What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-13 16:15:18 | CVE-2022-25711 (lien direct) | Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25695 (lien direct) | Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25682 (lien direct) | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25685 (lien direct) | Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25677 (lien direct) | Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25675 (lien direct) | Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25681 (lien direct) | Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | Industrial | ||
 |
2022-12-13 07:40:10 | OT Cybersecurity in 2023: Time to Show the Receipts (lien direct) | >There has been public broad realization that operations which tolerate little to no physical downtime-including critical infrastructure, industrial sectors and hyperconnected facilities-are lucrative targets for cyberattacks. A decade ago, intrusion and anomaly detection tools for operational technology (OT) and industrial control systems (ICS) were in their infancy. Today, the market is expanding and maturing in […] | Industrial | ★★★ | |
 |
2022-12-12 16:50:32 | (Déjà vu) 2nd Annual DISC 2022 Capture the Flag (CTF) Event a Success! (lien direct) | >The Dragos Industrial Security Conference (DISC) is an annual event celebrated on November 5th that provides attendees with some of... The post 2nd Annual DISC 2022 Capture the Flag (CTF) Event a Success! first appeared on Dragos. | Industrial | ★★★ | |
 |
2022-12-08 15:20:51 | WAFs of Several Major Vendors Bypassed With Generic Attack Method (lien direct) | Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors. | Industrial | ★★ | |
|
2022-12-07 13:00:00 | Unify IT & OT Cybersecurity for A More Secure, Resilient Industrial Network with Dragos and Cisco (lien direct) | >Cybersecurity is a key component of modernization and regulatory requirements for digital transformation efforts, as cyber threats have become a... The post Unify IT & OT Cybersecurity for A More Secure, Resilient Industrial Network with Dragos and Cisco first appeared on Dragos. | Industrial | ★★★ | |
 |
2022-12-07 08:44:13 | Nokia and GlobalData market research reveals private wireless enterprise drivers and return on investment data (lien direct) | Nokia and GlobalData market research reveals private wireless enterprise drivers and return on investment data • Results from new Nokia and GlobalData survey find cybersecurity and business efficiency are key transformation drivers for early private wireless adopters • Decision makers surveyed at 79 multinationals reveal high confidence in the technology with many having adopted or planning to adopt private wireless networks and industrial edge solutions • Nearly 80 percent of survey respondents expected to achieve ROI within six months of deployment • Benefits of an integrated approach to digitalization are broadly recognized, working with market leaders that offer a wide array of industry solutions - Special Reports | Guideline Industrial | ★★ | |
|
2022-12-05 14:01:54 | Kaspersky prévoit des changements dans le paysage des menaces pour les systèmes de contrôle industriel en 2023 (lien direct) | Les chercheurs de l'ICS CERT de Kaspersky ont partagé leurs prédictions concernant les évolutions et les risques concernant les systèmes de contrôle industriel auxquels les organisations doivent se préparer en 2023. Parmi ces prédictions, les experts de Kaspersky prévoient une augmentation de la surface d'attaque due à la numérisation, des activités d'initiés bénévoles et cybercriminels, des attaques de ransomware ciblant les infrastructures critiques, mais aussi des incidences techniques, économiques et géopolitiques sur les capacités de détection des menaces et l'augmentation des vulnérabilités potentielles exploitées par les agents malveillants. - Points de Vue | Ransomware Industrial | ★★★★ | |
 |
2022-12-02 08:32:00 | CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server | Industrial | ★★ | |
 |
2022-10-11 19:22:42 | Google Pixel 7 and Pixel 7 Pro: The next evolution in mobile security (lien direct) | Dave Kleidermacher, Jesse Seed, Brandon Barbello, Sherif Hanna, Eugene Liderman, Android, Pixel, and Silicon Security Teams Every day, billions of people around the world trust Google products to enrich their lives and provide helpful features – across mobile devices, smart home devices, health and fitness devices, and more. We keep more people safe online than anyone else in the world, with products that are secure by default, private by design and that put you in control. As our advancements in knowledge and computing grow to deliver more help across contexts, locations and languages, our unwavering commitment to protecting your information remains. That's why Pixel phones are designed from the ground up to help protect you and your sensitive data while keeping you in control. We're taking our industry-leading approach to security and privacy to the next level with Google Pixel 7 and Pixel 7 Pro, our most secure and private phones yet, which were recently recognized as the highest rated for security when tested among other smartphones by a third-party global research firm.1 Pixel phones also get better every few months with Feature Drops that provide the latest product updates, tips and tricks from Google. And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time. Your protection, built into PixelYour digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe. We take a comprehensive, end-to-end approach to security with verifiable protections at each layer - the network, application, operating system and multiple layers on the silicon itself. If you use Pixel for your business, this approach helps protect your company data, too.  Google Tensor G2 is Pixel's newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3. Every aspect of Tensor G2 was designed to improve Pixel's performance and efficiency for great battery life, amazing photos and videos. Tensor's built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe. Titan family chips are also used to protect Google Cloud data centers and Chromebooks, so the same hardware that protects Google servers also secures your sensitive information stored on Pixel. And, in a first for Google, Titan M2 hardware has now been certified under Common Criteria PP0084: the international gold standard for hardware security components also used for identity, SIM cards, and bankcard security chips. |
Spam Malware Vulnerability Guideline Industrial | APT 40 | |
 |
2022-08-30 16:00:43 | Watering Hole Attacks Push ScanBox Keylogger (lien direct) | Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. | Industrial | APT 40 | |
 |
2022-07-26 06:00:00 | L'équipe rouge mandiante émule les tactiques FIN11 pour contrôler les serveurs de technologie opérationnelle Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers (lien direct) |
Au cours des deux dernières années, les incidents de ransomwares ont eu un impact sur des milliers d'organisations d'infrastructure industrielles et critiques.Dans certains cas, Mandiant a observé comment ces intrusions perturbent les chaînes de production industrielles et les flux de travail opérationnels comme méthode pour inciter le paiement des rançons.Bien que dans la plupart des cas, les victimes aient subi des dommages-intérêts exclusivement limités aux systèmes d'entreprise, cela ne signifie pas que les systèmes de technologie opérationnelle (OT) ne sont pas à risque.
