What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-29 10:02:08 | Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (lien direct) | L'éducation à la cybersécurité de l'enfance est un outil vital: 72% des enfants du monde entier ont connu au moins un type de cyber-menace
Par Check Point Team
-
revues de produits
Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat By Check Point Team - Product Reviews |
Tool Threat | ★★★ | |
 |
2024-01-29 01:51:11 | Pourquoi le Top 10 de la sécurité de l'API OWASP est essentiel pour chaque entreprise Why the OWASP API Security Top 10 is Essential for Every Business (lien direct) |
À une époque où la transformation numérique dicte le rythme de la croissance des entreprises, les API sont devenues la pierre angulaire de l'architecture d'entreprise moderne.Les API ne sont pas seulement des outils techniques;Ce sont des actifs vitaux qui stimulent les processus métier, améliorent les expériences des clients et ouvrent de nouvelles voies pour l'innovation.Cependant, avec une grande puissance s'accompagne d'une grande responsabilité, en particulier en termes de sécurité.OWASP API Security Top 10 offre une feuille de route pour protéger ces outils essentiels contre l'évolution des cyber-menaces.Pour les dirigeants d'entreprise et les professionnels de la sécurité, la compréhension et la mise en œuvre des principes ...
In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great responsibility, especially in terms of security. OWASP API Security Top 10 offers a roadmap to safeguard these essential tools against evolving cyber threats. For business executives and security professionals alike, understanding and implementing the principles... |
Tool Technical | ★★ | |
 |
2024-01-27 01:06:04 | Construire votre boîte à outils de défense: outils et tactiques pour lutter contre les cyber-menaces Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats (lien direct) |
> Par uzair amir
Bien que les cybercriminels créent leur boîte à outils, en tant qu'utilisateur, vous devez également vous tenir prêt pour des cyberattaques sans méfiance et garder une boîte à outils de sécurité pour votre défense.
Ceci est un article de HackRead.com Lire la publication originale: Construire votre boîte à outils de défense: outils et tactiques pour lutter contre les cyber-menaces
>By Uzair Amir While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence. This is a post from HackRead.com Read the original post: Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats |
Tool | ★★★ | |
|
2024-01-26 17:26:19 | Des milliers de messages Web sombres exposent des plans d'abus de chatpt Thousands of Dark Web Posts Expose ChatGPT Abuse Plans (lien direct) |
> Par deeba ahmed
Les cybercriminels font activement la promotion de l'abus de chatppt et de chatbots similaires, offrant une gamme d'outils malveillants, des logiciels malveillants aux kits de phishing.
Ceci est un article de HackRead.com Lire la publication originale: Des milliers de messages Web sombres exposent des plans d'abus de chatppt
>By Deeba Ahmed Cybercriminals are actively promoting the abuse of ChatGPT and similar chatbots, offering a range of malicious tools from malware to phishing kits. This is a post from HackRead.com Read the original post: Thousands of Dark Web Posts Expose ChatGPT Abuse Plans |
Malware Tool | ChatGPT | ★★★ |
 |
2024-01-26 17:02:23 | Microsoft dit que les pirates russes ont utilisé une tactique précédemment identifiée pour infraction Microsoft says Russian hackers used previously-identified tactic to breach senior exec emails (lien direct) |
Les pirates russes ont abusé d'un outil d'authentification populaire pour accéder aux comptes de messagerie des cadres supérieurs de Microsoft, selon une nouvelle déclaration du géant de la technologie.Microsoft a été serré à propos d'un incident - annoncé vendredi après-midi La semaine dernière - la semaine dernière - la semaine dernière -Le fait qu'ils aient dit impliquant le compromis de plusieurs mois des comptes de messagerie d'entreprise.
Russian hackers abused a popular authentication tool to gain access to the email accounts of senior executives at Microsoft, according to a new statement from the tech giant. Microsoft has been tightlipped about an incident - announced late on Friday afternoon last week - that they said involved the months-long compromise of corporate email accounts. |
Tool | ★★ | |
 |
2024-01-25 20:18:28 | Kasseika Ransomware déploie BYOVD ATTAQUES ABUS Psexec et exploite le pilote Martini Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver (lien direct) |
#### Description
L'opération de ransomware nommée \\ 'Kasseika \' a adopté Bring vos propres tactiques de pilote vulnérable (BYOVD) pour désactiver le logiciel antivirus avant de crypter des fichiers.
Kasseika exploite le pilote Martini, qui fait partie du système d'agent Virtt Soft \\ de TG Soft, pour désactiver les produits antivirus protégeant le système ciblé.Trend Micro a découvert Kasseika en décembre 2023, notant ses similitudes avec Blackmatter, suggérant qu'il pourrait avoir été construit par d'anciens membres ou acteurs qui ont acheté le code de Blackmatter \\.L'attaque commence par un e-mail de phishing, volant des informations d'identification pour l'accès initial, suivie de l'outil d'abus de Psexec Windows pour le mouvement latéral.Kasseika utilise des attaques BYOVD pour gagner des privilèges, résilier les processus antivirus et exécuter son ransomware binaire, exigeant une rançon de Bitcoin et offrant aux victimes une option de décryptage dans les 120 heures.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attades-abuses-psexec-and-expl.html
#### Date de publication
25 janvier 2024
#### Auteurs)
Chercheurs Trendmicro
#### Description The ransomware operation named \'Kasseika\' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. Kasseika exploits the Martini driver, part of TG Soft\'s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro discovered Kasseika in December 2023, noting its similarities with BlackMatter, suggesting it may have been built by former members or actors who purchased BlackMatter\'s code. The attack begins with a phishing email, stealing credentials for initial access, followed by the abuse of Windows PsExec tool for lateral movement. Kasseika utilizes BYOVD attacks to gain privileges, terminate antivirus processes, and execute its ransomware binary, demanding a Bitcoin ransom and providing victims with a decryption option within 120 hours. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html #### Publication Date January 25, 2024 #### Author(s) TrendMicro Researchers |
Ransomware Tool Prediction | ★★★ | |
|
2024-01-25 19:48:09 | Parrot TDS: une campagne de logiciels malveillants persistants et évolutives Parrot TDS: A Persistent and Evolving Malware Campaign (lien direct) |
#### Description
Le Parrot TDS (Traffic Redirect System) a augmenté sa campagne depuis octobre 2021, utilisant des techniques sophistiquées pour éviter la détection et potentiellement impactant des millions de personnes par le biais de scripts malveillants sur des sites Web compromis.
