What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-09 06:00:24 | Offensif et défensif: renforcer la sensibilisation à la sécurité avec deux approches d'apprentissage puissantes Offensive and Defensive: Build Security Awareness with Two Powerful Learning Approaches (lien direct) |
“Offensive” security awareness and “defensive” security awareness are two learning approaches that you can use to build a robust security culture in your company. They involve applying different strategies to educate your employees about threats and how they can respond to them safely. You may have heard the terms “offensive cybersecurity” and “defensive cybersecurity.” You use defensive tools and techniques to strengthen security vulnerabilities. And with offensive tools and techniques, you focus on identifying those vulnerabilities before attackers find them first. How do defensive and offensive approaches apply to security awareness? Here\'s a quick overview: With a defensive approach, users learn the fundamentals of security. With an offensive approach, users learn how to protect themselves and the business against future threats. Let\'s use a sports analogy here. You can actively learn to be a defensive goalie and block threats. Then, you can take your skills up a level and learn to score points with protective techniques. With Proofpoint Security Awareness, our industry-leading threat intelligence informs both approaches. We help people learn how to defend against current threats. And we give them the tools for taking offensive action against future threats. Live-action series about Insider Threats. (play video) Defensive security awareness: set the foundation We all have to start with the basics, right? With defensive security awareness, you teach people the fundamentals of security and set the stage for safe behavior. This training is often reactive. It enables people to respond to immediate threats and incidents as they arise. At Proofpoint, we believe in using behavioral science methodologies, like adaptive learning and contextual nudges. We combine this with a threat-driven approach, weaving trend analysis and insights about recent security breaches into our training. A personalized adaptive framework The adaptive learning framework is a personalized defensive approach to training. It recognizes that everyone learns differently; it is the opposite of a one-size-fits-all approach. You can teach security fundamentals in a way that is meaningful for each person based on what they know, what they might do and what they believe. This framework lets you drive behavior change with education that is tailored to each person\'s needs. That can include their professional role, industry, content style and native language. The learner can engage with a wide variety of styles and materials. And each training is tied to a specific learning objective. Adaptive learning recognizes that people learn best in short bursts that are spread over time. Our microlearning video modules are under three minutes, and our nano-learning videos are under one minute. These formats give people the flexibility to learn at their own pace. For instance, our “You\'re Now a Little Wiser” nano series offers bite-size training on topics such as data protection to help users learn about specific threats. Screenshots from a one-minute nano-learning video. Contextual nudges and positive reinforcement Training is essential if you want to build a robust security culture. But it is not enough to change behavior fully. Here is where contextual nudges play a vital role in helping to reinforce positive behavior habits once they are formed. These deliberate interventions are designed to shape how people behave. Nudges are rooted in a deep understanding of human behavior. They can move people toward making better decisions, often without them realizing it. They are gentle reminders that can guide people toward creating optimal outcomes. That, in turn, helps to foster a defensive security-conscious culture in your company. It is important to find the respectful balance of nudging people toward secure behaviors without being too intrusive or complex. For example, when a user fails a phishing simulation exercise, Proofpoint Security Awareness offers “Tea | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
 |
2024-02-08 21:14:16 | \\ 'coyote \\' Le malware commence sa chasse, s'attaquant à 61 applications bancaires \\'Coyote\\' Malware Begins Its Hunt, Preying on 61 Banking Apps (lien direct) |
Le Brésil, le Center for Banking Trojan malware du monde, a produit l'un de ses outils les plus avancés à ce jour.Et comme le montre l'histoire, Coyote pourrait bientôt étendre son territoire.
Brazil, the world\'s center for banking Trojan malware, has produced one of its most advanced tools yet. And as history shows, Coyote may soon expand its territory. |
Malware Tool | ★★★ | |
 |
2024-02-08 20:42:07 | The Nine Lives of Commando Cat: Analyser une nouvelle campagne de logiciels malveillants ciblant Docker The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker (lien direct) |
#### Description
Les chercheurs de CADO ont découvert une nouvelle campagne de logiciels malveillants appelée "Commando Cat" qui cible les points de terminaison API Docker exposés.La campagne est une campagne de cryptojacking qui exploite Docker comme vecteur d'accès initial et monte le système de fichiers de l'hôte \\ avant d'exécuter une série de charges utiles interdépendantes directement sur l'hôte.Les charges utiles sont livrées aux instances API Docker exposées sur Internet.
L'attaquant demande à Docker de baisser une image Docker appelée cmd.cat/chattr.Le projet CMD.cat "génère des images Docker à la demande avec toutes les commandes dont vous avez besoin et les pointer simplement par nom dans la commande docker run."Il est probablement utilisé par l'attaquant pour ressembler à un outil bénin et non à susciter des soupçons.
L'attaquant crée ensuite le conteneur avec une commande personnalisée à exécuter.L'objectif principal de la charge utile user.sh est de créer une porte dérobée dans le système en ajoutant une clé SSH au compte racine, ainsi qu'en ajoutant un utilisateur avec un mot de passe connu de l'attaquant.Le script tshd.sh est responsable du déploiement de Tinyshell (TSH), une porte dérobée Unix open source écrite en C. Le script GSC.Sh est responsable du déploiement d'une porte dérobée appelée GS-Netcat, une version gonflée de Netcat qui peut perforerà travers Nat et les pare-feu.Le script AWS.SH est un créneau d'identification qui tire des informations d'identification à partir d'un certain nombre de fichiers sur le disque, ainsi que des IMD et des variables d'environnement.La charge utile finale est livrée en tant que script codé de base64 plutôt que dans la méthode traditionnelle de Curl-Into-bash utilisée précédemment par le malware.Cette base64 est repris dans Base64 -D, puis a tué dans le bash.
#### URL de référence (s)
1. https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/
#### Date de publication
1er février 2024
#### Auteurs)
Nate Bill
Matt Muir
#### Description Cado researchers have discovered a new malware campaign called "Commando Cat" that targets exposed Docker API endpoints. The campaign is a cryptojacking campaign that leverages Docker as an initial access vector and mounts the host\'s filesystem before running a series of interdependent payloads directly on the host. The payloads are delivered to exposed Docker API instances over the internet. The attacker instructs Docker to pull down a Docker image called cmd.cat/chattr. The cmd.cat project "generates Docker images on-demand with all the commands you need and simply point them by name in the docker run command." It is likely used by the attacker to seem like a benign tool and not arouse suspicion. The attacker then creates the container with a custom command to execute. The primary purpose of the user.sh payload is to create a backdoor in the system by adding an SSH key to the root account, as well as adding a user with an attacker-known password. The tshd.sh script is responsible for deploying TinyShell (tsh), an open-source Unix backdoor written in C. The gsc.sh script is responsible for deploying a backdoor called gs-netcat, a souped-up version of netcat that can punch through NAT and firewalls. The aws.sh script is a credential grabber that pulls credentials from a number of files on disk, as well as IMDS, and environment variables. The final payload is delivered as a base64 encoded script rather than in the traditional curl-into-bash method used previously by the malware. This base64 is echoed into base64 -d, and then piped into bash. #### Reference URL(s) 1. https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/ #### Publication Date February 1, 2024 #### Author(s) Nate Bill Matt Muir |
Malware Tool | ★★★ | |
 |
2024-02-08 08:06:33 | La surtension des attaques de «swap de visage» profonds met en danger la vérification de l'identité à distance Surge in deepfake "Face Swap" attacks puts remote identity verification at risk (lien direct) |
De nouvelles recherches montrent une augmentation de 704% des attaques de profondeur "Swap" de la première à la seconde moitié de 2023. Un rapport de la société biométrique Iproov avertit que les fraudeurs "aléatoire" utilisent de plus en plus des outils standard pour créer des manipulations manipuléesimages et vidéos.Les analystes d'Iproov \\ suivent plus de 100 applications et référentiels d'échanges de visage, ce qui signifie qu'il existe une large sélection d'outils d'IA génératifs à faible coût, facilement accessiblesun test "vivante".Un test "Lively" sera généralement ...
New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023. A report from biometric firm iProov warns that "face-swapping" fraudsters are increasingly using off-the-shelf tools to create manipulated images and videos. iProov\'s analysts are tracking over 100 face swap apps and repositories, meaning that there is a wide selection of low-cost, easily accessible generative AI tools that can create highly convincing deepfakes to trick humans and some remote identity verification solutions that do a "liveness" test. A "liveness" test will typically... |
Tool | ★★ | |
 |
2024-02-08 00:00:33 | Les propriétaires d'iPhone ciblés par des pirates gouvernementaux, explique Google iPhone Owners Targeted By Government Hackers, Says Google (lien direct) |
Le groupe d'analyse des menaces de Google (TAG) de a révélé mardi que les pirates gouvernementaux ciblaient les utilisateurs d'iPhone avec des vulnérabilités zéro jour, en particulier celles considérées comme des utilisateurs «à haut risque», tels que des journalistes, des défenseurs des droits de l'homme, des dissidents etPoliticiens du parti d'opposition.
Mardi, Google a publié «Achat Spinging», un rapport approfondi détaillant les fournisseurs de surveillance commerciale (CSV).Dans le rapport, le géant de la recherche a appelé les États-Unis et d'autres gouvernements à prendre des mesures plus strictes contre les ventes de logiciels espions et l'utilisation abusive des outils de surveillance.
