What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-05 13:56:20 | How to hide unwanted driver updates in Windows 10 (lien direct) | Almost every month, the Windows Update catalogue is updated with unwanted drivers prepared by OEMs and driver vendors. Fortunately, Microsoft allows users to hide or pause specific driver updates using a tool called "Show or hide updates troubleshooter". [...] | Tool | ||
 |
2020-12-04 15:48:12 | Nmap for Pentester: Output Format Scan (lien direct) | Nmap which is also known as Network Mapper is one of the best open-source and the handiest tool that is widely used for security auditing and network scanning by pentesters. It also provides an additional feature where the results of a network scan can be recorded in various formats. Table of Contents Introduction- Scan Output... Continue reading → | Tool | ||
 |
2020-12-03 20:02:20 | Intel unveils machine programming tool to detect bugs in code (lien direct) | ControlFlag is a new tool that can autonomously detect errors in code. | Tool | ||
 |
2020-12-03 12:00:00 | Two cybersecurity hygiene actions to improve your digital life in 2021 (lien direct) | This blog was written by an independent guest blogger. It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual. According to a University of Maryland study, Hackers attack every 39 seconds, on average 2,244 times a day. It may be even higher now that more of us are working remotely because of Covid19 and the attack surface has greatly expanded in numbers and vulnerability. Clearly, with the plethora of breaches, spams, and ransomware we already experienced in 2020, we need to be better prepared in 2021. What are a couple of cybersecurity hygiene action upgrades that will improve outcomes in 2021? #1 Passwords Poor passwords have always been viewed as the low hanging fruit for hackers as the easiest way into the crown jewels of data. Yet, many still use common passwords such as #132456 #password, or birthdays that pose little barriers to letting the bad guys access your accounts, In fact, a UK National Cyber Security Centre 2019 survey analysis discovered that 23.2 million victim accounts from all parts of the world used 123456 as a password. Another 7.8 million data breach victims chose a 12345678 password. More than 3.5 million people globally picked up the word "password" to protect access to their sensitive information. Now that we have all become creatures of social media, hackers can use social engineering tactics by exploring your social media accounts that often highlight pet names (quite often used as passwords - I admit I have been guilty of that too) or other identifiable items that may give clues to passwords and interests. What is particularly alarming is that there are algorithmic programs that can also utilize public social sites and marketing information to “guess” passwords. Actions: remedies are easy to get beyond that bad habit of using easy passwords to crack. Do not use default passwords on your devices and when you do create passwords make them complicated. Consider making them long or using phrases with letters, numbers and characters. Also, do not use the same password for multiple accounts. Make it difficult for hackers to get in with one try. Make their challenges more difficult by using multifactor or biometric authentication such as a fingerprint, facial recognition, or texts to verify it is you when you sign in. And if you want to make things less stressful on your memory (we all forget our passwords), consider using a security token and/or password manager. The bottom line is that secure passwords are a basic step to stronger cyber hygiene. #2 Phishing Phishing is the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization or a website you may frequent. Usually the phishing malware comes via email attachments but can also be web-based. According to an analysis by Webroot, 46,000 new phishing sites are created every day and 1.385 million new, unique phishing sites are created each month. At a more granular level, the firm Wandera says that a new phishing site launches every 20 seconds. Advances in technologies have made it easier for hackers to phish. They can use readily available digital graphics, apply social engineering data, and a vast array of phishing tools, including some automated by machine learning. Phishing is often accompanied by ransomware and a tactic for hackers is to target leadership a | Ransomware Data Breach Malware Tool Vulnerability Threat Guideline | ||
 |
2020-12-03 09:40:55 | CI/CD With Veracode Docker Images (lien direct) |  On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it easy to include the current version of Veracode tools in your automation workflow.
Why Docker?
Providing official Docker images addresses customer feedback we???ve received regarding the use of Veracode tools in a pipeline. Without using a Docker image, a customer???s script must download the tool each time to the CI/CD runner, adding time to each run, or a customer must implement their own caching mechanism to avoid redownloading the tool every time. Also, any dependencies required by the Veracode tool, including the Java runtime or Python, must be installed on the local machine, potentially raising issues of version compatibility. Last, some continuous integration pipelines, including AWS CloudStar and TravisCI, require external testing tools to be integrated via containers.