Identifiée par les chercheurs de l'unité 42, Parrot TDS injecte des scripts malveillants dans le code JavaScript existant sur les serveurs, le profilage stratégique des victimes avant de fournir des charges utiles qui redirigent les navigateurs vers un contenu malveillant.Notamment, la campagne TDS présente une large portée, ciblant les victimes à l'échelle mondiale sans limites basées sur la nationalité ou l'industrie.Pour renforcer les tactiques d'évasion, les attaquants utilisent plusieurs lignes de code JavaScript injecté, ce qui rend plus difficile pour les chercheurs en sécurité de détecter.Les attaquants, utilisant probablement des outils automatisés, exploitent les vulnérabilités connues, en mettant l'accent sur les serveurs compromis à l'aide de WordPress, Joomla ou d'autres systèmes de gestion de contenu.
#### URL de référence (s)
1. https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_jt3yi5rhpmao
#### Date de publication
19 janvier 2024
#### Auteurs)
Zhanglin he
Ben Zhang
Billy Melicher
Qi Deng
Boqu
Brad Duncan
#### Description The Parrot TDS (Traffic Redirect System) has escalated its campaign since October 2021, employing sophisticated techniques to avoid detection and potentially impacting millions through malicious scripts on compromised websites. Identified by Unit 42 researchers, Parrot TDS injects malicious scripts into existing JavaScript code on servers, strategically profiling victims before delivering payloads that redirect browsers to malicious content. Notably, the TDS campaign exhibits a broad scope, targeting victims globally without limitations based on nationality or industry. To bolster evasion tactics, attackers utilize multiple lines of injected JavaScript code, making it harder for security researchers to detect. The attackers, likely employing automated tools, exploit known vulnerabilities, with a focus on compromising servers using WordPress, Joomla, or other content management systems. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_jt3yi5rhpmao #### Publication Date January 19, 2024 #### Author(s) Zhanglin He Ben Zhang Billy Melicher Qi Deng Bo Qu Brad Duncan |
Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-01-25 17:40:00 | \\ 'Cherryloader \\' Les logiciels malveillants permettent une exécution sérieuse de privilèges \\'CherryLoader\\' Malware Allows Serious Privilege Execution (lien direct) |
Un téléchargeur sportif et modulaire permet aux pirates de choisir leurs exploits - dans ce cas, deux outils puissants pour obtenir un accès administrateur dans un système Windows.
A sporty, modular downloader allows hackers to cherry-pick their exploits - in this case, two powerful tools for gaining admin access in a Windows system. |
Malware Tool | ★★★ | |
|
2024-01-25 16:32:42 | Outil Amazon à Sunset qui permettait aux forces de la loi d'obtenir des images à partir de sonnettes d'anneau Amazon to sunset tool that let law enforcement obtain footage from Ring doorbells (lien direct) |
Amazon a annoncé mercredi qu'ils rendront plus difficile pour les services de police de demander des images générées par des sonnettes vidéo et des caméras de surveillance des clients.La pratique était depuis longtemps sous le feu des groupes de libertés civiles et Certains politiciens .Eric Kuhn, qui dirige la plate-forme de voisins de la société, a déclaré la fonction de «demande d'assistance» controversée de Ring \\
Amazon announced Wednesday that they will make it harder for police departments to ask for footage generated from customers\' Ring video doorbells and surveillance cameras. The practice had long been under fire from civil liberties groups and some politicians. Eric Kuhn, who helms the company\'s Neighbors Platform, said Ring\'s controversial “Request for Assistance” (RFA) function |
Tool | ★★★ | |
 |
2024-01-25 12:51:00 | New Cherryloader Malware imite Cherrytree pour déployer des exploits PRIVESC New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits (lien direct) |
Un nouveau chargeur de logiciels malveillants basée sur GO appelée & nbsp; Cherryloader & nbsp; a été découvert par les chasseurs de menaces dans la nature pour fournir des charges utiles supplémentaires sur des hôtes compromis pour l'exploitation de suivi.
L'Arctic Wolf Labs, qui a découvert le nouvel outil d'attaque dans deux intrusions récentes, a déclaré que l'icône et le nom du chargeur \\ se sont masqué
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader\'s icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims |
Malware Tool Threat | ★★★ | |
 |
2024-01-25 12:00:00 | Nouvelle année, nouvelles initiatives pour le cadre de confidentialité du NIST! New Year, New Initiatives for the NIST Privacy Framework! (lien direct) |
Cela fait quatre ans depuis la publication du cadre de confidentialité NIST: un outil pour améliorer la confidentialité par le biais de la gestion des risques d'entreprise, version 1.0.Depuis lors, de nombreuses organisations l'ont trouvé très précieuse pour la construction ou l'amélioration de leurs programmes de confidentialité.Nous avons également été en mesure d'ajouter une variété de ressources pour soutenir son implémentation.Nous sommes fiers de la quantité accomplie en quelques années seulement, mais nous ne reposons pas sur nos lauriers.En tant qu'un autre, plus célèbre, Dylan a dit un jour: "Les fois où ils sont changin \\ '."Par exemple, la dernière année a vu la libération du risque NIST AI
It\'s been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We\'ve also been able to add a variety of resources to support its implementation. We\'re proud of how much has been accomplished in just a few short years, but we\'re not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin\'.” For example, the past year has seen the release of the NIST AI Risk |
Tool | ★★ | |
 |
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
|
2024-01-24 17:00:00 | Le juge fédéral rejette les efforts de NSO \\ pour rejeter le procès de Pegasus d'Apple \\ Federal judge rejects NSO\\'s effort to dismiss Apple\\'s Pegasus lawsuit (lien direct) |
Un juge fédéral a rejeté une requête du Group Spyware Maker NSO pour rejeter une action en justice Apple alléguant que le puissant outil de Pegasus de la société a violé les lois sur la fraude informatique et a injustement profité d'Apple et de ses clients, selon une décision de justice déposée mardi. groupe NSO , un fournisseur très controversé de logiciels espions qui a été
A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company\'s powerful Pegasus tool has violated computer fraud laws and unfairly profited off of Apple and its customers, according to a court ruling filed Tuesday. NSO Group, a highly controversial purveyor of spyware which has been |
Tool | ★★★ | |
 |
2024-01-24 15:20:27 | Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 (lien direct) | >Multiplication des attaques par ransomware, tensions géopolitiques en Europe et au Moyen-Orient, incertitude économique : l'année 2023 fut tumultueuse et marquée par une succession de crises protéiformes. Dans ce contexte, les organisations ont eu fort à faire pour préserver l'intégrité de leur système d'information, ou encore se prémunir et remédier aux éventuelles cyberattaques. 2024 ne dérogera […] The post Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 first appeared on UnderNews. | Ransomware Tool | ★★★ | |
 |
2024-01-24 14:00:13 | Au-delà du battage médiatique - où l'IA peut briller en sécurité Beyond the Hype - Where AI Can Shine in Security (lien direct) |
> Découvrez l'impact du monde réel de l'IA dans la cybersécurité avec des informations d'experts de Palo Alto Networks et de l'unité 42. Plongez dans la prolifération des outils d'IA.
