What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-04 11:00:00 | Rooting out the cybersecurity risk in your CI/CD pipeline (lien direct) | This blog was written by an independent guest blogger. When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade. Some of the managerial and legal tools that will be used to meet this challenge are already available. Advanced vulnerability management programs are now able to deal with continuous environments by default, and the IoT cybersecurity act that has just been signed into law contains provisions that specify the liability of developers in the event of an embedded device getting hacked. On the technical side, however, cybersecurity has yet to catch up with the flexibility and complexity of CI/CD pipelines. In this article, therefore, I want to sketch a holistic way forward: a roadmap for how these environments can begin to be secured in the years to come. This roadmap contains five main pillars: 1. Leadership First, and arguably most importantly, finding security vulnerabilities in your CI/CD pipeline requires brave, involved, and forward-thinking leadership. The central challenge of CI/CD pipelines, from a cybersecurity perspective, is that they are constantly evolving. Security solutions that were developed for the environment of three years ago no longer offer adequate protection. In response, leaders need to inspire every member of an organization to adopt the DevSecOps mindset, in which every individual who interacts with a piece of software takes responsibility for its security. This means that managers need to put in place systems and processes through which developers can work with operations staff and through which software can be designed in a way that all key stakeholders know the risks it is exposed to. In addition, leaders should take a long-term view of security in their organizations. CI/CD pipelines provide a great deal of flexibility when it comes to software design and development, but they also require (at least) a three-year, horizon-scanning approach to security flaw identification. 2. Design for DevOps A related point to the one above is that developers must ensure that the code they write and ship via their CI/CD pipelines is designed for the DevOps approach. This means that all source code should be pre-checked with static analysis tools prior to committing to the integration branch. This verifies that it does not introduce critical code vulnerabilities into real world software. This is particularly important today, because of the range of devices on which the average piece of software is deployed. One of the main promises, and advantages, of CI/CD pipelines is that they allow developers to work in a way that is platform-agnostic. However, this can sometimes blind them to the sheer range of places in which their code will eventually be deployed and potentially exposed to attack. Of particular concern here is the (sometimes unauthorized and often unexpected) deployment of code on smartphones. In 2020, we passed a notable watershed – for the first time in history, the majority of internet traffic originates from cell phones. Given this, it seems absurd that the majority of software is still written, by default, for desktop environments. Making sure that code is thor | Tool Guideline | ||
 |
2021-02-03 13:05:00 | OBIE Launches Free Tool to Fight Open Banking Fraud (lien direct) | New tool is freely available to all firms enrolled in the OBIE Directory | Tool | ||
 |
2021-02-02 16:58:48 | Oracle introduces post-pandemic protection and decision-making tool for HR teams (lien direct) | New return-to-workplace solution, Oracle Fusion Cloud Human Capital Management, helps to maintain safety and helps employees adapt to new working conditions. | Tool | ||
 |
2021-02-02 16:37:33 | A Swiss Army Knife for Industrial Operations Protection (lien direct) | When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are. | Tool | ||
 |
2021-02-02 00:00:00 | (Déjà vu) Mélanges clés de la montée des ransomwares en 2020: Ransomware-as-a-service et double extorse. Key Drivers of Rise of Ransomware in 2020: Ransomware-as-a-Service and Double ExtortionThe key drivers in the rise of ransomware have been double extortion and RaaS.Read More (lien direct) |
Ransomware-as-a-Service and Double ExtortionâRansomware has been a known method for cyber attacks for more than 30 years and has significantly evolved within this timespan. The growth in the number of ransomware attacks in 2020 has marked a pivotal milestone in the ransomware evolution. According to a Check Point study, Global Surges in Ransomware Attacks, in Q3 2020 the daily average of ransomware attacks has increased by 50%, and has specifically increased by 98.1% in the United States. Additionally, the average amount of money requested by attackers in Q3 2020 increased by 178% compared to Q4 of 2019. Supporting this trend, Coalitionâs Cyber Insurance Claims Report stated that more than 40% of the cyber incident claims in Q1 and Q2 2020 were due to ransomware attacks. âTaking into account these statistics, Kovrr has conducted research that included monitoring the activity of trending threats actors, the attacks they were involved with and the victims of these operations through 2020. The research included data from various proprietary and third party data sources including leaked data from the dark web. The research revealed that ransomware attacks have evolved in the following two areas:âMethodology - unlike ransomware attacks witnessed in the past, the last half year of 2020 was characterized by adoption of a new attack method which includes - stealing the companyâs data along with encrypting the attacked companyâs data. This practice is also known as âDouble Extortionâ because the attacker not only encrypts the data but also threatens to publish the companyâs stolen data.  