What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-10 09:20:00 | The Fresh Phish Market: Dans les coulisses de la plate-forme de la caféine en tant que service The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform (lien direct) |
Tout en étudiant l'activité de phishing ciblant mandiant La défense gérée Les clients en mars 2022, les analystes de défense gérés ont découvert des acteurs malveillants utilisant une plate-forme de phishing-as-a-service (PHAAS) partagée appelée «caféine».Cette plate-forme a une interface intuitive et a un coût relativement faible tout en fournissant une multitude de fonctionnalités et d'outils à ses clients criminels pour orchestrer et automatiser les éléments de base de leurs campagnes de phishing.Ces caractéristiques incluent (sans s'y limiter) les mécanismes de libre-service pour élaborer des kits de phishing personnalisés, gérer les pages de redirection intermédiaire et final
While investigating phishing activity targeting Mandiant Managed Defense customers in March 2022, Managed Defense analysts discovered malicious actors using a shared Phishing-as-a-Service (PhaaS) platform called “Caffeine”. This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns. These features include (but are not limited to) self-service mechanisms to craft customized phishing kits, manage intermediary redirect pages and final |
Tool | ★★★★ | |
 |
2022-10-07 18:34:00 | The essentials of GRC and cybersecurity - How they empower each other (lien direct) | Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the | Tool | ||
 |
2022-10-07 15:30:04 | CISA Adds CVE-2022-36804 to the Known Exploited Vulnerabilities Catalog (lien direct) | FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) recently added CVE-2022-36804 (Atlassian Bitbucket Server and Data Center Command Injection Vulnerability) to their Known Exploited Vulnerabilities catalog. The catalog list vulnerabilities that are being actively exploited in the wild and require federal agencies to apply patches by the due date. Successfully exploiting CVE-2022-36804 allows an attacker to execute arbitrary commands.Why is this Significant?This is significant because the vulnerability is in widely used Bitbucket Server and Data Center and is being actively exploited in the wild. Successful exploitation allows a remote attacker to execute arbitrary commands.The vulnerability is rated Critical by Atlassian, has a CVSS score of 9.9, and attack complexity is listed as low.What is Bitbucket?Bitbucket is a widely used repository management and collaboration tool that provides a code storage location for developers and enables them to manage, track and control their code.When was CVE-2022-36804 Discovered?The vulnerability was disclosed by Atlassian on August 24, 2022.What is CVE-2022-36804?CVE-2022-36804 is a critical command injection vulnerability that affects Atlassian's Bitbucket Server and Data Center. Successful exploitation of the vulnerability allows an attacker that has access to a publicly repository or has read access to a private repository to run arbitrary commands.What Version of Bitbucket Server and Datacenter does the Vulnerability Affect?The vulnerability affects the following versions of Bitbucket Server and Datacenter:7.6 prior to 7.6.177.17.0 prior to 7.17.107.21 prior to 7.21.48.0 prior to 8.0.38.1 prior to 8.1.38.2 prior to 8.2.28.3 prior to 8.3.1Has the Vendor Released an Advisory?Yes, Atlassian released an advisory on August 24, 2022.Has the Vendor Released a Patch for CVE-2022-36804?Yes, Atlassian released fixed versions on August 21, 2022.What is the Status of Protection?FortiGuard Labs has the following IPS protection in place for CVE-2022-36804:Atlassian.Bitbucket.Server.CVE-2022-36804.Command.InjectionAny Suggested Mitigation?Atlassian provided the mitigation information in the advisory. For details, see the Appendix for a link to "Bitbucket Server and Data Center Advisory 2022-08-24". | Tool Vulnerability | ||
 |
2022-10-07 10:00:00 | Ransomware - undeniably top of mind (lien direct) | A brief walk down memory lane: Ransomware is not a new threat Ransomware’s first documented attack was relatively rudimentary. It was delivered via floppy disk containing a malware program in 1989 that told its victims to pay $189 in ransom to a PO Box in Panama. Today ransomware criminals are significantly more sophisticated, thanks to advances in cyber methods and cryptocurrencies. Not all Ransomware is created equally. Like all malware, malicious codes vary in sophistication and modularity. As such, not all ransomware codes are made the same. While some are ordinary and even obtained freely on open-source platforms and forums, others are highly sophisticated and operated exclusively by elite cybercrime syndicates. How do we prepare for a ransomware incident? Overcoming a ransomware incident is all about preparation while responding with uncertainty identifies the lack of an effective plan. Today’s media coverage is mainly focused on how Ransomware affects people. Unless you are in the cybersecurity profession or aspiring to be, you may be unaware that Ransomware is no different than other malicious software. The same cybersecurity tools and processes to protect systems from trivial malware like crypto miners are the same for Ransomware. The media is not covering stories about malicious software performing cryptocurrency mining operations as an end-user because the only thing stolen by malicious crypto mining software is processor time. Align to a model, describe, and communicate A good plan must be easy to communicate and measure, and there are several organizations that offer helpful frameworks and recommendations such as NIST and CISA. As you analyze what is best for your organization, consider the ever-changing threat landscape and how you plan to adjust. The following model offers an agile approach to reducing the risk of a ransomware incident: Assess – identify gaps including people, process, and technology (where are we today?) Plan – take action to address gaps (enable measurement) Practice – test people, process, and technology (phishing, social engineering) Measure – how are we doing? identify remaining gaps Adjust – close remaining gaps Testing is a critical to step to confirming