What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-06 19:45:52 | Authy vs Google Authenticator: Two-factor authenticator comparison (lien direct) | >Check out these features from Authy and Google Authenticator before deciding which authentication tool is best for you. | Tool | ||
|
2022-06-06 17:51:29 | ClickUp vs Notion: Project management software comparison (lien direct) | >ClickUp and Notion are both top software tools designed to enable effective project management, but which is best for your business? | Tool | ||
|
2022-06-06 16:23:22 | How to always access your locked iOS device (lien direct) | >With this multifunctional iOS unlocking tool, you can solve various possible problems with your iPhone, iPad or iPod touch. Get a lifetime subscription of the tool for a limited time. | Tool | ||
 |
2022-06-06 13:45:45 | RSAC insights: \'CAASM\' tools and practices get into the nitty gritty of closing network security gaps (lien direct) | Reducing the attack surface of a company's network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help … (more…) | Tool | ||
 |
2022-06-06 11:22:01 | A Warning To Enterprises: It\'s Time To Retire On-prem; Migration To Cloud And Modern AppSec Tools Critical To Future Threats, What Do You Think? (lien direct) | In light of the critical Atlassian zero-day (CVE-2022-26134) that's just making headlines, Information Security Experts emphasis why it is better time to move to cloud but what do you think? | Tool | ||
 |
2022-06-05 11:17:21 | The privately funded killer-asteroid spotter is here (lien direct) | It's a new tool for tracking space-rock trajectories-even with limited data. | Tool | ||
 |
2022-06-03 23:46:21 | LuoYu APT delivers WinDealer malware via man-on-the-side attacks (lien direct) | >Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […] | Malware Tool | ||
|
2022-06-03 21:32:45 | AI and observability for IT operations: Does it improve performance? (lien direct) | >In a multi-cloud, multi-data center environment, IT needs new methods for tracking and troubleshooting applications. Observability tools can provide that. | Tool | ||
 |
2022-06-03 18:50:53 | New Confluence Vulnerability (CVE-2022-26134) Exploited in the Wild (lien direct) | FortiGuard Labs is aware of a new vulnerability in Confluence Server and Data Center (CVE-2022-26134) which was reportedly exploited as a zero-day in the wild. Rated critical, successful exploitation of the vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the compromised server. The vulnerability affects all supported versions of unpatched Confluence Server and Data Center.Why is this Significant?This is significant because Confluence Server and Data Center (CVE-2022-26134) was reportedly exploited as a 0-day in the wild. The vulnerability is an OGNL injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary code on the compromised server.Confluence is a widely-used team workspace and collaboration tool developed by Atlassian. It is used to help teams collaborate and share knowledge via a content management system and is used by many large scale enterprise and organizations worldwide. This vulnerability does not have a CVSS score at the moment, but the ease of exploitation via an unauthenticated session and combined with remote code execution is a cause for concern.What versions of Confluence Server and Data Center are Affected by CVE-2022-26134?The advisory released by Atlassian states that the following versions are affected:All supported versions of Confluence Server and Data CenterConfluence Server and Data Center versions after 1.3.0What Malware was Deployed to the Compromised Server?It was reported that China Chopper has been deployed on to compromised servers. China Chopper is a tiny webshell that provides a remote attacker backdoor access to a compromised system.Has the Vendor Released an Advisory for CVE-2022-26134?Yes. See the Appendix for a link to "Confluence Security Advisory 2022-06-02".Has the Vendor Released a Patch?Yes, Atlassian has released a patch on June 3rd, 2022.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the China Chopper webshell that was reportedly deployed on known compromised Confluence servers:Java/Websh.D!trAll known network IOC's associated with attacks leveraging CVE-2022-26134 are blocked by the FortiGuard WebFiltering Client.FortiGuard Labs is currently investigating for additional coverage against CVE-2022-26134. This Threat Signal will be updated when additional information becomes available.Any Suggested Mitigation?The advisory includes mitigation information. See the Appendix for a link to "Confluence Security Advisory 2022-06-02". | Malware Tool Vulnerability Threat | ||
|