Ransomware as - a - service (RaaS) - a method that recently became popular, which enables potential attackers to purchase already existing ransomware and use it for their desired purposes. âKovrr has researched 16 active âdouble extortionâ ransomware attack campaigns in the last year. Of the campaigns studied, 75% use social engineering (phishing emails) to propagate, while 25% of them involve exploiting a vulnerability in remote access software. In order to fully understand the effect of the ransomware campaigns, Kovrr applied the CRIMZON⢠framework to better analyze and report findings of the research. CRIMZON are an easy to use open framework to measure and understand cyber risk exposure that focus on the minimal elements needed to describe cyber risk accumulation. Elements of the CRIMZON include location, industry, and entity size. Applying the CRIMZON framework to the ransomware campaign research found the top 5 CRIMZON exposed were: âUS_NY_I_S [United States_New York_Services_Small Company]GB_I_S [Great Britain_Services_Small Company] CA_I_S [Canada_Services_Small Company] CA_E_S [Canada_Transportation & Communications_Small Company] US_CA_I_S [United States_California_Services_Small Company]âMost of the attacked companies are located in the U.S. (more than 50% of the targets), followed by Canada, the United Kingdom, Germany and France. Within the U.S., the main states affected were California, Texas, Florida and New York. The industries to which most of the attacked companies belong to are Services (20% of the services category is attributed to educational services), Transportation and Communication, and Manufacturing. âThese findings have a significant impact on the cyber insurance market both in terms of rising claim numbers and entity of the amount claimed. The increase in attacks is more concentrated in particular combinations of location, industry, and entity size (CRIMZON), meaning certain CRIMZON are more susceptible to an attack than others. This paper addresses new ransomware trend characteristics by providing an overview of two major ransomware campaigns encountered in the research; provides examples of ways in which a portfolio can be influenced as a result of the wide a | Ransomware Data Breach Tool Vulnerability Threat Prediction | ★★★ | |
 |
2021-02-01 23:06:35 | Fight against photo and video editing thanks to OSINT (lien direct) | Tags: OSINTviolencephotoThe following lines are the result of collaborative work, under the leadership of Justin Seitz. There are many of us working together, including Heartbroken and Nanardon.
OSINT is an acronym for Open Source Intelligence. It's a set of investigative techniques, allowing information to be retrieved from so-called open sources. Used by journalists, by police or in cybersecurity, OSINT can help to find information but it can also be used to protect yourself from malicious people. Violences against people, especially against women increased and diversified. Harassment, raids, doxxing, revenge porn by video or by pictures, identity theft or school harassment, etc. How to react? How to prevent them? Our goal is to give you simple resources, without the needs for special knowledge. It doesn't substitute support groups, law enforcement, health professionals or lawyers. We trust you. You are not responsible. Facts and situations we will use to illustrate ours kits are criminally and civilly repressed. You are not alone. The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available in this article are for general informational purposes only. Furthermore this article was written mainly in regards to French and European laws. Readers should consult their local laws and contact an attorney to obtain advice with respect to any particular legal matter. This is a great specialty of stalkers: making insulting or degrading photomontages and spreading them on the Web. We can find several hypotheses: Very crude photomontages, which are not intended to be credible; The filthy photomontages, in particular of a pornographic nature; Video montages and more particularly deepfakes. Rough photomontages In this case, we are talking about a photo of the victim, used for a obscene montage. There is no doubt about authenticity of pictures, we know that's a fake. We find collages of memes, for example, Pepe The Frog, combined with photos of their victims. They use images that they have found on the Web: social networks, press clippings, media passages, etc. We also note that it is often the same photomontages that circulate. If the montages circulate on social networks, harassment can be invoked. Indeed, insofar as these photomontages are used for malicious purposes, this falls within this framework. To identify photomontages, we can use what is called a reverse image search. There are several browser extensions and several online tools but our preference will go to Yandex. |
Tool Guideline | ||
|
2021-02-01 12:24:26 | Microsoft\'s cutting-edge machine-learning tool moves from the lab to the mainstream (lien direct) | Machine learning that can explore the world can solve different problems. These are the Microsoft services that make it something mainstream developers can use. | Tool | ||
 |
2021-01-29 16:58:01 | COVID variants throw J&J vaccine a curveball, lowering efficacy to 66% (lien direct) | The adenovirus vector-based vaccine is another useful tool against SARS-CoV-2. | Tool | ||
 |
2021-01-29 09:48:52 | Experts Insight On New Cybercrime Tool Can Build Phishing Pages In Real-Time (lien direct) | A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time. The tool is named “LogoKit” is tracked by RiskIQ beleived… | Tool | ★★★★★ | |
|
2021-01-29 00:33:49 | Fight against digital raids thanks to OSINT (lien direct) | Tags: OSINTviolenceharassmentThe following lines are the result of collaborative work, under the leadership of Justin Seitz. There are many of us working together, including Heartbroken and Nanardon.
