What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-05 20:03:50 | What is the ONLYOFFICE Community feature, and why should you use it? (lien direct) | ONLYOFFICE is not only a great web-based office suite and project management tool but an effective platform to keep your teams engaged with one another and the company. | Tool | ||
|
2022-05-05 19:09:54 | Check Point vs Palo Alto: Comparing EDR software (lien direct) | Check Point and Palo Alto are providers of effective endpoint detection and response tools to allow you to surpass detection-based cyber defense and improve your organization's ability to manage cybersecurity risk. But which tool is best for you? | Tool | ||
|
2022-05-05 16:26:47 | How to use KDE Plasma\'s Konsole SSH plugin (lien direct) | Looking for an incredibly easy tool to manage your SSH connections? KDE's terminal application has a handy trick up its sleeve. | Tool | ||
 |
2022-05-05 11:00:56 | Les vulnérabilités dans Avast et AVG mettent des millions en danger Vulnerabilities in Avast And AVG Put Millions At Risk (lien direct) |
Deux défauts de haute sévérité dans les outils de sécurité des utilisateurs finaux populaires permettent aux attaquants d'élever les privilèges et les dispositifs de compromis.
Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices. |
Tool Vulnerability | ★★★ | |
|
2022-05-04 18:37:00 | Are moodables the next best thing in IoT? (lien direct) | More Americans are suffering from depression than ever before. With moodable sensors, we might finally have an IoT tool for mental wellness. | Tool | ||
|
2022-05-04 18:14:46 | How to move from an Android phone to an iPhone (lien direct) | You can more easily switch from an Android phone to an iPhone via a tool called Move to iOS. We'll show you how. | Tool | ||
|
2022-05-03 17:20:31 | Notion vs Trello: Project management software comparison (lien direct) | If your company is considering which project management and communication tool to choose, you should compare the features of Notion and Trello. | Tool | ||
 |
2022-05-03 16:31:00 | Anomali Cyber Watch: Time-to-Ransom Under Four Hours, Mustang Panda Spies on Russia, Ricochet Chollima Sends Goldbackdoor to Journalists, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, LNK files, Malspam, North Korea, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
A Lookback Under the TA410 Umbrella: Its Cyberespionage TTPs and Activity
(published: April 28, 2022)
ESET researchers found three different teams under China-sponsored umbrella cyberespionage group TA410, which is loosely linked to Stone Panda (APT10, Chinese Ministry of State Security). ESET named these teams FlowingFrog, JollyFrog, and LookingFrog. FlowingFrog uses the Royal Road RTF weaponizer described by Anomali in 2019. Infection has two stages: the Tendyron implant followed by a very complex FlowCloud backdoor. JollyFrog uses generic malware such as PlugX and QuasarRAT. LookingFrog’s infection stages feature the X4 backdoor followed by the LookBack backdoor. Besides using different backdoors and exiting from IP addresses located in three different districts, the three teams use similar tools and similar tactics, techniques, and procedures (TTPs).