>Discover the real-world impact of AI in cybersecurity with insights from experts at Palo Alto Networks and Unit 42. Dive into the proliferation of AI tools. |
Tool | ★★★ | |
 |
2024-01-24 13:00:35 | L'éducation à la cybersécurité de l'enfance est un outil vital: 72% des enfants du monde entier ont connu au moins un type de cyber-menace Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (lien direct) |
> 90% des enfants de plus de 8 ans utilisent déjà Internet.Seulement 40% des parents sont conscients que leurs enfants ont fait face à des cybermenaces.L'éducation est la pierre angulaire de notre culture, car elle nous permet de progresser en tant que société et nous pouvons partager avec les valeurs et les connaissances des nouvelles générations que nous considérons comme essentielles.Dans une société de plus en plus numérisée, et surtout considérant que les enfants utilisent de plus en plus la technologie à un âge plus précoce, il est crucial que l'éducation se concentre sur la façon d'utiliser cet outil mondial en toute sécurité.La technologie offre de grands avantages dans l'éducation, la culture et le divertissement, mais [& # 8230;]
>90% of children over 8 years old are already using Internet. Only 40% of parents are aware that their children have faced cyber threats. Education is the cornerstone of our culture, as it allows us to progress as a society and we can share with the new generations values and knowledge that we consider essential. In an increasingly digitized society, and especially considering that children are using technology more and more at an earlier age, it is crucial for education to focus on how to use this global tool safely. Technology offers great advantages in education, culture and entertainment, but […] |
Tool Threat | ★★★ | |
 |
2024-01-24 11:56:13 | Le Royaume-Uni dit que l'IA autonomisera les ransomwares au cours des deux prochaines années UK says AI will empower ransomware over the next two years (lien direct) |
Le National Cyber Security Center (NCSC) du Royaume-Uni avertit que les outils d'intelligence artificielle (IA) auront un impact défavorable à court terme sur la cybersécurité, ce qui contribue à dégénérer la menace de ransomware.[...]
The United Kingdom\'s National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...] |
Ransomware Tool Threat | ★★★ | |
 |
2024-01-24 06:26:08 | Les avertissements NCSC de GCHQ \\ de la possibilité réaliste \\ 'AI aideront à détection d'évasion des logiciels malveillants soutenus par l'État GCHQ\\'s NCSC warns of \\'realistic possibility\\' AI will help state-backed malware evade detection (lien direct) |
Cela signifie que les espions britanniques veulent la capacité de faire exactement cela, hein? L'idée que l'IA pourrait générer des logiciels malveillants super potentiels et indétectables a été bandé depuis des années & # 8211;et aussi déjà démystifié .Cependant, un article Publié aujourd'hui par le Royaume-Uni National Cyber Security Center (NCSC) suggère qu'il existe une "possibilité réaliste" que d'ici 2025, les attaquants les plus sophistiqués \\ 's'amélioreront considérablement grâce aux modèles d'IA informés par des données décrivant une cyber-cyberHits.… | Malware Tool | ChatGPT | ★★★ |
 |
2024-01-24 06:00:39 | 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) | Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage. This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks. Understanding privilege escalation In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise. Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically. Horizontal example This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems. Here\'s an example of how a horizontal privilege escalation attack might unfold: An attacker uses stolen credentials to access a host with regular privileges within a company\'s network. The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files. The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files. This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack. Vertical example In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials. Here is how a vertical privilege escalation attack might play out: An attacker uses a compromised user account to gain access to a targeted system. They identify a known vulnerability in an application or service that is running on the system. The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized. The attacker can now change their privileges to a higher level, like system admin. Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data. Why it is important to prevent privilege escalation attacks The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern: Unauthorized access to and exposure of sensitive data Compromised user accounts and user identities Manipulated systems and configurations Disrupted business operations Data tampering and manipulation, such as with ransomware Legal and regulatory repercussions Reputational damage 5 Common privilege escalation attack techniques and examples Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in | Tool Vulnerability Threat Commercial | ★★★ | |
|
2024-01-24 06:00:39 | (Déjà vu) 5 Techniques d'attaque d'escalade communes avec des exemples 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) |
Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage. This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks. Understanding privilege escalation In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise. Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically. Horizontal example This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems. Here\'s an example of how a horizontal privilege escalation attack might unfold: An attacker uses stolen credentials to access a host with regular privileges within a company\'s network. The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files. The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files. This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack. Vertical example In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials. Here is how a vertical privilege escalation attack might play out: An attacker uses a compromised user account to gain access to a targeted system. They identify a known vulnerability in an application or service that is running on the system. The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized. The attacker can now change their privileges to a higher level, like system admin. Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data. Why it is important to prevent privilege escalation attacks The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern: Unauthorized access to and exposure of sensitive data Compromised user accounts and user identities Manipulated systems and configurations Disrupted business operations Data tampering and manipulation, such as with ransomware Legal and regulatory repercussions Reputational damage 5 Common privilege escalation attack techniques and examples Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in | Tool Vulnerability Threat Commercial | ★★★ | |
|
2024-01-24 02:32:22 | Quatre points à retenir du rapport McKinsey AI Four Takeaways from the McKinsey AI Report (lien direct) |
L'intelligence artificielle (IA) a été un sujet de discussion brûlant cette année parmi les professionnels de la technologie et de la cybersécurité et le public plus large.Avec l'avènement récent et les progrès rapides d'un certain nombre d'outils d'IA génératifs accessibles au public, Chatgpt, Dall-E et d'autres, le sujet de l'IA est au sommet de nombreux esprits.Les organisations et les individus ont adopté ces outils pour un large éventail de fonctions commerciales et personnelles.La dernière enquête mondiale de McKinsey Global Publishing a interrogé des milliers de cadres et de gestionnaires sur l'état actuel de l'IA.Les résultats de l'enquête offrent une valeur précieuse ...
Artificial intelligence (AI) has been a hot topic of discussion this year among tech and cybersecurity professionals and the wider public. With the recent advent and rapid advancement of a number of publicly available generative AI tools-ChatGPT, Dall-E, and others-the subject of AI is at the top of many minds. Organizations and individuals alike have adopted these tools for a wide range of business and personal functions. The latest global survey from McKinsey Global Publishing polled thousands of executives and managers on the current state of AI. The results of the survey provide valuable... |
Tool | ★★★ | |
 |
2024-01-23 16:00:00 | Informations sensibles dans les API et utilisation sécurisée du facteur Sensitive Information in APIs and Secure Usage of Postman (lien direct) |
> L'un des développeurs & # 8217;Les outils les plus fréquemment utilisés dans le développement de logiciels sont sans aucun doute le facteur.Mais ...
