SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-06-16 19:24:00	Chamedoh: Nouvelle porte dérobée Linux en utilisant le tunneling DNS-Over-HTTPS pour CNC Covert ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC (lien direct)	L'acteur de menace connu sous le nom de Chamelgang a été observé à l'aide d'un implant préalable sans papiers dans des systèmes Linux de porte dérobée, marquant une nouvelle expansion des capacités de l'acteur de menace. Le malware, surnommé Chamedoh par cage d'escalier, est un outil basé sur C ++ pour communiquer via DNS-Over-HTTPS (DOH). Chamelgang a été éteinte pour la première fois par la société russe de cybersécurité Positive Technologies en septembre 2021, The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor\'s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed by Russian cybersecurity firm Positive Technologies in September 2021,	Tool Threat		★★
	2023-06-16 19:15:14	CVE-2023-25188 (lien direct)	Un problème a été découvert sur Nokia Airscale Asika Single Ran Ran Devices avant 21b.Niveau de système opérationnel Linux intégré BTS. An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.	Tool
	2023-06-16 19:15:14	CVE-2023-25186 (lien direct)	Un problème a été découvert sur Nokia Airscale Asika Single Ran Ran Devices avant 21b.Si / quand CSP (en tant qu'administrateur BTS) supprime les durcissements de sécurité d'une unité de bande de base BTS Single Ran Ran, une traversée de chemin de répertoire dans l'unité de diagnostic de bande de base Nokia BTS Aashell (qui est par défaut désactivé) donne accès à l'unité de bande de base BTS interneSystème de fichiers à partir du réseau BTS de gestion interne de la solution de réseau mobile. An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.	Tool
	2023-06-16 18:37:00	La vulnérabilité de Third Moveit augmente les alarmes alors que le Département de l'agriculture américaine dit qu'il peut être affecté Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (lien direct)	Une troisième vulnérabilité affectant le populaire outil de transfert de fichiers Moveit provoque une alarme parmi les responsables américains et les chercheurs en cybersécurité après avoir révélé que plusieurs agences gouvernementales ont été affectées par un piratage exploitant le premier bogue.Progress Software, la société derrière Moveit, a déclaré à Recorder Future News qu'une «source indépendante» avait révélé la nouvelle vulnérabilité.Suivi A third vulnerability affecting the popular MOVEit file transfer tool is causing alarm among U.S. officials and cybersecurity researchers after it was revealed that several government agencies were affected by a hack exploiting the first bug. Progress Software, the company behind MOVEit, told Recorded Future News that an “independent source” disclosed the new vulnerability. Tracked	Hack Tool Vulnerability		★★
	2023-06-16 15:20:18	Un rat vole-t-il vos fichiers?& # 8211;Semaine en sécurité avec Tony Anscombe Is a RAT stealing your files? – Week in security with Tony Anscombe (lien direct)	> Votre téléphone Android pourrait-il abriter un outil d'accès à distance (RAT) qui vole les sauvegardes WhatsApp ou exécute d'autres manigances? >Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?	Tool		★★
	2023-06-16 13:11:38	Apporter la transparence à l'informatique confidentielle avec SLSA Bringing Transparency to Confidential Computing with SLSA (lien direct)	Asra Ali, Razieh Behjati, Tiziano Santoro, Software EngineersEvery day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential attack vectors grow more sophisticated, data must also be protected during use by the service, especially for software systems that handle personally identifiable user data.Toward this goal, Google\'s Project Oak is a research effort that relies on the confidential computing paradigm to build an infrastructure for processing sensitive user data in a secure and privacy-preserving way: we ensure data is protected during transit, at rest, and while in use. As an assurance that the user data is in fact protected, we\'ve open sourced Project Oak code, and have introduced a transparent release process to provide publicly inspectable evidence that the application was built from that source code. This blog post introduces Oak\'s transparent release process, which relies on the SLSA framework to generate cryptographic proof of the origin of Oak\'s confidential computing stack, and together with Oak\'s remote attestation process, allows users to cryptographically verify that their personal data was processed by a trustworthy application in a secure environment.	Tool		★★
	2023-06-16 13:00:00	Comment certaines entreprises sont-elles compromises encore et encore? How Do Some Companies Get Compromised Again and Again? (lien direct)	> Hack-moi une fois, honte à toi.Hack-moi deux fois, honte à moi.La populaire société de marketing par e-mail, MailChimp, a subi une violation de données l'année dernière après que les cyberattaques ont exploité un outil d'entreprise interne pour accéder aux comptes clients.Les criminels ont pu examiner environ 300 comptes et exfiltrer des données sur 102 clients.Ils aussi [& # 8230;] >Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […]	Data Breach Hack Tool		★★
	2023-06-15 13:33:00	La coquille géante du pétrole et du gaz confirme qu'elle a été touchée par les attaques de ransomware de Clop Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (lien direct)	Shell a confirmé jeudi qu'il avait été touché par la violation de l'outil de transfert de fichiers de déménagement des gangs ransomwares de CloP après que le groupe ait répertorié la multinationale britannique sur l'huile et le gas sur son site d'extorsion.C'est la deuxième fois que Shell - qui emploie plus de 80 000 personnes dans le monde et rapporte des revenus au-delà de Shell confirmed on Thursday it had been impacted by the Clop ransomware gang\'s breach of the MOVEit file transfer tool after the group listed the British oil and gas multinational on its extortion site. It is the second time that Shell - which employs more than 80,000 people globally and reported revenues in excess of	Ransomware Tool		★★★★
	2023-06-14 14:00:00	Comment les outils de messagerie populaires inculquent un faux sentiment de sécurité How Popular Messaging Tools Instill a False Sense of Security (lien direct)	Il est temps d'inclure la sécurité des outils de messagerie dans votre programme de sécurité cloud.Les bonnes premières étapes incluent le resserrement des paramètres du filtre sur Slack et les équipes. It\'s time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.	Tool Cloud		★★★
