What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-23 12:50:57 | Les cyberespaces russes livrent \\ 'gooseegg \\' malware aux organisations gouvernementales Russian Cyberspies Deliver \\'GooseEgg\\' Malware to Government Organizations (lien direct) |
APT28, lié à la Russie, déploie l'outil post-exploitation d'OeEEGG contre de nombreuses organisations américaines et européennes.
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. |
Malware Tool | APT 28 | ★★★ |
|
2024-04-22 13:34:47 | La recherche montre comment les attaquants peuvent abuser des produits de sécurité EDR Research Shows How Attackers Can Abuse EDR Security Products (lien direct) |
> Les vulnérabilités dans les réseaux Palo Alto Cortex XDR ont permis à un chercheur en sécurité de le transformer en un outil offensif malveillant.
>Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool. |
Tool | ★★ | |
|
2024-04-11 15:17:48 | La violation des données SISENSE déclenche une alerte CISA et des appels urgents pour les réinitialités des informations d'identification Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets (lien direct) |
> Le gouvernement américain émet une alerte rouge pour ce qui semble être une violation massive de la chaîne d'approvisionnement à Sissen, une entreprise qui vend des outils d'analyse de grosses données.
>The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. |
Data Breach Tool | ★★ | |
|
2024-03-25 11:43:55 | Les meilleurs développeurs Python piratés dans une attaque de chaîne d'approvisionnement sophistiquée Top Python Developers Hacked in Sophisticated Supply Chain Attack (lien direct) |
> Plusieurs développeurs Python sont infectés après le téléchargement du clone de malveillance de l'outil populaire Colorama.
>Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. |
Tool | ★★★ | |
|
2024-01-18 13:47:14 | Département de l'énergie à investir 30 millions de dollars dans des solutions de cybersécurité à l'énergie propre Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions (lien direct) |
> Les organisations peuvent gagner jusqu'à 3 millions de dollars en financement fédéral pour les cyber outils qui garantissent l'infrastructure d'énergie propre.
>Organizations can earn up to $3 million in federal funding for cyber tools securing the clean energy infrastructure. |
Tool | ★★★ | |
|
2023-11-09 14:06:34 | \\ 'BLAZESTEALER \\' MALWORED INDUCTE \\'BlazeStealer\\' Malware Delivered to Python Developers Looking for Obfuscation Tools (lien direct) |
CheckMarx découvre une campagne malveillante ciblant les développeurs Python avec des logiciels malveillants qui prennent le contrôle de leurs systèmes.
Checkmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems. |
Malware Tool | ★★ | |
|
2023-10-27 14:12:11 | Advanced \\ 'stripedfly \\' malware avec 1 million d'infections montrent des similitudes avec les outils liés à la NSA Advanced \\'StripedFly\\' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools (lien direct) |
Le malware Stripedfly a des capacités de type APT, mais est resté inaperçu pendant cinq ans, se faisant passer pour un mineur de crypto-monnaie.
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. |
Malware Tool | ★★ | |
|
2023-09-05 14:23:42 | MITER et CISA publient un outil open source pour l'émulation d'attaque OT MITRE and CISA Release Open Source Tool for OT Attack Emulation (lien direct) |
> Mitre et CISA introduisent Caldera pour OT, une nouvelle extension pour aider les équipes de sécurité à imiter les attaques ciblant les systèmes de technologie opérationnelle.
>MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. |
Tool Industrial | ★★★★ | |
|
2023-08-29 20:29:46 | Opération \\'Duck Hunt\\' : le logiciel malveillant Qakbot perturbé et 8,6 millions de dollars de crypto-monnaie saisis Operation \\'Duck Hunt\\': Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized (lien direct) |
>États-Unisles forces de l'ordre annoncent l'interruption de la célèbre opération de cybercriminalité Qakbot et la mise à disposition d'un outil de désinfection automatique pour 700 000 machines infectées.
>U.S. law enforcement announce the disruption of the notorious Qakbot cybercrime operation and the release of an auto-disinfection tool to 700,000 infected machines. |
Malware Tool | ★★ | |
|
2023-08-04 13:20:47 | Les acteurs de la menace abusent du tunnel Cloudflare pour un accès persistant, vol de données Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft (lien direct) |
> Les acteurs de menace ont été observés abusant de l'outil de tunnel de nuage de nuage open source.
>Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems. |
Tool Threat | ★★ | |
|
2023-05-18 11:44:32 | L'outil POC exploite la vulnérabilité Keepass non corrigée pour récupérer les mots de passe maîtres PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords (lien direct) |
Le chercheur publie un outil POC qui exploite la vulnérabilité Keepass non corrigée pour récupérer le mot de passe maître à partir de la mémoire.
Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. |
Tool Vulnerability | ★★★ | |
|
2023-04-25 13:41:53 | Apiiro lance l'outil d'exploration de surface d'attaque d'application Apiiro Launches Application Attack Surface Exploration Tool (lien direct) |
Explorateur de graphiques à risque APIIRO \\ aide les équipes de sécurité à comprendre la surface d'attaque de leur application.