>One of the developers’ most frequently used tools in software development is undoubtedly Postman. But... |
Tool | ★★★ | |
 |
2024-01-23 15:36:45 | HC3 prévient le secteur des soins de santé des menaces d'accès non autorisées de ScreenConnect Tool HC3 warns healthcare sector of unauthorized access threats from ScreenConnect tool (lien direct) |
> Le centre de coordination de la cybersécurité du secteur de la santé (HC3) dans le département américain de la santé & # 38;Services humains (HHS) émis ...
>The Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) issued... |
Tool Medical | ★★★ | |
|
2024-01-23 15:29:37 | Plus d'un quart des 2000 mondiaux ne sont pas prêts pour les règles d'authentification des e-mails rigoureuses à venir More than One-Quarter of the Global 2000 Are Not Ready for Upcoming Stringent Email Authentication Rules (lien direct) |
Le courrier électronique reste le principal canal de communication pour les organisations et les moyens de communication préférés pour les consommateurs.Et partout où les gens vont, les acteurs de la menace suivent.Les cybercriminels continuent d'exploiter les e-mails pour livrer le phishing, la fraude par e-mail, le spam et d'autres escroqueries.Mais Google, Yahoo!, Et Apple se battent avec de nouvelles exigences d'authentification par e-mail conçues pour empêcher les acteurs de la menace d'abuser des e-mails.Bien que ce changement majeur soit une excellente nouvelle pour les consommateurs, les organisations n'ont pas beaucoup de temps pour préparer le google, Yahoo!Et Apple commencera à appliquer ses nouvelles exigences au premier trimestre de 2024. Avec seulement des semaines jusqu'à ce que ces règles commencent à prendre effet, plus d'un quart (27%) des Forbes Global 2000 ne sont pas prêts pour ces nouvelles exigences;Cela peut avoir un impact significatif sur leur capacité à fournir des communications par e-mail à leurs clients en temps opportun et met leurs clients en danger de fraude par e-mail et d'escroqueries.En fait, notre rapport State of the Phish 2023 a révélé que 44% des consommateurs mondiaux pensent qu'un e-mail est sûr s'il inclut simplement l'image de marque familière. L'analyse de Proofpoint \\ de la Forbes Global 2000 et leur adoption du protocole ouvert DMARC (reporting et conformité d'authentification des messages basés sur le domaine), un protocole d'authentification largement utilisé qui aide à garantir l'identité des communications par e-mail et protège les noms de domaine du site Web contre le fait d'êtreusurpé et mal utilisé, montre: Plus d'un quart (27%) du Global 2000 n'a aucun enregistrement DMARC en place, indiquant qu'ils ne sont pas préparés aux prochaines exigences d'authentification par e-mail. 69% stupéfiants ne bloquent pas activement les e-mails frauduleux en atteignant leurs clients;Moins d'un tiers (31%) ont mis en œuvre le plus haut niveau de protection pour rejeter les e-mails suspects en atteignant leurs clients de réception. 27% ont mis en œuvre une politique de moniteur, ce qui signifie que des e-mails non qualifiés peuvent toujours arriver dans la boîte de réception du destinataire;et seulement 15% ont mis en œuvre une politique de quarantaine pour diriger des e-mails non qualifiés aux dossiers spam / indésirables. L'authentification par e-mail est une meilleure pratique depuis des années.DMARC est l'étalon-or pour se protéger contre l'identité des e-mails, une technique clé utilisée dans la fraude par e-mail et les attaques de phishing.Mais, comme le révèle notre analyse du Global 2000, de nombreuses entreprises doivent encore la mettre en œuvre, et celles qui sont à la traîne de l'adoption du DMARC devront désormais rattraper leur retard rapidement s'ils souhaitent continuer à envoyer des e-mails à leurs clients.Les organisations qui ne se contentent pas ne pourraient pas voir leurs e-mails acheminés directement vers les dossiers de spam des clients ou rejeté. La mise en œuvre peut cependant être difficile, car elle nécessite une variété d'étapes techniques et une maintenance continue.Toutes les organisations n'ont pas les ressources ou les connaissances en interne pour répondre aux exigences en temps opportun.Vous pouvez profiter de ressources telles que le kit technique et d'authentification de l'e-mail technique de Proofpoint \\ pour vous aider à démarrer.ProofPoint propose également un outil pour vérifier les enregistrements DMARC et SPF de votre domaine, ainsi que pour créer un enregistrement DMARC pour votre domaine.Cet outil fait partie d'une solution complète de défense de fraude par e-mail, qui fournit un SPF hébergé, un DKIM hébergé et des fonctionnalités DMARC hébergées pour simplifier le déploiement et la maintenance tout en augmentant la sécurité.La solution comprend également l'accès à des consultants hautement expérimentés pour vous guider à travers les workflows d'im | Spam Tool Threat Cloud Technical | ★★★ | |
|
2024-01-23 12:51:12 | Le paysage des menaces est toujours en train de changer: à quoi s'attendre en 2024 The Threat Landscape Is Always Changing: What to Expect in 2024 (lien direct) |
Gather \'round, cyber friends, and I\'ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can look back on 2023, identify notable changes and actor behaviors, and make educated assessments about what 2024 will bring. This month on the DISCARDED podcast my co-host Crista Giering and I sat down with our Threat Research leaders Daniel Blackford, Alexis Dorais-Joncas, Randy Pargman, and Rich Gonzalez, leaders of the ecrime, advanced persistent threat (APT), threat detection, and Emerging Threats teams, respectively. We discussed what we learned over the last year, and what\'s on the horizon for the future. While the discussions touched on different topics and featured different opinions on everything from artificial intelligence (AI) to living off the land binaries (LOLBins) to vulnerability exploitation to ransomware, there were some notable themes that are worth writing down. We can\'t say for sure what surprises are in store, but with our cyber crystals balls fully charged – and a deep knowledge of a year\'s worth of threat actor activity based on millions of email threats per day – we can predict with high confidence what\'s going to be impactful in the coming year. 1: Quick response (QR) codes will continue to proliferate 2023 was the year of the QR code. Although not new, QR codes burst on the scene over the last year and were used in many credential phishing and malware campaigns. The use was driven by a confluence of factors, but ultimately boiled down to the fact that people are now way more accustomed to scanning QR codes for everything from instructions to menus. And threat actors are taking advantage. Proofpoint recently launched new in-line sandboxing capabilities to better defend against this threat, and our teams anticipate seeing more of it in 2024. Notably, however, Dorais-Joncas points out that QR codes still just exist in the realm of ecrime – APT actors have not yet jumped on the QR code bandwagon. (Although, some of those APT actors bring ecrime energy to their campaigns, so it\'s possible they may start QR code phishing, too.) 2: Zero-day and N-day vulnerability exploitation A theme that appeared throughout our conversations was the creative use of vulnerabilities – both known and unreported – in threat actor activity. APT actors used a wide variety of exploits, from TA473 exploiting publicly-facing webmail servers to espionage actors using a zero-day in an email security gateway appliance that ultimately forced users to rip out and reinstall physical hardware. But ecrime actors also exploited their share of vulnerabilities, including the MOVEit file transfer service vulnerability from the spring of 2023 that had cascading repercussions, and the ScreenConnect flaw announced in the fall of 2023 – both of which were used by ecrime actors before being officially published. Proofpoint anticipates vulnerability exploitation will continue, driven in part by improved defense making old school techniques – like macro-enabled documents – much less useful, as well as the vast financial resources now available to cybercriminals that were once just the domain of APT. Pargman says the creativity from ecrime threat actors is a direct response of defenders imposing cost on our adversaries. 