«Ces capacités ont augmenté la demande de technologie des logiciels espions, faisant la place à une industrie lucrative utilisée aux gouvernements et aux acteurs néfastes la possibilité d'exploiter les vulnérabilités dans les appareils de consommation», indique le rapport de balise
«Bien que l'utilisation de logiciels espions affecte généralement un petit nombre de cibles humaines à la fois, ses ondulations plus larges à travers la société en contribuant à des menaces croissantes à la liberté d'expression, à la presse libre et à l'intégrité des élections dans le monde.»
La balise de Google \\, l'équipe de la société qui examine le piratage soutenu par la nation, dans son rapport détaillé comment il suit activement environ 40 CSV de différents niveaux de sophistication et d'exposition publique, qui sont développés, vendus, vendus,et les logiciels espions déployés.
Il fait également la lumière sur plusieurs cyber campagnes dirigées par le gouvernement qui ont utilisé des outils de piratage développés par des vendeurs de logiciels espions et d'exploits, notamment Variston basé à Barcelone, une start-up de la technologie de surveillance et de piratage.
Dans l'une des campagnes, selon Google, les agents du gouvernement ont profité de trois vulnérabilités non identifiées d'iPhone «zéro-jours» qui n'étaient pas connues à Apple à l'époque pour exploiter le système d'exploitation iPhone du géant de Cupertino \\.Le logiciel espion en question, développé par Variston, a été analysé deux fois par Google en 2022 et 2023, indiquant que l'éminence croissante de la société dans le secteur des technologies de surveillance.
Google a déclaré avoir découvert le client Variston inconnu utilisant ces zéro-jours pour cibler les iPhones en Indonésie en mars 2023. Les pirates ont livré un SMS contenant un lien malveillant infectant le téléphone de la cible \\ avec des logiciels espions, puis en redirigeantLa victime d'un article de presse du journal indonésien Pikiran Rakyat.Dans ce cas, Google n'a pas révélé l'identité du client du gouvernement de Variston.
La société a spécifiquement appelé certains CSV, notamment la société israélienne NSO qui a développé les logiciels espions notoires de Pegasus, qui est devenu une menace mondiale pour les défenseurs des droits de l'homme et des droits de l'homme.Les autres sociétés nommées dans le rapport qui développent des logiciels espions comprennent les entreprises italiennes Cy4gate et RCS Labs, la société grecque Intellexa et la société italienne relativement récente Negg Group et Spain \'s Variston.
«Nous espérons que ce rapport servira d'appel à l'action.Tant qu'il y aura une demande des gouvernements pour acheter une technologie de surveillance commerciale, les CSV continueront de développer et de vendre des logiciels espions », indique le rapport de balise
«Nous pensons qu'il est temps que le gouvernement, l'industrie et la société civile se réunissent pour changer la structure incitative qui a permis à ces technologies de se propager si largement», a ajouté le groupe.
Google\'s Threat Analysis Group (TAG) on Tuesday revealed that government hackers ta |
Tool Vulnerability Threat Mobile Commercial | ★★★ | |
 |
2024-02-07 15:15:00 | Les géants mondiaux de la coalition et de la technologie s'unissent contre la maltraitance commerciale des logiciels espions Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse (lien direct) |
Une coalition de dizaines de pays, dont la France, le Royaume-Uni, et les États-Unis, ainsi que des sociétés technologiques telles que Google, MDEC, Meta et Microsoft, ont signé un accord conjoint pour limiter l'abus de logiciels espions commerciaux pour commettre des violations des droits de l'homme.
L'initiative, surnommée le processus & nbsp; Pall Mall, vise à lutter contre la prolifération et l'utilisation irresponsable d'outils de cyber-intrusion commerciaux par
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by |
Tool Commercial | ★★ | |
 |
2024-02-07 11:00:00 | L'art secret de la stéganographie The Covert Art of Steganography (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In cybersecurity, where information is both an asset and a potential target, various techniques are used to secure data and communications. One such covert art is steganography, which hides information within seemingly innocuous files to avoid detection. This article dives into the fascinating world of steganography, its history, techniques, and applications in the digital age. Understanding steganography Steganography, derived from the Greek words "steganos" (meaning covered) and "graphy" (meaning writing), is the art of concealing information within other data in a way that is not easily noticeable. Unlike cryptography, which seeks to make information unreadable, steganography aims to hide the existence of the information itself. Historical roots Steganography can be traced back to ancient times when people sought secure means of communication. Tattooing messages on shaved heads was one of the earliest recorded uses, allowing messengers to transmit information undetected. Another historical example is using invisible ink to write hidden messages during wartime. Digital steganography Steganography has evolved into a sophisticated practice in the digital age, utilizing the vast amounts of data exchanged on the internet. Digital steganography is the process of hiding information within digital media, such as images, audio files, and even executable files. The goal is to render the hidden data invisible to both human observers and automated tools. Digital steganography techniques Image steganography: | Tool Threat | ★★ | |
 |
2024-02-07 10:23:12 | Mindgard a lancé le laboratoire de sécurité de MindGuard \\ Mindgard launched Mindguard\\'s AI Security Lab (lien direct) |
L'outil gratuit de Mindgard \\ soulève le couvercle sur des cyber-risques AI inconnus et non détectés
• Les laboratoires de sécurité AI de Mindgard \\ automatisent les tests de sécurité de l'IA et les évaluations des menaces actuellement non détectées par les organisations en raison du manque de compétences, de temps et d'argent
• Au coût zéro, AI Security Labs permet les évaluations de cybersécurité d'une gamme d'attaques contre l'IA, les LLM et Genai.
• Démontre les risques potentiels de sécurité de l'IA que l'IA présente à une organisation
• Aide les ingénieurs à en savoir plus sur la sécurité de l'IA
-
rapports spéciaux
Mindgard\'s free tool lifts the lid on unknown and undetected AI cyber risks • Mindgard\'s AI Security Labs automates AI security testing and threat assessments currently being undetected by organisations due to lack of skills, time and money • At zero cost, AI Security Labs enables cyber security assessments of a range of attacks against AI, LLMs, and GenAI. • Demonstrates the potential AI security risks that AI presents to an organisation • Assists engineers to learn more about AI security - Special Reports |
Tool Threat | ★★ | |
|
2024-02-07 05:00:39 | Arrêt de cybersécurité du mois: prévenir le compromis de la chaîne d'approvisionnement Cybersecurity Stop of the Month: Preventing Supply Chain Compromise (lien direct) |
This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. Its goal is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Business email compromise (BEC) and supply chain attacks EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation In this post, we look at supply chain compromise, which is a form of BEC. Supply chain compromise is not a new form of BEC, but we are seeing a rise in these attacks. The example in this blog post is one that Proofpoint recently detected. A law firm with 2,000 users was the intended target. In our discussion, we cover the typical attack sequence of a supply chain compromise to help you understand how it unfolds. And we explain how Proofpoint uses multiple signals to detect and prevent these threats for our customers. Background Supply chain attacks are growing in popularity and sophistication at a rapid pace. TechCrunch reports that the largest supply chain compromise in 2023 cost the impacted businesses more than $9.9 billion. That incident had a direct impact on more than 1,000 businesses and over 60 million people. In these attacks, a bad actor targets a company by compromising the security of its suppliers, vendors and other third parties within its supply chain. Instead of launching a direct attack on the target company\'s systems, networks or employees, an attacker infiltrates a trusted entity within the supply chain, thereby exploiting the entity\'s trust and access vis-a-vis the target. Attackers know that enterprises with mature supply chains tend to have stronger cybersecurity defenses, which makes them challenging targets. So, rather than trying to break into “Fort Knox” through the front door, they will target the ventilation system. Bad actors often use thread hijacking, also known as conversation hijacking, in these attacks. They target specific email accounts and compromise them so that they can spy on users\' conversations. When the time is right, they will insert themselves into a business email conversation based on the information they have gathered from the compromised email accounts or other sources. Sometimes, the attack will be bold enough to initiate new conversations. Thread hijacking attacks, like other BEC campaigns, don\'t often carry malicious payloads like attachments or URLs. Thread hijacking is also a targeted attack, so bad actors will often use a lookalike domain. (A lookalike domain is a website URL that closely resembles the address of a legitimate and well-known domain, often with slight variations in spelling, characters or domain extensions.) This potent combination-the lack of an active payload and the use of a lookalike domain-makes it difficult for simple, API-based email security solutions to detect and remediate these types of attacks. The scenario Proofpoint recently detected a threat actor account that was impersonating an accounts receivable employee at a small financial services company in Florida. Through this impersonation, the adversary launched a supply chain attack on their intended target-a large law firm in Boston. They sent an impersonating message to the law firm\'s controller asking them to halt a requested payment and change the payment information to another account. Unlike API-based email security solutions that only support post-delivery remediation, Proofpoint detected and blocked the impersonating messages before they reached the controller\'s inbox. As a result, the law fir | Tool Threat | ★★ | |