	2023-06-14 10:00:00	Menage Hunt: Killnet \\'s DDOS Head Flood Attacks - CC.py Threat Hunt: KillNet\\'s DDoS HEAD Flood Attacks - cc.py (lien direct)	Résumé de l'exécutif Killnet est un groupe avancé de menace persistante (APT) basé en Russie qui est actif depuis au moins 2015. Le groupe est connu pour ses attaques très sophistiquées et persistantes contre un éventail diversifié d'industries, y compris les gouvernements publics et locaux, les télécommunicationset défense. Killnet a été lié à plusieurs attaques de haut niveau, notamment le piratage de 2016 du Comité national démocrate (DNC) lors de l'élection présidentielle américaine.Le groupe a également été impliqué dans les attaques de déni de service distribué (DDOS) contre les aéroports américains et le service à large bande satellite d'Elon Musk \\. . Les motivations derrière ces attaques varient, mais récemment, ils ont principalement ciblé ceux qui sont les partisans les plus vocaux de l'Ukraine et de son agenda politique. Le but de cette chasse à la menace est de créer un environnement d'attaque virtuel qui simule les tactiques, techniques et procédures de Killnet \\ (TTPS).Par la suite, les détections et les requêtes de chasse aux menaces seront écrites pour identifier de manière proactive les TTP imités tout en compensant les limites des recherches historiques du CIO traditionnelles. Les résultats de la chasse aux menaces comprendront des tableaux de bord de haut niveau, du code et des artefacts de réseau générés à partir de la plage d'attaque, qui sera utilisé pour expliquer comment une hypothèse a été formée.Les résultats contiendront également la pseudo et la logique de requête traduite dans un format qui peut être utilisé par des outils tels que Suricata, Snort, Splunk et Zeek.La sortie de la requête sera ensuite utilisée pour confirmer l'hypothèse initiale générée. Artefacts de réseau Pour imiter l'attaque, CC.py a été utilisé pour générer des demandes de tête continues contre un serveur Apache, reportez-vous à l'annexe A pour plus de détails.Une fois l'attaque lancée, le trafic logarithmique capturé a été examiné, comme le montre la figure 1 et la figure 2. Lors de l'examen du trafic HTTP Head, il a été découvert que les chiffres entre les gammes de 11-12 sont apparus après "Head /?"régulièrement.Ce modèle servira de base à notre première hypothèse, comme indiqué dans la section suivante. La figure 3 contient également les journaux Apache générés sur le serveur car le script d'attaque continuait d'essayer d'accéder à différents fichiers dans & lsquo; / var / www / html / & rsquo;annuaire.Le script réitère dans un style de type de force brute, jusqu'à ce que les ressources CPU soient rendues épuisées par le volume de trafic pur. Figure 1 & ndash; Wireshark - généré dynamiquement 11-12 chiffres Figure 2 & ndash; Wireshark - Forged Referrer & amp;IPS anonymisé Figure 3 & ndash;Splunk & ndash;Journaux d'erreur du serveur Apache & ndash;Échec des tentatives d'accès au fichier Guide de détection Les expressions régulières compatibles Perl peuvent être utilisées pour tirer parti du contexte dérivé de la capture de paquets lors de l'analyse des menaces, comme le montre la figure 1. Cela nous permet d'écrire des règles de suricata / reniflement qui correspondent aux modèles observés dans les en-têtes.Les détections ont tendance à évoluer plus que les requêtes de chasse et peuvent être appliquées stratégiquement sur une base par capteur.Plus précisément, la règle suivante correspondra à n'importe q	Hack Tool Threat		★★
	2023-06-13 18:16:00	Fortinet dit que VPN Bug \\ 'peut avoir été exploité dans un nombre limité de cas \\' Fortinet says VPN bug \\'may have been exploited in a limited number of cases\\' (lien direct)	La société de sécurité de réseau Fortinet a déclaré qu'une nouvelle vulnérabilité affectant son outil VPN avait peut-être déjà été exploitée «dans un nombre limité de cas».Les préoccupations concernant la question - suivies comme CVE-2023-27997 - ont augmenté au cours du week-end en raison de la façon dont le produit SSL-VPN de Fortinet \\ de Fortinet est parmi les organisations gouvernementales.Le bogue permet aux pirates d'exécuter non autorisés Network security company Fortinet said a new vulnerability affecting its VPN tool may have already been exploited “in a limited number of cases.” Concerns about the issue - tracked as CVE-2023-27997 - grew over the weekend due to how widely used Fortinet\'s SSL-VPN product is among government organizations. The bug allows hackers to run unauthorized	Tool Vulnerability		★★
	2023-06-13 17:15:14	CVE-2023-28303 (lien direct)	Windows Snipping Tool Information Divulgation Vulnérabilité Windows Snipping Tool Information Disclosure Vulnerability	Tool Vulnerability
	2023-06-13 11:56:50	Cracking le code de la prise de décision de l'IA: exploiter la puissance des valeurs de forme Cracking the Code of AI Decision Making: Harnessing the Power of SHAP Values (lien direct)	L'explication de l'apprentissage automatique garantit que les modèles d'IA sont transparents, dignes de confiance et une explicabilité précise permet aux scientifiques des données de comprendre comment et pourquoi un modèle d'IA est arrivé à une décision particulière ou des valeurs de forme de prédiction sont un outil puissant pour l'explication car ils fournissent un moyen de mesurer la contribution de la contribution deChaque fonctionnalité d'un modèle de [& # 8230;] Machine learning explainability ensures that AI models are transparent, trustworthy and accurate Explainability enables data scientists to understand how and why an AI model arrived at a particular decision or prediction SHAP values are a powerful tool for explainability as they provide a way to measure the contribution of each feature in a model to […]	Tool		★★
	2023-06-13 10:00:00	Rise of IA in Cybercrime: Comment Chatgpt révolutionne les attaques de ransomwares et ce que votre entreprise peut faire Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. OpenAI\'s flagship product, ChatGPT, has dominated the news cycle since its unveiling in November 2022. In only a few months, ChatGPT became the fastest-growing consumer app in internet history, reaching 100 million users as 2023 began. The generative AI application has revolutionized not only the world of artificial intelligence but is impacting almost every industry. In the world of cybersecurity, new tools and technologies are typically adopted quickly; unfortunately, in many cases, bad actors are the earliest to adopt and adapt. This can be bad news for your business, as it escalates the degree of difficulty in managing threats. Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. While cybersecurity teams can leverage ChatGPT defensively, the lower barrier to entry for launching a cyberattack has both complicated and escalated the threat landscape. Understanding the role of ChatGPT in modern ransomware attacks We’ve written about ransomware many times, but it’s crucial to reiterate that the cost to individuals, businesses, and institutions can be massive, both financially and in terms of data loss or reputational damage. With AI, cybercriminals have a potent tool at their disposal, enabling more precise, adaptable, and stealthy attacks. They\'re using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection. The problem isn\'t just the sophistication of the attacks, but their sheer volume. With AI, hackers can launch attacks on an unprecedented scale, exponentially expanding the breadth of potential victims. Today, hackers use AI to power their ransomware attacks, making them more precise, adaptable, and destructive. Cybercriminals can leverage AI for ransomware in many ways, but perhaps the easiest is more in line with how many ChatGPT users are using it: writing and creating content. For hackers, especially foreign ransomware gangs, AI can be used to craft sophisticated phishing emails that are much more difficult to detect than the poorly-worded message that was once so common with bad actors (and their equally bad grammar). Even more concerning, ChatGPT-fueled ransomware can mimic the style and tone of a trusted individual or company, tricking the recipient into clicking a malicious link or downloading an infected attachment. This is where the danger lies. Imagine your organization has the best cybersecurity awareness program, and all your employees have gained expertise in deciphering which emails are legitimate and which can be dangerous. Today, if the email can mimic tone and appear 100% genuine, how are the employees going to know? It’s almost down to a coin flip in terms of odds. Furthermore, AI-driven ransomware can study the behavior of the security software on a system, identify patterns, and then either modify itself or choose th	Ransomware Malware Tool Threat	ChatGPT ChatGPT	★★
	2023-06-13 03:15:09	CVE-2023-32115 (lien direct)	Un attaquant peut exploiter MDS comparer l'outil et utiliser des entrées spécialement conçues pour lire et modifier les commandes de base de données, ce qui entraîne la récupération d'informations supplémentaires persistantes par le système. An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.	Tool
	2023-06-12 16:12:52	EBPFMon: un nouvel outil pour explorer et interagir avec les applications EBPF eBPFmon: A new tool for exploring and interacting with eBPF applications (lien direct)	EBPFMon est une application TUI open source qui aide les utilisateurs à comprendre, analyser et explorer les programmes EBPF intuitivement exécutés sur un système. eBPFmon is an open source TUI application that helps users intuitively understand, analyze, and explore eBPF programs running on a system.	Tool		★★
	2023-06-12 14:29:50	12 juin & # 8211;Rapport de renseignement sur les menaces 12th June – Threat Intelligence Report (lien direct)	> Pour les dernières découvertes de cyber-recherche pour la semaine du 12 juin, veuillez télécharger notre Bulletin Menace_Intelligence Top Attacks and Breach Cl0p Ransomware Gang a revendiqué la responsabilité d'une exploitation majeure d'un outil de transfert de fichiers géré & # 8211;Le gang a exploité la vulnérabilité d'injection SQL zéro-jour (CVE-2023-34362) qui a potentiellement exposé les données de centaines d'entreprises.[& # 8230;] >For the latest discoveries in cyber research for the week of 12th June, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Cl0p ransomware gang claimed responsibility for a major exploitation of a managed file transfer tool – The gang leveraged zero-day SQL injection vulnerability (CVE-2023-34362) that potentially exposed the data of hundreds of companies. […]	Ransomware Tool Vulnerability Threat		★★
	2023-06-12 10:00:00	Understanding AI risks and how to secure using Zero Trust (lien direct)	I. Introduction AI’s transformative power is reshaping business operations across numerous industries. Through Robotic Process Automation (RPA), AI is liberating human resources from the shackles of repetitive, rule-based tasks and directing their focus towards strategic, complex operations. Furthermore, AI and machine learning algorithms can decipher the huge sets of data at an unprecedented speed and accuracy, giving businesses insights that were once out of reach. For customer relations, AI serves as a personal touchpoint, enhancing engagement through personalized interactions. As advantageous as AI is to businesses, it also creates very unique security challenges. For example, adversarial attacks that subtly manipulate the input data of an AI model to make it behave abnormally, all while circumventing detection. Equally concerning is the phenomenon of data poisoning where attackers taint an AI model during its training phase by injecting misleading data, thereby corrupting its eventual outcomes. It is in this landscape that the Zero Trust security model of \'Trust Nothing, Verify Everything\', stakes its claim as a potent counter to AI-based threats. Zero Trust moves away from the traditional notion of a secure perimeter. Instead, it assumes that any device or user, regardless of their location within or outside the network, should be considered a threat. This shift in thinking demands strict access controls, comprehensive visibility, and continuous monitoring across the IT ecosystem. As AI technologies increase operational efficiency and decision-making, they can also become conduits for attacks if not properly secured. Cybercriminals are already trying to exploit AI systems via data poisoning and adversarial attacks making Zero Trust model\'s role in securing these systems is becomes even more important. II. Understanding AI threats Mitigating AI threats risks requires a comprehensive approach to AI security, including careful design and testing of AI models, robust data protection measures, continuous monitoring for suspicious activity, and the use of secure, reliable infrastructure. Businesses need to consider the following risks when implementing AI. Adversarial attacks: These attacks involve manipulating an AI model\'s input data to make the model behave in a way that the attacker desires, without triggering an alarm. For example, an attacker could manipulate a facial recognition system to misidentify an individual, allowing unauthorized access. Data poisoning: This type of attack involves introducing false or misleading data into an AI model during its training phase, with the aim of corrupting the model\'s outcomes. Since AI systems depend heavily on their training data, poisoned data can significantly impact their performance and reliability. Model theft and inversion attacks: Attackers might attempt to steal proprietary AI models or recreate them based on their outputs, a risk that’s particularly high for models provided as a service. Additionally, attackers can try to infer sensitive information from the outputs of an AI model, like learning about the individuals in a training dataset. AI-enhanced cyberattacks: AI can be used by malicious actors to automate and enhance their cyberattacks. This includes using AI to perform more sophisticated phishing attacks, automate the discovery of vulnerabilities, or conduct faster, more effective brute-force attacks. Lack of transparency (black box problem): It\'s often hard to understand how complex AI models make decisions. This lack of transparency can create a security risk as it might allow biased or malicious behavior to go undetected. Dependence on AI systems: As businesses increasingly rely on AI systems, any disruption to these systems can have serious consequences. This could occur due to technical issues, attacks on the AI system itself, or attacks on the underlying infrastructure. III. Th	Tool Threat	ChatGPT ChatGPT	★★