OSINT is an acronym for Open Source Intelligence. It's a set of investigative techniques, allowing information to be retrieved from so-called open sources. Used by journalists, by police or in cybersecurity, OSINT can help to find information but it can also be used to protect yourself from malicious people. Violences against people, especially against women increased and diversified. Harassment, raids, doxxing, revenge porn by video or by pictures, identity theft or school harassment, etc. How to react? How to prevent them? Our goal is to give you simple resources, without the needs for special knowledge. It doesn't substitute support groups, law enforcement, health professionals or lawyers. We trust you. You are not responsible. Facts and situations we will use to illustrate ours kits are criminally and civilly repressed. You are not alone. The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available in this article are for general informational purposes only. Furthermore this article was written mainly in regards to French and European laws. Readers should consult their local laws and contact an attorney to obtain advice with respect to any particular legal matter. In recent years, there has been an increase in so-called digital raids. At the instigation of one or more people, usually from a public forum or discussion group, on Telegram, Signal, WhatsApp or Discord, individuals insult another person in a pack on a social network. The goal is to publicly harass and humiliate a person. In most countries, harassment, including digital harassment, is criminally and civilly reprehensible. Recording and archiving What to do if you are the victim of a digital raid? We adapt the answer according to the social network. The common element consists in archiving all received messages. For this, you can use a very handy browser extension: Fireshot. Available for Chrome as well as for Firefox, this tool allows you to save a web page, in image or PDF format. Go to your mentions or notifications or to the page that happens to be the target of offensive or hateful content and take screenshots of all the elements. Make sure that the current time and date appears.  Another tool can help you to archive messages: Single File. It is also an extension for |
Tool Guideline | ||
 |
2021-01-28 15:59:38 | TeamTNT group adds new detection evasion tool to its Linux miner (lien direct) | The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker […] | Tool | ||
 |
2021-01-28 10:57:02 | New toolkit can build phishing pages in real-time (lien direct) | A new phishing tool kit has been developed by a cybercrime group which allows criminals to change text and logos in real-time on phishing pages in order to adapt to victims. The kit is called LogoKit, and according to it RiskIQ is has already been seen in use online. RiskIQ has said that the toolkit […] | Tool | ★★ | |
 |
2021-01-28 05:45:03 | New cybercrime tool can build phishing pages in real-time (lien direct) | The new LogoKit phishing kit has already been spotted on more than 700 unique domains over the past month. | Tool | ||
 |
2021-01-27 21:43:22 | TeamTNT Cloaks Malware With Open-Source Tool (lien direct) | The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. | Malware Tool | ||
 |
2021-01-27 14:00:00 | How is Enterprise Security Like Writing a Novel? (lien direct) | Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many organizations think that buying lots of security solutions and deploying them will make them secure. However, just having a security tool running does not make an enterprise […] | Tool | ||
|
2021-01-27 11:00:00 | TeamTNT delivers malware with new detection evasion tool (lien direct) |
Executive Summary
AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.
The purpose of this blog is to share new technical intelligence and provide detection and analysis options for defenders.
Background
AT&T Alien Labs previously reported on TeamTNT cryptomining malware using a new memory loader based on Ezuri and written in GOlang. Since then, TeamTNT has added another tool to their list of capabilities.