technology, people, and process work cohesively, yet is often overlooked. As you establish your plan, emphasize testing and measurements to ensure the desired outcomes are being obtained. Communicate with key stakeholders and align to promote a culture of awareness. The elephant in the room: To pay or not to pay: All businesses need to be prepared for “if, not when.” Cyber criminals exploit vulnerabilities, not always a specific business. The average time to dwell is closing in on 300 days. Once exploited, a malicious actor can work their way to financial information. If financial information is known, the ransom is set at our below an expected threshold. This is critical for small and medium businesses due to limited resources and ownership having extreme emotional ties to the firm. Malicious actors strike on the emotional vulnerability and negotiate payment based on known financials. Establishing a plan is critical to reducing the risk of emotion driving the decision to pay. Paying a ransom is a business financial decision, like converting cash to crypto on your balance sheet. It can also be considered illegal and not an option as you effectively support terrorism. Outside of legal issues, something to consider: How much data entry must be inputted to offset from the last backup? Is this possible/feasible? Often this amount exceeds the ransom demand. What assuran | Ransomware Malware Tool Vulnerability Threat Guideline | ||
 |
2022-10-06 10:34:00 | BrandPost: Overcoming Cybersecurity Implementation Challenges (lien direct) | Cybersecurity has long been one of the most complex landscapes an organization must navigate; with each new threat or vulnerability, complexity continues to grow. This is especially true for organizations that have traditionally taken a point product approach to their security because implementing new security measures properly and reliably takes time and expertise. Today, as more businesses look to digitize their services, dealing with these cybersecurity challenges is no longer optional.Every new tool must be installed, tested, and validated, and then people must be trained to leverage them well. On average, organizations are adopting dozens of different products, services, and tools for their cybersecurity. So, finding ways to make implementing cybersecurity smoother, faster, and more efficient has become a key goal for cybersecurity professionals. As businesses plan for a post-pandemic and digitally accelerated era, many CISOs across multiple industries strive for simplicity and focus on reducing their security vendor blueprint as part of their annual KPIs. Implementation, in particular, has always been an important consideration for successful cybersecurity programs because of the time, expense, personnel, and expertise often required not only to implement individual point products but to stitch them together in order to avoid security gaps while also eliminating redundancies. In the event of a serious incident, security operations center (SOC) analysts typically confess to switching between multiple vendor consoles and event types in order to decipher alerts. Organizations and teams need a better approach, so they're not either continually exposed or overworked from the alerts created by overlap.To read this article in full, please click here | Tool Threat | ||
|
2022-10-06 05:00:00 | Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan (lien direct) | Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane's support team.Breached employee credentials on dark web pose significant threat to businesses In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials.To read this article in full, please click here | Tool Threat | ★★★ | |
 |
2022-10-06 00:00:00 | Cinq fonctionnalités SonarCloud pour les développeurs qui veulent du code propre Five SonarCloud features for developers that want Clean Code (lien direct) |
Que vous travailliez sur un nouveau projet ou existant, vous pourriez considérer le code propre comme un idéal, quelque part loin hors de portée.Soit \\ passer plus de 5 fonctionnalités clés qui font de SonarCloud l'outil parfait pour les développeurs et les équipes de développement afin de livrer du code propre de manière cohérente et efficace, sans perturber le flux de travail de développement existant.
Whether you\'re working on a new project or an existing one, you might think of Clean Code as an ideal, somewhere far out of reach. Let\'s go over 5 key features that make SonarCloud the perfect tool for developers and development teams to deliver Clean Code consistently and efficiently, without disrupting the existing development workflow. |
Tool Tool | ★★★ | |
|
2022-10-05 12:15:00 | North Korea\'s Lazarus group uses vulnerable Dell driver to blind security solutions (lien direct) | The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. This is a prime example of why it's important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists.“The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here | Tool Vulnerability | APT 38 | |
 |
2022-10-04 18:08:00 | Anomali Cyber Watch: Canceling Subscription Installs Royal Ransomware, Lazarus Covinces to SSH to Its Servers, Polyglot File Executed Itself as a Different File Type, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: DLL side-loading, Influence operations, Infostealers, North Korea, Ransomware, Russia, and Social engineering. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New Royal Ransomware Emerges in Multi-Million Dollar Attacks
(published: September 29, 2022)
AdvIntel and BleepingComputer researchers describe the Royal ransomware group. Several experienced ransomware actors formed this group in January 2022. It started with third-party encryptors such as BlackCat, switched to using its own custom Zeon ransomware, and, since the middle of September 2022, the Royal ransomware. Royal group utilizes targeted callback phishing attacks. Its phishing emails impersonating food delivery and software providers contained phone numbers to cancel the alleged subscription (after the alleged end of a free trial). If an employee calls the number, Royal uses social engineering to convince the victim to install a remote access tool, which is used to gain initial access to the corporate network.