3: Continuing, unexpected behavior changes Avid listeners of the podcast know I have regularly said the ecrime landscape is extremely chaotic, with TA577 demonstrating the most chaotic vibes of them all. The tactics, techniques, and procedures (TTPs) of some of the most sophisticated actors continue to change. The cost imposed on threat actors that Pargman mentioned – from law enforcement takedowns of massive botnets like Qbot to improved detections and automated defenses – have forced threat actors, cybercriminals in particular, to regularly change their behaviors to figure out what is most effective. For example, recently Proofpoint has observed the increased use of: traffic dis | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-01-22 16:00:00 | Lutter contre la désinformation pendant la saison électorale Battling Misinformation During Election Season (lien direct) |
La diffusion de fausses informations, souvent avec l'intention de tromper, est devenue une question omniprésente amplifiée par des outils d'intelligence artificielle (IA).
Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools. |
Tool | ★★★ | |
 |
2024-01-22 12:18:13 | Les principales façons inattendues d'utiliser un gestionnaire de mots de passe pour une sécurité et une organisation améliorées Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation (lien direct) |
Les gestionnaires de mots de passe sont devenus des outils intégraux pour les particuliers et les entreprises.Ils sont principalement connus pour enregistrer et gérer en toute sécurité les informations d'identification de connexion afin que les utilisateurs ne devaient pas se souvenir de tous ou les noter, où ils pourraient être compromis.Cependant, ces tuteurs numériques peuvent offrir plus qu'un simple coffre-fort sécurisé pour les mots de passe.En fait, [& # 8230;]
Le message Les principales façons inattendues d'utiliser un gestionnaire de mots de passe pour une sécurité et une organisation améliorées sont apparues pour la première fois sur gourou de la sécurité informatique .
Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don\'t have to remember them all or write them down, where they could be compromised. However, these digital guardians can offer more than just a secure vault for passwords. In fact, […] The post Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation first appeared on IT Security Guru. |
Tool | ★★ | |
|
2024-01-22 11:00:00 | Meilleures pratiques pour mettre en œuvre l'auto-doxxing dans les organisations Best practices to implement self-doxxing in organizations (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Organizations face a constant challenge to balance transparency and security in today\'s rapidly evolving digital landscape. One emerging concept that has gained traction in recent years is the practice of "self-doxxing." This seemingly counterintuitive term refers to the deliberate and controlled sharing of an organization\'s information, often sensitive, to enhance transparency, accountability, and trust. While it might sound paradoxical to disclose information that could be exploited by malicious actors voluntarily, the strategic implementation of self-doxing can indeed be a powerful tool in an organization\'s arsenal. What does it mean by self-doxxing? Self-doxing, short for "self-documenting," is a proactive approach where organizations voluntarily share information about themselves, their operations, and their practices with the public, stakeholders, and competitors. This practice is in direct contrast to traditional security measures that aim to limit the exposure of sensitive data. Traditionally, data privacy measures rely on endpoint security tools such as VPNs, antivirus, password managers, etc, to ensure security. These tools help implement a zero-trust security module within an organization to ensure data privacy and security. In contrast to this traditional zero-trust security method, self-doxing is a strategic move to foster transparency, build trust, and engage with a broader audience. It\'s about taking control of the narrative surrounding your organization and providing the public with a clearer picture of who you are and what you stand for. By voluntarily sharing information, organizations aim to shape perceptions, demonstrate accountability, and minimize the potential for unauthorized leaks or misinformation. However, successful self-doxxing requires careful planning and a deep understanding of what to share and protect. Why should you implement self-doxxing in an organization? Self-doxing, when executed thoughtfully, offers many advantages for organizations looking to thrive in a digitally connected world. Enhanced transparency: One of the primary benefits of self-doxxing is the promotion of transparency. By willingly sharing information about your organization\'s operations, practices, and ethical standards, you signal stakeholders and the public that you have nothing to hide. This transparency can foster trust and credibility, making your organization more attractive to customers, investors, and partners. Reputation management: Self-doxxing allows you to control the narrative about your organization. By providing accurate and comprehensive information, you can preemptively address potential issues, correct misunderstandings, and mitigate reputational risks. This proactive approach to reputation management can be invaluable in an age where public perception can impact an organization\'s success. Stakeholder engagement: Sharing information about your organization can also enhance stakeholder engagement, including customers, employees, and shareholders. When people feel that an organization is open and honest about its practices, they are more likely to engage positively with it. Competitive advantage: Self-doxxing can also provide a competitive edge. By openly sharing your organization\'s strengths, innovations, and accomplishments, you can demonstrate industry leadership and attract talent, partners, and customers who align with your values and goals. Regulatory compliance: In many industries, regulatory compliance requ | Tool Vulnerability | ★★★ | |
 |
2024-01-22 05:10:56 | Outils de sécurité cloud essentiels pour les devsecops efficaces Essential Cloud Security Tools for Effective DevSecOps (lien direct) |
La mise en œuvre d'une approche DevSecops est le facteur clé le plus impactant dans le coût total d'une violation de données.Les DevseCops réussis dans un monde natif du cloud sont aidés par les bons outils.Voici une poignée des outils de sécurité du cloud les plus essentiels et ce qu'il faut rechercher pour aider DevseCops.