Analysis
The objective of the new tool is to hide the malicious process from process information programs such as `ps` and `lsof`, effectively acting as a defense evasion technique.
The tool, named libprocesshider, is an open source tool from 2014 located on Github, described as "hide a process under Linux using the ld preloader.'' Preloading allows the system to load a custom shared library before other system libraries are loaded. If the custom shared library exports a function with the same signature of one located in the system libraries, the custom version will override it.
The tool implements the function readdir() which is being used by processes such as `ps` to read the /proc directory to find running processes and to modify the return value in case there is a match between the processes found and the process needed to hide.
The new tool arrives within a base64 encoded script hidden in the TeamTNT cryptominer binary or ircbot (figure 1):
Figure 1. base64 encoded script, via Alien Labs analysis.
Upon binary execution, the bash script will run through a multitude of tasks. Specifically, the script will:
Modify the network DNS configuration.
Set persistence through systemd.
Drop and activate the new tool as service.
Download the latest IRC bot configuration.
Clear evidence of activities to complicate potential defender actions.
After decoding, we can observe the bash script functionality and how some malicious activity occurs before the shared library is created (figure 2):
Figure 2. Decoded bash script, via Alien Labs analysis.
The new tool is first dropped as a hidden tar file on disk, the script decompresses it, writes it to '/usr/local/lib/systemhealt.so', and then adds it preload via '/etc/ld.so.preload'. This will be used by the system to preload the file before other system libraries, allowing the attacker to override some common functions (figure 3/4).
Figure 3/4. bash script features, via Alien Labs analysis.
The main purpose of the tool is to hide the TeamTNT bot from process viewer tools, which use the file '/usr/bin/sbin' as you can s |
Malware Tool Threat | ||
 |
2021-01-27 10:16:09 | Linux malware uses open-source tool to evade detection (lien direct) | AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities. [...] | Malware Tool | ★★★ | |
 |
2021-01-27 09:51:40 | TriOp - tool for gathering (not just) security-related data from Shodan.io (tool drop), (Wed, Jan 27th) (lien direct) | If you're a regular reader of our Diaries, you may remember that over the last year and a half, a not insignificant portion of my posts has been devoted to discussing some of the trends in internet-connected systems. We looked at changes in the number of internet-facing machines affected by BlueKeep[1], SMBGhost[2], Shitrix[3] and several other vulnerabilities [4] as well as at the changes in TLS 1.3 support over time[5] and several other areas [6,7]. Today, we're going to take a look at the tool, that I've used to gather data, on which the Diaries were based, from Shodan.io. | Tool | ||
|
2021-01-26 13:00:00 | TrickBot\'s Survival Instinct Prevails - What\'s Different About the TrickBoot Version? (lien direct) | October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trusteer examines […] | Tool | ||
 |
2021-01-26 11:37:41 | Which AppSec Testing Type Should You Deploy First? (lien direct) |  The gold standard for creating an application security (AppSec) program is ??? and always will be ??? to follow best practices. By following preestablished and proven methods, you can ensure that you are maximizing the benefits of your AppSec program.
Unfortunately, time, budget, culture, expertise, and executive buy-in often restrict organizations from following best practices. But that doesn???t mean that you can???t create an impactful AppSec program. You should aim to follow best practices but ??? when you can???t ??? there are practical first steps you can take to position your program for future improvements.
Ideally, you should be using every testing type ??? static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing.
Each AppSec test has its own strengths and weaknesses, with no one tool able to do it all. If you choose not to employ a specific test, you could be leaving your application vulnerable. For example, if you don???t employ software composition analysis, you may miss vulnerabilities in your third-party code. And if you don???t employ dynamic analysis, you could miss configuration errors. But by using all of the testing types together, you can drive down risk across the entire application lifetime from development to testing to production.
If you don???t have the funds or support to employ every AppSec testing type, you should always begin with the test(s) that will have the most impact, in the shortest amount of time, for the least amount of money. This will depend on factors like your release cadence, risk tolerance, and budget.
For organizations releasing software less than four times a year, manual AppSec scans will probably suffice. But if you release software daily or weekly ??? likely in a CI/CD fashion ??? you will need to automate your AppSec scans with each code commit.
You also need to consider the speed of different scan types. Static analysis can provide immediate feedback with each commit. Penetration tests, on the other hand, are much slower because they rely on a human pen-tester to review the code.
