:07 | TCPView v4.0 Released, (Sun, Mar 28th) (lien direct) | TCPView is a Sysinternals&#;x26;#;39; tool that displays information about the TCP and UDP endpoints on a system. It&#;x26;#;39;s like netstat, but with a GUI. | Tool | ||
|
2021-03-28 09:53:41 | Security Affairs newsletter Round 307 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. CISA releases CHIRP, a tool to detect SolarWinds malicious activity Microsoft Defender can now protect servers against ProxyLogon […] | Tool | ||
|
2021-03-26 13:00:37 | Amazon\'s new machine learning tool will help businesses spot flagging KPIs (lien direct) | Lookout for Metrics is a fully-managed machine learning tool for monitoring business metrics and tackling dips in business performance. | Tool | ||
|
2021-03-26 08:17:18 | FBI published a flash alert on Mamba Ransomware attacks (lien direct) | The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives. […] | Ransomware Tool | ||
 |
2021-03-25 22:15:12 | CVE-2021-27372 (lien direct) | Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | Tool | ||
|
2021-03-25 22:07:54 | Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (lien direct) | IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via |
Tool | ||
|
2021-03-25 19:15:14 | CVE-2021-26597 (lien direct) | An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | Tool | ||
 |
2021-03-25 15:36:05 | Mamba Ransomware Leverages DiskCryptor for Encryption, FBI Warns (lien direct) | The Federal Bureau of Investigation (FBI) this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system. | Ransomware Tool | ||
 |
2021-03-24 15:19:38 | Comprehensive Guide to AutoRecon (lien direct) | The AutoRecon tool is designed as a network reconnaissance tool. It is a multi-threaded tool that performs automated enumeration of services. The purpose of this tool is to save time while cracking CTFs and other penetration testing environments or exams. It is useful in real-world engagements as well. Table of | Tool | ||
|
2021-03-23 14:00:00 | Anomali Cyber Watch: APT, Malware, Vulnerabilities and More. (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackRock, CopperStealer, Go, Lazarus, Mirai, Mustang Panda, Rust, Tax Season, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Bogus Android Clubhouse App Drops Credential-Swiping Malware
(published: March 19, 2021)
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. The app is only available on Apple's App Store mobile application marketplace - though plans are in the works to develop one.
Analyst Comment: Use only the official stores to download apps to your devices. Be wary of what kinds of permissions you grant to applications. Before downloading an app, do some research.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105
Tags: LokiBot, BlackRock, Banking, Android, Clubhouse
Trojanized Xcode Project Slips XcodeSpy Malware to Apple Developers
(published: March 18, 2021)
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. The malicious project is a ripped version of TabBarInteraction, a legitimate project that has not been compromised. Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors.
Analyst Comment: Researchers attribute this new targeting of Apple developers to North Korea and Lazarus group: similar TTPs of compromising developer supply chain were discovered in January 2021 when North Korean APT was using a malicious Visual Studio project. Moreover, one of the victims of XcodeSpy is a Japanese organization regularly targeted by North Korea. A behavioral detection solution is required to fully detect the presence of XcodeSpy payloads.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] Security Software Discovery - T1063 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: Lazarus, XcodeSpy, North Korea, EggShell, Xcode, Apple
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
(published: March 18, 2021)
Cybereason detected a new campaig |
Ransomware Malware Tool Threat Patching Medical | APT 38 APT 28 | |
 |
2021-03-23 13:00:00 | \'Browser Isolation\' Takes On Entrenched Web Threats (lien direct) | Cloudflare says it's possible to build a version of the notoriously slow and buggy tool without compromising on speed. | Tool | ||
|
2021-03-22 15:27:16 | Linux 101: How to create symbolic links in Linux (lien direct) | Symbolic links are a very important admin tool to use in Linux. Jack Wallen tells you why and how to create such links with ease. | Tool | ||
|
2021-03-21 14:47:05 | CISA releases CHIRP, a tool to detect SolarWinds malicious activity (lien direct) | US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based tool, that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows environments. Below […] | Tool | ||
 |