Top outil de sécurité du cloud essentiel pour DevSecops: analyse de composition logicielle
L'analyse de la composition logicielle (SCA) est le pain et le beurre des outils de sécurité du cloud pour des Devsecops efficaces et la sécurisation de la chaîne d'approvisionnement des logiciels.
Pourquoi cela compte: les logiciels open source (OSS) sont pratiques, mais il est livré avec quelques captures.Il y a des vulnérabilités, des mises à jour manquées et un risque de licence pour s'inquiéter.C'est là où SCA entre en jeu.
SCA adopte une approche proactive pour trouver ces risques tôt.Quelques choses que vous souhaitez rechercher lorsque vous choisissez le bon outil SCA pour vous:
Contrôle continu
Rapports et analyses avec référence par les pairs
Guide de remédiation et suggestions
Dépendance…
Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps. Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the software supply chain. Why it matters: open-source software (OSS) is handy, but it comes with a few catches. There are vulnerabilities, missed updates, and license risk to be worried about. That\'s where SCA comes in. SCA takes a proactive approach to finding these risks early. A few things you want to look out for when picking the right SCA tool for you: Continuous Monitoring Reporting & Analytics with Peer Benchmarking Remediation Guidance & Fix Suggestions Dependency… |
Data Breach Tool Vulnerability Cloud | ★★★ | |
|
2024-01-22 04:25:00 | Résoudre les principaux erreurs de sécurité: ce que vous devez savoir Resolving Top Security Misconfigurations: What you need to know (lien direct) |
L'un des facteurs les plus courants pouvant conduire à des incidents de cybersécurité est une mauvaise configuration de la sécurité dans les logiciels ou les paramètres d'application.Les paramètres par défaut qui accompagnent la mise en œuvre de ces outils et solutions ne sont souvent pas configurés en toute sécurité, et de nombreuses organisations n'investissent pas le temps et les ressources pour s'assurer qu'elles le sont.Plusieurs organisations réglementaires ont établi des normes pour éviter les erreurs de sécurité de sécurité afin de prévenir les cyberattaques et les infractions à la sécurité accidentelle, de maintenir la conformité aux réglementations et de renforcer la cybersécurité globale ...
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established standards for avoiding security misconfigurations in order to prevent cyberattacks and accidental security breaches, maintain compliance with regulations, and strengthen the overall cybersecurity... |
Tool | ★★★ | |
|
2024-01-19 21:30:00 | L'acteur de ransomware utilise TeamViewer pour obtenir un accès initial aux réseaux Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks (lien direct) |
Les attaquants ont de plus en plus exploité l'outil d'accès à distance largement utilisé, installé sur des centaines de millions de points de terminaison, pour pénétrer dans les environnements des victimes.
Attackers have increasingly leveraged the widely used remote access tool, installed on hundreds of millions of endpoints, to break into victim environments. |
Ransomware Tool | ★★★ | |
|
2024-01-19 19:46:00 | Les vulnérabilités ivanti sont largement exploitées, dit CISA dans la directive d'urgence Ivanti vulnerabilities are being exploited widely, CISA says in emergency directive (lien direct) |
Les agences civiles du gouvernement américain sont condamnées à réparer immédiatement deux vulnérabilités affectant un outil populaire de la société informatique Ivanti après que le meilleur chien de garde de la cybersécurité de la nation \\ a mis en garde contre une exploitation généralisée.L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a sonné l'alarme vendredi à propos de CVE-2023-46805 et CVE-2024-21887 - Deux bogues affectant la politique d'Ivanti Secu
Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation\'s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 - two bugs affecting Ivanti Policy Secure |
Tool Vulnerability | ★★ | |
|
2024-01-19 14:28:42 | Waterfall Security fait ses débuts en cascade centrale pour améliorer la surveillance des passerelles de sécurité unidirectionnelles Waterfall Security debuts Waterfall Central to enhance monitoring of unidirectional security gateways (lien direct) |
> OT Sécurité Vendor Waterfall Security Solutions a lancé jeudi sa cascade Central, un outil basé sur un navigateur conçu pour améliorer le ...
>OT security vendor Waterfall Security Solutions launched Thursday its Waterfall Central, a browser-based tool designed to enhance the... |
Tool Industrial | ★★★ | |
|
2024-01-19 09:30:00 | La première étape pour sécuriser les outils AI / ML est de les localiser First Step in Securing AI/ML Tools Is Locating Them (lien direct) |
Les équipes de sécurité doivent commencer à prendre en compte ces outils lorsque vous réfléchissez à la chaîne d'approvisionnement des logiciels.Après tout, ils ne peuvent pas protéger ce qu'ils ne savent pas.
Security teams need to start factoring for these tools when thinking about the software supply chain. After all, they can\'t protect what they don\'t know they have. |
Tool | ★★★ | |
 |
2024-01-18 18:17:07 | 4 Major Falcon Logscale NE NEXT-GEN MISES À JOUR SIEM qui accélèrent 4 Major Falcon LogScale Next-Gen SIEM Updates That Accelerate Time-to-Insights (lien direct) |
Pour déverrouiller la vitesse et l'évolutivité de Crowdsstrike Falcon & Reg;LOGSCALE NEXT-GEN SIEM, vous devez d'abord apporter vos données dans la solution puissante et native du cloud.Et avec les sources de journal multipliant et les volumes de données en flèche, vous avez besoin d'un moyen facile de collecter, d'analyser et d'enrichir vos données.L'intégration des données peut être complexe et longue dans les outils SIEM traditionnels.[& # 8230;]
To unlock the speed and scalability of CrowdStrike Falcon® LogScale next-gen SIEM, you must first bring your data into the powerful, cloud-native solution. And with log sources multiplying and data volumes skyrocketing, you need an easy way to collect, parse and enrich your data. Data onboarding can be complex and time-consuming in traditional SIEM tools. […] |
Tool | ★★ | |
|
2024-01-18 17:51:52 | Annonce de Veracode Scan: un plugin unifié Sast et SCA IDE Announcing Veracode Scan: A Unified SAST and SCA IDE Plugin (lien direct) |
Veracode est heureux d'annoncer la disponibilité d'une nouvelle numérisation de plugin-veracode de l'environnement de développement intégré (IDE).Le scan Veracode combine à la fois l'analyse statique Veracode (SAST) et l'analyse de composition logicielle (SCA) en un seul plugin.Cela permet aux développeurs de scanner rapidement des projets pour les faiblesses et les risques de sécurité dans les bibliothèques de code et de tiers.