Apiiro\'s Risk Graph Explorer helps security teams to understand their application attack surface. |
Tool | ★★ | |
|
2023-02-23 12:59:09 | Russian Accused of Developing NLBrute Malware Extradited to US (lien direct) | >A Russian malware developer behind the NLBrute brute-forcing tool has been extradited to the United States from Georgia. | Malware Tool | ★★ | |
|
2023-02-09 11:00:00 | ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware (lien direct) | >There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […] | Ransomware Malware Tool Vulnerability | ★★★ | |
|
2023-01-31 15:30:00 | Cyber Insights 2023: Artificial Intelligence (lien direct) | >The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool for beneficial improvement is still unknown. | Tool | ★★★ | |
|
2022-09-14 14:35:30 | Bishop Fox Releases Open Source Cloud Hacking Tool \'CloudFox\' (lien direct) | Cybersecurity firm Bishop Fox has announced the release of CloudFox, an open source tool designed to help find exploitable attack paths in cloud infrastructure. The command line tool has been created for penetration testers and other offensive security professionals. | Tool | ||
|
2022-08-25 10:16:06 | Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies (lien direct) | Microsoft this week published technical details on 'MagicWeb', a new post-exploitation tool used by Russia-linked cyberespionage group APT29. | Malware Tool | APT 29 | |
|
2022-07-07 09:47:33 | Hackers Using \'Brute Ratel C4\' Red-Teaming Tool to Evade Detection (lien direct) | The Brute Ratel C4 (BRc4) red-teaming and adversarial attack simulation tool has been used by nation-state attackers to evade detection, according to security researchers at Palo Alto Networks. | Tool | ||
|
2022-06-23 20:31:01 | Apple, Android Phones Targeted by Italian Spyware: Google (lien direct) | An Italy-based firm's hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a "flourishing" spyware industry. | Tool | ||
|
2022-06-23 14:27:35 | Security Orchestration: Beware of the Hidden Financial Costs (lien direct) | Among the many improvements in cybersecurity technology and tools we've seen over the last few years, one of the most significant has been the inclusion of security automation and orchestration capabilities in solution categories beyond SOAR platforms. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) solutions broadened to include automation and orchestration capabilities to accelerate threat detection and response. | Tool Threat | ★★★★★ | |
|
2022-06-22 13:17:05 | Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain (lien direct) | Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark. | Tool | ||
|
2022-05-24 13:59:51 | LimaCharlie Banks $5.45 Million in Seed Funding (lien direct) | LimaCharlie, a California company supplying tools to run an MSSP or SOC on a pay-as-you-use model, has attracted $5.45 million in seed round financing. | Tool | ||
|
2022-05-16 17:21:06 | Researchers Devise New Type of Bluetooth LE Relay Attacks (lien direct) | Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations. | Tool | ||
|
2022-04-12 16:35:29 | OpenSSH Moves to Prevent \'Capture Now, Decrypt Later\' Attacks (lien direct) | OpenSSH has joined the high-stakes fight to protect data from quantum computers. The latest version of the widely used encryption and connectivity tool has been fitted with new features to prevent "capture now, decrypt later" attacks linked to advancements in quantum computing. | Tool | ||
|
2022-04-11 10:11:53 | Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang (lien direct) | Conti ransomware gang claimed responsibility for cyberattack on Wisconsin-based tool maker | Ransomware Tool | ||
|
2022-04-07 12:09:29 | BlackCat Ransomware Targets Industrial Companies (lien direct) | A data theft tool used by the ransomware group tracked as BlackCat, ALPHV and Noberus suggests that the cybercriminals are increasingly interested in targeting industrial organizations. | Ransomware Tool | ||
|
2022-03-17 16:48:08 | Microsoft Releases Open Source Tool for Securing MikroTik Routers (lien direct) | Microsoft this week released an open source tool that can be used to secure MikroTik routers and check for signs of abuse associated with the Trickbot malware. | Tool | ||
|
2022-03-08 15:01:20 | U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool (lien direct) | A threat group believed to be sponsored by the Chinese government has breached the networks of U.S. state governments, including through the exploitation of a zero-day vulnerability. | Tool Threat | ||
|
2022-02-23 12:38:05 | CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution. | Tool | ||
|
2022-02-07 22:01:44 | Google Cloud Gets Virtual Machine Threat Detection (lien direct) | Google on Monday announced the public preview of a new tool to help identify threats within virtual machines (VMs) running on its Google Cloud infrastructure. | Tool Threat | ||
|
2022-02-04 11:42:27 | Target Open Sources Web Skimmer Detection Tool (lien direct) | Retail giant Target this week announced the open source availability of an internal tool designed for the detection of web skimming attacks. | Tool | ||
|