|
2024-02-07 05:00:33 | Protéger vos chemins, partie 2: Comprendre votre rayon de souffle d'identité Protecting Your Paths, Part 2: Understanding Your Identity Blast Radius (lien direct) |
Welcome to the second part of our blog series on using attack path management (APM) to secure your network. In our first post, we examined the importance of using APM to identify and remediate identity-centric attack paths before attackers exploit them. We also emphasized that the compromise of tier-zero assets -aka the “IT crown jewels”-is a top objective for attackers. Attack path management (APM) is a process by which you discover all the existing paths that an attacker can exploit to reach tier-zero assets within your environment. APM plays a pivotal role in helping security teams pinpoint vulnerable identities. It provides a holistic view of the available attack paths that an attacker could use to move laterally in the quest to reach your IT crown jewels. In this blog, we introduce a crucial APM concept known as the identity blast radius. We explore the use cases for this view. And we highlight how it is similar but distinct from the attack path view. What you can learn from identity blast radius analysis An identity blast radius represents the potential impact of an attacker who is moving laterally using a compromised identity. It presents how the compromise of one particular identity can help an attacker reach other identities or assets in the network. Discovering the identity blast radius before attackers do is essential to prevent a minor compromise from turning into a major security incident. To see how this works, it\'s helpful to visualize it. Below is an illustration of the vulnerabilities related to a user named Brian Rivera. It\'s just one example of how attackers can abuse Active Directory ACLs. Example view of an identity blast radius. In the blast radius view above the subject identity for Brian Riviera serves as the “tree root” of the view. Branching off the tree root are all the assets and privileges that that specific user can invoke. These include: Stored credentials. If an attacker compromises hosts where Brian\'s Remote Desktop Protocol (RDP) credentials are stored, they can use those credentials to move laterally to the indicated hosts. Active Directory ACL assignments. An attacker that compromises Brian\'s identity can use his GenericWrite permission in Active Directory to: Gain code execution with elevated privileges on a remote computer Delete files and data Introduce malicious files or code on the flagged targets Identity blast radius use cases The identity blast radius view supports powerful use cases that support attack path analysis, including: Post-compromise analysis. After an attacker gets control of an identity, the blast radius view can help you identify other identities and assets that are vulnerable to lateral movement or other malicious actions. What-if analysis. Your security teams can use the identity blast radius view to assess the potential impact of an attack on high-value targets like your chief financial officer or a senior IT administrator. With that insight, they can apply other compensating controls. Changes in access privileges. It can also help you identify the potential impact of changes in access privileges. These often occur when employees move between roles. You can use this insight to ensure that an employee\'s access is properly managed. This can prevent an excessive accumulation of privileges. Assets vs. identities: Differences between tier-zero asset views and identity blast radius views The figure below shows how the tier-zero asset view illustrates paths that ascend from different entities to the tier-zero asset root. In contrast, the identity blast radius view positions the subject identity as the tree root. Paths extend downward to various entities that are reachable through diverse relations like Active Directory ACL assignments or stored credentials. Comparison of the tier-zero assets view versus the identity blast radius view. These two views offer different perspectives. But both are powerful tools to help you visualize identity-related vulnerabilities. These i | Tool Vulnerability Threat | ★★★ | |
|
2024-02-06 20:08:17 | Les gouvernements du monde, les géants de la technologie signent la responsabilité des logiciels espions World Govs, Tech Giants Sign Spyware Responsibility Pledge (lien direct) |
La France, le Royaume-Uni, les États-Unis et d'autres travailleront sur un cadre pour l'utilisation responsable d'outils tels que Pegasus de NSO Group \\ et les gains de la Fondation ShadowServer & Pound; 1 million d'investissements.
France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group\'s Pegasus, and Shadowserver Foundation gains £1 million investment. |
Tool | ★★★ | |
 |
2024-02-06 19:39:29 | AnyDesk dit que le logiciel \\ 'sûr à utiliser \\' après cyberattaque AnyDesk says software \\'safe to use\\' after cyberattack (lien direct) |
La société de logiciels de surveillance et de gestion à distance populaire, AnyDesk, a déclaré que toutes les versions de son outil obtenues à partir de «sources officielles» sont sûres à utiliser à la suite d'une cyberattaque qui a provoqué des jours de pannes et de préoccupations parmi les utilisateurs.La cyberattaque a affecté les serveurs en Espagne et au Portugal, mais nulle part ailleurs, a déclaré Anydesk.L'entreprise a confirmé vendredi dernier qu'un quatre jours
Popular remote monitoring and management software company AnyDesk said all versions of its tool obtained from “official sources” are safe to use following a cyberattack that caused days of outages and concern among users. The cyberattack affected servers in Spain and Portugal but nowhere else, AnyDesk said. The company confirmed last Friday that a four-day |
Tool | ★★★ | |
 |
2024-02-06 17:51:33 | Top 7 des outils de chasse au cybermenace pour 2024 Top 7 Cyber Threat Hunting Tools for 2024 (lien direct) |
Voici les principaux outils de chasse à la cyber-menace qui peuvent améliorer les défenses de cybersécurité de votre organisation.Apprenez comment leurs fonctionnalités se comparent.
Here are the top cyber threat hunting tools that can enhance your organization\'s cybersecurity defenses. Learn how their features compare. |
Tool Threat | ★★★ | |
 |
2024-02-06 15:42:30 | LockSelf dévoile un nouveau Dashboard dédié aux RSSI ! (lien direct) | >Déployé de manière progressive et présenté au FIC en avril dernier, le Dashboard LockSelf fait désormais partie intégrante des outils de pilotage cyber des organisations utilisatrices de la suite LockSelf. Retour sur ses spécificités et ses fonctionnalités clés ! The post LockSelf dévoile un nouveau Dashboard dédié aux RSSI ! first appeared on UnderNews. | Tool | ★★ | |
|
2024-02-06 14:30:47 | Google: la moitié de tous les jours zéro utilisés contre nos produits sont développés par des fournisseurs de logiciels espions Google: Half of all zero-days used against our products are developed by spyware vendors (lien direct) |
Google a déclaré mardi qu'il suivait au moins 40 entreprises impliquées dans la création de logiciels espions et d'autres outils de piratage qui sont vendus aux gouvernements et déployés contre les utilisateurs «à haut risque», y compris les journalistes, les défenseurs des droits de l'homme et les dissidents.Les vendeurs - qui ont développé des dizaines d'outils et d'astuces pour pénétrer dans les téléphones, les ordinateurs portables,
Google said Tuesday that it is tracking at least 40 companies involved in the creation of spyware and other hacking tools that are sold to governments and deployed against “high risk” users, including journalists, human rights defenders and dissidents. The vendors - which have developed dozens of tools and tricks to break into phones, laptops, |
Tool | ★★★★ | |
|
2024-02-06 14:00:00 | Les bogues Microsoft Azure Hdinsight exposent les mégadonnées aux violations Microsoft Azure HDInsight Bugs Expose Big Data to Breaches (lien direct) |
Les trous de sécurité dans un outil Big Data pourraient entraîner un compromis Big Data.
Security holes in a big data tool could lead to big data compromise. |
Tool | ★★★ | |
 |
2024-02-06 11:00:33 | 70% des organisations ne sont pas préparées et comment les technologies avancées peuvent aider 70% of Organizations Feel Unprepared and How Advanced Technologies Can Help (lien direct) |
Plus de 70% des répondants d'organisations estiment qu'ils n'ont pas les bons outils pour protéger leurs informations et systèmes sensibles contre les menaces d'initiés.Ces statistiques ne sont tout simplement pas alarmantes;C'est un appel à une compréhension plus profonde et à une réponse stratégique à un aspect souvent négligé de la cybersécurité.