La nature de la technologie OT et les défis de la défense signifie que de nombreux réseaux OT ont Sécurité Gaps que
During the last couple of years, ransomware incidents have impacted thousands of industrial and critical infrastructure organizations. In some cases, Mandiant has observed how these intrusions disrupt industrial production chains and operational workflows as a method to incentivize the payment of ransoms. Although in most cases victims have suffered damages exclusively restricted to enterprise systems, this does not mean that operational technology (OT) systems are not at risk. The nature of OT technology and the challenges of defending it means that many OT networks have security gaps that |
Ransomware Industrial | ★★★ | |
 |
2022-07-25 00:00:00 | Sécurisez votre technologie opérationnelle (OT) contre les attaques en ligne avec un nouveau programme de diplôme professionnel de la cybersécurité Secure your Operational Technology (OT) against online attacks with new cyber security professional diploma programme (lien direct) |
As featured in The Independent, Prof. Thomas Newe, Associate Professor with UL\'s Department of Electronic and Computer Engineering, explains why the new cyber security professional diploma programme is particularly beneficial for IT professionals who are unfamiliar with OT. The article is included below or via this link: independent.ie --- Cyber security: why it matters Cyber security has been pushed to the forefront of public consciousness in recent years, thanks to a spate of high-profile hacks and ransomware attacks that have occurred both internationally and in Ireland. Vital business operations in many industries are increasingly carried out and managed online, which has given rise to a heightened need for comprehensive digital security training and awareness. One of the primary concerns of industry leaders in the manufacturing field is how they can secure the seamless functioning of their OT (Operational Technology) systems. OT is a term that describes hardware and software which is used to oversee and control the physical devices, processes and events associated with any given business enterprise. With the advent of Industry 4.0, which seeks to establish automated protocols and operation guidelines for the manufacturing industry, the secure functioning of OT systems underpinning manufacturing processes is paramount. Unlike IT attacks that generally target data, OT attacks focus on industrial control systems (ICS), leading to a tangible physical impact. For example, during a 2017 Triton/Trisis cyberattack on a Middle East petrochemical plant\'s safety instrumentation system, the attackers triggered an outage that could have led to the release of toxic hydrogen sulphide gas or caused explosions. In the USA, the Colonial Pipeline ransomware cyberattack in May 2021 threatened the security of the company\'s oil pipeline infrastructure. This incident highlighted the need for OT engineers to understand and be able to defend against sophisticated cyber attacks. Whilst cyber attacks exist in the digital space, they can have a real and tangible effect on the physical world. Bridging the educational gap Recent hacks within vital sectors of the Irish economy have highlighted both the pressing need for workers who are highly skilled in cyber security, and the current shortage of such workers. The Professional Diploma in OT Security is an innovative new programme that bridges this urgent educational gap. This diploma is jointly offered by two HEA-Human Capital Initiatives: Cyber Skills (Ireland\'s leading cyber security initiative) and UL@Work (a University of Limerick-based initiative that provides digital skills programmes to thoroughly prepare graduates for the workplace). Cyber Skills was established in order to address the critical skills shortage in cyber security by providing flexible, university-accredited online micro-credentials and pathways, delivered by lecturers who are experts in their field. Cyber Skills\' courses have been created by academic leaders in MTU, UL and TU Dublin, as well as the institute\'s industry partners. Integrating OT and IT knowledge The Professional Diploma in OT Security is designed to develop the skills of emerging cyber security experts in Smart Manufacturing. The diploma is ideal for professionals who are directly or indirectly involved in integrating OT and IT systems to facilitate Industry 4.0 standards in their organisation. Programme lecturers actively encourage individuals and companies to invest in their employees\' skills, knowledge and training, in order to protect and strengthen their organisation\'s defence against cyber attacks. Prof. Thomas Newe, Associate Professor with UL\'s Department of Electronic and Computer Engineering, explains that the diploma is particularly beneficial for IT professionals who are unfamiliar with OT. “The course really helps IT engineers to better understand OT, and learn how IT securely interfaces with it.” Deeper understanding and career progression: what students can expect The course curriculum will give participants a s | Ransomware Hack Threat Industrial | ★★ | |
 |
2022-06-30 13:49:56 | China lured graduate jobseekers into digital espionage (lien direct) | Student translators were targeted by front company for Beijing-backed hacking group APT40. | Industrial | APT 40 | |