The Veracode Docker images address these concerns. Docker automatically provides caching and makes it easy to always use the latest version available. Also, the Docker image contains any dependencies required by the Veracode tool. Last, the Docker images are supported by Veracode, addressing concerns from customers about having to write their own image or rely on a community-provided one.
Securing Docker images
The Veracode Docker image was originally designed and built by Veracode???s product security team for internal use in pipelines by Veracode development teams. The team has done the following to ensure the images are secure:
The Docker images are built and published to DockerHub via continuous delivery pipelines that include the most current version of each included tool and scan the images for vulnerabilities.
Each image is run with a de-privileged local user to avoid privilege escalation.
The underlying tools are developed with a secure SDLC and are tested with Veracode Static Analysis and Veracode Software Composition Analysis in their own development pipelines.
The images are based on well-known and widely used base images.
Only the prerequisites absolutely needed for downloading the tools in the images are included.
Usage examples
Here are a few samples using the images in continuous integration workflows.
GitLab examples
These examples are drawn from a single workflow that uses all three containers in different stages. (You can see the project in which the workflow is published here.)
Pipeline Scan
Pipeline Scan Static Analysis:
image: veracode/pipeline-scan:latest
stage: Security_Scan
only:
- development
script:
|
Tool | ★★★ | |
 |
2020-12-02 15:44:59 | Microsoft Revamps \'Invasive\' M365 Feature After Privacy Backlash (lien direct) | The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts. | Tool | ||
|
2020-12-02 14:41:45 | Productivity Score: Microsoft limits features of new tool following \'workplace surveillance\' concerns (lien direct) | Productivity Score will no longer identify how individual users interact with Microsoft 365 apps. | Tool | ||
|
2020-12-01 03:00:00 | Windows 10 20H2 update fixes broken in-place upgrade feature (lien direct) | Microsoft has released a new cumulative update for Windows 10 20H2 that fixes a bug preventing users from performing in-place upgrades with the Microsoft Media Creation Tool (MCT). [...] | Tool | ★★★★★ | |
 |
2020-11-25 17:21:06 | Is 2FA by SMS a bad idea? (lien direct) | Two-factor authentication is ubiquitous and it's a really valuable tool to protect systems and data assets. But with increasing reliance on home working and remote access in the current pandemic, what mechanism should we choose? It's very common these days for SMS messages to be used for two-factor authentication – many cloud service providers use […] | Tool | ||
 |
2020-11-23 21:07:15 | Massive Increase in Global IP Address Visibility (lien direct) | We've had an amazing year here at Team Cymru – the revenue from our commercial offerings has enabled us to invest heavily in community services, through which we support the global IT Security community. We've added more teammates and more no-cost tools and services. This brief post outlines the specific new tool we've been working [...] | Tool | ||
|
2020-11-19 20:35:55 | How to use the new Google Calendar event add tool (lien direct) | Google Calendar has a new event add interface and Jack Wallen is here to show you how easy and efficient it is to use. | Tool | ||
 |
2020-11-19 19:00:00 | VBA purgalicious: obscurcissement macro avec purge de VBA Purgalicious VBA: Macro Obfuscation With VBA Purging (lien direct) |
Les documents de bureau malveillants restent une technique préférée pour chaque type d'acteur de menace, des Teamers Red aux groupes FIN en passant par APTS.Dans cet article de blog, nous discuterons de "Purging VBA", une technique que nous avons de plus en plus observée dans la nature et c'était d'abord Documé publiquement par Didier Stevens en février 2020 .Nous expliquerons comment VBA Purging fonctionne avec les documents Microsoft Office au format binaire de fichiers composés (CFBF), partagez certaines opportunités de détection et de chasse et introduire un nouvel outil créé par l'équipe rouge de Mandiant \\: officepurge .
Format de fichier MS-OVBA
Avant de plonger dans la purge VBA, c'est
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. We will explain how VBA purging works with Microsoft Office documents in Compound File Binary Format (CFBF), share some detection and hunting opportunities, and introduce a new tool created by Mandiant\'s Red Team: OfficePurge. MS-OVBA File Format Before diving into VBA Purging, it is |
Tool Threat Technical | ★★★★ | |
|
2020-11-19 16:23:50 | Healthcare Orgs: What You Need to Know About TrickBot and Ryuk (lien direct) |  In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, ?????ヲcredible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,??? which they shared as a warning of potential ransomware attacks.