Analyst Comment: Use services such as Anomali's Premium Digital Risk Protection to detect the abuse of your brands in typosquatting and phishing attacks. Organizations should include callback phishing attacks awareness into their anti-phishing training.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Phishing - T1566
Tags: actor:Royal, detection:Zeon, detection:Royal, malware-type:Ransomware, detection:BlackCat, detection:Cobalt Strike, Callback phishing attacks, Spearphishing, Social Engineering
ZINC Weaponizing Open-Source Software
(published: September 29, 2022)
Microsoft researchers described recent developments in Lazarus Group (ZINC) campaigns that start from social engineering conversations on LinkedIn. Since June 2022, Lazarus was able to trojanize several open-source tools (KiTTY, muPDF/Subliminal Recording software installer, PuTTY, TightVNC, and Sumatra PDF Reader). When a target extracts the trojanized tool from the ISO file and installs it, Lazarus is able to deliver their custom malware such as EventHorizon and ZetaNile. In many cases, the final payload was not delivered unless the target manually established an SSH connection to an attacker-controlled IP address provided in the attached ReadMe.txt file.
Analyst Comment: All known indicators connected to this recent Lazarus Group campaign are available in the Anomali platform and customers are advised to block these on their infrastructure. Researchers should monitor for the additional User Execution step required for payload delivery. Defense contractors should be aware of advanced social engineering efforts abusing LinkedIn and other means of establishing trusted communication.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Scheduled Task - T1053 | |
Ransomware Malware Tool Threat Medical | APT 38 | |
 |
2022-10-04 17:37:47 | What\'s the Meaning of VPN? VPN Defined (lien direct) | >A virtual private network (VPN) is a tool that enables users to protect their privacy while using an internet connection.... | Tool | ||
 |
2022-10-03 06:40:23 | Reflected XSS bugs in Canon Medical \'s Vitrea View could expose patient info (lien direct) | >Trustwave researchers discovered two XSS flaws in Canon Medical 's Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs' researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical's Vitrea View. The Vitrea View tool allows viewing and securely share medical images through […] | Tool | ||
 |
2022-09-29 17:00:00 | Researchers Discover Chaos, a Golang Multipurpose Botnet (lien direct) | The tool was written in Chinese and seemed China-based due to its C2 infrastructure | Tool | ||
 |
2022-09-29 13:37:18 | XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data (lien direct) | Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data. | Tool | ||
|
2022-09-29 09:54:56 | A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums (lien direct) | >The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. The availability of the cracked version of the tool was first reported by the cybersecurity researcher Will […] | Tool Threat | ||
 |
2022-09-29 06:53:47 | PNG Analysis, (Thu, Sep 29th) (lien direct) | I updated my tool pngdump.py to deal with all the different samples tagged with PNG on MalwareBazaar. | Tool | ||
|
2022-09-28 18:22:41 | BlackCat Uses Updated Infostealer Tools with File Corruption Capability (lien direct) | FortiGuard Labs is aware of a report the infamous BlackCat ransomware group has updated their infostealer tools. Dubbed Exmatter and Eamfo, the former is a data exfiltration tool which a newer version has a code for file corruption and the latter is a credential lifter for Veeam, which is backup software.Why is this Significant?This is significant because Blackcat is one of the active Ransomware-as-a-Service (RaaS) providers and their newly updated data exfiltration tool "Exmatter" is now capable of making processed files unusable.What is BlackCat?BlackCat, (also known as ALPHV and Noberus), is a relatively new Ransomware-as-a-Service (RaaS) and a ransomware variant with the same name. As a RaaS provider, it develops and offers various tools including ransomware, and recruits affiliates for corporate intrusions, encrypting files on the victim's network and stealing confidential files from it for financial gain. BlackCat ransomware is written in the Rust programming language.FortiGuard Labs previously released Threat Signal on Blackcat. See the Appendix for a link to "Meet Blackcat: New Ransomware Written in Rust on the Block". What is Exmatter?According to security vendor Symantec, Exmatter is a data exfiltration tool that was previously used by a BlackMatter ransomware affiliate. The tool is designed to steal various Microsoft Office files (Word, Excel and PowerPoint) as well as image, email and archive files. It supports FTP, SFTP and WebDav for file transfer of exfiltrated information. The newer version has code to corrupt files.What is Eamfo?Eamfo is a tool to steal credentials from Veeam backup software.What is the Status of Protection?FortiGuard Labs detects reported Exmatter and Eamfo tools with the following AV signatures:MSIL/Agent.DRB!trMSIL/Agent.DRB!tr.spyMSIL/Agent.7AAD!trW32/Crypt!trW32/PossibleThreatPossibleThreatPossibleThreat.PALLAS.HFortiGuard Labs has the following AV protection in place for known BlackCat ransomware:W32/Filecoder_BlackCat.A!tr.ransomW32/Ransom_Win32_BLACKCAT.YNCHH!tr.ransomW32/Ransom_Win32_BLACKCAT.YXCDU!tr.ransomW32/BlackCat.26B0!tr | Ransomware Tool Threat | ||
 |
2022-09-28 17:00:07 | Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web (lien direct) | Beware what could be hiding in those LNK shortcuts A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.… | Malware Tool | ||
|
2022-09-28 10:00:00 | Stories from the SOC - C2 over port 22 (lien direct) | Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.