	2023-06-09 15:42:46	Trouver et exploiter les conducteurs de tueurs de processus avec LOL pour 3000 $ Finding and exploiting process killer drivers with LOL for 3000$ (lien direct)	Cet article décrit un moyen rapide de trouver des conducteurs de tueurs de processus exploitables faciles.Il existe de nombreuses façons d'identifier et d'exploiter les conducteurs de tueurs de processus.Cet article n'est pas exhaustif et ne présente qu'une seule méthode (facile). Dernièrement, l'utilisation de la technique BYOVD pour tuer les agents AV et EDR semble tendance.Le projet Blackout ZeromeMoryEx, l'outil Terminator vendu (pour 3000 $) de Spyboy en est quelques exemples récents. L'utilisation de conducteurs vulnérables pour tuer AV et EDR n'est pas neuf, il a été utilisé par APTS, Red Teamers et Ransomware Gangs depuis un certain temps. This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique to kill AV and EDR agents seems trending. The ZeroMemoryEx Blackout project, the Terminator tool sold (for 3000$) by spyboy are some recent examples. Using vulnerable drivers to kill AV and EDR is not brand new, it’s been used by APTs, Red Teamers, and ransomware gangs for quite some time.	Ransomware Tool Technical		★★★★
	2023-06-08 15:05:00	L'utilisation des médias sociaux comme outil pour partager les connaissances sur les risques de cybersécurité quotidiens Using social media as a tool to share knowledge on day-to-day Cybersecurity risks (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. When most people think about social media and cybersecurity, they typically think about hackers taking over Instagram accounts or Facebook Messenger scammers taking private information. It’s for good reason that this is top-of-mind. The Identity Theft Resource Center’s 2022 Consumer Impact Report revealed that social media account takeovers have grown by 1,000% in one year. Putting yourself out there on social media platforms opens up your personal information to cyber threats. However, social media can be used for good, rather than evil, when it comes to cybersecurity. Learn how to educate your social media following on everyday cybersecurity risks. Create Cybersecurity content relevant to your audience Not every company or content creator posting on social media is in the cybersecurity niche, not to mention any offshoots or umbrella niches like technology. Of course, if you do fall into a tech niche and have an audience that’s interested specifically in cybersecurity, you can certainly post on social media about the topic. However, virtually any industry could benefit from creating cybersecurity content. When planning quality content for your social pages, identify your content niche and determine what aspects of cybersecurity would be most beneficial and interesting to your audience. You can also capitalize on current trends on social media or in the news when designing an informational content campaign around cybersecurity. Let’s look at how cybersecurity topics can be approached from a variety of industry angles. B2B If you are a shared workspace company, for example, your followers are likely interested in ways to establish network security in a hybrid workplace. Followers of a hiring software company likely want to see how to hire more securely online. If your business caters to other businesses, you can create educational cybersecurity content to help them stay safe while using your services or otherwise doing things related to your product or services. Healthcare While creating content aimed at public services is different than B2B audiences, cybersecurity information is especially relevant. In a time when interest in virtual healthcare services is booming, patients and providers alike need to be aware of HIPAA laws. For instance, a social media post about the security risks and ethical concerns of doctors emailing and texting patients is an important and highly relevant topic. Education Like many healthcare practices have incorporated virtual visits, many schools have started providing virtual classes. If your business is in the education sphere at all, your followers would likely benefit from engaging content about keeping student information private in online classrooms. Lifestyle If your brand is in a lifestyle category, you may not think this has much to do with cybersecurity. However, think about the ways in which your followers engage with your brand. If you sell products on a website, make a social post about how to create a secure login for your site when purchasing to reduce the risk of data theft. Further, you can inform your consumers how you’re taking steps to securely process payments and handle customer information. This will instill trust in	Tool		★★
	2023-06-08 00:00:00	Hey yara, trouvez des vulnérabilités Hey Yara, find some vulnerabilities (lien direct)	Intro Intro Trouver des vulnérabilités dans le logiciel n'est pas une tâche facile en soi.Faire cela à l'échelle du cloud est très difficile à effectuer manuellement, et nous utilisons des outils pour nous aider à identifier les modèles ou les signatures de vulnérabilité.Yara est l'un de ces outils. Yara est un outil très populaire avec des équipes bleues, des chercheurs de logiciels malveillants et pour une bonne raison. Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware researchers, and for good reason.	Malware Tool Vulnerability Cloud		★★
	2023-06-07 19:46:11	Notre dernière intégration & # 8211;Mou Our latest integration – Slack (lien direct)	> Nous & # 8217; sommes heureux de partager que Intigriti s'intègre désormais à Slack, un meilleur outil de communication d'entreprise largement utilisé dans toutes les industries.Cette fonctionnalité permet de publier des mises à jour automatiques sur vos canaux Slack chaque fois que des événements spécifiés ont lieu.Cette amélioration rationalise votre flux de travail et augmente l'efficacité de votre processus de coordination de vulnérabilité. & # 160;Que pouvez-vous faire avec [& # 8230;] >We’re happy to share that Intigriti now integrates with Slack, a top business communication tool used widely across industries. This feature allows automatic updates to be posted to your Slack channels whenever specified events take place. This enhancement streamlines your workflow and increases the efficiency of your vulnerability coordination process. What can you do with […]	Tool Vulnerability		★★