2022-06-03 17:53:45 | Rally vs Jira: Project management software comparison (lien direct) | >Rally and Jira are both project management solutions meant to work with common agile methodologies. Jira excels in flexibility, while Rally is a highly dedicated tool meant to work within the agile framework. | Tool | ||
 |
2022-06-03 14:22:25 | Parental controls: What they can and can\'t do for you (lien direct) | Parental controls are a helpful tool in keeping your children safe online. But they should not be considered a set and forget kind of tool. | Tool | ||
 |
2022-06-03 12:42:41 | Evil Corp Pivots LockBit to Dodge U.S. Sanctions (lien direct) | The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity. | Tool | ||
|
2022-06-03 09:37:18 | Ransomware Roundup - 2022/06/02 (lien direct) | FortiGuard Labs is aware of a number of new ransomware strains for the week of May 30th, 2022. It is imperative to raise awareness about new ransomware strains as infections can cause severe damage to organizations. This week's Ransomware Roundup Threat Signal covers Hive ransomware, Bright Black Ransomware and Karakurt Data Extortion Group, and Fortinet protections against them.What is Hive Ransomware?Hive ransomware is a Ransomware-as-a-Service (RaaS) that was first observed in June 2021. This ransomware is highlighted in this Threat Signal as Costa Rica's public health system was reportedly compromised by the ransomware.As a RaaS, the Hive ransomware group consists of two types of groups: ransomware operator (developer) and affiliates. The former develops Hive ransomware, provides support for its affiliates, operates ransom payment site as well as a date leak site called "HiveLeaks" on Tor. The latter carries out actual attacks that infect victims, exfiltrate data from victims, and deploy Hive ransomware onto the compromised machine. An apparent underground forum post that recruited Hive ransomware conspirators promised 80% cut for the affiliates. Hive ransomware is the main arsenal that is deployed to the compromised machine to encrypt files. Before the file encryption takes place, data is stolen from the victim and shadow copies are deleted, which makes file recovery awfully difficult. Typical files encrypted by Hive ransomware have a .hive extension. Other reported file extensions include .aumcc, .sncip, .accuj and .qxycv. According to a report published by Group-IB, "the data encryption is often carried out during non-working hours or at the weekend" in an attempt to encrypt as many files as possible without being noticed.Typical ransom note left behind by Hive ransomware below:Your network has been breached and all data is encrypted.To decrypt all the data you will need to purchase our decryption software.Please contact our sales department at: xxxx://[removed].onion/ Login: [removed] Password: [removed] Follow the guidelines below to avoid losing your data: - Do not shutdown or reboot your computers, unmount external storages. - Do not try to decrypt data using third party software. It may cause irreversible damage. - Don't fool yourself. Encryption has perfect secrecy and it's impossible to decrypt without knowing the key. - Do not modify, rename or delete *.key.hive files. Your data will be undecryptable. - Do not modify or rename encrypted files. You will lose them. - Do not report to authorities. The negotiation process will be terminated immediately and the key will be erased. - Do not reject to purchase. Your sensitive data will be publicly disclosed at xxxx://[removed]onion/ The group employs a double extortion technique which victims are asked to make a ransom payment in order to recover encrypted files as well as to prevent the stolen data from being published to "HiveLeaks". Some victims reportedly received phone calls from Hive threat actors. The victim will receive a decryption tool upon the completion of payment, however, there was a chatter that suggests the decryption tool did not work as advertised in some cases and made virtual machines unbootable due to the tool corrupting the MBR (Master Boot Record).Initial attack vectors include phishing emails with malicious attachment, attacking vulnerable RDP servers, and the use of compromised VPN credentials. Purchasing network access from initial access brokers is a possibility as well.Hive ransomware reportedly victimized companies across wide range of industries such as (but not restricted to) real estate, IT and manufacturing. Some RaaS have a policy to exclude governmental educational and military organizations, health care, and critical infrastructures such as gas pipelines and power plants. Hive ransomware does not appear to have such policy as its victims include health care and government organizations. In August, 2021, the Federal Bureau of Investigation (FBI) released a flash alert on Hive ransomware.See the Appendix for | Ransomware Malware Tool Threat | ||