|
2022-04-13 15:30:00 | Inconstruire: les nouveaux outils de cyberattaques parrainés par l'État ciblent plusieurs systèmes de contrôle industriel INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (lien direct) |
Au début de 2022, Mandiant, en partenariat avec Schneider Electric, a analysé un ensemble de nouveaux outils d'attaque orientés vers le système de contrôle industriel (ICS) - que nous appelons Inconstroller (aka PipeDream) - construit aux dispositifs d'automatisation des machines cibles.Les outils peuvent interagir avec des équipements industriels spécifiques intégrés dans différents types de machines exploitées dans plusieurs industries.Bien que le ciblage de tout environnement opérationnel utilisant cet ensemble d'outils ne soit pas clair, le malware pose un risque critique pour les organisations tirant parti de l'équipement ciblé.Inconstroller est très probablement parrainé par l'État et contient
In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. INCONTROLLER is very likely state sponsored and contains |
Malware Tool Industrial | ★★★★ | |
|
2022-04-11 10:00:00 | Sécurité proactive pour la technologie opérationnelle et les infrastructures critiques Proactive Security for Operational Technology and Critical Infrastructure (lien direct) |
technologie opérationnelle (OT) et systèmes de contrôle industriel (ICS) ont longtemps été utilisés dans les environnements industriels pour surveilleret automatiser les processus physiques et les opérations critiques de mission.Ces systèmes constituent les éléments fondamentaux de certaines de nos infrastructures les plus critiques et soutiennent les fonctions sociétales essentielles, telles que la production d'électricité, le traitement des eaux usées, les transports publics, la fabrication industrielle, l'extraction des ressources, le pétrole et le gaz et les télécommunications.
La dernière décennie a connu une augmentation progressive de la motivation mondiale de l'acteur de cyber-menace pour cibler l'OT à usage spécial
Operational Technology (OT) and Industrial Control Systems (ICS) have long been used in industrial environments to monitor and automate physical processes and mission-critical operations. These systems form the foundational building blocks for some of our most critical infrastructure and support essential societal functions, such as power generation, wastewater treatment, public transportation, industrial manufacturing, resource mining, oil and gas, and telecommunications. The last decade has seen a gradual uptick in global cyber threat actor motivation for targeting special-purpose OT |
Threat Industrial | ★★★ | |
|
2022-03-16 00:00:00 | Cybersécurité - la valeur et le besoin de formation pratique Cyber Security -The Value and Need for Practical Training (lien direct) |
Whenever we are trying to master a new skill, we have all heard about the importance of practise. The associated attention, rehearsal and repetition leads to the acquisition of new knowledge or skills that can later be developed into more complex skillsets. This sentiment has been seen throughout history, where some of the world\'s most masterful people have shared a similar philosophy that is still true today: Bruce Lee - “Practice makes perfect. After a long time of practising, our work will become natural, skillfull, swift and steady” Abraham Lincoln - “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” Japanese Proverb – “Tomorrow\'s battle is won during todays practice” Vincent Van Gough – “As practise makes perfect, I cannot but make progress, each drawing one makes, each study one paints is a step forward” Marshawn Lynch - “When you get to practice against the best, it brings the best out of you.” Martha Graham – “Practice means to perform, over and over again in the face of all obstacles, some act of vision, of faith, of desire. Practice is a means of inviting the perfection desired” Unknown - “Don\'t practise until you get it right, practice until you can\'t get it wrong” Others might disagree slightly: Vince Lombardi – “Practise does not make perfect. Only perfect practise makes perfect” So, the message is clear, to master a skill, we need to practise but we need to practise against the best and in the best most realistic possible environment. In terms of cybersecurity, as the cyber threat environment grows more intense, cyber defence groups require more and more skilled professionals to help with the onslaught of cyberattacks. However, they are finding it increasingly difficult to recruit and hire trained security professionals as having a degree in cybersecurity is usually not enough to give an individual the skills required for mitigating sophisticated attacks. For Cyber Security professionals, the required practise involves realistic breach scenarios or cyberattacks. These breaches or cyberattacks are any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. The aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. Day-to-day work in cybersecurity offers few opportunities for such training on the job, resulting in the required practise being an extremely difficult thing to achieve. When you think about it, cyberattacks are seemingly in the news every day, which seems to contradict my previous statement. However, the results of a cyberattack