Analyst Comment: Organizations should keep their web-facing applications such as Microsoft Exchange or SharePoint secured and updated. Educate your employees on handling suspected spearphishing attempts. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Native API - T1106 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Inter-Process Communication - T1559 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Rootkit - T1014 | [MITRE ATT&CK] Process Injection - T1055 | |
Ransomware Malware Tool Vulnerability Threat Guideline Cloud | APT 37 APT 10 APT 10 | |
|
2022-05-03 14:36:25 | Amazon CloudWatch vs Pingdom: Monitoring tool comparison (lien direct) | Let's compare the features of two popular website monitoring tools, Pingdom and Amazon CloudWatch, to determine what makes each one unique and what you should consider before adopting each tool. | Tool | ||
|
2022-05-03 14:08:13 | The COVID-19 gender gap: Addressing bias at work can help bring women back to the office (lien direct) | The global pandemic highlighted inequities at the workplace and the greater stresses women face. Here's how a new tool that uses science to uncover bias at work can improve workplaces for women. | Tool | ||
 |
2022-05-03 06:08:45 | Package Analysis dynamic analyzes packages in open-source repositories (lien direct) | The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis, to perform dynamic analysis of the packages uploaded to popular open-source repositories. […] | Tool | ||
|
2022-05-02 22:46:55 | CyberArk vs BeyondTrust: Compare IAM solutions (lien direct) | It's time to upgrade your IAM software, but which security tool should you choose? See how the features of CyberArk and BeyondTrust compare. | Tool | ||
 |
2022-05-02 20:15:08 | CVE-2021-41810 (lien direct) | Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | Tool | ||
 |
2022-05-02 09:30:00 | UNC3524: Eye Spy sur votre e-mail UNC3524: Eye Spy on Your Email (lien direct) |
Mise à jour (novembre 2022): Nous avons fusionné UNC3524 avec APT29. L'activité UNC3524 décrite dans ce post est désormais attribuée à APT29.
Depuis décembre 2019, Mandiant a observé que les acteurs avancés des menaces augmentent leur investissement dans des outils pour faciliter la collecte de courriels en vrac dans les environnements de victime, en particulier en ce qui concerne leur soutien aux objectifs d'espionnage présumés.Les e-mails et leurs pièces jointes offrent une riche source d'informations sur une organisation, stockée dans un emplacement centralisé pour les acteurs de menace à collecter.La plupart des systèmes de messagerie, qu'ils soient sur site ou dans le cloud, offrent
UPDATE (November 2022): We have merged UNC3524 with APT29. The UNC3524 activity described in this post is now attributed to APT29. Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives. Email messages and their attachments offer a rich source of information about an organization, stored in a centralized location for threat actors to collect. Most email systems, whether on-premises or in the cloud, offer |
Tool Threat | APT 29 | ★★ |
 |
2022-05-01 21:51:22 | Here\'s a New Tool That Scans Open-Source Repositories for Malicious Packages (lien direct) | The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the | Tool | ||
|
2022-04-29 21:12:21 | Datadog vs New Relic: Compare DevOps tools (lien direct) | Datadog vs. New Relic: Which is the best DevOps tool for your business? This guide will help you choose. | Tool | ||
 |
2022-04-29 17:32:59 | Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage (lien direct) |  socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.
Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.
Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.
|
Tool | ||
|
2022-04-29 14:45:19 | LogMeIn vs GoToMyPC: Compare remote desktop software (lien direct) | LogMeIn and GoToMyPC are two of the top remote access software solutions. Read this feature comparison to learn which remote desktop tool is right for your business. | Tool | ||
|
2022-04-29 13:09:34 | OneLogin vs Okta: Comparing IAM solutions (lien direct) | Which identity and access management software should you choose? Compare the features of OneLogin and Okta to see if either is the right IAM tool for your business. | Tool | ||
|