 |
2022-06-03 06:54:33 | Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (lien direct) | An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report. | Tool Threat | ||
|
2022-06-03 00:57:26 | Ahrefs vs. Semrush: Comparing the top SEO tools (lien direct) | >Ironically, the major difference between these two organic marketing suites may come down to pay-per-click features. | Tool | ||
 |
2022-06-03 00:28:07 | Atlassian: Unpatched critical flaw under attack right now to hijack Confluence (lien direct) | One suggested option: Turn the thing off until it can be fixed Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack.… | Tool | ||
 |
2022-06-02 21:15:07 | CVE-2022-29085 (lien direct) | Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | Tool Vulnerability | ||
|
2022-06-02 19:40:18 | Adobe Sign vs DocuSign: Which tool is best for your business? (lien direct) | >Compare key features of top digital signature tools Adobe Sign and DocuSign for your company's operations and documentation needs. | Tool | ||
 |
2022-06-02 16:35:43 | Latest SOC Survey Anticipates Shift Toward MDR and XDR (lien direct) |
The challenges faced by Security Operations Centers (SOCs) around the world-workforce shortages, lack of visibility and automation, tool sprawl, and alert overload-continue to have a negative impact on SOC effectiveness and will likely result in increasing adoption of Managed Detection and Response (MDR) services and Extended Detection and Response (XDR) solutions. |
Tool | ||
|
2022-06-02 11:23:59 | Why Ransomware Timeline Shrinks By 94%? (lien direct) | Researchers at IBM’s X-Force team are reporting a 94% reduction in the duration of an enterprise ransomware attack from 2019 to 2021. Though the overall time was reduced, the attacker's tools appeared to remain mostly the same. Research showed that ransomware operators were most efficient against enterprises “who have not implemented effective measures to combat […] | Ransomware Tool | ||
|
2022-06-02 01:38:51 | SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (lien direct) | The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity | Malware Tool Threat | APT-C-17 | |
|
2022-06-01 20:15:07 | CVE-2022-30190 (lien direct) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. | Tool | ||
 |
2022-06-01 17:47:00 | Anomali Cyber Watch: TURLA\'s New Phishing-Based Reconnaissance Campaign in Eastern Europe, Unknown APT Group Has Targeted Russia Repeatedly Since Ukraine Invasion and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Chromeloader, Goodwill, MageCart, Saitama, Turla and Yashma. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Credit Card Stealer Targets PsiGate Payment Gateway Software
(published: May 25, 2022)
Sucuri Researchers have detailed their findings on a MageCart skimmer that had been discovered within the Magento payment portal. Embedded within the core_config_data table of Magento’s database, the skimmer was obfuscated and encoded with CharCode. Once deobfuscated, a JavaScript credit card stealer was revealed. The stealer is able to acquire text and fields that are submitted to the payment page, including credit card numbers and expiry dates. Once stolen, a synchronous AJAX is used to exfiltrate the data.
Analyst Comment: Harden endpoint security and utilize firewalls to block suspicious activity to help mitigate against skimmer injection. Monitor network traffic to identify anomalous behavior that may indicate C2 activity.
MITRE ATT&CK: [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Input Capture - T1056
Tags: MageCart, skimmer, JavaScript Magento, PsiGate, AJAX
How the Saitama Backdoor uses DNS Tunneling
(published: May 25, 2022)
MalwareBytes Researchers have released their report detailing the process behind which the Saitama backdoor utilizes DNS tunneling to stealthy communicate with command and control (C2) infrastructure. DNS tunneling is an effective way to hide C2 communication as DNS traffic serves a vital function in modern day internet communications thus blocking DNS traffic is almost never done. Saitama formats its DNS lookups with the structure of a domain consisting of message, counter . root domain. Data is encoded utilizing a hardcoded base36 alphabet. There are four types of messages that Saitama can send using this method: Make Contact to establish communication with a C2 domain, Ask For Command to get the expected size of the payload to be delivered, Get A Command in which Saitama will make Receive requests to retrieve payloads and instructions and finally Run The Command in which Saitama runs the instructions or executes the payload and sends the results to the established C2.