can range from causing inconvenience to dire consequences. A cyberattack on critical infrastructure and/or healthcare sectors don\'t just affect data or computer systems, they can wreak havoc in the physical world. This was seen all too well in Ireland in the not so distant past. So, cyberattacks are prevalent but the consequences mean we aim to prevent as many breaches as possible and reduce the impact, contain and eradicate any attack that exploits a system. There lies the problem, cyber security professionals require realistic breach scenarios and cyberattacks to train and become sufficiently skilled but cyber professionals are consistently working hard to prevent such attacks in the real-world. So the question is, “how do we train cyber security professionals to deal with the challenging ever-changing cyber environment?”. The answer is a Cyber Range! A Cyber Range provides a secure, sandboxed virtual interactive training environment that can simulate real-world feel scenarios and environments, including complex IT environments and attacks on IT infrastructure, networks, software platforms and applications. As a result, a cyber range infrastructure provides the required training and practise elements of realistic breach scenarios and cyberattacks. A Cyber Range enables students to practice newly acquire | Tool Threat Studies Mobile Industrial Medical Cloud | ★★ | |
|
2022-01-31 15:00:00 | 1 sur 7 OT Ransomware Extorsion Attaque de fuite Critique Informations sur la technologie opérationnelle 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information (lien direct) |
Les fuites de données ont toujours été une préoccupation pour les organisations.L'exposition d'informations sensibles peut entraîner des dommages à la réputation, des sanctions légales, une perte de propriété intellectuelle et même un impact sur la confidentialité des employés et des clients.Cependant, il y a peu de recherches sur les défis posés aux organisations industrielles lorsque les acteurs de la menace divulguent des détails sensibles sur leur sécurité, la production, les opérations ou la technologie.
En 2021, Mandiant Threat Intelligence a continué à observer les opérateurs de ransomwares tentant d'extorquer des milliers de victimes en divulguant des téraoctets de volés
Data leaks have always been a concern for organizations. The exposure of sensitive information can result in damage to reputation, legal penalties, loss of intellectual property, and even impact the privacy of employees and customers. However, there is little research about the challenges posed to industrial organizations when threat actors disclose sensitive details about their OT security, production, operations, or technology. In 2021, Mandiant Threat Intelligence continued observing ransomware operators attempting to extort thousands of victims by disclosing terabytes of stolen |
Ransomware Threat Industrial | ★★★ | |
|
2021-11-18 12:00:00 | Présentation du cadre de criminalistique numérique et de réponse aux incidents de Mandiant \\ pour les systèmes OT intégrés Introducing Mandiant\\'s Digital Forensics and Incident Response Framework for Embedded OT Systems (lien direct) |
La collecte et l'analyse des données médico-légales sont un composant central du processus de réponse de l'incident.Ce processus est central pour déterminer l'existence et la portée subséquente d'un compromis, les outils utilisés par les adversaires et leurs capacités.Cependant, l'obtention des données de criminalistique numérique et de réponse aux incidents (DFIR) n'est pas toujours une tâche simple, en particulier lorsque des systèmes de technologie opérationnelle (OT) sont impliqués.
Les réseaux OT comprennent souvent une variété de produits peu communs et parfois obscurs qui exploitent régulièrement des composants logiciels et de micrologiciels embarqués.Un bon exemple de ceci est en temps réel
Collecting and analyzing forensic data is a core component of the incident response process. This process is central to determining the existence, and subsequent scope of a compromise, the tools used by adversaries, and their capabilities. However, obtaining digital forensics and incident response (DFIR) data is not always a simple task, especially when operational technology (OT) systems are involved. OT networks often include a variety of uncommon and sometimes obscure products that regularly leverage embedded software and firmware components. A good example of this is real-time |
Tool Industrial | ★★★ | |
|
2021-10-27 08:01:01 | Fichier exécutable portable infectant les logiciels malveillants se trouve de plus en plus dans les réseaux OT Portable Executable File Infecting Malware Is Increasingly Found in OT Networks (lien direct) |
Lors de la recherche de fichiers associés à une gamme de fabricants d'équipements d'origine (OT) (OEM), Mandiant Threat Intelligence a découvert un grand nombre de binaires exécutables portables (PE) légitimes affectés par divers types de PEinfecter les logiciels malveillants.Les fichiers infectés incluent les binaires associés aux contrôleurs logiques programmables (PLC), les communications OLE pour le contrôle de processus (OPC), les applications d'interface humaine-machine (HMI) et d'autres fonctions OT prise en charge par des appareils basés sur Windows aux niveaux 2 et 3 du PurdueModèle.