Executive summary
The Mirai botnet is infamous for the impact and the everlasting effect it has had on the world. Since the inception and discovery of this malware in 2016, to present day and all the permutations that have spawned as a result, cybersecurity professionals have been keeping a keen eye on this form of Command and Control (C2 or CnC) malware and associated addresses. The botnet malware utilizes malicious IP addresses that serve as intermediaries between compromised hosts and the central command server, which can use a wide range of Technique’s, Tactics, and Procedures (TTP’s) to deliver a payload in line with the malicious actor's goals.
Recently, one of these malicious IP addresses reached out to an asset in an organization over port 22 and created an unmitigated Secure Shell (SSH) session to the company's file server, a breach that was mitigated by the security best practices of this company preventing any follow up or lateral movement in the environment. This breach ultimately resulted in the IP getting blocklisted and stopped due to a healthy security posture that prevented malicious pivoting or exploitation.
Investigation
Initial alarm review
Indicators of Compromise (IOC)
The alarm initially came in due to an inbound connection from a known malicious IP as reported by the Open Threat Exchange (OTX) pulse related to Mirai botnet activity. OTX is open source threat sharing platform that contains a wide variety of Indicators of Compromise (IOC’s) that leverage user submitted data and the collective cybersecurity world to form an ever-evolving threat landscape.
The evidenced corresponding action ‘InboundConnectionAccepted’ is self-explanatory in that the connection was not mitigated and there was communication taking place over port 22. The associated event further detailed this inbound connection with the initiating processes, logged on user, and process parents. This revealed that the affected asset is a fileserver managed by SolarWinds software and it was likely this inbound connection was accepted in part due to typical network behavior and stateful firewall rules.
Expanded investigation
Events search
C2 activity typically utilizes positive feedback to gain persistence, relying on some sort of beacon placed in the victim’s environment that lets the attacker know there is a device or network ready for command execution. After seeing a successful connection occur with the malicious IP, the next step was to determine if the malicious IP address had further infiltrated the environment or attempted any lateral movement. A thorough search in the instance showed only the single referenced event as it pertains to the malicious IP however, the contextual events surrounding this successful connection corroborate attempted C2 activity.
Event deep dive
A further look into the event associated with the alarm shows that this is a fileserver utilizing Serv-U.exe, a File Transfer Protocol (FTP) software created by SolarWinds. The destination port 22 successfully hosted communication with the malicious IP and appears to have been automatically proxied by the software, which could also contribute to the reason this connection was accepte |
Malware Tool Threat | ||
|
2022-09-28 08:26:13 | NUVOLA: the new Cloud Security tool (lien direct) | >nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa (@_notdodo_), Security Engineer at Prima Assicurazioni. The tool was released during the RomHack 2022 security conference in Rome. The tool helps the […] | Tool | ||
|
2022-09-27 16:51:00 | Anomali Cyber Watch: Sandworm Uses HTML Smuggling and Commodity RATs, BlackCat Ransomware Adds New Features, Domain Shadowing Is Rarely Detected, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Fraud, Inbound connectors, Phishing, Ransomware, Russia, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
A Multimillion Dollar Global Online Credit Card Scam Uncovered
(published: September 23, 2022)
ReasonLabs researchers discovered a large network of fake dating and customer support websites involved in credit card fraud operations. The threat actor builds a basic website, registers it with a payment processor (RocketGate), buys credit card data from other threat actors, and subscribes victims to monthly charging plans. The US was the most targeted, and a lower number of sites were targeting France. To pass the processor checks and lower the number of charge-backs the actor avoided test charges, used a generic billing name, charged only a small, typical for the industry payment, and hired a legitimate support center provider, providing effortless canceling and returning of the payment.
Analyst Comment: Users are advised to regularly check their bank statements and dispute fraudulent charges. Researchers can identify a fraudulent website by overwhelming dominance of direct-traffic visitors from a single country, small network of fake profiles, and physical address typed on a picture to avoid indexing.
Tags: Credit card, Fraud, Scam, Chargeback, Payment processor, Fake dating site, USA, target-country:US, France, target-country:FR, target-sector:Finance NAICS 52
Malicious OAuth Applications Used to Compromise Email Servers and Spread Spam
(published: September 22, 2022)
Microsoft researchers described a relatively stealthy abuse of a compromised Exchange server used to send fraud spam emails. After using valid credentials to get access, the actor deployed a malicious OAuth application, gave it admin privileges and used it to change Exchange settings. The first modification created a new inbound connector allowing mails from certain actor IPs to flow through the victim’s Exchange server and look like they originated from the compromised Exchange domain. Second, 12 new transport rules were set to delete certain anti-spam email headers.