Les avantages d'un plugin combiné et SCA
La numérisation des projets avec SCA et Sast est importante pour s'assurer que le code et les bibliothèques sont aussi sûrs que possible.La mise à disposition de ces outils dans l'IDE dans un seul plugin rend les vérifications de sécurité à la fois plus rapides et plus faciles à effectuer.Le code de numérisation au début du processus de développement de logiciels réduit à la fois le coût des défauts de réparation et les chances de défauts de la production.
Comment fonctionne le scan veracode
Le scan veracode s'occupe de l'emballage et de l'envoi d'artefacts au scanner statique Veracode, puis renvoie les résultats des analyses…
Veracode is pleased to announce the availability of a new Integrated Development Environment (IDE) Plugin-Veracode Scan. Veracode Scan combines both Veracode Static Analysis (SAST) and Software Composition Analysis (SCA) into a single plugin. This allows developers to quickly scan projects for security weaknesses and risks in both first-party code and third-party libraries. The Benefits of a Combined SAST and SCA Plugin Scanning projects with SCA and SAST is important to make sure that both the code and libraries are as safe as possible. Making these tools available natively in the IDE in a single plugin makes performing security checks both faster and easier to perform. Scanning code early in the software development process reduces both the cost of remediating flaws and the chances of flaws making it into production. How Veracode Scan Works Veracode Scan takes care of packaging and sending of artifacts to the Veracode static scanner, and then returns the results of scans… |
Tool | ★★★ | |
 |
2024-01-18 13:47:14 | Département de l'énergie à investir 30 millions de dollars dans des solutions de cybersécurité à l'énergie propre Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions (lien direct) |
> Les organisations peuvent gagner jusqu'à 3 millions de dollars en financement fédéral pour les cyber outils qui garantissent l'infrastructure d'énergie propre.
>Organizations can earn up to $3 million in federal funding for cyber tools securing the clean energy infrastructure. |
Tool | ★★★ | |
|
2024-01-18 12:00:45 | Les logiciels malveillants exploitent 9HIT Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (lien direct) |
> Par deeba ahmed
9Hits, double coup: malware imite l'outil Web pour exploiter la crypto, générer un faux trafic de site Web.
Ceci est un article de HackRead.com Lire le post original: Les logiciels malveillants exploitent 9HITS, transforment les serveurs Docker en mineurs de cryptographie boostés du trafic
>By Deeba Ahmed 9Hits, Double Hit: Malware Mimics Web Tool to Mine Crypto, Generate Fake Website Traffic. This is a post from HackRead.com Read the original post: Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners |
Malware Tool | ★★ | |
|
2024-01-18 11:00:00 | Quatre tendances de cybersécurité que vous devriez connaître pour 2024 Four cybersecurity trends you should know for 2024 (lien direct) |
This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur | Tool Threat Prediction | ★★★ | |
|
2024-01-18 09:00:00 | Google: les pirates de FSB russes déploient de nouveaux logiciels malveillants SPICA Backdoor Google: Russian FSB hackers deploy new Spica backdoor malware (lien direct) |
Google dit que le groupe de piratage à dos russe Coldriver pousse des logiciels malveillants de porte dérobée auparavant inconnus en utilisant des charges utiles se faisant passer pour un outil de décryptage PDF.[...]
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. [...] |
Malware Tool | ★★ | |
|
2024-01-18 05:00:52 | Mémoire de sécurité: TA866 revient avec une grande campagne de messagerie Security Brief: TA866 Returns with a Large Email Campaign (lien direct) |
What happened Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_[10 digits].pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset. Screenshot of an email with an attached PDF. If the user clicked on the OneDrive URL inside the PDF, they were: Served a JavaScript file hosted on OneDrive. The JavaScript, if run by the user, downloaded and ran an MSI file. The MSI file executed an embedded WasabiSeed VBS script. The WasabiSeed VBS script then downloaded and executed a second MSI file as well as continued polling for additional payloads in a loop. The additional payloads are currently unknown. Finally, the second MSI file contained components of the Screenshotter screenshot utility which took a screenshot of the desktop and sent it the C2. Attack chain summary: Email > PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.) One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body. Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability). Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”. Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server. Attribution There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers. Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated. Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors. Why it matters The following are notable characteristics of TA866\'s return to email threat data: TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile | Spam Malware Tool Threat | ★★ | |
|
2024-01-17 19:33:02 | L'outil Ishutdown de Kaspersky \\ détecte les logiciels espions Pegasus sur les appareils iOS Kaspersky\\'s iShutdown Tool Detects Pegasus Spyware on iOS Devices (lien direct) |
par waqas
Kaspersky a récemment lancé un outil appelé Ishutdown, conçu non seulement pour détecter le logiciel spymétrique de Pegasus notoire, mais aussi pour identifier d'autres menaces de logiciels malveillants sur les appareils iOS.
Ceci est un article de HackRead.com Lire la publication originale: L'outil Ishutdown de Kaspersky détecte les logiciels espions Pegasus sur les appareils iOS
By Waqas Kaspersky has recently launched a tool called iShutdown, designed not only to detect the notorious Pegasus spyware but also to identify other malware threats on iOS devices. This is a post from HackRead.com Read the original post: Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices |
Malware Tool | ★★★ | |
|
2024-01-17 18:38:30 | DOE annonce un financement de 30 millions de dollars pour les outils de cybersécurité pour protéger les infrastructures d'énergie propre DOE announces $30 million funding for cybersecurity tools to protect clean energy infrastructure (lien direct) |
Le Bureau de la cybersécurité, de la sécurité énergétique et des interventions d'urgence (CESER) au sein du département américain de l'énergie (DOE) a ...