Un PE est un format de fichier développé par Microsoft
While researching files associated with a range of operational technology (OT) original equipment manufacturers (OEM), Mandiant Threat Intelligence uncovered a large number of legitimate portable executable (PE) binaries affected by various types of PE infecting malware. The infected files include binaries associated with programmable logical controllers (PLC), OLE for process control (OPC) communications, human-machine interface (HMI) applications, and other OT functions supported by Windows-based devices at levels 2 and 3 of the Purdue Model. A PE is a file format developed by Microsoft |
Malware Threat Industrial | ★★★ | |
|
2021-08-17 08:01:01 | Mandiant révèle la vulnérabilité critique affectant des millions de dispositifs IoT Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices (lien direct) |
Aujourd'hui, Mandiant a révélé une vulnérabilité critique des risques en coordination avec le Agence de sécurité de la cybersécurité et des infrastructures («CISA») qui affecte des millions de dispositifs IoT qui utilisent les lytek «kalay» réseau.Cette vulnérabilité, découverte par des chercheurs de l'équipe rouge de Mandiant \\, à la fin de 2020, permettrait aux adversaires de compromettre à distance les appareils IoT victime, ce qui a donné la possibilité d'écouter l'audio en direct, de regarder des données vidéo en temps réel et de compromettre les informations d'identification de l'appareil pour plus de nouvellesAttaques basées sur la fonctionnalité du dispositif exposé.Ces autres attaques pourraient inclure des actions qui permettraient
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant\'s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow |
Vulnerability Industrial | ★★★ | |
 |
2021-07-23 22:03:21 | Episode 221: Biden Unmasked APT 40. But Does It Matter? (lien direct) | Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds | Industrial | APT 40 | |
|
2021-07-21 17:31:16 | Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say (lien direct) | Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. | Industrial | APT 40 | |
 |
2021-07-20 15:00:00 | Anomali Cyber Watch: China Blamed for Microsoft Exchange Attacks, Israeli Cyber Surveillance Companies Help Oppressive Governments, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers
(published: July 19, 2021)
On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity.
Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210
Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China
NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists
(published: July 18, 2021)
Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho |
Ransomware Malware Tool Vulnerability Threat Studies Guideline Industrial | APT 41 APT 40 APT 28 APT 31 | |
 |
2021-07-19 20:36:16 | US DoJ indicts four members of China-linked APT40 cyberespionage group (lien direct) | US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […] | Industrial | APT 40 | |
|
2021-07-19 13:44:03 | U.S., Allies Officially Accuse China of Microsoft Exchange Attacks (lien direct) | U.S. Charges Four Alleged Members of Chinese Hacking Group APT40 The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. | Industrial | APT 40 | |
 |
2021-07-19 10:44:21 | US indicts members of Chinese-backed hacking group APT40 (lien direct) | Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [...] | Industrial | APT 40 | |
|
2021-05-25 09:00:00 | Crimes d'opportunité: augmentation de la fréquence des compromis sur la technologie opérationnelle à faible sophistication Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises (lien direct) |
Les attaques contre les processus de contrôle soutenues par la technologie opérationnelle (OT) sont souvent perçues comme nécessairement complexes.En effet, perturber ou modifier un processus de contrôle pour provoquer un effet prévisible est souvent assez difficile et peut nécessiter beaucoup de temps et de ressources.Cependant, Maniant Threat Intelligence a observé des attaques plus simples, où les acteurs ayant différents niveaux de compétences et de ressources utilisent des outils et des techniques informatiques communs pour accéder et interagir avec les systèmes OT exposés.
L'activité n'est généralement pas sophistiquée et n'est normalement pas ciblée contre des organisations spécifiques
Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels of skill and resources use common IT tools and techniques to gain access to and interact with exposed OT systems. The activity is typically not sophisticated and is normally not targeted against specific organizations |
Tool Threat Industrial | ★★★ | |
|
2021-04-13 10:00:00 | Piratage de la technologie opérationnelle pour la défense: leçons apprises de l'infrastructure de contrôle des compteurs intelligents en équipe d'OT Red Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure (lien direct) |
Les incidents de sécurité très médiatisés au cours de la dernière décennie ont apporté un examen minutieux à la cybersécurité pour la technologie opérationnelle (OT).Cependant, il existe une perception continue entre les organisations d'infrastructures critiques que les réseaux OT sont isolés de réseaux publics tels que Internet.Dans l'expérience de mandiant, le concept d'un \\ 'Air Gap \' séparant les actifs des réseaux externes est rarement vrai dans la pratique.