	2023-06-07 11:59:00	Groupe de ransomwares émet un préavis d'extorsion à \\ 'des centaines de victimes Ransomware group Clop issues extortion notice to \\'hundreds\\' of victims (lien direct)	Potentially hundreds of companies globally are being extorted by the Clop ransomware group after it exploited a vulnerability in the file transfer tool MOVEit to break into computer networks around the world and steal sensitive information. Clop, which Microsoft warned on Sunday was behind the attempts to exploit MOVEit, published an extortion note on Wednesday Potentially hundreds of companies globally are being extorted by the Clop ransomware group after it exploited a vulnerability in the file transfer tool MOVEit to break into computer networks around the world and steal sensitive information. Clop, which Microsoft warned on Sunday was behind the attempts to exploit MOVEit, published an extortion note on Wednesday	Ransomware Tool Vulnerability		★★
	2023-06-06 19:15:12	CVE-2023-33959 (lien direct)	La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre peut amener les utilisateurs à vérifier le mauvais artefact.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leur bibliothèque Notation-Go en V1.0.0-RC.6 ou plus.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables. notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.	Tool
	2023-06-06 19:15:12	CVE-2023-33957 (lien direct)	La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre et ajouté un nombre élevé de signatures à un artefact peut provoquer un déni de service sur la machine, si un utilisateur exécute la commande Inspecter Notation sur la même machine.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leurs packages de notation vers V1.0.0-RC.6 ou plus.Il est conseillé aux utilisateurs de mettre à niveau.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables. notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.	Tool
	2023-06-06 19:15:12	CVE-2023-33958 (lien direct)	La notation est un outil CLI pour signer et vérifier les artefacts OCI et les images de conteneurs.Un attaquant qui a compromis un registre et ajouté un nombre élevé de signatures à un artefact peut provoquer le déni de service des services sur la machine, si un utilisateur exécute la commande Vérifier la même machine.Le problème a été résolu dans la version V1.0.0-RC.6.Les utilisateurs doivent mettre à niveau leurs packages de notation vers V1.0.0-RC.6 ou plus.Les utilisateurs incapables de mettre à niveau peuvent restreindre les registres des conteneurs à un ensemble de registres de conteneurs sécurisés et fiables. notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.	Tool
	2023-06-06 19:11:00	Anomali Cyber Watch: LemurLoot sur les transferts Moveit exploités, exploite iOS zéro-clic ciblée Kaspersky, Qakbot transforme les bots en proxys Anomali Cyber Watch: LEMURLOOT on Exploited MOVEit Transfers, Zero-Click iOS Exploit Targeted Kaspersky, Qakbot Turns Bots into Proxies (lien direct)	Les diverses histoires de l'intelligence de la menace dans cette itération de la cyber montre anomali discutent des sujets suivants: Adware, botnets, fuite de données, obscurcissement, phishing, vulnérabilités zéro-jour, et Exploits zéro cliquez en clic .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle. Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces vulnérabilité de la journée zéro dansTransfert Moveit exploité pour le vol de données (Publié: 2 juin 2023) Une vulnérabilité du zéro-day dans le logiciel de transfert de fichiers géré de transfert Moveit (CVE-2023-34362) a été annoncée par Progress Software Corporation le 31 mai 2023. Les chercheurs mandiants ont observé une large exploitation qui avait déjà commencé le 27 mai le 27 mai, 2023. Cette campagne opportuniste a affecté le Canada, l'Allemagne, l'Inde, l'Italie, le Pakistan, les États-Unis et d'autres pays.Les attaquants ont utilisé le shell Web LemurLoot personnalisé se faisant passer pour un composant légitime du transfert Moveit.Il est utilisé pour exfiltrater les données précédemment téléchargées par les utilisateurs de systèmes de transfert Moveit individuels.Cette activité d'acteur est surnommée UNC4857 et elle a une faible similitude de confiance avec l'extorsion de vol de données attribuée à FIN11 via le site de fuite de données de ransomware CL0P. Commentaire des analystes: L'agence américaine de sécurité de cybersécurité et d'infrastructure a ajouté le CVE-2023-34362 du CVE-2023-34362 à sa liste de vulnérabilités exploitées connues, ordonnant aux agences fédérales américaines de corriger leurs systèmes d'ici le 23 juin 2023.Progress Software Corporation STAPES RESTATIONS, notamment le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à la coque en ligne Lemurloot sont disponibles dans la plate-forme Anomali pour la détection et la référence historique. mitre att & amp; ck: [mitre att & amp; ck] t1587.003 - développer des capacités:Certificats numériques \| [mitre att & amp; ck] t1190 - exploiter la demande publique \| [mitre att & amp; ck] t1036 - masquée \| [mitre att & amp; ck] t1136 - créer un compte \| [mitre att & amp; ck] t1083 - Discovery de dossier et d'annuaire \| [mitre att & amp; ck] t1560.001 -Données collectées des archives: Archive via l'utilitaire Signatures: LEMURLOOT WEBSHELL DLL TARDS - YARA BY BYMandiant \| scénarisation de la webshell lemurloot ASP.net - yara par mandiant \| Moveit Exploitation - Yara par Florian Roth . Tags: Malware: LemurLoot,	Ransomware Malware Tool Vulnerability Threat		★★
	2023-06-06 17:05:00	Trois vulnérabilités découvertes dans Game Dev Tool RenderDoc Three Vulnerabilities Discovered in Game Dev Tool RenderDoc (lien direct)	Qualys a identifié une instance d'escalade de privilèges et deux débordements de tampons basés sur un tas Qualys identified one instance of privilege escalation and two heap-based buffer overflows	Tool		★★
	2023-06-06 16:55:00	Université de Rochester, Nouvelle-Écosse, premières victimes de déménagement connues en Amérique du Nord University of Rochester, Nova Scotia first known MoveIT victims in North America (lien direct)	Le gouvernement de la Nouvelle-Écosse et l'Université de Rochester sont les premières organisations en Amérique du Nord à confirmer le vol de données à la suite de l'exploitation d'une nouvelle vulnérabilité affectant le déplacement de l'outil de transfert de fichiers populaire.Dimanche, le gouvernement de la Nouvelle-Écosse, une petite province de l'est du Canada, a averti que les informations personnelles The government of Nova Scotia and the University of Rochester are the first organizations in North America to confirm data theft as a result of the exploitation of a new vulnerability affecting popular file transfer tool MOVEit. On Sunday, the government of Nova Scotia, a small province in eastern Canada, warned that the personal information	Tool Vulnerability		★★
	2023-06-06 13:00:00	Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct)	CyberheistNews Vol 13 #23 \| June 6th, 2023 [Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks). A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly. This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches." Let that sink in for a moment. What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks. [CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports NEW! KnowBe4	Ransomware Malware Hack Tool Threat		★★