But speed isn???t the only concern. You also need to consider the risk of your applications. An application housing sensitive data ??? like banking information ??? needs to undergo more in-depth AppSec tests than a lower-risk application. In-depth AppSec tests, like penetration testing, may take longer but they are critical in preventing cyberattacks. It really comes down to weighing the risk vs. time to market. In some instances, it may be okay to release software with low- or medium-severity risks. But for high-severity risks, you should break the build until the vulnerability is remediated.
Budget is also a major factor. Penetration tests are considerably more expensive than other testing types. So, if you???re on a tight budget, frequent pen tests may not be feasible. You might be better off pen-testing on an annual or bi-annual basis.
Once you???ve successfully implemented the AppSec testing type(s) that provides the most value to your organization, it???s time to start making the case for additional scans. As always, consider your budget, risk tolerance, and technology when adding to your AppSec mix.ツ?
To learn more about AppSec best practices and practical first steps, check out our guide, Application Security Best Practices vs. Practicalities: What to Strive for and Where to Start, and keep an eye out for our upcomin |
Tool Vulnerability | ||
|
2021-01-25 11:31:02 | Microsoft: Our free tool helps to improve your websites (lien direct) | Microsoft Clarity is a specialist tool that brings user experience analysis to the desktop with just a few clicks. | Tool | ||
 |
2021-01-24 17:08:14 | Comprehensive Guide on Dirsearch (lien direct) | In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website directory scanner designed to brute force site structure including directories and files. Table of Content Introduction to Dirsearch | Tool | ||
|
2021-01-24 15:05:15 | Video: Doc & RTF Malicious Document, (Sun, Jan 24th) (lien direct) | I made a video for my diary entry "Doc & RTF Malicious Document". And I show a new feature of my tool re-search.py, that helps with filtering URLs found in OOXML files. | Tool | ||
|
2021-01-22 12:17:49 | The new Microsoft Edge browser will warn you if your password has been leaked online (lien direct) | The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. | Tool | ||
|
2021-01-21 22:32:00 | How to edit a CentOS network connection from the command line (lien direct) | If you're struggling to edit your CentOS network connections from the command line, Jack Wallen shows you a tool that will ease that struggle. | Tool | ||
|
2021-01-21 20:02:55 | New smart hospital platform could be the digital transformation tool healthcare needs (lien direct) | Zyter Smart Hospitals software promises to combine disparate systems, IoT devices, apps, and sensors into one big network of efficient, streamlined care. | Tool | ||
 |
2021-01-21 14:08:16 | SolarWinds Attacks Highlight Importance of Operation-Centric Approach (lien direct) |
We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform. |
Tool | Solardwinds Solardwinds | |
 |
2021-01-21 12:00:00 | How One Rabbi Uses Roleplaying Games to Build Community (lien direct) | Spirituality is only one tool in this community leader's toolkit for bringing people closer together. Character sheets are another. | Tool Guideline | ||
 |
2021-01-20 20:15:15 | CVE-2021-1264 (lien direct) | A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. | Tool Vulnerability | ||
|
2021-01-20 13:01:02 | FireEye releases an auditing tool to detect SolarWinds hackers\' activity (lien direct) | Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. The experts explained how the UNC2452 and other threat actors breached […] | Tool Threat | ★★★★★ | |
|
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Hack Tool Threat | ||
|
2021-01-19 17:15:12 | CVE-2020-35929 (lien direct) | In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | Tool | ★★ | |
|
2021-01-19 14:09:38 | SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader (lien direct) | The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...] | Tool | Solardwinds | |
|
2021-01-19 14:00:04 | FireEye releases tool for auditing networks for techniques used by SolarWinds hackers (lien direct) | New Azure AD Investigator is now available via GitHub. | Tool | ||
|
2021-01-17 11:53:58 | New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) (lien direct) | Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity. | Tool | ||
|
2021-01-16 14:14:01 | Siemens fixed tens of flaws in Siemens Digital Industries Software products (lien direct) | Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […] | Tool | ||
|
2021-01-14 21:28:41 | Craft brewers now have a new tool for sniffing out trace flavor compounds (lien direct) | Thiols impart a pleasant fruity aroma, but they can be difficult to track and measure. | Tool | ★★★★★ | |