In the report, the agencies found that threat actors are targeting the HPH Sector using TrickBot and BazarLoader malware efforts, which can result in the disruption of healthcare services, the initiation of ransomware attacks, and the theft of sensitive data. As noted in the advisory, these security issues are even more difficult to handle and remediate during the COVID-19 pandemic; something healthcare providers should take that into consideration when determining how much to invest in their cybersecurity efforts.ツ?
The FBI first began tracking TrickBot modules in early 2019 as it was used by cyberattackers to go after large corporations. According to the report, ?????ヲTrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.???
What makes it so dangerous? Researchers found that TrickBot developers created a tool called anchor_dns which uses a single-byte X0R cipher to obfuscate communications and, once de-obfuscated, is discoverable in DNS request traffic. When the malware is successfully executed, TrickBot is copied as an executable file and the copy is placed into one of the following directories:
C:\Windows\
C:\Windows\SysWOW64\
C:\Users\[Username]\AppData\Roaming\
From there, the executable file downloads modules from command and control servers (C2s) and places them into the host???s %APPDATA% or %PROGRAMDATA% directory. Every 15 minutes, the malware runs scheduled tasks on the victim???s machine for persistence, and after successful execution, anchor_dns deploys more malicious .bat scripts and implements self-deletion techniques through commands. The report notes that an open source tracker for TrickBot C2 servers is located here.
BazarLoader and Ryuk ransomware
CISA, FBI, and HHS note in the advisory report that around early 2020, threat actors believed to be associated with TrickBot began executing BazarLoader and BazarBackdoor attacks to infect targeted networks.
???The loader and backdoor work closely together to achieve infection and communicate with the same C2 infrastructure,??? the report says. ???Campaigns using Bazar represent a new technique for cybercriminals to infect and monetize networks and have increasingly led to the deployment of ransomware, including Ryuk. BazarLoader has become one of the most commonly used vectors for ransomware deployment.???
BazarLoader malware usually comes from phishing emails, the advisory says, with a link to a Google Drive document or another file hosting service housing what looks like a PDF file but is really an executable. The emails often appear personal with recipient or employer names in the subject l |
Ransomware Malware Tool Threat Patching | ★★★ | |
|
2020-11-18 13:06:19 | DNScat2: Application Layer C&C (lien direct) | In today's world, IT infrastructure and network security devices are becoming more and more secure and hence, ports like 53 (DNS) is used as a communication channel between a client and a C2 server. In highly restricted environments, DNS always resolves domains. So, to serve our penetration testing purpose we might require a tool that... Continue reading → | Tool | ||
|
2020-11-18 12:59:41 | Zoom: These new features will prevent trolls and meeting-crashers (lien direct) | Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links. | Tool | ||
 |
2020-11-18 12:35:28 | Experts Reacted On The News That Vulnerabilities Discovered In Cisco Security Manager “Relatively Easy To Exploit” (lien direct) | Cisco has published advisories for three vulnerabilities in Cisco Security Manager, a tool used to manage Cisco devices. The vulnerabilities were recently discovered and disclosed by security researcher Florian Hauser of… The ISBuzz Post: This Post Experts Reacted On The News That Vulnerabilities Discovered In Cisco Security Manager “Relatively Easy To Exploit” | Tool | ||
|
2020-11-17 16:49:19 | How to install the ManageEngine OpManager on your data center servers (lien direct) | OpManager is an outstanding tool for keeping tabs on your data center servers. Learn how to get it up and running. | Tool | ||
|
2020-11-17 06:01:00 | What is unified endpoint management? UEM explained (lien direct) | This blog was written by a third party author. The business world is undergoing its most dramatic shift yet with the adoption of digital assets and workforce decentralization representing a huge business opportunity. These changes have led to added endpoints, or devices connecting to the network, and is enabling this transformation. But managing the volumes of these diverse endpoints and geographic locations has grown in complexity. Furthermore, along with these changes in technology adoption and distribution of the workforce, the cybersecurity landscape is also changing. The multitude of endpoints that connect to the network is expanding the attack surface that bad actors with malicious intent can attempt to exploit. From a cybersecurity perspective, this influx of endpoints represents a significant business risk. Organizations need to