2021-03-20 23:52:47 | Deconstructing that $69million NFT (lien direct) | "NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Specifically, I deconstruct that huge purchase and show what actually was exchanged, down to the raw code. (The answer: almost nothing).The reason for this post is that every other description of NFTs describe what they pretend to be. In this blogpost, I drill down on what they actually are.Note that this example is about "NFT artwork", the thing that's been in the news. There are other uses of NFTs, which work very differently than what's shown here.tl;drI have long bit of text explaining things. Here is the short form that allows you to drill down to the individual pieces.Beeple created a piece of art in a fileHe created a hash that uniquely, and unhackably, identified that fileHe created a metadata file that included the hash to the artworkHe created a hash to the metadata fileHe uploaded both files (metadata and artwork) to the IPFS darknet decentralized file sharing serviceHe created, or minted a token governed by the MakersTokenV2 smart contract on the Ethereum blockchainChristies created an auction for this tokenThe auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.Beeple transferred the token to the winner, who transferred it again to this final Metakovan accountEach of the link above allows you to drill down to exactly what's happening on the blockchain. The rest of this post discusses things in long form.Why do I care?Well, you don't. It makes you feel stupid that you haven't heard about it, when everyone is suddenly talking about it as if it's been a thing for a long time. But the reality, they didn't know what it was a month ago, either. Here is the Google Trends graph to prove this point -- interest has only exploded in the last couple months: The same applies to me. I've been aware of them (since the CryptoKitties craze from a couple years ago) but haven't invested time reading source code until now. Much of this blogpost is written as notes as I discover for myself exactly what was purchased fo |
Tool Guideline | ||
|
2021-03-19 21:15:12 | CVE-2021-21267 (lien direct) | Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. | Tool | ||
|
2021-03-18 15:56:17 | CISA releases new SolarWinds malicious activity detection tool (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. [...] | Tool | ||
|
2021-03-18 12:57:13 | WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS (lien direct) | Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but in a selective way Throughout my life, my daily job has been purely related to cybersecurity. But the branch I like the most is Incident Response and Forensics. So, I work as DFIRer. For many […] | Tool | ||
 |
2021-03-18 10:00:00 | Enterprise-Grade Mobility takes another step forward with new mobile security offers (lien direct) |
Companies and organizations of all sizes need mobile technology built for the rigors of business—it’s a must for businesses seeking to stay competitive. Enterprise-grade mobility offers additional business options, features, and services, helping companies perform functions beyond just enabling employees to work remotely. The right mobility solutions can significantly help increase productivity, reduce inefficiencies, improve Quality of Service (QoS), and manage compliance requirements— while enabling the same security protections on mobile devices as organization’s have on laptops and desktops to help protect critical business information.
With today’s highly sophisticated attacks, traditional security elements designed to protect the network infrastructure are not enough to fully protect this critical business information on mobile endpoints. AT&T understands the unique needs of mobile devices to both operate at their highest performance and be properly secured from these emerging threats. Because of this, AT&T is taking another step forward to provide our business customers with Enterprise-Grade mobile security, designed for businesses of any size.
AT&T wants to make mobile security an easy choice
Now, customers with AT&T Business Mobile Select - Pooled plans can add Lookout Mobile Endpoint Security (MES) Comprehensive for a greatly reduced price per device license per month! Businesses no longer need to make the choice between great security and great savings. This Lookout MES Comprehensive plan provides customers with industry leading mobile security at a deeply discounted price. Additionally, AT&T is bringing the Lookout MES Threats offer to customers at a price that helps make mobile security an easy decision for businesses. Both offers include Lookout’s installation and 24X7 support so customers can get up and running with ease. To learn more about these new offers, visit us at https://cybersecurity.att.com/products/lookout.