En 2018, nous avons publié un article de blog présentant les outils et techniques qui Temp.veles utilisé pendant l'incident de Triton pour traverser un compromis externe des informations
High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks-such as the Internet. In Mandiant\'s experience, the concept of an \'air gap\' separating OT assets from external networks rarely holds true in practice. In 2018, we released a blog post presenting the tools and techniques that TEMP.Veles used during the TRITON incident to traverse from an external compromise of the information |
Tool Industrial | ★★★★ | |
|
2021-02-17 13:00:00 | Briller une lumière sur la solarcité: exploitation pratique du dispositif X2E IoT (deuxième partie) Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two) (lien direct) |
Dans cet article, nous continuons notre analyse du Solarcity ConnectPort X2E Appareil ZigBee (appelé tous les appareils X2E).Dans partie un , nous avons discuté du x2e à un niveau élevé, effectué des attaques initiales basées sur le réseau, puis a discuté des techniques matérielles utilisées pour obtenir un shell distant sur le périphérique X2E en tant qu'utilisateur système non priviaire.Dans ce segment, nous couvrons comment nous avons obtenu une coquille privilégiée sur l'appareil localement en utilisant des attaques de glitch, et explorer CVE-2020-12878 , une vulnérabilité que nous avons découverte qui a permis une escalade de privilège à distance à l'utilisateur root .Combiné avec cve-2020-9306
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e device as a non-privileged system user. In this segment, we\'ll cover how we obtained a privileged shell on the device locally using power glitching attacks, and explore CVE-2020-12878, a vulnerability we discovered that permitted remote privilege escalation to the root user. Combined with CVE-2020-9306 |
Vulnerability Industrial | ★★★★ | |
 |
2020-10-07 18:31:39 | Amazon Wants to \'Win at Games.\' So Why Hasn\'t It? (lien direct) | After brute-forcing its way to dominance in so many industries, the tech leviathan may finally have met its match. | Industrial | APT 40 | |
|
2020-10-04 09:35:41 | Security Affairs newsletter Round 284 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker […] | Industrial | APT 40 | |
|
2020-09-29 08:01:01 | Dans la poursuite d'une visualisation Gestalt: fusion de l'agent à mitre ATT & CK & Reg;Pour l'entreprise et les CI, communiquer les comportements adversaires In Pursuit of a Gestalt Visualization: Merging MITRE ATT&CK® for Enterprise and ICS to Communicate Adversary Behaviors (lien direct) |
mise à jour (10 décembre): Ce message a été mis à jour pour refléter les modifications de la matrice de mitre ATT & amp; CK pour l'entreprise, qui comprend désormais des tactiques supplémentaires.
Comprendre les menaces de plus en plus complexes auxquelles sont confrontés les organisations d'infrastructures industrielles et critiques n'est pas une tâche simple.Alors que les acteurs de menaces très qualifiés continuent de se renseigner sur les nuances uniques de la technologie opérationnelle (OT) et les systèmes de contrôle industriel (CI), nous observons de plus en plus les attaquants explorant une diversité de méthodes pour atteindre leurs objectifs.Les défenseurs sont confrontés au défi de l'analyse systématique des informations de ces incidents
Update (Dec. 10): This post has been updated to reflect changes in MITRE ATT&CK Matrix for Enterprise, which now includes additional tactics. Understanding the increasingly complex threats faced by industrial and critical infrastructure organizations is not a simple task. As high-skilled threat actors continue to learn about the unique nuances of operational technology (OT) and industrial control systems (ICS), we increasingly observe attackers exploring a diversity of methods to reach their goals. Defenders face the challenge of systematically analyzing information from these incidents |
Threat Industrial | ★★★ | |
|
2020-09-27 09:28:15 | Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT (lien direct) | Microsoft removed 18 Azure Active Directory applications from its Azure portal that were created by a Chinese-linked APT group Gadolinium. Microsoft announced this week to have removed 18 Azure Active Directory applications from its Azure portal that were created by a China-linked cyber espionage group tracked as APT group Gadolinium (aka APT40, or Leviathan). The 18 […] | Industrial | APT 40 | |
 |
2020-09-24 21:09:50 | Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group (lien direct) | Azure AD apps were abused by the Gadolinium (APT40) group to attack Microsoft Azure customers. | Industrial | APT 40 | |
|
2020-08-25 04:00:00 | Une introduction pratique à l'approche de Mandiant \\ S à l'équipe d'OT Red A Hands-On Introduction to Mandiant\\'s Approach to OT Red Teaming (lien direct) |
Les propriétaires d'actifs de technologie opérationnelle (OT) ont historiquement considéré que les réseaux rouges de l'OT et du système de contrôle industriel (ICS) sont trop risqués en raison du potentiel de perturbations ou d'impact négatif sur les systèmes de production.Bien que cet état d'esprit soit resté largement inchangé depuis des années, l'expérience de Mandiant dans le domaine suggère que ces perspectives changent;Nous fournissons de plus en plus de valeur aux clients en faisant équipe en toute sécurité en associant leurs réseaux de production OT.