2022-04-28 11:00:00 | More Tools, More Problems: Why It\'s Important to Ensure Security Tools Work Together (lien direct) | Welcome to blog #six as I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience. In the last blog, I wrote about the challenges that organizations have with disparate tools, highlighted by the fact that mature enterprise organizations deployed over 130 security tools on average. That blog is a perfect introduction to number five on our list of challenges enterprise organizations face: ‘Solutions not customized to the types of risks we face.’ More Tools, More Problems Most security teams use several security management tools to help them manage their security infrastructure. While each tool was acquired for a specific reason and purpose, introducing each tool into an existing security tech stack poses a different challenge. Unfortunately, there’s no one size fits all approach. Every new security tool introduced requires integration to use the tool effectively. It takes a lot of time and effort to implement a tool properly into your environment and processes. There would most likely need training involved for those analysts who would be using the new tools. While necessary, these tasks take time and attention away from everyday activities and can significantly decrease a security team’s effectiveness before they’re fully integrated into their workflow. Increasing in Multiple Tools Increases Security Complexity The increasing adoption of cybersecurity solutions has created more consequences and challenges for organizations and their IT teams. With each addition of a new solution, another problem emerges Tool sprawl. Tool sprawl is when an organization invests in various tools that make it harder for IT teams to manage and orchestrate the solution. Time is a precious commodity, especially in cybersecurity. It takes time to collect information from multiple tools and disparate data sources, then correlate it manually with the necessary intelligence. Instead of responding quickly to an attack, analysts will waste time collecting the data and relevant intelligence needed to understand what kind of attacks they are dealing with and which actions they should take. Instead of fixing a problem, security teams may suddenly find that they’ve added more. How Cybersecurity Tools Grew Out of Control Traditional cybersecurity operations were designed to manage anti-viruses, install and monitor firewalls, protect data, and help users manage passwords. It was evident by the mid-1990s that investing in cybersecurity would be necessary. Organizations now had a budget for security and had to figure out which parts of their infrastructure were most vulnerable. As their strategy evolved, organizations began investing in hiring cybersecurity experts but realized people are expensive. They then began buying various tools to complement their security professionals. They soon realized that there was a security tool you could buy that could help resolve the situation for any potential problem. The desire to throw tools at a situation continues today. Cybersecurity budgets have increased since the pandemic sped up digital transformation efforts and increased an organization’s attack surface. Board members and Executives realize the need to invest more in cybersecurity. New security products continue to spring up, promising to solve problems and secure all the various parts of businesses’ technology stacks. Unfortunately, when adding tools, too many organizations make the mistake of looking for a quick fix, working in silos to solve one problem rather than t | Tool Threat Guideline | ||
|
2022-04-27 16:15:11 | CVE-2022-22521 (lien direct) | In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. | Tool | ||
|
2022-04-26 16:24:00 | Anomali Cyber Watch: Gamaredon Delivers Four Pterodos At Once, Known-Plaintext Attack on Yanlouwang Encryption, North-Korea Targets Blockchain Industry, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, CatalanGate, Cloud, Cryptocurrency, Information stealers, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
(published: April 25, 2022)
Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables.
Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | |
Ransomware Malware Tool Vulnerability Threat Guideline Medical | Uber APT 38 APT 28 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-22 19:32:36 | Chef vs Terraform: DevOps tool comparison (lien direct) | Server configuration, automation and infrastructure development are at the heart of every IT business operation. Read this feature comparison of two DevOps tools, Chef and Terraform, to enhance your IT efficiency. | Tool | ||
 |
2022-04-22 18:30:28 | A Detailed Guide on Hydra (lien direct) | Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent | Tool | ||
|
2022-04-21 19:15:08 | CVE-2021-43708 (lien direct) | The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | Tool | ||
|
2022-04-21 16:54:59 | Terraform vs Puppet: DevOps tool comparison (lien direct) | Not all software tools are created equal, and one solution may be more beneficial to your DevOps needs than another. Read on to learn more about two popular DevOps tools: Terraform and Puppet. | Tool | ||
 |
2022-04-21 12:07:55 | Free Yanlouwang decryptor released, after flaw found in ransomware code (lien direct) | Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don't have to pay the ransom. | Ransomware Tool | ||
|