Over 70% of respondents of organizations feel that they lack the right tools to protect their sensitive information and systems from insider threats. These statistics are just not alarming; it\'s a call for a deeper understanding and strategic response to an often overlooked aspect of cybersecurity. |
Tool | ★★ | |
|
2024-02-06 11:00:00 | AI en cybersécurité: 8 cas d'utilisation que vous devez connaître AI in Cybersecurity: 8 use cases that you need to know (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercriminals live on the cutting edge of technology, and nothing fits the label more than artificial intelligence. It helps them design sophisticated, evolving malware, pose as higher-ups, and even successfully imitate biometrics like one’s voice. The use of AI in cyber security has developed as a natural response to these new and unpredictable challenges. How are cyber security experts using artificial intelligence to thwart the bad guys? The following eight use cases will tell you all you need to know. 1. Threat prevention and preemption It\'s not uncommon for businesses and organizations to be under persistent attack. Cyber threats can burrow deep into their networks and spread chaos for months before detection. Since AI models have large datasets of past behaviors to draw on, they can spot anomalous behavior far more quickly. Preventing attacks before deployment is among cyber security’s most desirable goals. If you have the right information, it can become a reality. For example, a cybersecurity team can use a proxy network to regularly scrape the contents of forums and other sites dedicated to hacking. They may then act on the gathered info and meet future attacks head-on. 2. Timely incident response Not even an AI-enhanced cybersecurity framework can stop all incoming attacks. Someone might connect an unsanctioned device, or an update might contain malicious code. Either way, a robust cyber security AI can respond to such incidents promptly, blocking or deleting the offending actors. 3. Data protection Data is the basis on which modern economies operate. Whether you obtain it through web scraping API, surveys, as part of your day-to-day operations, etc., the data you collect needs powerful safeguards. AI can help by classifying and automatically encrypting it. Access control is another process you can automate, as is compliance with data protection laws like the GDPR. | Spam Malware Tool Threat | ★★ | |
|
2024-02-06 05:00:20 | Comment les cybercriminels augmentent-ils le privilège et se déplacent-ils latéralement? How Do Cybercriminals Escalate Privilege and Move Laterally? (lien direct) |
If you want to understand how cybercriminals cause business-impacting security breaches, the attack chain is a great place to start. The eight steps of this chain generalize how a breach progresses from start to finish. The most impactful breaches typically follow this pattern: Steps in the attack chain. In this blog post, we will simplify the eight steps of an attack into three stages-the beginning, middle and end. Our focus here will primarily be on the middle stage-info gathering, privilege escalation and lateral movement, which is often the most challenging part of the attack chain to see and understand. The middle steps are often unfamiliar territory, except for the most highly specialized security practitioners. This lack of familiarity has contributed to significant underinvestment in security controls required to address attacks at this stage. But before we delve into our discussion of the middle, let\'s address the easiest stages to understand-the beginning and the end. The beginning of the attack chain A cyberattack has to start somewhere. At this stage, a cybercriminal gains an initial foothold into a target\'s IT environment. How do they do this? Mainly through phishing. A variety of tactics are used here including: Stealing a valid user\'s login credentials Luring a user into installing malicious software, such as Remote Access Trojans (RATs) Calling the company\'s help desk to socially engineer the help desk into granting the attacker control over a user\'s account Much ink has been spilled about these initial compromise techniques. This is why, in part, the level of awareness and understanding by security and non-security people of this first stage is so high. It is fair to say that most people-IT, security and everyday users-have personally experienced attempts at initial compromise. Who hasn\'t received a phishing email? A great deal of investment goes into security tools and user training to stop the initial compromise. Think of all the security technologies that exist for that purpose. The list is very long. The end of the attack chain Similarly, the level of awareness and understanding is also very high around what happens at the end of the attack chain. As a result, many security controls and best practices have also been focused here. Everyone-IT, security and even everyday users-understands the negative impacts of data exfiltration or business systems getting encrypted by ransomware attackers. Stories of stolen data and ransomed systems are in the news almost daily. Now, what about the middle? The middle is where an attacker attempts to move from the initially compromised account(s) or system(s) to more critical business systems where the data that\'s worth exfiltrating or ransoming is stored. To most people, other than red teamers, pen testers and cybercriminals, the middle of the attack chain is abstract and unfamiliar. After all, regular users don\'t attempt to escalate their privileges and move laterally on their enterprise network! These three stages make up the middle of the attack chain: Information gathering. This includes network scanning and enumeration. Privilege escalation. During this step, attackers go after identities that have successively higher IT system privileges. Or they escalate the privilege of the account that they currently control. Lateral movement. Here, they hop from one host to another on the way to the “crown jewel” IT systems. Steps in the middle of the attack chain. Relatively few IT or security folks have experience with or a deep understanding of the middle of the attack chain. There are several good reasons for this: Most security professionals are neither red teamers, pen testers, nor cybercriminals. The middle stages are “quiet,” unlike initial compromise-focused phishing attacks or successful ransomware attacks, which are very “loud” by comparison. Unlike the front and back end of the attack chain, there has been little coverage about how these steps | Ransomware Malware Tool Vulnerability Threat | ★★★ | |
|
2024-02-06 01:52:22 | Risques de sécurité des graphiques de barre de Kubernetes et que faire à leur sujet Security Risks of Kubernetes Helm Charts and What to do About Them (lien direct) |
Kubernetes est devenue la plate-forme principale pour orchestrer les applications conteneurisées.Cependant, les développeurs et les administrateurs comptent sur un écosystème d'outils et de plateformes qui ont émergé autour de Kubernetes.L'un de ces outils est Helm, un gestionnaire de packages qui simplifie les déploiements de Kubernetes.Cependant, avec la confusion et l'efficacité des offres, il présente également des risques de sécurité importants.Cet article explore les risques associés aux graphiques de barre de Kubernetes et fournit des stratégies exploitables pour atténuer les vulnérabilités potentielles.Comprendre et traiter ces sécurité ...
Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security risks. This article explores the risks associated with Kubernetes Helm charts and provides actionable strategies to mitigate potential vulnerabilities. Understanding and addressing these security... |
Tool Vulnerability | ★★ | |
|
2024-02-05 23:00:35 | La Grande-Bretagne et la France rassemblent des diplomates pour un accord international sur les logiciels espions Britain and France assemble diplomats for international agreement on spyware (lien direct) |
Le Royaume-Uni et la France organisent conjointement une conférence diplomatique à Lancaster House à Londres cette semaine pour lancer un nouvel accord international concernant «la prolifération des outils commerciaux de cyber-intrusion».Selon le ministère des Affaires étrangères, 35 nations seront représentées lors de la conférence, aux côtés de «Big Tech Leaders, d'experts juridiques et de droits de l'homme
The United Kingdom and France are to jointly host a diplomatic conference at Lancaster House in London this week to launch a new international agreement addressing “the proliferation of commercial cyber intrusion tools.” According to the Foreign Office, 35 nations will be represented at the conference, alongside “big tech leaders, legal experts, and human rights |
Tool Conference Commercial | ★★ | |
|
2024-02-05 21:31:30 | Vajraspy: un patchwork d'applications d'espionnage VajraSpy: A Patchwork of Espionage Apps (lien direct) |
#### Description
Les chercheurs de l'ESET ont découvert une nouvelle campagne de cyber-espionnage qui utilise douze applications Android transportant Vajraspy, un cheval de Troie (rat) d'accès à distance utilisé par le groupe Patchwork Apt.
Six des applications étaient disponibles sur Google Play, et six ont été trouvés sur Virustotal.Les applications ont été annoncées comme des outils de messagerie, et on se faisait passer pour une application d'actualités.Vajraspy possède une gamme de fonctionnalités d'espionnage qui peuvent être élargies en fonction des autorisations accordées à l'application regroupée avec son code.Il vole les contacts, les fichiers, les journaux d'appels et les messages SMS, mais certaines de ses implémentations peuvent même extraire les messages WhatsApp et Signal, enregistrer des appels téléphoniques et prendre des photos avec l'appareil photo.La campagne a ciblé les utilisateurs principalement au Pakistan, et les acteurs de la menace ont probablement utilisé des escroqueries de romantisme ciblées pour attirer leurs victimes dans l'installation du malware.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
#### Date de publication
1er février 2024
#### Auteurs)
Lukas Stefanko
#### Description ESET researchers have discovered a new cyber espionage campaign that uses twelve Android apps carrying VajraSpy, a remote access trojan (RAT) used by the Patchwork APT group. Six of the apps were available on Google Play, and six were found on VirusTotal. The apps were advertised as messaging tools, and one posed as a news app. VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code. It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera. The campaign targeted users mostly in Pakistan, and the threat actors likely used targeted honey-trap romance scams to lure their victims into installing the malware. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ #### Publication Date February 1, 2024 #### Author(s) Lukas Stefanko |
Malware Tool Threat Mobile | ★★★ | |
|
2024-02-05 16:42:00 | Revue pratique: XDR basé sur Sase de Cato Networks Hands-On Review: SASE-based XDR from Cato Networks (lien direct) |
Les entreprises sont engagées dans un jeu de chat et de souris apparemment sans fin en ce qui concerne la cybersécurité et les cyber-menaces.Alors que les organisations mettaient en place un bloc défensif après l'autre, les acteurs malveillants lancent leur jeu pour contourner ces blocs.Une partie du défi consiste à coordonner les capacités défensives des outils de sécurité disparates, même si les organisations ont des ressources limitées et une pénurie de
Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as organizations have limited resources and a dearth of |
Tool | ★★★ | |
|
2024-02-05 15:08:59 | Metomic lance l'intégration de Chatgpt Metomic Launches ChatGPT Integration (lien direct) |
Metomic lance l'intégration de Chatgpt pour aider les entreprises à profiter pleinement de l'outil d'IA génératif sans mettre des données sensibles à risque
Metomic pour Chatgpt permet aux leaders de la sécurité de stimuler la productivité tout en surveillant les données en cours de téléchargement sur la plate-forme Chatgpt d'Openai \\ en temps réel
-
revues de produits