Analyst Comment: If you manage an Exchange server, strengthen account credentials and enable multifactor authentication. Investigate if receiving alerts regarding suspicious email sending and removal of antispam header.
MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Indicator Removal on Host - T1070
Tags: Exchange, Microsoft, PowerShell, Inbound connector, Transport rule, Fraud, Spam
NFT Malware Gets New Evasion Abilities
(published: September 22, 2022)
Morphisec researchers describe a campaign targeting non-fungible token (NFT) communities since November 2020. A malicious link is being sent via Discord or other forum private phishing message related to an NFT or financial opportunity. If the user |
Ransomware Spam Malware Tool Threat | ||
|
2022-09-27 14:00:12 | Microsoft boosts phishing protection in Windows 11 22H2 (lien direct) | Security tool warns admins and users when a password is used on an untrusted site or stored locally In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer.… | Tool | ||
|
2022-09-27 13:51:25 | BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (lien direct) | Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say. | Ransomware Tool | ||
|
2022-09-27 10:00:00 | Centralized Privacy Center: The key to meeting data privacy obligations (lien direct) | This blog was written by an independent guest blogger. Website owners generally have privacy policies and terms of service since they are necessary for compliance and ensuring website visitors get a personalized experience. As digital needs transform and data privacy laws evolve in nature, website owners that collect data are required to have a Privacy Center. Hundreds of millions of users share their personal information on websites, enabling websites to effectively interact with their users, innovate and grow their business. Businesses must ensure that websites maintain their customers' trust in handling their data, which gives shape to functions like a Privacy Center. What is a Privacy Center? From a user perspective, a Privacy Center makes it simple for users to maintain control over their personal information that has been shared with a website. For a business, a Privacy Center provides all the information users require about privacy policies, cookie policies, data subject access requests, do not track or sell, and much more in one accessible spot. Data privacy laws such as the European Union’s General Data Protection Regulations (GDPR) and the United States’ California Privacy Rights Act (CPRA)/California Consumer Privacy Act (CCPA) impose strict obligations on businesses regarding data processing activities, the usage of privacy policies, and transparent privacy practices. Consequently, businesses are increasingly coming to terms with the significance of Privacy Centers and how they can improve their compliance processes to avoid non-compliance penalties and make it easy to publish or update relevant policies from a single platform. What does a Privacy Center address? Data privacy laws regulate how companies manage users' personal data, and users' awareness of their digital rights only escalates the need for a privacy center to address the following main concerns: What private information of a user can a business access? How does the business handle personal data of users? What is the purpose of collecting this personal data? Does the business sell or share the personal data with third parties? How long does a company retain the personal data of users? Is there an option of opt-out or unsubscribing from receiving personalized services? Businesses can efficiently address these issues and others from a single platform on their website, such as Securiti’s Privacy Center. The tool is designed to address: Privacy Policy Terms of Service Cookie Policy Consent & Third Party Data Subject Requests Do Not Sell or Track When and why should a business have a Privacy Center? A Privacy Center, instead of separate policies for cookies, privacy policies, and others, is a user-friendly approach to disclosing data collection and processing activities. Large volumes of data collected If a business collects troves of data, a Privacy Center will enable the business to be transparent regarding data collection, processing, and sharing activities without overwhelming users. Looking for a single piece of information through a lengthy Privacy Policy page can be confusing and nerve-racking. A Privacy Center is an ideal platform for revealing various information in an understandable format. It is also simple for a user to locate relevant information without sifting through mountains of text. | Tool | ||
|
2022-09-26 06:22:16 | Exmatter exfiltration tool used to implement new extortion tactics (lien direct) | >Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] | Malware Tool Threat | ||
 |
2022-09-25 11:14:27 | Ransomware data theft tool may show a shift in extortion tactics (lien direct) | Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future. [...] | Ransomware Malware Tool | ||
|
2022-09-23 08:41:43 | Kids Like Cookies, Malware Too!, (Fri, Sep 23rd) (lien direct) | Recently, a vulnerability has been disclosed by Vectra that affects Microsoft Teams[;1];, the very popular communication tool used daily by millions of people (me too). Security researchers found that Teams storesÂ; ;session tokens in clear text on the file system. I wonâ;€;™;t discuss the vulnerability here; read the blog post if you want to learn more. The critical element is that once the token has been stolen, an attacker can impersonate the user. | Malware Tool Vulnerability | ||
|
2022-09-22 18:31:41 | Malicious npm Package Poses as Tailwind Tool (lien direct) | Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts. | Tool | ||
|
2022-09-22 07:11:21 | RAT Delivered Through FODHelper , (Thu, Sep 22nd) (lien direct) | I found a simple batch file that drops a Remcos[1] RAT through an old UAC Bypass technique. This technique is based on the "fodhelper" utility ("Features On Demand Helper"). Once launched, this tool will search for specific registry keys and, if present, will execute their content with high privileges. | Tool | ||
|
2022-09-21 15:45:32 | Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign (lien direct) | >Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted […] | Tool | ||
 |
2022-09-20 20:17:02 | Uber exposes Lapsus$ extortion group for security breach (lien direct) | >In last week's security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. | Tool | Uber | |
|
2022-09-20 15:00:00 | Anomali Cyber Watch: Uber and GTA 6 Were Breached, RedLine Bundle File Advertises Itself on YouTube, Supply-Chain Attack via eCommerce Fishpig Extensions, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Cyberespionage, Iran, Ransomware, Stealers, and Supply chain. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hacker Pwns Uber Via Compromised VPN Account
(published: September 16, 2022)
On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker.
Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges.
MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555
Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer
Self-Spreading Stealer Attacks Gamers via YouTube
(published: September 15, 2022)
Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.”
Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496
Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub |
Ransomware Malware Tool Vulnerability Threat Guideline | Uber Uber APT 41 APT 15 | |
|
2022-09-20 14:24:25 | Byos Releases Free Assessment Tool to Provide Companies with Tailored Network Security Recommendations (lien direct) | Assessment tool instantly generates a detailed report breaking down a company's current network security maturity and recommended next steps. | Tool | ||
|
2022-09-19 12:07:36 | VMware, Microsoft warn of widespread Chromeloader malware attacks (lien direct) | The operators of the Chromeloader adware are evolving their attack methods and gradually transforming the low-risk tool into a dangerous malware loader, seen dropping ransomware in some cases. [...] | Ransomware Malware Tool | ||
|
2022-09-19 10:00:00 | What is Data-as-a-Service (DaaS)? Understanding the benefits, and common use cases (lien direct) | This blog was written by an independent guest blogger. If you were looking at all the opportunities data unlocks for your businesses, you’ve probably stumbled upon DaaS. DaaS stands for data as a service, which may appear as something overly complicated and expensive to consider. It’s quite the opposite, and it has the power to help a company leverage IoT and cloud data without investing heavily in infrastructure and software. To truly assess whether it is complicated to implement and what benefits it delivers, you need to know what DaaS is. That’s why we will go over the definition of data as a service, its benefits, and common use cases. What is Data as a Service (DaaS) - The definition “As a service” has become a common term in the software industry, especially in the B2B niche as “Software as a Service”. It refers to one company renting the software to another company. You get a complete software product, ready to be used out-of-the-box. Now let’s go back to data as a service definition with that in mind: “Data as a service is a software sold by data provider companies and developed to deliver ready-to-use data to end-users.” There is one big difference between software as a service and data as a service. Unlike SaaS, which provides access to software tools, DaaS leverages software to provide data. It can provide either raw data or enable companies to use an API. Finally, DaaS may appear as only one service, but that’s not the case: it is a couple of services bundled into one solution. The most common services in a DaaS offer include: Data collection (including various sources such as IoT) Cloud data storage Data lifecycle management Data modeling and processing (including transformation, quality control, and replication) Data marketplace (enabling businesses to get the most relevant data for their needs) Benefits of data as a service The next big question you might have is whether it is worth implementing DaaS. That’s not an easy question to answer because every business is unique, especially regarding its data needs. To help you reach an informed decision, we’ve put together a list of benefits that DaaS offers. Reduced operational costs Data is great because it can offer answers to so many questions. However, you need a lot of data to have accurate and relevant insights. Storing and processing big data costs money because it requires massive internal storage capacity and processing power. Once you invest in DaaS, you will no longer need to continuously invest in your infrastructure and maintenance. The DaaS provider handles all these things internally and uses its own infrastructure, staff, and software to deliver ready-to-use data to you. Increased security You probably know how hard it is to handle security in your organization. There are many variables to consider, and each of them requires a unique approach and relevant cybersecurity solution. Unfortunately, data is a hot target these days, and cyber criminals seem to be on a constant lookout for backdoors they can exploit to get their hands on valuable data. When you start using DaaS, you can stop worrying about data security at least. DaaS providers use state-of-the-art cybersecurity solutions to keep data safe. They also have pristine backup policies to ensure you get access to data even if something unforeseen happens. Achieved compliance Using data fo | Tool | ||
 |
2022-09-14 14:35:30 | Bishop Fox Releases Open Source Cloud Hacking Tool \'CloudFox\' (lien direct) | Cybersecurity firm Bishop Fox has announced the release of CloudFox, an open source tool designed to help find exploitable attack paths in cloud infrastructure. The command line tool has been created for penetration testers and other offensive security professionals. | Tool | ||
 |
2022-09-14 09:30:58 | You never walk alone: The SideWalk backdoor gets a Linux variant (lien direct) | >ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor | Tool | ||
|
2022-09-14 08:26:00 | AutoRabit launches devsecops tool for Salesforce environments (lien direct) | Devsecops firm AutoRabit is trying to address security issues arising from policy changes and misconfigurations in Salesforce environments with a new offering, CodeScan Shield.CodeScan Shield is the next iteration of AutoRabit's static code analysis tool, CodeScan, and elevates the capabilities of CodeScan with the help of a new module called OrgScan. The new module governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.With OrgScan, a dashboard is created at the end of each scan and identifies any areas of concern. This puts the control back in an organization's hands, saving time and money, the company said.To read this article in full, please click here | Tool | ||
|
2022-09-13 22:34:00 | Bishop Fox Releases Cloud Enumeration Tool CloudFox (lien direct) | CloudFox is a command-line tool to help penetration testers understand unknown cloud environments. | Tool | ||
|
2022-09-13 19:50:24 | U-Haul Customer Contract Search Tool Compromised (lien direct) | Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company. | Tool | ||
|
2022-09-13 15:00:00 | Anomali Cyber Watch: Iran-Albanian Cyber Conflict, Ransomware Adopts Intermittent Encryption, DLL Side-Loading Provides Variety to PlugX Infections, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Cyberespionage, Defense evasion, DDoS, Iran, Ransomware, PlugX, and Spearphishing. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Microsoft Investigates Iranian Attacks Against the Albanian Government
(published: September 8, 2022)
Microsoft researchers discovered that groups working under Iran’s Ministry of Intelligence and Security (MOIS, tracked as OilRig) attacked the government of Albania. The attackers started with initial intrusion in May 2021, proceeded with mailbox exfiltrations between October 2021 and January 2022, organized controlled leaks, and culminated on July 15, 2022, with disruptive ransomware and wiper attacks. This attack is probably a response to the June 2021 Predatory Sparrow’s anti-Iranian cyber operations promoting the Mujahedin-e Khalq (MEK), an Iranian dissident group largely based in Albania.