Enterprise-Grade mobile security
Truly, businesses of all sizes need to understand the importance of mobile security and how to best protect their mobile devices. And, in the ever-evolving threat landscape, businesses should not rely solely on the end-user to self-remediate threats. Rather, implement solutions that can enforce automated remediation through integration with a Mobile Device Management (MDM) solution or Unified Endpoint Management (UEM) tool while also providing real-time alerts to the end user who can immediately take action.
Furthermore, mobile security should also provide the ability to create custom policies and integrate into the business’s wholistic ecosystem. With AT&T, customers can get the right mobility solutions and mobile security solutions for their business.
Reach out to us today to learn more about how AT&T can help with both your Enterprise-Grade mobility and Enterprise-Grade security solutions.
 |
Tool Threat Guideline | ||
|
2021-03-18 05:01:00 | What is managed detection and response? (lien direct) | This article was written by an independent guest author. The last 12 months have seen massive upticks in the frequency, sophistication, and intensity of cyberattacks. This comes at a time when business operations have changed drastically with shifts to more cloud resource use in order to increase access, availability, productivity, and profits. The challenge for IT has become how to monitor the state of security of this complex mix of systems, platforms, applications, and environments while being able to quickly and effectively respond to detected potential or active threats. Organizations like yours have long realized their limitations around staffing and expertise to properly address this growing need within a security strategy, causing security service providers to fill the void with managed detection and response services. What is managed detection and response (MDR)? Managed Detection and Response (MDR) is a managed cybersecurity service that provides organizations with 24x7 active monitoring and intelligence-based detection of threats, helping to quickly respond and remediate detected threats. Outsourced teams of experienced security analysts augment your internal team and enhance your security solutions with threat intelligence that is designed to detect advanced threats on endpoints and the network. The analyts also work with your team to define processes and workflows to aid in investigation and remediation activities. In short, MDR provides your organization with a security operations center (SOC) and dedicated analysts working to ensure the security of your environment. Some MDR offerings also include threat hunting as part of the service. Where does the term MDR come from? MDR has evolved from Managed Security Service Providers (MSSPs), who historically have offered managing and monitoring of network security, but left the investigation and remediation activity to internal IT teams. This put the burden of identifying real threats and performing incident response actions back on the already overtaxed IT staff. One common challenge for internal IT teams is that no one is a cybersecurity expert; your team is made up of primarily generalists with some degree of specialty. When we’re talking about identifying and responding to a potential cyberattack, your organization needs an expert. Thus, MDR was born. MSSPs are more focused on security monitoring and alerting, so MDR takes this much farther by including detection, response, and threat hunting. While both typically utilize vulnerability scanning and Security Incident and Event Management (SIEM) functionality, MDR services use additional solutions that provide visibility all the way down to the endpoint to ensure a complete picture of any potentially malicious activity, as well as response orchestration to automate remediation. The MDR’s monitoring includes: 24x7 alarm monitoring by a SOC team The reliance upon state-of-the-art threat intelligence Security analyst review and validation of alarms to eliminate false positives and non-actionable alarms, as well as escalation of actionable alarms to a Tier 2 analyst Incident investigation and notification to internal IT teams Execution of response plans tasked to the SOC team The key benefits of MDR MDR provides organizations seeking to have continual security monitoring and response in place with a number of benefits over taking this on internally: SOC complexity is eliminated – it’s going to take a tremendous effort and budget to establish an internal SOC; in many cases quarters to get up and running. MDR services include the use of a world-class SOC that already exists, meeting the organizations SOC need. Rapid deployment – With a SOC already in place, deploying MDR services takes weeks instead of quarters. Access to security experts & | Tool Vulnerability Threat | ||
|
2021-03-17 23:59:55 | Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites (lien direct) | Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.
The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.