Metomic Launches ChatGPT Integration To Help Businesses Take Full Advantage Of The Generative AI Tool Without Putting Sensitive Data At Risk Metomic for ChatGPT enables security leaders to boost productivity while monitoring data being uploaded to OpenAI\'s ChatGPT platform in real-time - Product Reviews |
Tool | ChatGPT | ★★ |
 |
2024-02-05 12:15:00 | AnyDesk frappé par la cyberattaque et la violation des données des clients AnyDesk Hit by Cyber-Attack and Customer Data Breach (lien direct) |
La cyberattaque qui a frappé le fournisseur d'outils distant pourrait avoir un impact plus significatif que prévu initialement
The cyber-attack that hit the remote tool provider could have a more significant impact than initially expected |
Data Breach Hack Tool | ★★ | |
 |
2024-02-05 11:59:31 | Amélioration de l'interopérabilité entre la rouille et le C ++ Improving Interoperability Between Rust and C++ (lien direct) |
Publié par Lars Bergstrom & # 8211;Directeur, Android Platform Tools & amp;Bibliothèques et présidente du Rust Foundation Board En 2021, nous annoncé que Google rejoignait la Fondation Rust.À l'époque, Rust était déjà largement utilisée sur Android et d'autres produits Google.Notre annonce a souligné notre engagement à améliorer les examens de sécurité du code de la rouille et son interopérabilité avec le code C ++.La rouille est l'un des outils les plus forts que nous avons pour résoudre les problèmes de sécurité de la sécurité mémoire.Depuis cette annonce, les leaders de l'industrie et agences gouvernementales sentiment. Nous sommes ravis d'annoncer que Google a fourni une subvention de 1 million de dollars à la Rust Foundation pour soutenir les efforts qui amélioreront la capacité de Rust Code à interopérer avec les bases de code C ++ héritées existantes.Nous réapparaisons également notre engagement existant envers la communauté de la rouille open source en agrégant et en publiant Audits pour les caisses de rouille que nous utilisons dans les projets Google open-source.Ces contributions, ainsi que notre contributions précédentes à l'interopérabilité , ont-ellesenthousiasmé par l'avenir de la rouille. "Sur la base des statistiques historiques de la densité de la densité de vulnérabilité, Rust a empêché de manière proactive des centaines de vulnérabilités d'avoir un impact sur l'écosystème Android.Cet investissement vise à étendre l'adoption de la rouille sur divers composants de la plate-forme. » & # 8211;Dave Kleidermacher, vice-président de l'ingénierie, Android Security & AMP;Confidentialité Bien que Google ait connu la croissance la plus importante de l'utilisation de la rouille dans Android, nous continuons à augmenter son utilisation sur plus d'applications, y compris les clients et le matériel de serveur. «Bien que la rouille ne soit pas adaptée à toutes les applications de produits, la priorisation de l'interopérabilité transparente avec C ++ accélérera l'adoption de la communauté plus large, s'alignant ainsi sur les objectifs de l'industrie d'améliorer la sécurité mémoire.» & # 8211;Royal Hansen, vice-président de Google de la sécurité et de l'AMP;Sécurité L'outillage de rouille et l'écosystème prennent déjà en charge interopérabilité avec Android et avec un investissement continuDans des outils comme cxx , autocxx , bindgen , cbindgen , diplomate , et crubit, nous constatons des améliorations régulières de l'état d'interopérabilité de la rouille avec C ++.Au fur et à mesure que ces améliorations se sont poursuivies, nous avons constaté une réduction des obstacles à l'adoption et à l'adoption accélérée de la rouille.Bien que ces progrès à travers les nombreux outils se poursuivent, il ne se fait souvent que développer progressivement pour répondre aux besoins particuliers d'un projet ou d'une entreprise donnée. Afin d'accélérer à la fois l'adoption de la rouill | Tool Vulnerability Mobile | ★★★ | |
|
2024-02-05 11:41:18 | 7 conseils pour développer une approche proactive pour éviter le vol de données 7 Tips to Develop a Proactive Approach to Prevent Data Theft (lien direct) |
Data is one of the most valuable assets for a modern enterprise. So, of course, it is a target for theft. Data theft is the unauthorized acquisition, copying or exfiltration of sensitive information that is typically stored in a digital format. To get it, bad actors either abuse privileges they already have or use various other means to gain access to computer systems, networks or digital storage devices. The data can range from user credentials to personal financial records and intellectual property. Companies of all sizes are targets of data theft. In September 2023, the personal data of 2,214 employees of the multinational confectionary firm The Hershey Company was stolen after a phishing attack. And in January 2024, the accounting firm of Framework Computer fell victim to an attack. A threat actor posed as the Framework\'s CEO and convinced the target to share a spreadsheet with the company\'s customer data. Data thieves aim to profit financially, disrupt business activities or do both by stealing high-value information. The fallout from a data breach can be very costly for a business-and the cost is going up. IBM reports that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years. Other data suggests that the average cost of a breach is more than double for U.S. businesses-nearly $9.5 million. Not all data breaches involve data theft, but stealing data is a top aim for many attackers. Even ransomware gangs have been shifting away from data encryption in their attacks, opting instead to steal massive amounts of data and use its value as a means to compel businesses to pay ransom. So, what can businesses do to prevent data theft? Taking a proactive approach toward stopping someone from stealing your data is a must. This blog post can help jump-start your thinking about how to improve data security. We explore how data theft happens and describe some common threats that lead to it. We also outline seven strategies that can help reduce your company\'s risk of exposure to data theft and highlight how Proofpoint can bolster your defenses. Understanding data theft-and who commits it Data theft is a serious security and privacy breach. Data thieves typically aim to steal information like: Personally identifiable information (PII) Financial records Intellectual property (IP) Trade secrets Login credentials Once they have it, bad actors can use stolen data for fraudulent activities or, in the case of credential theft, to gain unlawful access to accounts or systems. They can also sell high-value data on the dark web. The consequences of data theft for businesses can be significant, if not devastating. They include hefty compliance penalties, reputational damage, and financial and operational losses. Take the manufacturing industry as an example. According to one source, a staggering 478 companies in this industry have experienced a ransomware attack in the past five years. The costs in associated downtime are approximately $46.2 billion. To prevent data theft, it\'s important to recognize that bad actors from the outside aren\'t the only threat. Insiders, like malicious employees, contractors and vendors, can also steal data from secured file servers, database servers, cloud applications and other sources. And if they have the right privileges, stealing that data can be a breeze. An insider\'s goals for data theft may include fraud, the disclosure of trade secrets to a competitor for financial gain, or even corporate sabotage. As for how they can exfiltrate data, insiders can use various means, from removable media to personal email to physical printouts. How does data theft happen? Now, let\'s look at some common methods that attackers working from the outside might employ to breach a company\'s defenses and steal data. Phishing. Cybercriminals use phishing to target users through email, text messages, phone calls and other forms of communication. The core objective of this approach is to trick users into doing what | Ransomware Data Breach Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2024-02-05 10:23:40 | Mimecast annonce des améliorations aux protections de code QR Mimecast Announces Enhancements to QR Code Protections (lien direct) |
mimecast annonce des améliorations aux protections de code QR
La sécurité des e-mails mimecast innove pour garder \\ 'qui quasi \' Attaques dans les boîtes de réception
-
revues de produits
Mimecast Announces Enhancements to QR Code Protections Mimecast email security innovates to keep \'quishing\' attacks out of inboxes - Product Reviews |
Tool | ★★ | |
 |
2024-02-02 15:00:00 | Alerte de campagne: l'ombre d'un an d'Asyncrat dans l'infrastructure américaine Campaign Alert: The Year-Long Shadow of AsyncRAT in U.S. Infrastructure (lien direct) |
> The Rise of Asyncrat: A Persistrent Cyberon Menage Asyncrat, un outil d'accès à distance open source publié ...
>The Rise of AsyncRAT: A Persistent Cyber Threat AsyncRAT, an open-source remote access tool released... |
Tool Threat | ★★★ | |
|
2024-02-02 05:00:36 | Développement d'une nouvelle norme Internet: le cadre de la politique relationnelle du domaine Developing a New Internet Standard: the Domain Relationship Policy Framework (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In this blog post, we discuss the Domain Relationship Policy Framework (DRPF)-an effort that has been years in the making at Proofpoint. The DRPF is a simple method that is used to identify verifiably authorized relationships between arbitrary domains. We create a flexible way to publish policies. These policies can also describe complex domain relationships. The details for this new model require in-depth community discussions. These conversations will help us collectively steer the DRPF toward becoming a fully interoperable standard. We are now in the early proposal stage for the DRPF, and we are starting to engage more with the broader community. This post provides a glimpse down the road leading to standardization for the DRPF. Why Proofpoint developed DRPF To shine a light on why Proofpoint was inspired to develop the DRPF in the first place, let\'s consider the thinking of the initial designers of the Domain Name System (DNS). They assumed that subdomains would inherit the administrative control of their parent domains. And by extension, this should apply to all subsequent subdomains down the line. At the time, this was reasonable to assume. Most early domains and their subdomains operated in much the same way. For example, “university.edu” directly operated and controlled the administrative policies for subdomains such as “lab.university.edu” which flowed down to “project.lab.university.edu.” Since the mid-1980s, when DNS was widely deployed, there has been a growing trend of delegating subdomains to third parties. This reflects a breakdown of the hierarchical model of cascading policies. To see how this works, imagine that a business uses “company.com” as a domain. That business might delegate “marketing.company.com” to a third-party marketing agency. The subdomain must inherit some policies, while the subdomain administrator may apply other policies that don\'t apply to the parent domain. Notably, there is no mechanism yet for a domain to declare a relationship with another seemingly independent domain. Consider a parent company that operates multiple distinct brands. The company with a single set of policies may want them applied not only to “company.com” (and all of its subdomains). It may also want them applied to its brand domains “brand.com” and “anotherbrand.com.” It gets even more complex when any of the brand domains delegate various subdomains to other third parties. So, say some of them are delegated to marketing or API support. Each will potentially be governed by a mix of administrative policies. In this context, “policies” refers to published guidance that is used when these subdomains interact with the domain. Policies might be for information only. Or they might provide details that are required to use services that the domain operates. Most policies will be static (or appear so to the retrieving parties). But it is possible to imagine that they could contain directives akin to smart contracts in distributed ledgers. 3 Design characteristics that define DRPF The goal of the DRPF is to make deployment and adoption easier while making it flexible for future use cases. In many prior proposals, complex requirements bogged down efforts to get rid of administrative boundaries between and across disparate domains. Our work should be immediately useful with minimal effort and be able to support a wide array of ever-expanding use cases. In its simplest form, three design characteristics define the DRPF: A domain administrator publishes a policy assertion record for the domain so that a relying party can discover and retrieve it. The discovered policy assertion directs the relying party to where they can find | Tool Prediction Cloud Technical | ★★★ | |