2022-04-20 22:34:24 | Bamboo vs Jenkins: DevOps tools comparison (lien direct) | To choose the best CI/CD tool to power your DevOps initiatives, you need to take a close look at the features offered by the top contenders. See how two DevOps solutions, Bamboo and Jenkins, compare. | Tool | ||
|
2022-04-19 17:44:23 | Monday.com vs Smartsheet: Project management software comparison (lien direct) | Smartsheet and monday work management are two similar project management tools. Here's a key feature comparison to help you choose which PM tool is right for your business. | Tool | ||
|
2022-04-18 05:58:45 | Researchers Share In-Depth Analysis of PYSA Ransomware Group (lien direct) | An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to | Ransomware Malware Tool Threat | ||
|
2022-04-15 19:30:55 | Prometheus vs Zabbix: Network monitoring tools comparison (lien direct) | Prometheus and Zabbix are popular network monitoring solutions with large and active communities. Which is the better tool for you? | Tool | ||
|
2022-04-15 19:15:12 | CVE-2022-24851 (lien direct) | LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1. | Tool Guideline | ||
|
2022-04-15 18:07:00 | A Detailed Guide on Medusa (lien direct) | Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of | Tool | ||
|
2022-04-15 16:15:01 | Wrike vs Monday: Project management software comparison (lien direct) | Wrike and monday work management are popular project management tools. Here's a features comparison rundown to help you decide which PM tool is best for your business. | Tool | ★★ | |
|
2022-04-15 15:42:55 | Best DevOps Tools & Solutions 2022: Compare DevOps Software (lien direct) | Running a successful DevOps operation requires a comprehensive tool set to support each phase of the software development cycle. | Tool | ||
|
2022-04-15 15:15:12 | CVE-2022-20676 (lien direct) | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. | Tool Vulnerability | ||
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-14 19:47:55 | Talend vs Fivetran: ETL tool comparison (lien direct) | Choosing the best ETL tool is paramount for business success. Find the optimum solution with the help of this feature comparison of Talend and Fivetran. | Tool | ||
|
2022-04-14 19:32:53 | Site24x7 vs Dynatrace: Website monitoring tool comparison (lien direct) | See how the popular website monitoring tools Site24x7 and Dynatrace compare. | Tool | ||
|
2022-04-14 11:00:00 | More is Less: The Challenge of Utilizing Multiple Security Tools (lien direct) | Greetings everyone, and welcome to this week’s blog. This week, I’m diving into number six in our “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience: Lack of integrated cyber-security solutions. To deal with the cyberthreats they face every day, Enterprise Security Decision Makers seek new and well-supported solutions. They look for solutions that are easy to use and integrate with other cybersecurity systems and different parts of their organizations. 44% of those surveyed said that easily integrating with other cybersecurity tools is essential when evaluating cybersecurity solutions. What do you look for? initIframe('62573c84d0742a0929d79352'); So why do almost half of enterprise decision-makers want easily integrated tools? Enterprises frequently deploy new security tools and services to address changing needs and an increase in threats. In fact, according to recent findings, mature security organizations have deployed on average: Small business: 15 and 20 security tools Medium-sized companies: 50 to 60 security tools Enterprises: over 130 tools security tools If you like math, check out these stats: A typical six-layer enterprise tech stack, composed of networking, storage, physical servers, virtualization, management, and application layers, causes enterprise organizations to struggle with 1.6 billion versions of tech installations for 336 products by 57 vendors. Increasing Investments Our research showed that 74% of organizations had increased their cybersecurity budgets to help defend against increasing cyber-attacks. Despite these increasing investments in cybersecurity, only 46% are very confident that their cyber-protection technologies can detect today’s sophisticated attacks. While investment is on the uptake, effectiveness is not. Response efforts have been hindered by the complexity caused by fragmented toolsets, highlighting that investing in too many tools can reduce the effectiveness of security defenses. More Tools, More Problems The wide variety of tools enterprises invest their time and money into to combat security threats can create numerous issues. Security analysts are understandably frustrated. They’re spending most of their time chasing false positives and performing manual processes born from these disparate toolsets. They’re working longer hours and are under more pressure to protect the business. CSO Online provides a good article listing the top challenges of security tool integration: 7 top challenges of security tool integration | CSO Online Too many security tools Lack of interoperability among security tools Broken functionality Limited network visibility Increase in false alarms Failure to set expectations properly Lack of skills You can find the full article here. Source: csoonline.com For this blog, I’ll focus on what I think is the biggest challenge the article did not mention: Disparate tools create siloed organizations. Creating Gaps and Silos In the last | Tool Threat Guideline | ||