According to Wordfence |
Tool | ★★★★ | |
|
2021-03-17 20:56:27 | Data Breaches Tracker monitor unsecured ElasticSearch servers online (lien direct) | Cybersecurity research at WizCase, an online security and privacy portal, built a tool to track accessible ElasticSearch servers on the internet. Cybersecurity research at WizCase, an online security and privacy portal, developed a tool that allows track accessible ElasticSearch servers on the Internet. The tool scans the web for accessible ElasticSearch servers and displays different variables […] | Tool | ||
|
2021-03-17 18:03:00 | Anomali Cyber Watch: APT, Ransomware, Vulnerabilities and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, AlientBot, Clast82, China, DearCry, RedXOR, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google: This Spectre proof-of-concept shows how dangerous these attacks can be
(published: March 15, 2021)
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another. While the PoC demonstrates the JavaScript Spectre attack against Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U CPU on Linux, Google notes it can easily be tweaked for other CPUs, browser versions and operating systems.
Analyst Comment: As the density of microchip manufacturing continues to increase, side-channel attacks are likely to be found across many architectures and are difficult (and in some cases impossible) to remediate in software. The PoC of the practicality of performing such an attack using javascript emphasises that developers of both software and hardware be aware of these types of attacks and the means by which they can be used to invalidate existing security controls.
Tags: CVE-2017-5753
Threat Assessment: DearCry Ransomware
(published: March 12, 2021)
A new ransomware strain is being used by actors to attack unpatched Microsoft Exchange servers. Microsoft released patches for four vulnerabilities that are being exploited in the wild. The initial round of attacks included installation of web shells onto affected servers that could be used to infect additional computers. While the initial attack appears to have been done by sophisticated actors, the ease and publicity around these vulnerabilities has led to a diverse group of actors all attempting to compromise these servers.
Analyst Comment: Patch and asset management are a critical and often under-resourced aspect of defense in depth. As this particular set of vulnerabilities and attacks are against locally hosted Exchange servers, organization may want to assess whether a hosted solution may make sense from a risk standpoint
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] System Service Discovery - T1007 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | |
Ransomware Tool Vulnerability Threat Guideline | Wannacry APT 41 APT 34 | |
|
2021-03-16 17:02:56 | Using "Star Wars" as inspiration, hologram maker imagines new future for smartphones (lien direct) | IKIN's founder describes a 3D hologram tool that works without glasses or goggles and can even be seen in daylight and more. | Tool | ||
|
2021-03-16 13:00:03 | Security firm releases free Purple Knight tool to spot weaknesses in Active Directory (lien direct) | The AD report card scores the security of Group Policies, Kerberos security and AD infrastructure. | Tool | ||
|
2021-03-16 10:45:23 | Automated Security Testing for Developers (lien direct) |  Today, more than ever before, development organizations are focusing their efforts on reducing the amount of time it takes to develop and deliver software applications. While this increase in velocity provides significant benefits for the end users and the business, it does complicate the process for testing and verifying the function and security of a release.
The days of long-running, waterfall-style development cycles, wherein security was manually evaluated and bolted on at the end, are gone for good. With the move towards an agile development methodology, security testing and remediation is inherently shifting to the left. And to support this, developers must adopt tools to automate security testing for easy vulnerability identification at the earliest point possible in the development lifecycle.
Below, we discuss the why and how of implementing an effective strategy for automated security testing within the development lifecycle.
Shifting security testing to the left
Through the use of automation, security testing can be executed earlier (or left) in the development pipeline. This is advantageous for a variety of reasons. For one, the earlier vulnerabilities are discovered, the less expensive they are to fix. If a security issue was introduced into the code early in the release cycle, it???s more likely that it???ll be resolved in minutes or hours. Whereas, a vulnerability discovered at the end of the release cycle could face complexity that increases the time required to remediate.
Moreover, earlier execution of security tests ensures that vulnerabilities pose less of a threat to the delivery schedule. When security tests are automated as part of the build and integration processes, there is less uncertainty as the release approaches the later stages of the development lifecycle. This reflects well on both development personnel and the organization as a whole.