understand the importance of both managing and securing their endpoints and how these two variables are intertwined for a complete endpoint security strategy. What is UEM? Traditional mobile device management has evolved, and in some way, UEM represents this modern evolution. With the dramatic increase of remote connectivity via mobile devices, shift to work from home, and IoT adoption, unified endpoint management has become the solution for modern IT departments looking to secure these environments. Unified endpoint management is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. In addition, UEM offers the abilities for provisioning, detection, deployment, troubleshooting and updating. UEM software gives IT and security departments the visibility and control over their devices as well as their end-users, delivered through a centralized management console. The goal of UEM software is to simplify an organization's endpoint strategy. But when adopting UEM software, it’s critical to approach the implementation with a big-picture view and plan accordingly. UEM security benefits Unified endpoint management offers organizations many benefits, with the most appealing being reduced costs across multiple departments. By comprehensively automating many IT tasks and processing, UEM often lowers overhead costs and hardware expenditures. Other key benefits are as follows: Offers endpoint management integration with multiple platforms One of the major selling points of UEM software is its ability to integrate with a variety of platforms, including Windows 10, macOS, Linux, Chrome OS, iOS, and Android, among others. With UEM, your business can configure, control, and monitor devices on these platforms from a single management console. With this integration, the burden of connecting these systems is reduced, costs are lowered, and risks are mitigated. Provides data and app protection across the attack surface UEM protects corporate data and applications, reducing cybersecurity threats. This protection is accomplished by: Providing conditional user access Enforcing automated rules Enforcing compliance guidelines Providing safeguards for data loss Empowering IT administrators to identify jailbreaks and OS rooting on devices And, when combined with a Mobile Threat Defense (MTD) solution, UEM’s can enforce security policies and take automated remediation steps to further mitigate security risks for iOS and Android devices. Boasts advanced desktop management With UEM, desktop operating systems gain a digital transformation boost that simplifies deployment and helps optimize app delivery and patch automation. Plus, an endpoint’s data and apps can be | Tool Vulnerability Threat Patching | ||
 |
2020-11-15 13:00:00 | Computer Scientists Achieve the \'Crown Jewel\' of Cryptography (lien direct) | For years, a master tool called indistinguishability obfuscation seemed too good to be true. Three researchers have figured out that it can work. | Tool | ||
|
2020-11-13 10:41:01 | Possible ransomware attack warnings from the Australian government (lien direct) | The Australian government have recently sent out a security alert encouraging health sector organisation to check their cyber-security defences, and most importantly their controls for detecting ransomware attacks. Australia's Cyber Security Centre said that it “observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT).” This warning […] | Ransomware Tool | ||
 |
2020-11-12 15:00:00 | Fortify Your Cyber Defense with the MITRE ATT&CK Framework (lien direct) | Overview In a recent Anomali webinar, experts AJ Nash, Senior Director of Cyber Intelligence Strategy at Anomali, and Roberto Sanchez, Senior Director, Threat and Sharing Analysis at Anomali, presented the importance of the MITRE ATT&CK framework and showed how to use it to better understand threat actors, campaigns, and associated tactics, techniques, and procedures (TTPs). Major Analytical Frameworks The Cyber Kill Chain, developed by Lockheed Martin in 2011, is one of the best known of the cyber threat intelligence frameworks. Based on the military concept of the kill chain, it breaks down an attack into seven stages, so defenders can pinpoint which stage an attack is in and deploy appropriate countermeasures. In 2013, looking for a way to better understand adversary concerns, The Center for Cyber Intelligence Analysis and Threat Research (CCIATR) developed The Diamond Model. This model helps defenders track four aspects of an attack: the attacker, the victims, the attacker’s capabilities, and the infrastructure the attacker uses. Each of the points on the diamond is a pivot point that defenders can use during an investigation to connect one aspect of an attack with the others. Also in 2013, MITRE - a unique United States corporation responsible for managing federal funding for research projects across multiple federal agencies - released the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework as a