|
2022-04-13 19:50:30 | GitLab vs Bitbucket: DevOps tools comparison (lien direct) | Read this feature comparison of two popular DevOps solutions: Atlassian's Bitbucket and the open source platform GitLab. Which is the right DevOps tool for your organization? | Tool | ||
|
2022-04-13 17:13:23 | How to install Filerun file share and sync on AlmaLinux (lien direct) | Filerun can help you store and manage files, photos, movies and more. Here's how to install this great tool for any business (or home) that even includes a built-in versioning system. Jack Wallen will show you. | Tool | ||
|
2022-04-13 15:30:00 | Inconstruire: les nouveaux outils de cyberattaques parrainés par l'État ciblent plusieurs systèmes de contrôle industriel INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (lien direct) |
Au début de 2022, Mandiant, en partenariat avec Schneider Electric, a analysé un ensemble de nouveaux outils d'attaque orientés vers le système de contrôle industriel (ICS) - que nous appelons Inconstroller (aka PipeDream) - construit aux dispositifs d'automatisation des machines cibles.Les outils peuvent interagir avec des équipements industriels spécifiques intégrés dans différents types de machines exploitées dans plusieurs industries.Bien que le ciblage de tout environnement opérationnel utilisant cet ensemble d'outils ne soit pas clair, le malware pose un risque critique pour les organisations tirant parti de l'équipement ciblé.Inconstroller est très probablement parrainé par l'État et contient
In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. INCONTROLLER is very likely state sponsored and contains |
Malware Tool Industrial | ★★★★ | |
 |
2022-04-13 12:35:03 | How to SLSA Part 2 - The Details (lien direct) | Posted by Tom Hennen, software engineer, BCID & GOSST In our last post we introduced a fictional example of Squirrel, Oppy, and Acme learning to use SLSA and covered the basics of what their implementations might look like. Today we'll cover the details: where to store attestations and policies, what policies should check, and how to handle key distribution and trust.Attestation storageAttestations play a large role in SLSA and it's essential that consumers of artifacts know where to find the attestations for those artifacts.Co-located in repoAttestations could be colocated in the repository that hosts the artifact. This is how Squirrel plans to store attestations for packages. They even want to add support to the Squirrel CLI (e.g. acorn get-attestations foo@1.2.3).Acme really likes this approach because the attestations are always available and it doesn't introduce any new dependencies.RekorMeanwhile, Oppy plans to store attestations in Rekor. They like being able to direct users to an existing public instance while not having to maintain any new infrastructure themselves, and the in-depth defense the transparency log provides against tampering with the attestations.Though the latency of querying attestations from Rekor is likely too high for doing verification at time of use, Oppy isn't too concerned since they expect users to query Rekor at install time.HybridA hybrid model is also available where the publisher stores the attestations in Rekor as well as co-located with the artifact in the repo-along with Rekor's inclusion proof. This provides confidence the data was added to Rekor while providing the benefits of co-locating attestations in the repository.Policy content'Policy' refers to the rules used to determine if an artifact should be allowed for a use case.Policies often use the package name as a proxy for determining the use case. An example being, if you want to find the policy to apply you could look up the policy using the package name of the artifact you're evaluating.Policy specifics may vary based on ease of use, availability of data, risk tolerance and more. Full verification needs more from policies than delegated verification does.Default policyDefault policies allow admission decisions without the need to create specific policies for each package. A default policy is a way of saying “anything that doesn't have a more specific policy must comply with this policy”.Squirrel plans to eventually implement a default policy of “any package without a more specific policy will be accepted as long as it meets SLSA 3”, but they recognize that most packages don't support this yet. Until they achieve critical mass they'll have a default SLSA 0 policy (all artifacts are accepted).While Oppy is leaving verification to their users, they'll suggest a default policy of “any package built by 'https://oppy.example/slsa/builder/v1'”.Specific policySquirrel also plans to allow users to create policies for specific packages. For example, this policy requires that package 'foo' must have been built by GitHub Actions, from github.com/foo/acorn-foo, and be SLSA 4. | Tool | ||