Shifting security left can also help reduce security debt, which piles up over time and can only add to serious risk if left unchecked. Instead of leaving the prioritization and remediation of bugs and vulnerabilities until the very end, shifting security left encourages collaboration between security and development to tackle this issue and determine which security debt is acceptable, and which should be remediated ASAP, reducing lingering risk.
Automated security testing for developers
So with the intent being to automate and shift security testing to the earliest possible point in the development lifecycle, let???s analyze how this is done in practice.
What are we looking for when we test? What does automated security testing involve?
Automated security testing for applications is accomplished by scanning code for vulnerabilities. Static code analysis, for instance, scans a codebase while the application is not running. The code is evaluated against a set of policies to ensure that developer implementation is in compliance with the security standards set forth by the organization. Non-compliance with any standard would indicate a vulnerability. These vulnerabilities can include anything from failure to properly protect database calls from SQL injection, to non-compliance with PCI standards for processing, storing, and transmitting credit card information. Furthermore, automated security testing can be leveraged to validate the security of third-party libraries being used by the system.
Organizations that wish to shorten their development cycles and enable continuous delivery should uti |
Tool Vulnerability Threat | ★★★ | |
 |
2021-03-16 10:33:00 | Microsoft One-Click Tool Mitigates Exchange Server Attacks (lien direct) | Tool designed for customers without dedicated IT or cybersecurity resource | Tool | ||
 |
2021-03-16 08:41:26 | (Déjà vu) Microsoft releases one-click mitigation tool for Exchange Server hacks (lien direct) | Another tool is at the disposal of admins struggling to protect their systems. | Tool | ||
|
2021-03-16 08:27:36 | (Déjà vu) Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues (lien direct) | Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. The IT giant reported that at least one […] | Tool | ||
 |
2021-03-16 06:00:00 | (Déjà vu) Microsoft releases one-click ProxyLogon mitigation tool (lien direct) | Pas de details / No more details | Tool | ||
|
2021-03-16 00:22:56 | Microsoft Ships One-Click Mitigation Tool for Exchange Attacks (lien direct) | 
|
Tool | ||
|
2021-03-15 23:06:51 | Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks (lien direct) | Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks.
Called Exchange On-premises Mitigation Tool (EOMT), the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using |
Tool | ||
 |
2021-03-15 22:46:02 | One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 (lien direct) | We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated threats from the recent Exchange Server on-premises attacks. Based on these engagements we realized that there was a need for a simple, easy to use, automated solution that … One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 Read More " | Tool | ★★★★★ | |
|
2021-03-15 20:13:28 | Microsoft releases one-click Exchange On-Premises Mitigation Tool (lien direct) | Microsoft has released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to allow small business owners to easily mitigate the recently disclosed ProxyLogon vulnerabilities. [...] | Tool | ||
|
2021-03-15 19:15:13 | CVE-2021-23879 (lien direct) | Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | Tool Vulnerability | ||
|
2021-03-15 15:30:30 | How to use Bitwarden\'s new Send feature (lien direct) | What is probably the best open source password manager on the market has added a new feature that will make using the tool even better. | Tool | ★★★★★ | |
|
2021-03-15 13:30:00 | The UK Is Secretly Testing a Controversial Web Snooping Tool (lien direct) | The country passed its Investigatory Powers Act in 2016. Now, it's building what could be the most powerful data collection system used by any democratic nation. | Tool | ||
|
2021-03-12 20:36:00 | Dell closes the STEM gap with Girls Who Game (lien direct) | Gaming and Minecraft provide a learning tool for young girls as they develop global competencies, such as communication, collaboration, critical thinking and creativity. | Tool | ||
|
2021-03-11 21:33:36 | (Déjà vu) Expert publishes PoC exploit code for Microsoft Exchange flaws (lien direct) | This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant […] | Hack Tool | ||
|
2021-03-11 15:13:27 | A new Linux Foundation open source signing tool could make secure software supply chains universal (lien direct) | sigstore could eliminate the headaches associated with current software signing technology through public ledgers. | Tool | ★★★ |
To see everything:
Our RSS (filtrered)