|
2021-01-14 15:48:27 | How to install the Hestia Control Panel for an Apache/NGINX PHP-FPM web-based config tool (lien direct) | Hestia is a web-based GUI for configuring NGINX, Apache, and PHP-FPM. Jack Wallen shows you how to get this up and running on Ubuntu Server 20.04. | Tool | ||
|
2021-01-12 17:44:59 | Install Virtualmin on Ubuntu 20.04 for a cPanel/CentOS-like web hosting control panel (lien direct) | If you're looking for a cPanel/CentOS replacement, Jack Wallen thinks Virtualmin might do the job. He'll show you what the tool has to offer and how to install it on Ubuntu Server. | Tool | ||
|
2021-01-12 08:38:14 | (Déjà vu) Bitdefender releases free decrypter for Darkside ransomware (lien direct) | Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware, they could recover their files for free using a tool that was released by the security firm Bitdefender. The decrypter seems to work for all […] | Ransomware Tool | ★★★★ | |
|
2021-01-11 23:00:00 | What is STRIDE and How Does It Anticipate Cyberattacks? (lien direct) | STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] | Tool Threat | ||
 |
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 18:47:09 | Decryptor Released for Ransomware That Allegedly Helped Cybercriminals Make Millions (lien direct) | Bitdefender on Monday announced the availability of a free tool that organizations can use to recover files encrypted by DarkSide, a piece of ransomware that cybercriminals claim helped them make millions. | Ransomware Tool | ||
|
2021-01-11 15:52:48 | Free decrypter released for victims of Darkside ransomware (lien direct) | A new tool released today by Romanian security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand. | Ransomware Tool | ||
|
2021-01-11 14:58:51 | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) (lien direct) | Now with a firm approach to or putting an inventory and using the NVD API (https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ and https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Playing+with+Code+Part+2+of+3/26964/), for any client I typically create 4 inventories: | Tool | ||
|
2021-01-08 12:00:00 | The DC Mobs Could Become a Mythologized Recruitment Tool (lien direct) | Wednesday's riot in Washington was the result of conspiracy theories, anti-government sentiment, and online extremism-and it could start a movement. | Tool | ||
|
2021-01-08 09:48:08 | Ezuri memory loader used in Linux and Windows malware (lien direct) | Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T's Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […] | Malware Tool Threat | ||
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 | |
|
2021-01-07 15:41:12 | Windows PsExec zero-day vulnerability gets a free micropatch (lien direct) | A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. [...] | Tool Vulnerability | ||
|
2021-01-07 11:00:00 | Malware using new Ezuri memory loader (lien direct) |
This blog was written by Ofer Caspi and Fernando Martinez of AT&T Alien Labs
Multiple threat actors have recently started using a Go language (Golang) tool to act as a packer and avoid Antivirus detection. Additionally, the Ezuri memory loader tool acts as a malware loader and executes its payload in memory, without writing the file to disk. While this technique is known and commonly used by Windows malware, it is less popular in Linux environments.
The loader decrypts the malicious malware and executes it using memfd create (as described in this blog in 2018). When creating a process, the system returns a file descriptor to an anonymous file in '/proc/PID/fd/' which is visible only in the filesystem.
Figure 1 shows a code snippet from the loader, containing the information it uses in order to decrypt the payload using the AES algorithm.
Figure 1. Loader code snippet via Alien Labs analysis.
The loader, written in Golang, is taken from the "Ezuri" code on GitHub via the user guitmz. This user originally created the ELF loader around March 2019, when he wrote a blog about the technique to run ELF executables from memory and shared the loader on his github. Additionally, a similar user ‘TMZ’ (presumably associated with the previously mentioned ‘guitmz’) posted this same code in late August, on a small forum where malware samples are shared.
The guitmz user even ran tests against VirusTotal to prove the efficiency of the code, uploading a detected Linux.Cephei sample (35308b8b770d2d4f78299262f595a0769e55152cb432d0efc42292db01609a18) with 30/61 AV detections in VirusTotal, compared to the zero AV detections by the same sample hidden with the Ezuri code (ddbb714157f2ef91c1ec350cdf1d1f545290967f61491404c81b4e6e52f5c41f).
|
Malware Tool Threat |
To see everything:
Our RSS (filtrered)