 |
2024-02-01 16:59:36 | Comment la médecine légale a révélé l'exploitation d'Ivanti Connect Secure VPN Vulnérabilités de jour zéro How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities (lien direct) |
> Dans une récente série d'articles de blog liés à deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN, les détails partagés par volexité de l'exploitation active dans la sauvage;a fourni une mise à jour sur la façon dont l'exploitation était devenue dans le monde;et des observations rapportées sur la façon dont les logiciels malveillants et les modifications de l'outil de vérificateur d'intégrité intégré ont été utilisés pour échapper à la détection.Une étude initiale critique de Volexity \\ a consisté à collecter et à analyser un échantillon de mémoire.Comme indiqué dans le premier article de blog de la série en trois parties (je souligne): «… Volexité a analysé l'un des échantillons de mémoire collectés et a découvert la chaîne d'exploitation utilisée par l'attaquant.La volexité a découvert deux exploits différents-jour qui étaient enchaînés pour réaliser l'exécution de code distant non authentifié (RCE).Grâce à l'analyse médico-légale de l'échantillon de mémoire, la volexité a pu recréer deux exploits de preuve de concept qui ont permis une exécution complète de commande non authentifiée sur l'appliance ICS VPN. »Collect & # 38;Analyser la mémoire ASAP Le volexité priorise régulièrement la criminalistique de la mémoire [& # 8230;]
>In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of how malware and modifications to the built-in Integrity Checker Tool were used to evade detection. A critical piece of Volexity\'s initial investigation involved collecting and analyzing a memory sample. As noted in the first blog post of the three-part series (emphasis added): “…Volexity analyzed one of the collected memory samples and uncovered the exploit chain used by the attacker. Volexity discovered two different zero-day exploits which were being chained together to achieve unauthenticated remote code execution (RCE). Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.” Collect & Analyze Memory ASAP Volexity regularly prioritizes memory forensics […] |
Malware Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-02-01 15:55:03 | Toutes les agences civiles fédérales condamnées à déconnecter les produits Ivanti à risque d'ici vendredi All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday (lien direct) |
Vendredi, toutes les agences civiles fédérales des États-Unis ont été condamnées à déconnecter les produits Secure et Policy Secure et Policy Secure après que d'autres vulnérabilités aient été trouvées dans les outils cette semaine.Dans un Directive mise à jour publiée mercredi, l'agence de sécurité de cybersécurité et d'infrastructure (CISA) a donné aux agences jusqu'à vendredi à minuit pour supprimer les outils
All federal civilian agencies in the U.S. have been ordered to disconnect Ivanti Connect Secure and Policy Secure products by Friday after more vulnerabilities were found in the tools this week. In an updated directive published on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) gave agencies until Friday at midnight to remove the tools |
Tool Vulnerability | ★★★ | |
 |
2024-02-01 14:00:51 | L'IA générative est la fierté des services de cybercriminalité Generative AI is the Pride of Cybercrime Services (lien direct) |
> Les cybercriminels utilisent officiellement l'IA génératrice pour les campagnes de spam, les services d'identité et les services de vérification des médias sociaux: & # 8211;L'IA générative en tant qu'outil de cybercriminalité: les cybercriminels utilisent de plus en plus l'IA génératrice pour les cybercrimes sophistiqués, notamment une usurpation d'identité des médias sociaux, des campagnes de spam et des services de vérification KYC.& # 8211;Plateformes de chamage noir alimenté par AI: la montée des plateformes axées sur l'IA pour créer et gérer de faux comptes de médias sociaux, offrant des services pour automatiser la génération de contenu et l'activité des comptes à des fins illicites.& # 8211;Évolution des fraudes du spam et de KYC: l'intégration de l'IA dans les services de spam pour contourner les contrôles de sécurité et dans les services de vérification KYC pour créer de faux documents d'identification, ce qui signifie un nouveau niveau de [& # 8230;]
>Cybercriminals Officially Utilize Generative AI for Spam Campaigns, Social Media Impersonation and Verification Services Highlights: – Generative AI as a Cybercrime Tool: Cybercriminals are increasingly using generative AI for sophisticated cybercrimes, including social media impersonation, spam campaigns, and KYC verification services. – AI-Powered Black-Hat Platforms: The rise of AI-driven platforms for creating and managing fake social media accounts, offering services to automate content generation and account activity for illicit purposes. – Evolution of Spam and KYC Frauds: The integration of AI in spam services to bypass security controls and in KYC verification services for creating fake identification documents, signifying a new level of […] |
Spam Tool | ★★★ | |
|
2024-02-01 06:00:12 | Le pare-feu humain: Pourquoi la formation de sensibilisation à la sécurité est une couche de défense efficace The Human Firewall: Why Security Awareness Training Is an Effective Layer of Defense (lien direct) |
Do security awareness programs lead to a quantifiable reduction in risk? Do they directly impact a company\'s security culture? In short, are these programs effective? The answer to these questions is a resounding yes! With 74% of all data breaches involving the human element, the importance of educating people to help prevent a breach cannot be understated. However, for training to be effective, it needs to be frequent, ongoing and provided to everyone. Users should learn about: How to identify and protect themselves from evolving cyberthreats What best practices they can use to keep data safe Why following security policies is important In this blog post, we discuss the various ways that security awareness training can have a positive impact on your company. We also discuss how to make your program better and how to measure your success. Security awareness training effectiveness Let\'s look at three ways that security awareness training can help you boost your defenses. 1. Mitigate your risks By teaching your team how to spot and handle threats, you can cut down on data breaches and security incidents. Our study on the effects of using Proofpoint Security Awareness showed that many companies saw up to a 40% decrease in the number of harmful links clicked by users. Think about this: every click on a malicious link could lead to credential theft, a ransomware infection, or the exploitation of a zero-day vulnerability. So, an effective security awareness program essentially reduces security incidents by a similar amount. Want more evidence about how important it is? Just check out this study that shows security risks can be reduced by as much as 80%. Here is more food for thought. If a malicious link does not directly result in a breach, it must still be investigated. The average time to identify a breach is 204 days. So, if you can reduce the number of incidents you need to investigate, you can see real savings in time and resources. 2. Comply with regulations Security awareness education helps your company comply with data regulations, which are always changing. This can help you avoid hefty fines and damage to your reputation. In many cases, having a security awareness program can keep you compliant with several regulations. This includes U.S. state privacy laws, the European Union\'s GDPR and other industry regulations. 3. Cultivate a strong security culture An effective security awareness program doesn\'t have to be all doom and gloom. Done right, it can help you foster a positive security culture. More than half of users (56%) believe that being recognized or rewarded would make their company\'s security awareness efforts more effective. But only 8% of users say that their company provides them with incentives to practice “good” cybersecurity behavior. When you make security fun through games, contests, and reward and recognition programs, you can keep your employees engaged. You can also motivate them to feel personally responsible for security. That, in turn, can inspire them to be proactive about keeping your critical assets safe. Finally, be sure to incorporate security principles into your company\'s core values. For example, your business leaders should regularly discuss the importance of security. That will help users to understand that everyone plays a vital role in keeping the business safe. How to make your security awareness program effective The verdict is clear. Security awareness programs can tangibly reduce organizational risks. When asked about the connection between their security awareness efforts and their company\'s cybersecurity resilience, a resounding 96% of security professionals say that there is more than just a strong link. They say that it\'s either a direct result of security training or that training is a strong contributor. Let\'s discuss how you can make your program more effective. Assess your security posture The first step toward effectiveness is to assess your company\'s security posture | Ransomware Tool Vulnerability Threat Studies | ★★★ | |
|
2024-02-01 01:30:00 | RunC Flaws Enable Container Escapes, Granting Attackers Host Access (lien direct) | Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container |
Tool Vulnerability Threat | ★★ | |
|
2024-02-01 00:00:20 | Citibank a poursuivi pour ne pas protéger les clients contre les hacks Citibank Sued For Failing To Protect Customers Against Hacks (lien direct) |