Cette volonté croissante de l'équipe rouge de l'OT est probablement motivée par quelques facteurs, notamment le nombre croissant et
Operational technology (OT) asset owners have historically considered red teaming of OT and industrial control system (ICS) networks to be too risky due to the potential for disruptions or adverse impact to production systems. While this mindset has remained largely unchanged for years, Mandiant\'s experience in the field suggests that these perspectives are changing; we are increasingly delivering value to customers by safely red teaming their OT production networks. This increasing willingness to red team OT is likely driven by a couple of factors, including the growing number and |
Industrial | ★★★★ | |
|
2020-07-15 10:00:00 | Les acteurs à motivation financière étendent l'accès à l'OT: analyse des listes de mise à mort qui incluent des processus OT utilisés avec sept familles de logiciels malveillants Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families (lien direct) |
Mandiant Threat Intelligence a recherché et rédigé de nombreuses recherches sur l'activité de menace financière croissante impactant directement les réseaux de technologie opérationnelle (OT).Certaines de ces recherches sont disponibles dans nos précédents articles de blog sur post-compromise industrielleRansomware Et approche de Fireeye \\ pour la sécurité OT .Bien que la plupart des acteurs derrière cette activité ne se différencient probablement pas entre celui-ci et l'OT ou ont un intérêt particulier pour les actifs OT, ils sont motivés par le but de gagner de l'argent et ont démontré les compétences nécessaires pour fonctionner dans ces réseaux.Par exemple, le changement vers
Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting operational technology (OT) networks. Some of this research is available in our previous blog posts on industrial post-compromise ransomware and FireEye\'s approach to OT security. While most of the actors behind this activity likely do not differentiate between IT and OT or have a particular interest in OT assets, they are driven by the goal of making money and have demonstrated the skills needed to operate in these networks. For example, the shift to |
Malware Threat Industrial | ★★★★ | |
|
2020-03-23 07:00:00 | Surveillance des outils de cyber-opération ICS et des modules d'exploitation de logiciels pour anticiper les menaces futures Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats (lien direct) |
Il n'y a eu qu'un petit nombre de cyberattaques largement documentées ciblant les technologies opérationnelles (OT) / systèmes de contrôle industriel (ICS) au cours de la dernière décennie.Bien que moins d'attaques soit clairement une bonne chose, l'absence d'une taille d'échantillon adéquate pour déterminer les seuils de risque peut rendre difficile pour les défenseurs de comprendre l'environnement de menace, de hiérarchiser les efforts de sécurité et de justifier l'allocation des ressources.
Pour résoudre ce problème, Fireeye Mandiant Threat Intelligence produit une gamme de rapports pour abonnement Les clients qui se concentrent sur différents indicateurs pour prédire les menaces futures
There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource allocation. To address this problem, FireEye Mandiant Threat Intelligence produces a range of reports for subscription customers that focus on different indicators to predict future threats |
Tool Threat Industrial Prediction | ★★★★ | |
 |
2020-03-22 00:00:00 | Comment l'IoT industriel pourrait déclencher le prochain cyber-catastrophieffect d'urgence / 11 sur l'industrie manufacturière américaine révèle 7 milliards de dollars pour les eaux autres How Industrial IoT could Trigger the Next Cyber CatastropheEffect of URGENT/11 on the US Manufacturing Industry Reveals $7 Billion ExposureRead More (lien direct) |
IntroductionOn 29th July 2019, the cyber security firm Armis announced that it had found eleven different vulnerabilities in the operating system âVXworksâ which they believe exposed around 200 million critical devices. The team at Armis dubbed this group of vulnerabilities: URGENT/11. This report explores how the discovery of URGENT/11 demonstrates the susceptibility of global manufacturing businesses to large losses from a cyber-attack event and the potential impact on commercial P&C (re)insurers.âThe Operating System at the Heart of the IssueVxWorks is a widely used, but lesser known, lightweight IoT real-time operating system (RTOS). This operating system is embedded in over 2 billion devices in the US and worldwide. These range from large-scale industrial machinery controlling installations such as nuclear power stations and oil production platforms, to smaller systems throughout the worldâs automotive, aviation, agri-business, textile, logistics and pharmaceutical facilities. A malicious attack could affect what is known as the SupervisoryControl and Data Acquisition (SCADA), the system that allows industrial organizations to gather and monitor real-time data in their manufacturing and distribution systems. Critically, VxWorks is also part of what are known as Industrial Control Systems (ICS) â software that manages the industrial processes themselves.âNot a Quick FixAs with any type of software vulnerability, affected organizations need to patch vulnerabilities quickly. However, in the case of URGENT/11, the necessary patches can be very expensive to apply immediately, because the affected devices are critical to day-to-day operations. Patching a vulnerability requires stopping or interrupting the device, which could lead to significant business disruption. Furthermore, while very large organizations have the financial and technical resources to implement system patches quickly, smaller manufacturers â who may nevertheless be critical to the supply chain â often do not. They may buy equipment that happens to contain VxWorks, but do not expect to have to maintain the software or even be aware of its existence.