means of tracking adversarial behavior over time. ATT&CK builds on the Cyber Kill Chain, but rather than describe a single attack, it focuses on the indicators and tactics associated with specific adversaries. MITRE ATT&CK MITRE ATT&CK can provide a better understanding of adversaries by quantifying and categorizing them. Universal nomenclature and taxonomy of specific tactics, techniques, and procedures enable a shared understanding of threat actors. Recognizing these advantages, Anomali has integrated this framework into their platform. There are four main issues that MITRE ATT&CK is designed to address: Adversary Behaviors – Tactics, techniques, and procedures (TTPs) are tracked, which are more durable than indicators of compromise (IOCs). Improved Lifecycle Model - MITRE ATT&CK has the ability to map specific behaviors back to an organization’s defenses to understand how it relates to that specific environment. Real-World Applicability - TTPs are based on observed incidents. Common Taxonomy – TTPs need to be comparable across adversary groups using the same terminology. It enables the comparison of adversaries from different nation-states, etc. MITRE ATT&CK’s approach uses behavioral methodology guided by five principles: Include Post-compromise Detection – This is necessary for when threats bypass established defenses or use new means to enter a network. Focus on Behavior - Signatures become unreliable, as they change frequently. Behaviors tend to remain more stable, enabling better profiling of adversaries. Use of Threat-based Model - An accurate and well-scoped threat model that captures adversaries’ tools and how they overlap with each other enables preventative actions. Iterate by Design - Constant | Malware Tool Threat | ||
|
2020-11-11 17:54:08 | You can use RPA to help with data cleansing for analytics (lien direct) | This tool doesn't work for big data, but it can help you get your data ready to be analyzed. Here's why. | Tool | ||
 |
2020-11-10 13:22:03 | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike (lien direct) | Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […] | Ransomware Tool Guideline | ||
|
2020-11-08 19:11:06 | Memory Forensics using Volatility Workbench (lien direct) | Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating system. You can download it from Here. You can refer to the previous article Memory Forensics: Using Volatility from here, ... Continue reading → | Tool | ||
|
2020-11-04 19:00:00 | Dans le débordement de tampon critique sauvage, la vulnérabilité de Solaris peut permettre une prise de contrôle à distance - CVE-2020-14871 In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover - CVE-2020-14871 (lien direct) |
Fireeye Mandiant a étudié les machines Oracle Solaris compromises dans les environnements clients.Au cours de nos enquêtes, nous avons découvert un outil d'exploitation sur le système d'un client et l'avons analysé pour voir comment il attaquait leur environnement Solaris.Le groupe de travail offensif de l'équipe Flare \\ a analysé l'exploit pour déterminer comment il a fonctionné, reproduit la vulnérabilité sur différentes versions de Solaris, puis l'a signalée à Oracle.Dans cet article de blog, nous présentons une description de la vulnérabilité, offrons un moyen rapide de tester si un système peut être vulnérable et suggérer des atténuations et
FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer\'s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team\'s Offensive Task Force analyzed the exploit to determine how it worked, reproduced the vulnerability on different versions of Solaris, and then reported it to Oracle. In this blog post we present a description of the vulnerability, offer a quick way to test whether a system may be vulnerable, and suggest mitigations and |
Tool Vulnerability | ★★★ | |
|
2020-11-04 18:14:43 | MIT researchers develop AI to detect COVID-19 using cough recordings. An app could be on deck (lien direct) | The tool was able to detect nearly 99% of COVID-19 infections using thousands of cough recordings and 100% of asymptomatic cases, per MIT. | Tool | ||
 |
2020-11-03 10:03:00 | Trape – OSINT Analysis Tool For People Tracking (lien direct) |  Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.
Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.
Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.
|
Tool | ||
|
2020-11-02 19:15:00 | Vivre du terrain?Que diriez-vous d'apporter votre propre île?Un aperçu de UNC1945 Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 (lien direct) |
Grâce à une enquête mandiante des intrusions, l'équipe de Flare Advanced Practices a observé un groupe que nous suivons en tant que fournisseurs de services gérés par UNC1945 et opérant contre un ensemble de cibles sur mesure au sein des industries de conseil financière et professionnelle en tirant un accès à des réseaux tiers (voir (voirCe article de blog pour une description approfondie des groupes «UNC»).