Analyst Comment: Implement an effective DNS filtering system to block malicious queries. Furthermore, maintaining a whitelist of allowed applications for installation will assist in preventing malware like Saitama from being installed.
MITRE ATT&CK: [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041
Tags: C2, DNS, Saitama, backdoor, base36, DNS tunneling
|
Ransomware Malware Tool Threat | APT 19 | |
 |
2022-06-01 15:49:28 | CrowdStrike Falcon Protects Customers from Follina (CVE-2022-30190) (lien direct) | On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT) The vulnerability, which is classified as a zero-day, can be invoked via weaponized Office documents, Rich Text Format (RTF) files, XML files and HTML files At time of writing, there is no patch available from the […] | Tool Vulnerability | ||
|
2022-06-01 14:36:44 | How to refine search results in Google Drive (lien direct) | >If you're having trouble locating files in Google Drive, Jack Wallen wants to introduce you to the built-in search filter tool that will help make the process faster and more accurate. | Tool | ||
|
2022-06-01 13:59:00 | (Déjà vu) CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina” (lien direct) | FortiGuard Labs researchers provide an analysis and assessment of CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE vulnerability “Follina.” Read to learn more about this critical vulnerability and how to take quick corrective action until Microsoft releases a patch.
|
Tool Vulnerability | ||
 |
2022-06-01 13:12:14 | Nouvelle vulnérabilité Microsoft Support Diagnostic Tool : comment y faire face (lien direct) | >Une nouvelle vulnérabilité a récemment été découverte dans Microsoft Office. En effet, Microsoft Support Diagnostic Tool (MSDT) peut être détourné contre les organisations. L'exploit semble exister depuis environ un mois, avec diverses modifications quant à ce qui doit être exécuté sur le système ciblé. The post Nouvelle vulnérabilité Microsoft Support Diagnostic Tool : comment y faire face first appeared on UnderNews. | Tool | ||
 |
2022-06-01 09:10:12 | SideWinder hackers plant fake Android VPN app in Google Play Store (lien direct) | Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. [...] | Tool Threat | APT-C-17 | |
 |
2022-06-01 06:40:40 | Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution (lien direct) | A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Tool Vulnerability | ||
|
2022-06-01 05:15:09 | YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites (lien direct) | As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the | Tool | ||
 |
2022-06-01 00:00:00 | Rôles de cybersécurité Cyber Security Roles (lien direct) |
Être un expert en cybersécurité apporte un éventail de possibilités de carrière dans une grande variété d'industries.Il n'y a pas un chemin vers une carrière dans la cybersécurité et la réalité est que les professionnels de la cybersécurité peuvent avoir des antécédents de travail et des niveaux d'éducation différents.Ce qu'ils ont en commun, c'est une compréhension de la technologie et de la nécessité de protéger et de garder les réseaux, les données et les informations sécurisés à l'ère numérique.
Nous avons choisi 5 rôles d'emploi de cybersécurité qui sont actuellement à la demande par plusieurs industries.Les cyber-compétences fournissent des voies et des micro-informations d'identification qui vous renforceront dans les domaines suivants et nous nous assurons de recevoir la formation exacte nécessaire pour remplir ces rôles et améliorer votre carrière.
Architecte de sécurité - La responsabilité clé d'un architecte de sécurité est d'établir et de maintenir la cyber-sécurité des systèmes d'une entreprise.Ils sont essentiels à la sécurité d'une organisation traduisant des conditions réelles telles que les lois et les réglementations dans des solutions techniques qui gardent les systèmes en sécurité.