Analyst Comment: MOIS attack on Albania uses messaging and targeting similar to the previous MEK-associated attack on Iran. It tells us that Iran has chosen to engage in a form of direct and proportional retaliation as it sees it. Still, the attack and its attribution caused Albania to cut diplomatic ties with Iran and expel the country's embassy staff. Organizations should implement multifactor authentication (MFA) for mailbox access and remote connectivity. Anomali platform users advised to block known OilRig network indicators.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Indicator Removal on Host - T1070
Tags: OilRig, Helix Kitten, APT34, MOIS, Ministry of Intelligence and Security, Predatory Sparrow, Wiper, CVE-2021-26855, CVE-2019-0604, CVE-2022-28799, Government, Albania, target-country:AL, Iran, source-country:IR, DEV-0842, DEV-0861, DEV-0166, DEV-0133, Europium, APT, detection:Jason, detection:Mellona
BRONZE PRESIDENT Targets Government Officials
(published: September 8, 2022)
Secureworks researchers detected a new campaign by China-sponsored group Mustang Panda (Bronze President). In June and July 2022, the group used spearphishing to deliver the PlugX malware to government officials in Europe, the Middle East, and South America. To bypass mail-scanning antiviruses, the archived email attachment had malware embedded eight levels deep in a sequence of hidden folders named with special characters.
Analyst Comment: Many advanced attacks start with basic techniques such as unwarranted email with malicious attachment that requires the user to open it and enable macros. It is important to teach your users basic online hygiene and phishing awareness.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Malware Tool Vulnerability Threat Guideline | APT 27 APT 34 | |
|
2022-09-13 02:00:00 | CNAPP buyers guide: Top tools compared (lien direct) | Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms representing possible solutions. Now there's another: the cloud native application protection platform, or CNAPP. This tool combines the coverage of four separate products: A cloud infrastructure entitlements manager (CIEM) that manages overall access controls and risk management tasks A cloud workload protection platform (CWPP) that secures code across all kinds of cloud-based repositories and provides runtime protection across the entire development environment and code pipelines A cloud access security broker (CASB) that handles authentication and encryption tasks A cloud security posture manager (CSPM) that combines threat intelligence and remediation IT and security managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.To read this article in full, please click here | Tool Threat | ||
|
2022-09-12 21:28:40 | How Machine Learning Can Boost Network Visibility for OT Teams (lien direct) | Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management. | Tool | ||
|
2022-09-12 16:28:35 | U-Haul discloses data breach exposing customer driver licenses (lien direct) | Moving and storage giant U-Haul International (U-Haul) disclosed a data breach after a customer contract search tool was hacked to access customers' names and driver's license information. [...] | Data Breach Tool | ||
|
2022-09-08 16:51:52 | Bumblebee malware adds post-exploitation tool for stealthy infections (lien direct) | A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory. [...] | Malware Tool | ||
 |
2022-09-08 11:00:00 | Your HP Support Assistant needs an update! (lien direct) | >Categories: Exploits and vulnerabilitiesCategories: NewsTags: HP Support Assistant Tags: DLL hijacking Tags: SYSTEM privileges Tags: CVE-2022-38395 HP has issued a new version of its HP Support Assistant tool because of a high severity DLL hijacking vulnerability. (Read more...) | Tool | ||
|
2022-09-08 10:00:00 | Why does preparing for AI attacks need to be your next big agenda? (lien direct) | This blog has been written by an independent guest blogger. Since its advent, the debate over its ethical and unethical use of AI has been ongoing. From movies to discussions and research, the likely adversarial impact AI has had over the world has been a constant cause of concern for every privacy and security-conscious person out there. AI indeed plays a core role in the modern milestones the world has achieved nowadays. Nevertheless, despite graphic movies like I-Robot splaying out the potential damages of integrating AI into normal functions of life, AI has continued to grow rapidly. Its roots and impacts are evident in every sphere of life, be it medical, technological, educational, or industrial sectors. Its flipside that everyone has long since been dreading is rapidly starting to take form. The emergence of AI-based attacks AI-based attacks are still relatively rare, but according to a survey by Forrester, 88% of security experts believe that these AI-powered attacks will become more common in recent years. For now, some of the most prevalent AI-based cyber-attacks that have surfaced are as follows: AI manipulation or data poisoning For a long time, AI manipulation or data poisoning has become the typical type of AI-based cyber-attack. It is an adversarial attack that features hackers implementing data poisoning on trained AI models forcing them to become malicious. Nowadays, the use of AI is prevalent in almost