	2023-06-06 09:10:00	Kaspersky libère l'outil pour détecter les attaques iOS zéro cliquez sur zéro Kaspersky Releases Tool to Detect Zero-Click iOS Attacks (lien direct)	Les retombées de l'opération Triangulation continue Fallout from Operation Triangulation continues	Tool		★★★
	2023-06-05 21:15:10	CVE-2022-4569 (lien direct)	Une vulnérabilité locale d'escalade des privilèges dans l'outil HYBRID USB-C hybride ThinkPad avec USB-A Dock Firmware Update pourrait permettre à un attaquant avec un accès local pour exécuter du code avec des privilèges élevés pendant la mise à niveau ou l'installation du package. A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.	Tool Vulnerability
	2023-06-05 13:58:29	Nouvel outil scanne iPhones pour \\ 'triangulation \\' Infection des logiciels malveillants New tool scans iPhones for \\'Triangulation\\' malware infection (lien direct)	La société de cybersécurité Kaspersky a publié un outil pour détecter si les iPhones Apple et autres appareils iOS sont infectés par une nouvelle \\ 'triangulation \' malware.[...] Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new \'Triangulation\' malware. [...]	Malware Tool		★★
	2023-06-05 10:00:00	Trois façons dont l'agro-industrie peut protéger les actifs vitaux des cyberattaques Three ways agribusinesses can protect vital assets from cyberattacks (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened. A surge of cyberattacks in recent years, disrupting operations, causing economic losses, and threatening food industry security- all underscore this escalating concern. In April 2023, hackers targeted irrigation systems and wastewater treatment plants in Israel. The attack was part of an annual "hacktivist" campaign, and it temporarily disabled automated irrigation systems on about a dozen farms in the Jordan Valley. The attack also disrupted wastewater treatment processes at the Galil Sewage Corporation. In addition, in June 2022, six grain cooperatives in the US were hit by a ransomware attack during the fall harvest, disrupting their seed and fertilizer supplies. Adding to this growing list, a leading US agriculture firm also fell victim to a cyberattack the same year, which affected operations at several of its production facilities. These incidents highlight the pressing need for improved cybersecurity in the agricultural sector and underscore the challenges and risks this sector faces compared to others. As outlined in a study, “Various technologies are integrated into one product to perform specific agricultural tasks.” An example provided is that of an irrigation system which "has smart sensors/actuators, communication protocols, software, traditional networking devices, and human interaction." The study further elaborates that these complex systems are often outsourced from diverse vendors for many kinds of environments and applications. This complexity “increases the attack surface, and cyber-criminals can exploit vulnerabilities to compromise one or other parts of the agricultural application.” However, the situation is far from hopeless. By taking decisive action, we can significantly strengthen cybersecurity in the agricultural sector. Here are three strategies that pave the way toward a more secure future for the farming industry: 1. Strengthening password practices Weak or default passwords are an easily avoidable security risk that can expose vital assets in the agricultural sector to cyber threats. Arguably, even now, people have poor habits when it comes to password security. As per the findings of a survey conducted by GoodFirms: A significant percentage of people - 62.9%, to be exact - update their passwords only when prompted. 45.7% of people admitted to using the same password across multiple platforms or applications. More than half of the people had shared their passwords with others, such as colleagues, friends, or family members, raising the risk of unauthorized access. A surprising 35.7% of respondents reported keeping a physical record of their passwords on paper, sticky notes, or in planners. These lax password practices have had tangible negative impacts, with 30% of users experiencing security breaches attributable to weak passwords. Hackers can use various methods, such as brute force attacks or phishing attacks, to guess or obtain weak passwords and access sensitive inf	Ransomware Tool Vulnerability Patching		★★
	2023-06-02 20:09:55	CrowdStrike améliore Falcon Discover pour réduire la surface d'attaque, rationaliser les opérations et réduire les coûts CrowdStrike Enhances Falcon Discover to Reduce the Attack Surface, Streamline Operations and Lower Costs (lien direct)	Crowdsstrike Falcon & Reg;Discover offre une visibilité approfondie des actifs sans matériel à déployer ou à gérer, offrant un contexte précieux pour tous vos actifs.Pour les équipes et les équipes de sécurité, Falcon Discover est un outil puissant pour arrêter les violations.La majorité des clients Crowdsstrike utilisent déjà Falcon Discover pour améliorer leur posture informatique et de sécurité.Continuer [& # 8230;] CrowdStrike Falcon® Discover delivers deep asset visibility with no hardware to deploy or manage, providing valuable context for all of your assets. For IT and security teams alike, Falcon Discover is a powerful tool to stop breaches. The majority of CrowdStrike customers already use Falcon Discover to improve their IT and security posture. To continue […]	Tool		★★
	2023-06-02 18:23:00	Le botnet brésilien cible les espagnols à travers les Amériques, dit Cisco Brazil-based botnet targets Spanish-speakers across Americas, Cisco says (lien direct)	Les pirates soupçonnés de vivre au Brésil utilisent un botnet non identifié auparavant appelé à cibler les boîtes de réception par e-mail des espagnols à travers les Amériques.Des chercheurs de l'équipe de sécurité de Talos de Cisco \\ ont déclaré que le botnet, appelé «Horabot», livre un outil de chevaux de Troie et de spam bancaire sur une campagne qui se déroule depuis Hackers suspected to be living in Brazil are using a previously unidentified botnet called to target the email inboxes of Spanish speakers across the Americas. Researchers from Cisco\'s Talos security team said the botnet, called “Horabot,” delivers a banking trojan and spam tool onto victim machines in a campaign that has been running since at	Spam Tool		★★
	2023-06-02 13:50:00	Comment les CISO peuvent gérer l'intersection de la sécurité, de la vie privée et de la confiance How CISOs Can Manage the Intersection of Security, Privacy, And Trust (lien direct)	Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy. Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy.	Tool		★★