Analyste de cybersécurité & # 8211;Examine les données de plusieurs sources disparates dans le but de fournir des informations sur la sécurité et la confidentialité.Conception et implémente des algorithmes personnalisés, des processus de flux de travail et des dispositions à des ensembles de données complexes et à l'échelle de l'entreprise utilisés à des fins de modélisation, d'exploration de données et de recherche.
Ingénieur de sécurité réseau & # 8211; Les ingénieurs de sécurité occupent un rôle technique au sein d'une entreprise ou d'une organisation.Il s'agit de planifier, d'implémenter et d'exploiter les services / systèmes réseau, d'inclure des environnements matériels et virtuels.
La médecine légale numérique & # 8211;Utilise des données collectées auprès d'une variété d'outils de cyber-défense pour analyser les événements qui se produisent dans leur environnement à des fins d'atténuation des menaces.Mène des enquêtes détaillées sur les crimes informatiques établissant des preuves documentaires ou physiques, pour inclure les médias numériques et les journaux associés aux incidents de cyber-intrusion.
Secure Software Developer & # 8211;Tous les développeurs doivent être conscients de la sécurité lors de la conception et du développement de composants logiciels pour assurer la sécurité des données et tout système tiers.L'assurance de la sécurité est également un domaine clé de leur travail pour valider tous les composants combiner pour créer un système sécurisé.
Being a cyber security expert brings an array of career opportunities across a wide variety of industries. There is not one path to a career in cyber security and the reality is cyber security professionals can have different working backgrounds and levels of education. What they do have in common is an understanding of technology and the need to protect and keep networks, data and information secure in the digital age. We have picked 5 cyber security job roles that are currently in-demand by multiple industries. Cyber Skills provide pathways and micro credentials that will up skill you in the following areas and we ensure that you receive the exact training needed to fulfil these roles and enhance your career. Security Architect - The key responsibility of a security architect is to establish and maintain the cyber safety of a business\'s systems. They are key to the security of an organisation translating real world conditions such as laws and regulations into technical solutions keeping the systems Cyber Secure. Cyber Security Analyst – Examines data from multiple disparate sources with the goal of providing security and privacy insight. Designs and implements custom algorithms, workflow processes, and |
Tool Technical | ★★ | |
 |
2022-05-31 16:33:34 | New Microsoft Office “Follina” zero-day Already Shared on Ransomware Forums (lien direct) |
The new zero-day MS Word vulnerability recently discovered by Nao_Sec on May 27, 2022, titled 'Follina' (CVE-2022-30190) targeting Microsoft Office is being actively utilised, Minerva researchers found. The exploit targets a vulnerability in Microsoft's Windows Support Diagnostic Tool (MSDT) that occurs due to the ms-msdt MSProtocol URI scheme which could load code and execute via PowerShell despite macros being disabled. Successful exploitation of the CVE enables an attacker to execute arbitrary code on the targeted host. However, the attacker must socially engineer the victim into opening a specially crafted file to exploit this issue which requires a targeted effort to succeed making the vulnerability less prominent to unskilled actors but highly relevant to ransomware gangs such as CONTI, CL0P and ALPHV. To combat this new threat businesses must focus on threat prevention-an approach in which Minerva excels. |
Ransomware Tool Vulnerability Threat | ||
 |
2022-05-31 12:29:00 | Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps (lien direct) | Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.To read this article in full, please click here | Tool Vulnerability | ||
|
2022-05-31 12:24:44 | EnemyBot Malware Targets Web Servers, CMS Tools and Android OS (lien direct) | Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot. | Malware Tool | ||
|
2022-05-31 11:19:10 | Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina (lien direct) | >Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite. “On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows […] | Tool | ||
|
2022-05-31 10:54:34 | RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach (lien direct) | Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security. Related: Log4J’s long-run risks That's changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mitigate a sprawling array of … (more…) | Tool Vulnerability | ||