Citibank, l'une des plus grandes banques des États-Unis, a été poursuivie mardi par le procureur général de New York Letitia James pour avoir prétendument échoué à protéger ses clients et refuser de rembourser les victimes de fraude électronique. Le procès, déposé auprès du tribunal de district américain du district sud de New York, affirme que Citibank ne met pas en œuvre de solides protections en ligne pour empêcher les prises de contrôle des comptes non autorisés, induire les clients en erreur au sujet de leurs droits après que leurs comptes soient piratés et que l'argent volé, etrefuse illégalement de rembourser les victimes de fraude, déclare un communiqué de presse. Le bureau du procureur général (OAG) affirme en outre que les protocoles et procédures de sécurité laxiste de Citibank \\ et les systèmes de surveillance inefficaces ont coûté des millions de dollars à New York Citibank - dans certains cas, leurs économies de vie aux escrocs et aux escrocs et aux escrocpirates.Il a également constaté que la banque n'avait pas répondu & # 8220; de manière appropriée et rapidement », ce qui a fait perdre des millions. aux clients. "Les banques sont censées être l'endroit le plus sûr pour garder de l'argent, mais la négligence de Citibank \\ a permis aux escrocs de voler des millions de dollars aux gens travailleurs", a déclaré Général James dans un communiqué de presse. «De nombreux New-Yorkais comptent sur les services bancaires en ligne pour payer les factures ou pour économiser pour de grandes jalons, et si une banque ne peut pas sécuriser ses comptes de clients, ils échouent dans leur devoir le plus élémentaire.Il n'y a aucune excuse pour l'échec de Citi \\ à protéger et à empêcher des millions de dollars d'être volés des comptes des clients et mon bureau ne radrera pas le comportement illégal de grandes banques. » Le procureur général a également donné des exemples de victimes de New York perdant des dizaines de milliers de dollars en raison d'une fraude.Dans un exemple, une victime a cliqué sur un lien malveillant dans le message reçu qui semblait provenir de Citi, qui lui a demandé de se connecter à un site Web ou d'appeler sa branche locale.Lorsque le client a appelé sa succursale locale pour signaler l'activité suspecte, il aurait dit à la victime de ne pas s'en soucier. Trois jours plus tard, le client a découvert qu'un escroc a changé son mot de passe bancaire, inscrit à des virements métalliques en ligne, transféré 70 000 $ de ses économies à son compte courant, puis exécuté électroniquement un transfert métallique de 40 000 $.Le client a continué à contacter la banque pendant des semaines et a également soumis des affidavits, mais finalement, on lui a dit que sa demande de fraude avait été refusée. Dans un communiqué, Citibank a déclaré que la société "travaillait extrêmement dur" pour prévenir les menaces pour ses clients et les aide à récupérer les pertes lorsque cela est possible. «Les banques ne sont pas tenues de rendre les clients entiers lorsque ces clients suivent les instructions des criminels et les banques ne peuvent voir aucune indication que les clients sont trompés.Cependant, compte tenu de la poussée à l'échelle de l'industrie de la fraude par fil au cours des dernières années, nous avons pris des mesures proactives pour protéger nos clients avec des comptes de sécurité, des outils de prévention de la fraude intuitifs, des idées claires sur les dernières escroqueries,et stimuler la sensibilisation et l'éducation des clients », a ajouté l'entreprise. «Nos actions ont considérablement réduit les pertes de fraude par fil du client, et nous restons déterminés à investir dans des mesures de | Tool Mobile | ★★★ | |
|
2024-01-31 19:25:01 | Les États-Unis confirment le retrait du botnet géré par la Chine ciblant les routeurs à domicile et au bureau US confirms takedown of China-run botnet targeting home and office routers (lien direct) |
Le ministère américain de la Justice a confirmé mercredi qu'il avait perturbé un botnet géré par une opération de piratage du gouvernement chinois prolifique connu sous le nom de Volt Typhoon.Les nouvelles du démontage du botnet ont émergé mardi pour la première fois, lorsque Reuters a rapporté que le ministère de la Justice et le FBI ont obtenu l'autorisation légale d'un tribunal américain pour désactiver à distance les outils implantés
The U.S. Justice Department confirmed on Wednesday that it disrupted a botnet run by a prolific Chinese government hacking operation known as Volt Typhoon. News of the botnet takedown first emerged on Tuesday, when Reuters reported that the Justice Department and FBI got legal authorization from a U.S. court to remotely disable the tools implanted |
Tool | Guam | ★★★ |
|
2024-01-31 17:51:00 | Les marchés de télégramme sont des attaques de phishing à carburant avec des kits et des logiciels malveillants faciles à utiliser Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware (lien direct) |
Les chercheurs en cybersécurité attirent l'attention sur la «démocratisation» de l'écosystème de phishing en raison de l'émergence du télégramme en tant qu'épicentre pour la cybercriminalité, permettant aux acteurs de la menace de monter une attaque de masse pour aussi peu que 230 $.
"Cette application de messagerie s'est transformée en un centre animé où les cybercriminels chevronnés et les nouveaux arrivants échangent des outils et des idées illicites créant un sombre et
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and |
Malware Tool Threat | ★★★ | |
|
2024-01-31 17:28:00 | Comment utiliser le guide de Keepass étape par étape How to Use KeePass Step-by-Step Guide (lien direct) |
Keepass est un outil de gestion de mot de passe populaire et gratuit.Découvrez les avantages et les techniques pour en tirer le meilleur parti.
KeePass is a popular and free password management tool. Learn about the benefits and techniques to get the most of out of it. |
Tool | ★★ | |
 |
2024-01-31 15:25:05 | Le Trésor américain impose des sanctions aux prétendus experts en cybersécurité de l'Etat islamique U.S. Treasury Imposes Sanctions on Alleged ISIS Cybersecurity Experts (lien direct) |
> Par waqas
Le Département du Trésor américain a annoncé des sanctions contre deux égyptiennesNationals, Mu \\ 'Min al-Mawji Mahmud Salim et Sarah Jamal Muhammad al-Sayyid, pour diriger la Fondation électronique Horizons (EHF), une plate-formeoffrant prétendument des cyber-outils et une formation aux partisans de l'Etat islamique.
Ceci est un article de HackRead.com Lire le post original: NOUS.Le Trésor impose des sanctions aux prétendus experts en cybersécurité de l'Etat islamique
>By Waqas The US Treasury Department announced sanctions against two Egyptian nationals, Mu\'min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid, for running the Electronic Horizons Foundation (EHF), a platform allegedly providing cyber tools and training to ISIS supporters. This is a post from HackRead.com Read the original post: U.S. Treasury Imposes Sanctions on Alleged ISIS Cybersecurity Experts |
Tool | ★★★ | |
 |
2024-01-31 14:18:53 | Intégration Sentinélone et Sekoia.io SentinelOne and Sekoia.io Integration (lien direct) |
> L'élargissement de la pile technologique et l'augmentation du nombre d'outils exhortent les équipes d'opérations de sécurité à rechercher une solution à guichet unique pour centraliser les événements et les alertes.Dans ces conditions de risques croissants, la plate-forme SoC Sekoia devient une solution à la boulle argentée pour sauvegarder les équipes SOC.Il sert de tour de contrôle pour la cybersécurité et recueille facilement, corréle et analyse [& # 8230;]
la publication Suivante Sentinelone et Sekoia.io intégration est un article de blog Sekoia.io .
>Expanding tech stack and increasing number of tools urge security operations teams to seek a one-stop solution for centralizing events and alerts. Under these conditions of growing risks, the Sekoia SOC platform becomes a silver-bullet solution for backing up SOC teams. It serves as a control tower for cybersecurity and easily collects, correlates, and analyzes […] La publication suivante SentinelOne and Sekoia.io Integration est un article de Sekoia.io Blog. |
Tool | ★★ | |
|
2024-01-31 12:53:00 | Hackers chinois exploitant des défauts VPN pour déployer des logiciels malveillants Krustyloader Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware (lien direct) |
Une paire de défauts zéro-jours récemment divulgués dans les appareils de réseau privé virtuel (VPN) Ivanti Connect Secure (ICS) a été exploité pour livrer une charge utile basée sur la rouille appelée & nbsp; krustyloader & nbsp; que \\ est utilisée pour supprimer le Sliver open-sourceoutil de simulation adversaire.
La & nbsp; les vulnérabilités de sécurité, suivies sous le nom de CVE-2023-46805 (score CVSS: 8,2) et CVE-2024-21887 (score CVSS: 9.1), pourrait être abusé
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that\'s used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused |
Malware Tool Vulnerability Threat | ★★★ | |
|
2024-01-31 11:00:00 | Bulletproofing the Retail Cloud avec la sécurité de l'API Bulletproofing the retail cloud with API security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability. Evolving cyber threats necessitate a dynamic approach to API security, making it a moving target that requires continuous attention and adaptation. Understanding the retail cloud environment API is a set of protocols and tools that allows different software applications to communicate with each other. In cloud environments, it facilitates the interaction between cloud services and applications, enabling features — like data synchronization, payment processing and inventory management — to work seamlessly together. It is also pivotal in the retail sector by connecting various services and applications to deliver a smooth shopping experience. If organizations neglect API security, cybercriminals can exploit APIs to access confidential information, leading to a loss of customer trust, which is critical in the highly competitive retail market. Regular API audits and assessments These audits help identify vulnerabilities before attackers can exploit them, ensuring organizations can promptly address security gaps. Regular assessments are also proactive measures to fix current issues and anticipate future threats. They enable IT teams to verify that security measures are current with the latest protection standards and to confirm APIs comply with internal policies and external regulations. By routinely evaluating API security, retailers can detect anomalies, manage access controls effectively and guarantee they consistently apply encryption standards. Robust authentication and authorization They verify the identity of users and systems, ensuring only legitimate parties can access sensitive retail data. Utilizing multi-factor authentication, which requires more than one verification method, significantly enhances security by adding layers that an unauthorized user must penetrate. With authorization, it’s crucial to implement protocols that dictate what authenticated users can do. Effective approval guarantees users have access only to the data and actions necessary for their role. For instance, role-based access control can help manage user permissions with greater granularity. Retailers can assign roles and permissions based on job functions, enabling tight control over who is authorized to view or alter data within the API ecosystem. Encryption and data protection Encryption is an essential barrier, obscuring data to make it indecipherable to unauthorized users who might intercept it during transmission or gain access to storage systems. It’s also critical for retailers to manage encryption keys with strict policies, ensuring only authorized personnel can decrypt the data. Beyond protection, comprehensive data encryption allows retailers, especially in the apparel industry, to collect and analyze extensive customer data safely. This data is invaluable for forecasting trends, customer pre | Tool Vulnerability Threat Cloud | ★★★ | |
 |
2024-01-30 20:30:00 | Évolution de UNC4990: Découvrir les profondeurs cachées de USB MALWARE \\ Evolution of UNC4990: Uncovering USB Malware\\'s Hidden Depths (lien direct) |
Défense gérée mandiante Suivi unc4990 , un acteur qui utilise fortement les périphériques USB pour l'infection initiale.UNC4990 cible principalement les utilisateurs basés en Italie et est probablement motivé par un gain financier.Nos recherches montrent que cette campagne est en cours depuis au moins 2020. malgré son apparition sur la tactique séculaire de l'armement USBDrives, UNC4990 continue d'évoluer leurs outils, tactiques et procédures (TTPS).L'acteur est passé de l'utilisation de fichiers texte codés apparemment bénins à l'hébergement de charges utiles sur des sites Web populaires tels que Ars Technica, Github, Gitlab et Vimeo. Les services légitimes abusés par
Mandiant Managed Defense has been tracking UNC4990, an actor who heavily uses USB devices for initial infection. UNC4990 primarily targets users based in Italy and is likely motivated by financial gain. Our research shows this campaign has been ongoing since at least 2020.Despite relying on the age-old tactic of weaponizing USB drives, UNC4990 continues to evolve their tools, tactics and procedures (TTPs). The actor has moved from using seemingly benign encoded text files to hosting payloads on popular websites such as Ars Technica, GitHub, GitLab, and Vimeo.The legitimate services abused by |
Malware Tool Cloud | ★★★★ | |
|
2024-01-30 19:59:14 | Gitgot: Github exploité par les cybercriminels pour stocker des données volées GitGot: GitHub Leveraged by Cybercriminals to Store Stolen Data (lien direct) |
#### Description
Les chercheurs de réversion desBabs ont découvert deux packages malveillants sur le gestionnaire de packages Open Source NPM qui exploite Github pour stocker des clés SSH cryptées Base64 volées retirées des systèmes de développeurs qui ont installé les packages NPM malveillants.