	2023-06-01 18:42:00	Comment réduire l'étalement de l'outil de sécurité dans mon environnement? How Do I Reduce Security Tool Sprawl in My Environment? (lien direct)	En ce qui concerne la consolidation des outils, concentrez-vous sur les plates-formes sur les produits. When it comes to tool consolidation, focus on platforms over products.	Tool		★★
	2023-06-01 17:17:00	Les experts mettent en garde contre l'exploitation des outils de transfert Moveit à l'aide de bogue zéro-jour Experts warn of MOVEit Transfer tool exploitation using zero-day bug (lien direct)	Les pirates exploitent une nouvelle vulnérabilité zéro-jour affectant un outil de transfert de fichiers populaire utilisé par des milliers de grandes entreprises. BleepingCompuller Pour signaler que les pirates exploitaient la vulnérabilité affectant le logiciel Moveit, et la société de sécurité Rapid7 a déclaré qu'elle voyait également l'exploitation du bogue «dans plusieurs environnements clients».L'outil a été créé par Hackers are exploiting a new zero-day vulnerability affecting a popular file transfer tool used by thousands of major companies. BleepingComputer was first to report that hackers were exploiting the vulnerability affecting MOVEit software, and security company Rapid7 said it is also seeing exploitation of the bug “across multiple customer environments.” The tool was created by	Tool Vulnerability		★★★
	2023-05-31 19:15:16	CVE-2022-35743 (lien direct)	Microsoft Windows Prise en charge de l'outil de diagnostic (MSDT) Vulnérabilité d'exécution de code distant Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Tool Vulnerability
	2023-05-31 18:15:09	CVE-2023-33967 (lien direct)	Easeprobe est un outil qui peut effectuer la vérification de la santé / de l'état.Un problème d'injection SQL a été découvert dans Easéprobe avant 2.1.0 lors de l'utilisation de la vérification des données MySQL / PostgreSQL.Ce problème a été résolu dans la v2.1.0. EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.	Tool
	2023-05-31 17:19:00	Anomali Cyber Watch: Shadow Force cible les serveurs coréens, Volt Typhoon abuse des outils intégrés, Cosmicenergy Tests Electric Distribution Perturbation Anomali Cyber Watch: Shadow Force Targets Korean Servers, Volt Typhoon Abuses Built-in Tools, CosmicEnergy Tests Electric Distribution Disruption (lien direct)	Les différentes histoires de l'intelligence des menaces dans cette itération de la cyber-montre anomali discutent des sujets suivants: Chine, chargement de DLL, vivant de la terre, technologie opérationnelle, ransomware, et Russie .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle. Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces shadowVictiticoor et Coinmin de Force Group \\ (Publié: 27 mai 2023) Force Shadow est une menace qui cible les organisations sud-coréennes depuis 2013. Il cible principalement les serveurs Windows.Les chercheurs d'AHNLAB ont analysé l'activité du groupe en 2020-2022.Les activités de force fantôme sont relativement faciles à détecter car les acteurs ont tendance à réutiliser les mêmes noms de fichiers pour leurs logiciels malveillants.Dans le même temps, le groupe a évolué: après mars, ses fichiers dépassent souvent 10 Mo en raison de l'emballage binaire.Les acteurs ont également commencé à introduire divers mineurs de crypto-monnaie et une nouvelle porte dérobée surnommée Viticdoor. Commentaire de l'analyste: Les organisations doivent garder leurs serveurs à jour et correctement configurés avec la sécurité à l'esprit.Une utilisation et une surchauffe du processeur inhabituellement élevées peuvent être un signe du détournement de ressources malveillantes pour l'exploitation de la crypto-monnaie.Les indicateurs basés sur le réseau et l'hôte associés à la force fantôme sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquer sur leur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1588.003 - obtenir des capacités:Certificats de signature de code \| [mitre att & amp; ck] t1105 - transfert d'outils d'entrée \| [mitre att & amp; ck] t1027.002 - fichiers ou informations obscurcies: emballage logiciel \| [mitre att & amp; ck] t1569.002: exécution du service \| [mitre att & amp; ck] T1059.003 - Commande et script Interpréteur: Windows Command Shell \| [mitre att & amp; ck] T1547.001 - Exécution de botter ou de connexion automatique: Registre Run Keys / Startup Folder \| [mitre att & amp; ck] t1546.008 - Événement Exécution déclenchée: caractéristiques de l'accessibilité \| [mitre att & amp; ck] t1543.003 - créer ou modifier le processus système: service Windows \| [mitre att & amp; ck] t1554 - compromis le logiciel client binaire \| [mitreAtt & amp; ck] t1078.001 - Comptes valides: comptes par défaut \| [mitre att & amp; ck] t1140 - désobfuscate / décode ou infor	Ransomware Malware Tool Vulnerability Threat	APT 38 Guam CosmicEnergy	★★
	2023-05-31 13:00:00	Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct)	CyberheistNews Vol 13 #22 \| May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.	Ransomware Malware Hack Tool Threat Conference	Uber ChatGPT ChatGPT Guam	★★
	2023-05-30 22:00:00	Rat Seroxen à vendre SeroXen RAT for sale (lien direct)	This blog was jointly written with Alejandro Prada and Ofer Caspi. Executive summary SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible. Key takeaways: SeroXen is a fileless RAT, performing well at evading detections on static and dynamic analysis. The malware combines several open-source projects to improve its capabilities. It is a combination of Quasar RAT, r77-rootkit and the command line NirCmd. Hundreds of samples have shown up since its creation, being most popular in the gaming community. It is only a matter of time before it is used to target companies instead of individual users. Analysis Quasar RAT is a legitimate open-source remote administration tool. It is offered on github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day. In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website. Figure 1. SeroXen features announced on its website. This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool. In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal. After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT. The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th	Malware Tool Threat	Uber APT 10	★★
	2023-05-30 20:30:00	Le fait de renouveler l'article 702 \\ 'aura des coûts importants pour la diplomatie américaine, \\' le haut responsable de l'État dit Failing to renew Section 702 \\'will have significant costs for US diplomacy,\\' top State official says (lien direct)	Les efforts diplomatiques américains à travers le monde en souffriraient si le Congrès ne renouvelle pas un outil de surveillance étrangers avant qu'il ne s'allume à la fin de l'année civile, a averti le chef de la succursale du renseignement du Département d'État \\.«Ne vous y trompez pas, l'avenir sans 702, ou un programme 702 beaucoup diminué, aura des coûts importants pour U.S. diplomatic efforts around the globe would suffer if Congress fails to renew a foreign surveillance tool before it lapses at the end of the calendar year, the head of the State Department\'s intelligence branch warned Tuesday. “Make no mistake, the future without 702, or a much diminished 702 program, will have significant costs for	Tool		★★