|
2022-05-31 10:18:52 | Follina: 0-day Windows MSDT Vulnerability (CVE-2022-30190) Exploited In The Wild (lien direct) | FortiGuard Labs is aware that a 0-day vulnerability in Microsoft Support Diagnostic Tool is being exploited in the wild. The first sample that exploits the vulnerability appeared on VirusTotal on April 12th, 2022. Assigned CVE-2022-30190, successful exploitation allows an attacker to run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights.Why is the Significant?This is significant because the vulnerability is a 0-day vulnerability in Microsoft Support Diagnostic Tool that allows remote code execution and is being exploited in the wild.What is CVE-2022-30190?The vulnerability is a remote code execution vulnerability that was named "Follina" by a security researcher Kevin Beaumont. The name "Follina" was derived from the 0-day code referencing "0438", which is the area code of Follina, Italy. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application such as Word. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights.A malicious Word file that is widely discussed online abuses the remote template feature in Microsoft Word and retrieves a remote HTML file. The retrieved HTML file uses the "ms-msdt" MSProtocol URI scheme load and execute the PowerShell payload. Note that ms-msdt refers to "Microsoft Support Diagnostic Tool", which a legitimate Microsoft tool collects and sends system information back to the Microsoft for problem diagnostic.What is concerning is that the vulnerability reportedly can be exploited if even if macros, one of the most prevalent ways to deliver malware via Microsoft Office files, are disabled. Also, if the document file is changed to RTF form, even previewing the document the vulnerability in Windows Explorer can trigged the exploit.How Widespread is this?While the attack that leverages the vulnerability does not appear to be widespread, however more attacks are expected as Proof-of-Concept code is available and a patch has not yet been released. Does the Vulnerability Have CVE Number?CVE-2022-30190 has been assigned to the vulnerability.Has Microsoft Released an Advisory?Yes. See the Appendix for a link to " Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability".Has Microsoft Released a Patch?No, Microsoft has not released a patch yet.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the known sample that are associated with CVE-2022-30190:MSWord/Agent.2E52!tr.dldrKnown network IOCs for CVE-2022-30190 are blocked by the WebFiltering client.FortiGuard Labs is currently investigating for additional coverage against CVE-2022-30190. This Threat Signal will be updated when additional information becomes available.Any Suggested Mitigation?Microsoft released an official blog on CVE-2022-30190 that includes mitigation information. See the Appendix for a link to "Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability". | Malware Tool Vulnerability Threat | ★★ | |
 |
2022-05-30 23:25:16 | Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability (lien direct) | > Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability Read More » | Tool Vulnerability | ||
|
2022-05-27 16:03:21 | Best data science tools and software 2022 (lien direct) | >Data science tools prep data for advanced analytics in finding business insights. Compare the top tools now. | Tool | ||
 |
2022-05-27 11:00:14 | The IaC Showdown: Terraform vs. Ansible (lien direct) | >By Dotan Nahum Infrastructure as code (IaC) has become the de-facto method for dealing with infrastructure at scale. This codification of infrastructure configurations lets software development teams create version-controlled, reusable configurations. Moreover, it enables integrating infrastructure management as a part of the delivery pipeline. Terraform and Ansible are two leading IaC tools with somewhat overlapping… | Tool Guideline | ||
|
2022-05-26 21:52:30 | Ransomware Roundup - 2022/05/26 (lien direct) | FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about new ransomware as infections can cause severe damage to the affected machines and organizations. This Threat Signal covers Yashma ransomware, GoodWill ransomware and Horsemagyar ransomware along with Fortinet protections against them.What is Yashma Ransomware?Yashma ransomware is a new and is generated through Yashma ransomware builder. It is claimed as the sixth version of Chaos ransomware builder. Reportedly, compared to the fifth version, Yashma ransomware builder now supports the "forbidden country" option which attackers can choose not to run the generated ransomware based on the victim's location. The new builder also enables the ransomware to stop a wide variety of services running on the