The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) within the U.S. Department of Energy (DOE) has... |
Tool Industrial | ★★★★ | |
 |
2024-01-17 08:19:01 | Gestion du travail collaboratif : l\'opportunisme guide l\'adoption (lien direct) | Le Magic Quadrant des outils de gestion du travail collaboratif dénote une tendance aux déploiements " tactiques ". Quels fournisseurs s'y distinguent ? | Tool Commercial | ★★★ | |
|
2024-01-17 06:00:02 | Comment mettre en place un programme de gestion des menaces d'initié et de prévention des pertes de données How to Set Up an Insider Threat Management and Data Loss Prevention Program (lien direct) |
This blog post is adapted from our e-book, Getting Started with DLP and ITM. The last few years have brought unprecedented change. An increasingly distributed workforce, access to more data through more channels and a shift to the cloud have transformed the nature of work. These trends have made protecting sensitive data more complicated and demanding. What\'s clear is that organizations are struggling to rise to the challenge. Between 2020 and 2022, insider threats increased by a staggering 44%. And the costs of addressing them increased 34%-from $11.45 million to $15.38 million. This upswing mainly comes down to two factors. For starters, most security teams have little visibility into people-caused data loss and insider-led security incidents. And few have the tools or resources to handle it. That\'s why Gartner sees platforms for data loss prevention and insider threat management (DLP and ITM) increasingly converging. Businesses need tools and processes that give them holistic, contextualized insights that take user behavior into account. It\'s no longer enough to focus on data-and where it\'s moving. To prevent data loss, industry leaders need to take a people-centric approach that expands beyond traditional drivers like compliance. In this blog post, we\'ll explore some basics for designing an ITM and DLP program. This can help you approach information protection in a way that\'s built for how modern organizations work. Why information protection is so challenging Risks are everywhere in today\'s complex landscape. Here are a few changes making it difficult for companies to protect their data. More data is open to exposure and theft. As businesses go digital, more data is being generated than ever before. According to IDC\'s Worldwide Global DataSphere Forecast, the total amount of data generated data will double from 2022 to 2026. That means malicious insiders will have more access to more sensitive data through more channels. It will also be easier for careless users to expose data inadvertently. Plus, any security gap between channels, any misconfiguration or any accidental sharing of files can give external attackers more opportunities to steal data. New data types are hard to detect. Data isn\'t just growing in volume. It\'s also becoming more diverse, which makes it harder to detect and control. With traditional DLP program tools, data typically fits within very tightly defined data patterns (such as payment card number). But even then, it generates too many false positives. Now, key business data is more diverse and can be graphical, tabular or even source code. The network security perimeter no longer exists. With more employees and contractors working remotely, the security perimeter has shifted from brick and mortar to one based on people. Add to the mix bring-your-own-device (BYOD) practices, where the personal and professional tend to get blurred, and security teams have even more risks to contend with. In a survey for the 2023 State of the Phish report from Proofpoint, 72% of respondents said they use one or more of their personal devices for work. Employee churn is high. Tech industry layoffs in 2022 and 2023 have seen many employees leaving and joining businesses at a rapid rate. The result is greater risk of data exfiltration, infiltration and sabotage. Security leaders know it, too-39% of chief information security officers rated improving information protection as the top priority over the next two years. Security talent is in short supply. A lack of talent has left many security teams under-resourced. And the situation is likely to get worse. In 2023, the cybersecurity workforce gap hit an all-time high-there are 4 million more jobs than there are skilled workers. DLP vs. ITM What\'s the difference between DLP and ITM? Both DLP and ITM work to prevent data loss. But they achieve it in different ways. DLP tracks data movement and exfiltration DLP monitors file activity and scans content to see whether users are handling sen | Tool Threat Cloud Technical | ★★ | |
 |
2024-01-16 16:30:00 | Un nouvel outil identifie Pegasus et d'autres logiciels espions iOS New Tool Identifies Pegasus and Other iOS Spyware (lien direct) |
Les experts de Kaspersky ont développé l'outil après avoir analysé Shutdown.log, un fichier de conservation des informations de redémarrage
Kaspersky experts developed the tool after analyzing Shutdown.log, a file retaining reboot information |
Tool | ★★★ | |
|
2024-01-16 12:16:39 | Mise en œuvre de l'IA: équilibrer les objectifs commerciaux et les exigences de sécurité Implementing AI: Balancing Business Objectives and Security Requirements (lien direct) |
L'intelligence artificielle (IA) et l'apprentissage automatique sont devenus des outils intégrés pour les organisations dans diverses industries.Cependant, l'adoption réussie de ces technologies nécessite un équilibre minutieux entre les objectifs commerciaux et les exigences de sécurité.Je me suis assis avec Glenn Schmitz, le directeur de la sécurité de l'information du Département de la santé comportementale et des services de développement en Virginie, alors qu'il partageait des informations précieuses sur la mise en œuvre de l'IA tout en garantissant la sécurité, la sécurité et les considérations éthiques.Voici quelques-uns des principaux plats à retenir.
Comprendre les objectifs commerciaux et les exigences de sécurité commence par les fondamentaux
Lorsque Schmitz a rejoint l'organisation, il a reconnu la nécessité de comprendre le niveau global de maturité de la sécurité.En alignant les objectifs de l'entreprise sur les exigences de sécurité, il visait à permettre à l'entreprise d'atteindre ses objectifs de manière sûre et sécurisée.
Schmitz a partagé: "J'ai commencé à un niveau très fondamental. La sécurité est là pour protéger l'entreprise et…
Artificial Intelligence (AI) and machine learning have become integral tools for organizations across various industries. However, the successful adoption of these technologies requires a careful balance between business objectives and security requirements. I sat down with Glenn Schmitz, the Chief Information Security Officer of the Department of Behavioral Health and Developmental Services in Virginia, as he shared valuable insights on implementing AI while ensuring safety, security, and ethical considerations. Here are some of the key takeaways. Understanding Business Objectives and Security Requirements Starts with Fundamentals When Schmitz joined the organization, he recognized the need to understand the overall security maturity level. By aligning business objectives with security requirements, he aimed to enable the business to achieve its goals in a safe and secure manner. Schmitz shared: "I started at a very fundamental level. Security is here to protect the business and… |
Tool | ★★ | |
|
2024-01-16 11:14:05 | ChatGPT : OpenAI prépare des outils contre la désinformation électorale (lien direct) | Alors que 2024 sera une année d'élections majeures, notamment aux Etats-Unis ; OpenAI annonce le lancement de nouveaux outils pour prévenir les manipulations à des fins politiques provenant de ChatGPT et DALL-E. | Tool | ChatGPT | ★★★ |
|
2024-01-16 11:00:00 | Prédictions inhabituelles et stimulantes pour la cybersécurité en 2024 Unusual, thought-provoking predictions for cybersecurity in 2024 (lien direct) |
This is part one of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b | Tool Mobile Prediction Cloud Technical | ★★★ | |
|
2024-01-16 10:36:36 | Les outils de décryptage gratuits de Kaspersky ont été téléchargés 360 000 fois, aidant les victimes de ransomware à récupérer leurs données (lien direct) | >Les outils de déchiffrement de Kaspersky, développés dans le cadre de l’initiative No More Ransom et disponibles sur le portail dédié No Ransom, ont été téléchargés plus de 360 000 fois. Ces outils gratuits permettent aux victimes de ransomware de récupérer leurs données de manière rapide et efficace, soulignant l’importance des efforts de collaboration en […] The post Les outils de décryptage gratuits de Kaspersky ont été téléchargés 360 000 fois, aidant les victimes de ransomware à récupérer leurs données first appeared on UnderNews. | Ransomware Tool | ★★★ |
To see everything:
Our RSS (filtrered)