	2023-05-30 19:55:01	Écoutez ces enregistrements: Deepfake Social Engineering Scams effraye les victimes Listen to These Recordings: Deepfake Social Engineering Scams Are Scaring Victims (lien direct)	> Deepfake Social Engineering Les escroqueries sont devenues une tendance de plus en plus effrayante parmi les cybercriminels à l'ingénierie socialement des victimes de la soumission.Les acteurs de la menace utilisent l'intelligence artificielle (AI) et les outils de clonage vocal d'apprentissage automatique (ML) pour disperser la désinformation pour les escroqueries cybercrimins.Cela ne prend pas beaucoup pour un enregistrement audio d'une voix & # 8211;seulement environ 10 à [& # 8230;] Le post écoutez ces enregistrements: Deepfake Social Engineering Scams effraye les victimes href = "https://slashnext.com"> slashnext . >Deepfake social engineering scams have become an increasingly scary trend among cybercriminals to socially engineer victims into submission. The threat actors are using Artificial Intelligence (AI) and Machine Learning (ML) voice cloning tools to disperse misinformation for cybercriminal scams. It doesn\'t take much for an audio recording of a voice – only about 10 to […] The post Listen to These Recordings: Deepfake Social Engineering Scams Are Scaring Victims first appeared on SlashNext.	Tool Threat Prediction		★★★
	2023-05-30 17:00:00	Attaques non détectées contre les cibles du Moyen-Orient menées depuis 2020 Undetected Attacks Against Middle East Targets Conducted Since 2020 (lien direct)	Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that\'s been in the wild since 2020. Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that\'s been in the wild since 2020.	Tool		★★
	2023-05-30 10:00:00	Introduction à l'objectif de la passerelle AWS Transit Introduction to the purpose of AWS Transit Gateway (lien direct)	Introduction Today you look at the Global/Multi-site Enterprise Security Architecture of an organization and see a myriad of concerns. Increased levels of complexity, difficulties managing multiple third parties, difficulties implementing consistent levels of security, and so on. This makes it imperative for organizations to identify opportunities to simplify, streamline, and generally improve their infrastructure wherever possible. Managing the level of complexity is becoming increasingly difficult. Security may be partially implemented, which is an ongoing challenging issue. Terminology AWS Region - a physical location around the world where we cluster data centers. AWS Availability Zone (AZ) - is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AWS Services - AWS offers a broad set of global cloud-based products, including compute, storage, database, analytics, networking, machine learning and AI, mobile, developer tools, IoT, security, enterprise applications, and more. AWS Transit Gateway (TGW) - A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure. Global/Multi-Site Enterprise Architecture Many organizations are using Global/Multi-site with dated technology spread throughout data centers and networks mixed in with some newer technologies. This can include uncounted third parties as well. These sites often include multiple environments (like Dev, QA, Pre-Prod, and Prod) supported by numerous technologies spread across both physical and virtual servers, including databases, web, and application servers, and more. Modifications can be challenging when integrating legacy with new technologies. Sometimes can require a static approach when completely redesigning existing infrastructure. Understandably, most organizations tend to shy away from exploring anything that seems like a significant upgrade or change. Thankfully there are some solutions available that can substantially improve operations and infrastructure without the typical complexities and implementation challenges. One such example is outlined below. Example AWS Transit Gateway (TGW) Global Diagram AWS Transit Gateway diagram AWS Transit Gateway is a cloud-based tool that permits a simplified, secure networking approach for companies requiring a hybrid solution that can scale according to their global/multi-site enterprise business needs. The AWS Transit Gateway integrates with Palo Alto Security Devices, which helps to reduce the organization’s risk footprint. AWS Transit Gateway architecture is used to consolidate site-to-site VPN connections from your on-premises network to your AWS environment and support connectivity between your team development and workload hosting VPCs and your infrastructure shared services VPC. This information will help you make a more informed decision as you consider the recommended approach of using AWS Transit Gateway. AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. As you expand globally, inter-region peering connects AWS Transit Gateways together using the AWS global network. Your data is secured automatically and encrypted; it never travels over the public internet, only on the AWS Global Network. Because of its central position, AWS Transit Gateway Network Manager has a unique view over your entire n	Tool Threat Cloud		★★
	2023-05-30 06:16:36	CVE-2023-33186 (lien direct)	Zulip est un outil de collaboration d'équipe open source avec un threading unique basé sur un sujet qui combine le meilleur e-mail et le chat pour rendre le travail à distance productif et délicieux.La branche de développement principale du serveur Zulip à partir du 2 mai 2023 et plus tard, y compris les versions bêta 7.0-bêta1 et 7.0-beta2, est vulnérable à une vulnérabilité de script de site transversale dans les infractions sur le flux de messages.Un attaquant qui peut envoyer des messages pourrait élaborer avec malveillance un sujet pour le message, de sorte qu'une victime qui oscille l'influence pour ce sujet dans leur flux de messages déclenche l'exécution du code JavaScript contrôlé par l'attaquant. Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.	Tool Vulnerability
	2023-05-30 05:15:12	CVE-2023-33198 (lien direct)	TGStation-Server est un outil d'échelle de production pour Byond Server Management.Le cache de canal de chat Dreammaker API (DMAPI) peut éventuellement être empoisonné par un redémarrage et un relais Tgstation-Server (TGS).Cela peut entraîner l'envoi de messages de chat à l'un des canaux IRC ou Discord configurés pour l'instance sur les robots de chat activés.Cela dure jusqu'à ce que les canaux de chat de l'instance \\ soient mis à jour dans TGS ou DreamDaemon est redémarré.Les commandes de chat TGS ne sont pas affectées, personnalisées ou autrement. tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\'s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.	Tool

Last update at: 2024-06-16 09:10:46
See our sources.

To see everything: Our RSS (filtrered)