compromised machine such as anti-malware solutions, and Remote Desktop and Backup services. Additionally, it is important to note that from the fifth version of Chaos ransomware builder, the crafted ransomware can successfully encrypt files larger than 2,117,152 bytes and no longer corrupts them.A known sample of Yashma ransomware has the following ransom note:All of your files have been encrypted with Yashma ransomwareYour computer was infected with a ransomware. Your files have been encrypted and you won'tbe able to decrypt them without our help.What can I do to get my files back?You can buy our specialdecryption software, this software will allow you to recover all of your data and remove theransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.How do I pay, where do I get Bitcoin?Purchasing Bitcoin varies from country to country, you are best advised to do a quick google searchyourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:Coinmama - hxxps://www[.]coinmama[.]com Bitpanda - hxxps://www[.]bitpanda[.]comPayment informationAmount: 0.1473766 BTCBitcoin Address: [removed] At the time of this writing, the attacker's bitcoin wallet has no transactions.FortiGuard Labs previously released several blogs on Chaos ransomware. See the Appendix for links to "Chaos Ransomware Variant Sides with Russia" and "Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers".What is the Status of Coverage for Yashma ransomware?FortiGuard Labs provides the following AV coverage against a known sample of Yashma ransomware:MSIL/Filecoder.APU!tr.ransomWhat is GoodWill Ransomware?GoodWill ransomware was recently discovered, however it appears to have been first observed in March 2022. The ransomware encrypts files on the compromised machine and adds a ".gdwill" file extension to the affected files.Unlike other ransomware that demands ransom to recover the encrypted files, GoodWill asks the victim to do three good deeds. Firstly, the victim must provide clothes and blankets to needy people on the street. Secondly, the victim must feed dinner to five children at a pizza or fried chicken joint. Lastly, the victim must visit a local hospital and provide financial assistance to those in need. After finishing each deed, proof must be provided to the attacker, and a decryption tool and video instruction will be provided to the victim after completing all the deeds.What is the Status of Coverage for GoodWill ransomware?FortiGuard Labs provides the following AV coverage against GoodWill ransomware:MSIL/Filecoder.AGR!tr.ransomWhat is Horsemagyar Ransomware?Horsemagyar ransomware is a new variant of Sojusz ransomware that was recently discovered. It encrypts files on the compromised machine and adds ".[10 digit ID number].spanielearslook.likeoldboobs" file extension to the encrypted files. The ransomware leaves a ransom note as Horse.txt. The first sighting of Sojusz ransomware goes back to February, 2022 and it added a ".[10 digit ID number].[attacker's email address].bec" extension to the files it encrypted.Example of ransom note left behind by Horsemagyar ransomware is below:: | Ransomware Tool Threat | ||
|
2022-05-26 21:02:57 | Best business intelligence tools 2022 (lien direct) | >Business intelligence solutions have swiftly become an important data collection, analysis and decision-making tool. Here's how leading BI analytic software offerings compare. | Tool Guideline | ||
|
2022-05-26 20:35:52 | Best SEO tools 2022: How to increase website traffic (lien direct) | >Learn everything you need to know about the basics of search engine optimization, including the top SEO tools for your business. | Tool | ||
|
2022-05-26 19:02:28 | Apache Spark vs Apache Hadoop: Compare data science tools (lien direct) | >One is a lightweight, focused data science utility-the other is a more robust data science platform. Which should you use for your data analytics? | Tool | ||
|
2022-05-26 15:20:30 | Will Coda be your next document management platform? (lien direct) | >With Coda, you can create an efficient collaboration platform and not have to use a combination of tools like Office 365, Trello and Jira. | Tool | ||
 |
2022-05-26 13:53:04 | Retrofitting Temporal Memory Safety on C++ (lien direct) | Posted by Anton Bikineev, Michael Lippautz and Hannes Payer, Chrome security teamMemory safety in Chrome is an ever-ongoing effort to protect our users. We are constantly experimenting with different technologies to stay ahead of malicious actors. In this spirit, this post is about our journey of using heap scanning technologies to improve memory safety of C++.Let's start at the beginning though. Throughout the lifetime of an application its state is generally represented in memory. Temporal memory safety refers to the problem of guaranteeing that memory is always accessed with the most up to date information of its structure, its type. C++ unfortunately does not provide such guarantees. While there is appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future.auto* foo = new Foo();delete foo | Tool Guideline | ||