UNC1945 Tiré des systèmes d'exploitation Oracle Solaris, utilisé plusieurs outils et utilitaires contre Windows et Systèmes d'exploitation Linux, des machines virtuelles personnalisées chargées et exploitées et utilisé des techniques pour échapper à la détection
Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection |
Tool | ★★★★ | |
|
2020-11-02 14:40:17 | Burp Suite for Pentester – Configuring Proxy (lien direct) | Burp Suite, you might have heard about this great tool and even used it in a number of times in your bug hunting or the penetration testing projects. Though, after writing several articles on web-application penetration testing, we've decided to write a few on the various options and methods provided by this amazing tool which... Continue reading → | Tool | ||
|
2020-10-29 22:05:27 | In Embryos, Crispr Can Cut Out Whole Chromosomes-That\'s Bad (lien direct) | The DNA-cutting tool has been hailed as a way to fix genetic glitches. But a new study suggests it can remove more than scientists bargained for. | Tool | ||
|
2020-10-29 18:21:34 | FlowSpec for DDoS (lien direct) | We tend to not announce new features until we’re ready to announce a new version. But 2020 throws the old rules out the window! The Institute for Security and Technology (IST) reached out to me recently to talk about BGP FlowSpec. The topic? Is this a viable tool to help networks defend themselves? [...] | Tool | ||
|
2020-10-29 13:04:48 | A Software Security Checklist Based on the Most Effective AppSec Programs (lien direct) |  Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.
As the presenters went through the data, it led to a larger discussion about AppSec best practices and what steps organizations can take to mature their programs. Here are the best practices laid out during the presentation as an easy-to-follow checklist as well as supporting data from the ESG report.
Application security controls are highly integrated into the CI/CD toolchain.
In the ESG survey, 43 percent of organizations agreed that DevOps integration is most important to improving AppSec programs, but only 56 percent of respondents answered that they use a highly integrated set of security controls throughout their DevOps process. Integrating security measures into the CI/CD toolchain not only makes it easier for developers to run AppSec tests, but it also helps organizations discover security issues sooner, which speeds up time to deployment.
Application security best practices are formally documented.
In order to have a successful AppSec program, everyone needs to be on the same page regarding best practices. The CISO should help facilitate the formal documentation of AppSec best practices. Developers and security professionals can reference the list and use it to guide their decisions.
Application security training is included as part of the ongoing development security training program.
Developers have been increasingly tasked with implementing security measures, including writing secure code and remediating vulnerabilities. Most developers don???t receive secure code training courses in college, so it is up to organizations to offer security training. But according to the survey, more than 20 percent of organizations only provide training when developers join the team.
Developers should have multiple, at-leisure training opportunities throughout the year, like virtual or hands-on programs ??? such as Veracode Security Labs. Chris Wysopal pointed out the importance of human touchpoints as part of ongoing developer training. If someone is checking in on developers to make sure they???re completing their training, they???ll likely take it more seriously. Consider a security champions program. The security champions are developers who have an interest in learning about security. If you have at least one security champion on every scrum team, that person can help ensure that their peers are up to speed on the latest security training and best practices.
Ongoing developer security training includes formal training programs, and a high percentage of developers participate.
At-leisure security training is a great way for developers to learn on their own time. But it is also important to implement formal security training with a set completion date and a skills assessment. Without formal security training, developers may not develop the skills they need to write secure code and remediate vulnerabilities. This could lead to slower and more expensive deployments because of rework or vulnerable code being pushed to production.
Accordin |
Tool Vulnerability Guideline | Uber | |
 |
2020-10-28 03:57:02 | [Webinar and eBook]: Are You\'re Getting The Best Value From Your EDR Solution? (lien direct) | Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats.
EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2.0 billion in annual revenue globally, expecting it to quadruple over the next five years. The recent introduction of Extended Detection and |
Tool | ||
|
2020-10-22 10:24:17 | NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco (lien direct) | Cisco Reports Privacy and Security Concerns Increase in Today's Remote World News Summary: Two new global surveys highlight the challenges and opportunities of the accelerated transition to a cloud-first, remote world that demands us to be secure, connected, and productive from anywhere. IT teams were not fully prepared for the sudden transition to remote work. Secure … The ISBuzz Post: This Post NEWS: 68% Concerned About Remote Collab Tool Privacy – Cisco | Tool | ||
|
2020-10-21 13:00:00 | A Deepfake Porn Bot Is Being Used to Abuse Thousands of Women (lien direct) | An AI tool that 'removes' items of clothing from photos has targeted more than 100,000 women, some of whom appear to be under the age of 18. | Tool | ||
 |
2020-10-19 17:25:00 | GravityRAT Spyware Targets Android & MacOS in India (lien direct) | The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android. | Tool | ||
 |
2020-10-19 11:37:58 | New Gitjacker tool lets you find .git folders exposed online (lien direct) | Tool can also download your Git repositories, allowing attackers to retrieve sensitive configuration files and source code. | Tool | ||
|
2020-10-16 17:27:51 | How to recover deleted files in Linux with testdisk (lien direct) | If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk. | Tool | ||
 |
2020-10-09 15:42:42 | How Cybersecurity Threat Intelligence Teams Spot Attacks Before They Start (lien direct) | A thorough cybersecurity threat intelligence team can turn a threat into a tool for future protection. Their job is to conduct background research on threat groups’ motivations and capabilities. This way, the intelligence team can be ready to protect an organization with even greater knowledge in the future. Strong cybersecurity threat intelligence about who attackers […] | Tool Threat | ||
|
2020-10-08 14:02:25 | Data Security and Regulatory Compliance (lien direct) | By Trevor J Morgan, product manager at comforte AG The cloud is an incredibly useful tool for businesses and enterprises that process huge amounts of information. Over recent years, cloud adoption has increased substantially. Indeed, the public cloud service market is expected to reach $623.3 billion by 2023 worldwide as more businesses look to expand […] | Tool | ||
|
2020-10-07 11:00:00 | How to Save Time and Type Faster With AutoHotKey (lien direct) | One simple tool gives you the power to build your own custom time-saving keyboard shortcuts. Here's how to set it up and get through that drudgework faster. | Tool | ||
|
2020-10-07 04:18:46 | trident – Automated Password Spraying Tool (lien direct) |  The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.
trident was designed and built to fulfill several requirements and to provide:
the ability to be deployed on several cloud platforms/execution providers
the ability to schedule spraying campaigns in accordance with a target's account lockout policy
the ability to increase the IP pool that authentication attempts originate from for operational security purposes
the ability to quickly extend functionality to include newly-encountered authentication platforms
Using trident Password Spraying Tool
Usage:
trident-cli campaign [flags]
Flags:
-a, --auth-provider string this is the authentication platform you are attacking (default "okta")
-h, --help help for campaign
-i, --interval duration requests will happen with this interval between them (default 1s)
-b, --notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, --passfile string file of passwords (newline separated)
-u, --userfile string file of usernames (newline separated)
-w, --window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)
Example output:
$ trident-client results
+----+-------------------+------------+-------+
| ID | USERNAME | PASSWORD | VALID |
+----+-------------------+------------+-------+
| 1 | alice@example.org | Password1!
Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.
|
Tool | ||
|
2020-10-06 10:00:00 | Covering Comments Is Instagram\'s Newest Anti-Bullying Tool (lien direct) | Harassment takes many forms. The platform's latest update works to address a broader swath of negative interactions, from hiding comments to sending warnings. | Tool | ||
|
2020-10-05 20:15:10 | NASA taps AI to identify "fresh craters" on Mars (lien direct) | NASA's Jet Propulsion Laboratory uses an AI tool on a supercomputer cluster to identify potential craters on the Red Planet. | Tool | ||
|
2020-10-05 10:00:00 | A China-Linked Group Repurposed Hacking Team\'s Stealthy Spyware (lien direct) | The tool attacks a device's UEFI firmware-which makes it especially hard to detect and destroy. | Tool | ||
|
2020-10-05 07:38:05 | Microsoft releases tool to update Defender inside Windows install images (lien direct) | The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | Tool | ||
|
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
|
2020-10-01 13:00:03 | With API attacks rising, Cloudflare launches a free API security tool (lien direct) | Claudflare launches API Shield, a new service to protect web APIs against attacks. | Tool | ||
|
2020-10-01 11:44:03 | Python programming: Microsoft\'s new tool makes app testing easier for developers (lien direct) | Playwright for Python automates end-to-end testing for web apps and works in any browser. | Tool | ||
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat |
To see everything:
Our RSS (filtrered)