âQuantifying URGENT/11âs Potential Loss Scenarios for the US Manufacturing IndustryTo understand the extent of companies that were vulnerable to URGENT/11, their susceptibility to being attacked, and the effect an attack might have industry wide, Kovrr deployed its proprietary technologies. The first step was to gather real-time information about the distribution of VxWorks in the US manufacturing sector. To achieve this, Kovrr leveraged its ability to continuously collect relevant business intelligence, cyber threat intelligence, external and internal security data. As a result, we were able to identify companies with devices that were utilizing the VxWorks operating system. For internal mapping, access to multiple security vendors\' data is essential because each vendor has its own expertise and distribution, in terms of geolocation, served industries, defense level focus, mapped devices, etc. In the case below involving an industrial sector, unique data focused on IoT devices is needed. Kovrr partners with a diverse range of data providers to detect and map beyond the firewall devices and security control mechanisms. By having access to Armis\' proprietary IoT fingerprinting technology, we were able to produce a highly granular map of any IoT device being used by one organization.We can then accurately assess any IoT related emerging vulnerability on clients\' portfolios. In order to understand the nature of these businesses, including their sector, size and place in the supply chain; we use publicly available information linked to a variety of proprietary data-sources including our own. This technique is similar in principle to the exposure-data cleansing and augmentation used by catastrophe modelers. Having developed a sophisticated view of the affected businesses, we have selected a series of events fro | Ransomware Vulnerability Threat Industrial Prediction | ★★★★ | |
|
2020-03-16 10:30:00 | Ils viennent dans la nuit: tendances de déploiement des ransomwares They Come in the Night: Ransomware Deployment Trends (lien direct) |
Ransomware est un shakedown numérique éloigné.Il est perturbateur et coûteux, et il affecte toutes sortes d'organisations, à partir de Cutting Edge Technologie spatiale Firms, aux Woolindustrie , à | Ransomware Threat Industrial | ★★★ | |
|
2020-02-24 23:30:00 | Ransomware contre la machine: comment les adversaires apprennent à perturber la production industrielle en le ciblant et en OT Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT (lien direct) |
Depuis au moins 2017, il y a eu une augmentation significative des divulgations publiques des incidents de ransomwares ayant un impact sur la production industrielle et les organisations d'infrastructures critiques.Des familles de ransomwares bien connues comme Wannacry,Lockergoga, Megacortex, Ryuk, Maze, et maintenant Snakehose (alias Snake / Ekans), ont des victimes de coûts dans une variété de verticales de l'industrie plusieurs millions de dollarsen rançon et en coûts de garantie.Ces incidents ont également entraîné des perturbations et des retards importants sur les processus physiques qui permettent aux organisations de produire et de fournir des biens et services.
tandis que beaucoup
Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry verticals many millions of dollars in ransom and collateral costs. These incidents have also resulted in significant disruptions and delays to the physical processes that enable organizations to produce and deliver goods and services. While lots |
Ransomware Industrial | Wannacry | ★★★ |
|
2020-02-10 08:28:13 | Malaysia\'s MyCERT warns cyber espionage campaign carried out by APT40 (lien direct) | Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials. The attackers aimed at stealing confidential documents […] | Industrial | APT 40 | |
|
2020-02-07 01:25:41 | Malaysia warns of Chinese hacking campaign targeting government projects (lien direct) | MyCERT security alert points the finger at APT40, a Chinese state-sponsored hacking crew. | Industrial | APT 40 | |
 |
2020-01-20 16:32:45 | A week in security (January 13 – 19) (lien direct) |
Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more.
Categories:
A week in security
Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo
(Read more...)
|
Industrial | APT 40 | |
|
2019-12-11 13:00:00 | L'approche mandiante de la sécurité des technologies opérationnelles (OT) The Mandiant Approach to Operational Technology (OT) Security (lien direct) |
Ce post explique la philosophie mandiante et l'approche plus large de la sécurité des technologies opérationnelles (OT).En résumé, nous constatons que la visibilité combinée dans les environnements IT et OT est essentielle pour détecter l'activité malveillante à tout stade d'une intrusion OT.L'approche mandiante de la sécurité OT est de:
détecter les menaces tôt en utilisant la conscience de la situation complète de It et OT Networks.
La surface de la plupart des intrusions transcende les couches architecturales car à presque tous les niveaux en cours de route, il y a des ordinateurs (serveurs et postes de travail) et des réseaux utilisant le même ou similaire
This post explains the Mandiant philosophy and broader approach to operational technology (OT) security. In summary, we find that combined visibility into both the IT and OT environments is critical for detecting malicious activity at any stage of an OT intrusion. The Mandiant approach to OT security is to: Detect threats early using full situational awareness of IT and OT networks. The surface area for most intrusions transcends architectural layers because at almost every level along the way, there are computers (servers and workstations) and networks using the same or similar |
Industrial | ★★★ |
To see everything:
Our RSS (filtrered)