 |
2022-05-26 12:00:00 | The Cornerstone of Cybersecurity – Cryptographic Standards and a 50-Year Evolution (lien direct) | In today's connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission and in storage. Over the past 50 years, the use of cryptographic tools has expanded dramatically, from limited environments like ATM encryption to every digital application used today. Throughout this long journey, NIST has played a unique leading role in developing critical cryptographic standards. Data Encryption Standard (DES) In the early 1970s, there was little public understanding of cryptography, although most people knew that | Tool Guideline | ||
|
2022-05-26 11:24:36 | Jupyter Notebook vs PyCharm: Software comparison (lien direct) | >Jupyter Notebook and PyCharm are data science notebook and development tools, respectively. Compare key features to see which tool is best for your business. | Tool | ||
|
2022-05-26 10:42:00 | Understanding the Latest Cybersecurity Solutions To Keep Up With Today\'s Threats (lien direct) | Welcome to this week’s blog. We’re getting close to the end of the series in which I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience.
Coming in at number three on our list: Identifying and Utilizing the Latest Cybersecurity Solutions This is not surprising, as just under half of security decision-makers strongly agree that their cybersecurity teams can quickly prioritize threats based on trends, severity, and potential impact.
Cybersecurity Analysts use various tools in their jobs, which can be organized into a few categories: network security monitoring, encryption, web vulnerability, penetration testing, antivirus software, network intrusion detection, and packet sniffers.
Types of Tools
Network security monitoring tools
These tools are used to analyze network data and detect network-based threats.
Encryption tools
Encryption protects data by scrambling text so that it is unreadable to unauthorized users.
Web vulnerability scanning tools
These software programs scan web applications to identify security vulnerabilities, including cross-site scripting, SQL injection, and path traversal.
Penetration testing
Penetration testing, also known as “pen test”, simulates an attack on a computer system to evaluate the security of that system.
Antivirus software
This software is designed to find viruses and harmful malware, including ransomware, worms, spyware, adware, and Trojans.
Network intrusion detection
An Intrusion Detection System (IDS) monitors network and system traffic for unusual or suspicious activity and notifies the administrator if a potential threat is detected.
Packet sniffers
A packet sniffer, also called a packet analyzer, protocol analyzer or network analyzer, is used to intercept, log, and analyze network traffic and data.
Firewall tools
Monitor incoming and outgoing network traffic and permit or block data packets based on security rules.
Detection and Response Platforms
Detection and response services analyze and proactively detect and eventually eliminate cyber threats. Alerts are investigated to determine if any action is required.
As I pointed out in a previous blog, enterprise organizations have deployed over 130 security tools. Here's a look at the current technology security teams use or plan to invest in.
What's even crazier is this stat: CyberDB claims to have more than 3,500 cybersecurity vendors listed in the United States alone. So, how are security professionals supposed to keep up with the latest trends or innovations in technology?
Thankfully, we live in the digital age where information is just a click away. I typically start my day by reading news websites and blogs from security experts and check the twitter. You can also attend webinars and conferences or communicate directly with someone well-versed in the field.
Get Social
Social media networks are excellent sources for finding new content. (Shameless plug, make sure you're following us on LinkedIn and Twitter)
Twitter is particularly useful if you know what hashtags to search for or who to follow. You can see discussions in real-time to get yourself into the conversation; create feed lists to weed out the noise by specifying what security vendors, influencers, and developers you |
Tool Vulnerability Threat | ★★★★★ | |
|
2022-05-25 21:15:08 | CVE-2022-29251 (lien direct) | XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | Tool |
To see everything:
Our RSS (filtrered)