|
2022-04-12 19:06:00 | Anomali Cyber Watch: Zyxel Patches Critical Firewall Bypass Vulnerability, Spring4Shell (CVE-2022-22965), The Caddywiper Malware Attacking Ukraine and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Caddywiper, Colibri Loader, Gamaredon, SaintBear, SolarMaker and Spring4Shell. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New SolarMaker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
(published: April 8, 2022)
Palo Alto Researchers have released their technical analysis of a new version of SolarMaker malware. Prevalent since September 2020, SolarMaker’s initial infection vector is SEO poisoning; creating malicious websites with popular keywords to increase their ranking in search engines. Once clicked on, an encrypted Powershell script is automatically downloaded. When executed, the malware is installed. SolarMaker’s main functionality is the theft of web browser information such as stored passwords, auto-fill data, and saved credit card information. All the data is sent back to an encoded C2 server encrypted with AES. New features discovered by this technical analysis include increased dropper file size, droppers are always signed with legitimate certificates, a switch back to executables instead of MSI files. Furthermore, the backdoor is now loaded into the dropper process instead of the Powershell process upon first time execution.
Analyst Comment: Never click on suspicious links, always inspect the url for any anomalies. Untrusted executables should never be executed, nor privileges assigned to them. Monitor network traffic to assist in the discovery of non standard outbound connections which may indicate c2 activity.
MITRE ATT&CK: [MITRE ATT&CK] Data Obfuscation - T1001 | [MITRE ATT&CK] Encrypted Channel - T1573 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: SolarMaker, Jupyter, Powershell, AES, C2, SEO poisoning
Google is on Guard: Sharks shall not Pass!
(published: April 7, 2022)
Check Point researchers have discovered a series of malicious apps on the Google Play store that infect users with the info stealer Sharkbot whilst masquerading as AV products. The primary functionality of Sharkbot is to steal user credentials and banking details which the user is asked to provide upon launching the app. Furthermore, Sharkbot asks the user to permit it a wide array of permissions that grant the malware a variety of functions such as reading and sending SMS messages and uninstalling other applications. Additionally, the malware is able to evade detection through various techniques. Sharkbot is geofenced, therefore it will stop functioning if it detects the user is from Belarus, China, India, Romania, Russia or Ukraine. Interestingly for Android malware, Sharkbot also utilizes domain generation algorithm (DGA). This allows the malware to dynamically generate C2 domains to help the malware function after a period of time even i |
Malware Tool Vulnerability Threat Patching | APT-C-23 | |
 |
2022-04-12 16:35:29 | OpenSSH Moves to Prevent \'Capture Now, Decrypt Later\' Attacks (lien direct) | OpenSSH has joined the high-stakes fight to protect data from quantum computers. The latest version of the widely used encryption and connectivity tool has been fitted with new features to prevent "capture now, decrypt later" attacks linked to advancements in quantum computing. | Tool | ||
|
2022-04-11 18:03:43 | How to list Linux services with systemctl for easier troubleshooting (lien direct) | If you serve as an admin over Linux systems, one tool that you'll fall back on daily is systemctl. Jack Wallen shows you how easy it is to list services with this command. | Tool | ||
|
2022-04-11 17:58:36 | How to repair a Microsoft Outlook PST or OST file with the Inbox Repair tool (lien direct) | Microsoft's Inbox Repair tool can solve certain problems with your Outlook file. Find out how you can fix issues that may arise from a corrupt personal folder file. | Tool | ||
|
2022-04-11 17:26:45 | How to convert all your Snap packages to Flatpak on Ubuntu with Unsnap (lien direct) | For anyone who wants to dump Snap in favor of Flatpak, a new tool has surfaced to make this process simple. Let Jack Wallen introduce you to Unsnap. | Tool |
To see everything:
Our RSS (filtrered)