Les forfaits, Warbeast2000 et Kodiak2K, ont été identifiés en janvier et ont depuis été retirés du NPM.Le package Warbeast2000 a été téléchargé un peu moins de 400 fois, tandis que le Kodiak2k a été téléchargé environ 950 fois.Les acteurs malveillants derrière les packages ont utilisé Github pour stocker les informations volées.
Le package Warbeast2000 ne contenait que quelques composants et était toujours en cours de développement lors de sa détection.Le package lancerait un script PostInstall qui a récupéré et exécuté un fichier JavaScript.Ce script malveillant en deuxième étape a lu la clé SSH privée stockée dans le fichier id_rsa situé dans le répertoire /.ssh.Il a ensuite téléchargé la clé codée Base64 à un référentiel GitHub contrôlé par l'attaquant.Le package Kodiak2K avait plus de 30 versions différentes et, à part les premiers, tous étaient malveillants.Le package a également exécuté un script trouvé dans un projet GitHub archivé contenant le cadre Empire Post-Exploitation.Le script invoque également l'outil de piratage Mimikatz, qui est couramment utilisé pour vider les informations d'identification à partir de la mémoire du processus.
#### URL de référence (s)
1. https://www.reversingLabs.com/blog/gitgot-cybercriminals-using-github-t-store-stolen-data
#### Date de publication
23 janvier 2024
#### Auteurs)
Lucija Valentić
#### Description ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm packages. The packages, warbeast2000 and kodiak2k, were identified in January and have since been removed from npm. The warbeast2000 package was downloaded a little less than 400 times, whereas the kodiak2k was downloaded around 950 times. The malicious actors behind the packages used GitHub to store the stolen information. The warbeast2000 package contained just a few components and was still under development when it was detected. The package would launch a postinstall script that fetched and executed a javascript file. This second stage malicious script read the private ssh key stored in the id_rsa file located in the /.ssh directory. It then uploaded the Base64 encoded key to an attacker-controlled GitHub repository. The kodiak2k package had more than 30 different versions and, apart from the first few, all of them were malicious. The package also executed a script found in an archived GitHub project containing the Empire post-exploitation framework. The script also invokes the Mimikatz hacking tool, which is commonly used to dump credentials from process memory. #### Reference URL(s) 1. https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data #### Publication Date January 23, 2024 #### Author(s) Lucija Valentić |
Tool Threat | ★★★★ | |
|
2024-01-30 17:39:33 | Schneider Electric confirme l'attaque des ransomwares contre la division de la durabilité Schneider Electric confirms ransomware attack on sustainability division (lien direct) |
La multinationale française Schneider Electric a déclaré que sa division commerciale de durabilité avait souffert d'une attaque de ransomware au début du mois.La société a confirmé l'incident dans un communiqué cette semaine que l'attaque a affecté son produit de conseil en ressources - un outil de visualisation des données pour les informations sur la durabilité - ainsi que d'autres «systèmes spécifiques à la division».Schneider Electric a dit qu'ils
French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product - a data visualization tool for sustainability information - as well as other “division specific systems.” Schneider Electric said they |
Ransomware Tool | ★★ | |
|
2024-01-30 13:07:46 | Surveillance Web sombre: un outil vital pour les MSSP Dark Web Monitoring: A Vital Tool for MSSPs (lien direct) |
> Dans l'âge numérique, les violations de données, les cyber-menaces et la sécurité de l'information sont à l'avant-garde ...
>In today’s digital age, data breaches, cyber threats, and information security are at the forefront... |
Tool | ★★★ | |
|
2024-01-29 14:42:02 | Informations exploitables: protégez vos identités vulnérables Actionable Insights: Protect Your Vulnerable Identities (lien direct) |
In this blog series, we cover how to improve your company\'s security posture with actionable insights. Actionable insights are a critical tool to help you improve your security posture and stop initial compromise in the attack chain. You can use them to identify and respond to potential risks, enhance your incident response capabilities and make more informed security decisions. Figure 1. Steps in the cyberattack chain. In previous actionable insights blog posts, we covered these topics: People risk Origin risk Business email compromise (BEC) risk Ensuring proper risk context Risk efficacy Telephone-oriented attack delivery (TOAD) risk Threat intelligence Executive Summary Condemnation Summary In this post, we show you the value of integrating data from Proofpoint Identity Threat Defense into the Proofpoint Targeted Attack Protection (TAP) Dashboard. You can now use this data about your identity risks to stop initial compromise and prevent the lateral movement of threats in your environment. Get insights about your vulnerable identities IT and security professionals are always looking for ways to stay ahead of evolving threats and protect their organizations. The TAP Dashboard from Proofpoint has long been a valuable tool in this fight. It provides crucial visibility into email threats and user activity. Now that the TAP Dashboard uses data from Proofpoint Identity Threat Defense, it has become even more powerful. Rich data about identity risks can help you see the impact of a potential compromise without having to leave the TAP Dashboard. Let\'s explore what this looks like in the dashboard-and how you can use this identity data to strengthen your security posture. Insights for supercharged visibility One new addition to the People page in the TAP Dashboard is the Identity Threat Attack Paths column. It reveals the currently available attack paths for each user, which are based on their identified vulnerabilities. No more digging through separate tools. You can now have a clear picture within the TAP Dashboard of how a threat actor could use each identity to escalate privilege and move laterally. Figure 2. Identity Threat Attack Paths column in the TAP Dashboard. You can also view identity risk factors for each user. This allows you to gain a deeper understanding of the potential impact of compromise for each user. The metrics you can view include: Overall risk exposure Number of potential attack paths associated with the user Key identity vulnerabilities associated with the user Figure 3. Identity risk factors for individual users. This data can help you to prioritize your response efforts. You can use it to better focus on securing the identities that might be used to cause the most harm to your business. Example use case Take this example of a hypothetical user named Dona Hosby, a 47-year-old finance director. She has access to client accounts and sensitive financial data. Despite her crucial role in the business, Hosby tends to be less cautious about clicking on suspicious email links and attachments. From the TAP Dashboard, Hosby is identified as a Very Attacked Person™ (VAP) with a high attack index. However, this risk level is not unique to her; others in the company share similar risk levels. With data enrichment from Proofpoint Identity Threat Defense, the TAP Dashboard shows that Hosby is also a shadow admin, which exposes her to critical risks. A shadow admin is an individual or account that has elevated privileges or access rights that are not in compliance with the company\'s security policies. We can also see the number of lateral attack paths (41) an attacker could take from Hosby\'s identity. This information can help the security team to pinpoint which VAPs in the organization pose a higher post-compromise risk. Figures 4 and 5 show what these insights look like in the TAP Dashboard. Figure 4: Example identity risk metrics in the TAP Dashboard for Dona Hosby. Fi | Tool Vulnerability Threat | ★★★ | |
|
2024-01-29 11:00:00 | Étude de cas: USM de Vertek \\ partout où MDR aide plus grand concessionnaire automobile dans le nord-est à améliorer leur posture de cybersécurité Case study: Vertek\\'s USM Anywhere MDR helps larger auto dealership in the northeast improve their Cybersecurity posture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Challenges A larger auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga | Ransomware Malware Tool Vulnerability Threat Studies | ★★★ | |
 |
2024-01-29 10:30:00 | Cyber: le couteau de l'armée suisse de Tradecraft Cyber: The Swiss army knife of tradecraft (lien direct) |
Dans le monde interconnecté numérique d'aujourd'hui, les cyber-capacités avancées sont devenues un outil exceptionnellement puissant et polyvalent de la métier pour les États-nations et les criminels
In today\'s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike |
Tool | ★★ |
To see everything:
Our RSS (filtrered)