2022-02-03 02:58:35 | FBI Confirms It Bought Spyware From Israel\'s NSO Group (lien direct) | The FBI has confirmed purchasing NSO Group's powerful spyware tool Pegasus, whose chronic abuse to surveil journalists, dissidents and human rights activists has long been established. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.” | Tool | ||
|
2022-01-31 13:03:41 | The Third Building Block for the SOC of the Future: Balanced Automation (lien direct) | When automation is balanced between humans and machines, we can ensure teams always have the best tool for the job | Tool | ||
|
2022-01-26 16:09:43 | New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research, Analysis (lien direct) | Industrial cybersecurity firm Claroty on Wednesday announced a new open source tool designed for identifying EtherNet/IP stacks. According to the company, the new “EtherNet/IP & CIP Stack Detector” tool can be useful to security researchers, operational technology (OT) engineers, and asset owners. | Tool | ||
|
2021-12-28 19:23:29 | Researchers Dive Into Equation Group Tool \'DoubleFeature\' (lien direct) | Security researchers at Check Point are publicly documenting the Equation Group APT's DoubleFeature, a component of DanderSpritz post-exploitation framework. | Tool | ||
|
2021-12-15 14:26:00 | Industry Reactions to Log4Shell Vulnerability (lien direct) | The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups. | Tool Vulnerability | ||
|
2021-12-15 11:47:36 | Problematic Log4j Functionality Disabled as More Security Issues Come to Light (lien direct) | Developers of the widely used Apache Log4j Java-based logging tool have disabled problematic functionality as more security issues have come to light. | Tool | ||
|
2021-12-15 09:40:31 | Web Browsing Security Firm Guardio Raises $47 Million (lien direct) | Web browsing protection tool Guardio on Tuesday announced that it came out of bootstrap mode with $47 million in funding. Guardio's first ever investment round was led by Tiger Global. Cerca Partners, Emerge, Samsung Next, Union, and Vintage also participated. | Tool | ||
|
2021-12-14 14:11:35 | Log4Shell Tools and Resources for Defenders - Continuously Updated (lien direct) | 
The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.
|
Tool Vulnerability | ||
|
2021-12-10 14:00:57 | Fujitsu Retires Tool Targeted by Threat Actors (lien direct) | Japanese tech giant Fujitsu has announced plans to retire the ProjectWEB project information sharing tool after it was targeted by threat actors earlier this year. Designed to aid collaboration between teams, ProjectWEB is a tool that organizations can employ to share project data both within and outside of their environments. | Tool Threat | ||
|
2021-12-06 14:02:15 | Web Browsers Vulnerable to 14 New Types of XS-Leak Attacks (lien direct) | Researchers from two universities in Germany have developed a tool that can be used to check web browsers for cross-site leaks, and they claim to have identified 14 new attack classes. | Tool | ||
|
2021-11-10 16:07:38 | RPC Firewall Dubbed \'Ransomware Kill Switch\' Released to Open Source (lien direct) | Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the 'ransomware kill switch' – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. | Ransomware Tool | ||
|
2021-11-05 14:58:45 | Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available. | Tool | ★★★ | |
|
2021-11-02 11:22:35 | BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool (lien direct) | The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports. | Ransomware Tool | ||
|
2021-10-22 14:41:38 | Facebook Introduces New Tool for Finding SSRF Vulnerabilities (lien direct) | Facebook on Thursday announced a new tool designed to help security researchers hunt for Server-Side Request Forgery (SSRF) vulnerabilities. | Tool | ||
|
2021-10-22 14:12:12 | After Nation-State Hackers, Cybercriminals Also Add Sliver Pentest Tool to Arsenal (lien direct) | The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint. | Tool | ||
|
2021-10-21 10:32:34 | US to Curb Hacking Tool Exports to Russia, China (lien direct) | US authorities unveiled Wednesday long-delayed new rules aimed at clamping down on export to nations like Russia and China of hacking technology amid a sharp uptick in cyberattacks globally. The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department. | Tool | ||
|
2021-10-18 12:49:42 | Password Auditing Tool L0phtCrack Released as Open Source (lien direct) | The password auditing and recovery tool L0phtCrack is now open source and the project is looking for both maintainers and contributors. First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks. | Tool | ||
|
2021-10-15 10:42:43 | Deepfence Open Sources Vulnerability Mapping Tool \'ThreatMapper\' (lien direct) | Cloud and container security company Deepfence this week announced the open source availability of ThreatMapper, a tool designed to help organizations scan for, map, and rank application vulnerabilities. By performing post-deployment scans of applications and infrastructure, the platform seeks to identify emerging threats in both first-party and third-party solutions. | Tool Vulnerability | ★★★★ | |
|
2021-09-30 13:25:16 | New CISA Tool Helps Organizations Assess Insider Threat Risks (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture. | Tool Threat |
To see everything:
Our RSS (filtrered)