every organization. AI tools play an essential part in data storage and analysis along with protection from various cyber-attacks such as malware or phishing. Such tools that are designed to automate tasks, but may enable threat protection to become a target of data poisoning. Since the AI works by observing behavior patterns and pre-fed information, a hacker can easily remove the pre-fed information and feed the AI tool with malicious data. Such an act can cause an adversarial impact. For example, hackers can manipulate a phishing tool designed to detect and delete phishing emails into accepting them within its users' inboxes. One common example of data poisoning attacks is AI-manipulated deepfakes that have taken the social media platform by storm. AI-based social engineering attacks Since AI is designed to develop principles and tasks typically associated with human cognition, cybercriminals can exploit it for several nefarious purposes, such as enhancing social engineering attacks. AI works by trying to identify and replicate anomalies in human behavior, making them a convenient tool to persuade users into undermining systems and handing over confidential information. Apart from that, during the reconnaissance phase of an attack, AI can be used to study the target by scouring social media and various databases. AI can find out the behavioral patterns of the target, such as the language they use, their interests, and what topics they usually talk about. The information collected can be used to create a successful spear phishing or BEC attack. AI automation Another significant advantage cyber criminals have in using AI-based attacks is automation. AI tools can significantly endanger endpoint security by automating intrusion detection techniques and launching attacks at unprecedented speeds. Moreover, AI can also scour target networks, computers, and applications for possible vulnerabilities and loopholes that hackers can exploit. Apart from that, automation allows cybercriminals to launch significantly larger attack campaigns. With AI automating most of their work, such as vulnerability assessment and data analysis, cybercriminals now have the leve | Malware Tool Vulnerability Threat | ||
 |
2022-09-08 08:39:42 | Lazarus and the tale of three RATs (lien direct) |  By Jung soo An, Asheer Malhotra and Vitor Ventura.Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold into targeted organizations.Targeted organizations include energy providers from around the world, including those headquartered in the United States, Canada and Japan. The campaign is meant to infiltrate organizations around the world for establishing long term access and subsequently exfiltrating data of interest to the adversary's nation-state.Talos has discovered the use of two known families of malware in these intrusions - VSingle and YamaBot.Talos has also discovered the use of a recently disclosed implant we're calling "MagicRAT" in this campaign. IntroductionCisco Talos observed North Korean state-sponsored APT Lazarus Group conducting malicious activity between February and July 2022. Lazarus has been previously attributed to the North Korean government by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The entry vectors involve the successful exploitation of vulnerabilities in VMWare products to establish initial footholds into enterprise networks, followed by the deployment of the group's custom malware implants, VSingle and YamaBot. In addition to these known malware families, we have also discovered the use of a previously unknown malware implant we're calling "MagicRAT."This campaign was previously partially disclosed by other security firms, but our findings reveal more details about the adversary's modus operandi. We have also observed an overlap of command and control (C2) and payload-hosting infrastructure between our findings and the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) June advisory that detailed continued attempts from threat actors to compromise vulnerable VMWare Horizon servers.In this research, we illustrate Lazarus Group's post-exploitation tactics, techniques and procedures (TTPs) to establish a foothold, perform initial reconnaissance, deploy bespoke malware and move laterally across infected enterprises. We also provide details about the activities performed by the attackers when the VSingle backdoor is instrumented on the infected endpoints.In this campaign, Lazarus was primarily targeting energy companies in Canada, the U.S. and Japan. The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean govern |
Malware Tool Vulnerability Threat Medical | APT 38 | |
 |
2022-09-07 22:15:08 | CVE-2022-36082 (lien direct) | mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:` command and `` is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue. | Tool | ★★★★★ | |
|
2022-09-07 21:15:08 | CVE-2022-36049 (lien direct) | Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0. | Tool Vulnerability | Uber | |
|
2022-09-07 15:53:37 | Next-Gen Linux Malware Takes Over Devices With Unique Tool Set (lien direct) | The Shikitega malware takes over IoT and endpoint devices, exploits vulnerabilities, uses advanced encoding, abuses cloud services for C2, installs a cryptominer, and allows full remote control. | Malware Tool |
To see everything:
Our RSS (filtrered)
