What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-16 02:00:00 | How automation in CSPM can improve cloud security (lien direct) | With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization's cloud infrastructure.A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of issues, compliance management, and alerts and notifications. The integration of robotic process automation (RPA) in CSPM helps to reduce the need to perform repetitive and mundane tasks, making it a powerful tool for organizations to secure and streamline their cloud environment, support the overall security posture, and manage security risks more efficiently.To read this article in full, please click here | Tool | ★★ | |
|
2023-02-15 15:13:00 | Security tool adoption jumps, Okta report shows (lien direct) | A report from identity and access management (IAM) vendor Okta says that zero trust and new types of security tooling are in increasingly widespread use, as businesses tackle a changing security landscape. | Tool | ★★ | |
|
2023-02-15 08:49:00 | China-based cyberespionage actor seen targeting South America (lien direct) | China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft's Security Intelligence team. The initiative is “a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance and lateral movement, and the use of Cobalt Strike - a penetration testing tool - for command and control and data exfiltration, Microsoft wrote in its tweet. To read this article in full, please click here | Tool | ★★ | |
|
2023-02-14 09:36:00 | (Déjà vu) BrandPost: Protection Groups within NETSCOUT\'s Omnis Cyber Intelligence secure your most valuable assets. (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-14 09:36:00 | BrandPost: A Faster, Better Way to Detect Network Threats (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-06 06:43:00 | BrandPost: Tackling Cyber Influence Operations: Exploring the Microsoft Digital Defense Report (lien direct) | By Microsoft SecurityEach year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to withstand an evolving digital threat landscape.Comprised of security data from organizations and consumers across the cloud, endpoints, and the intelligent edge, the Microsoft Digital Defense Report covers key insights across cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading to explore section four of the report: cyber-influence operations.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-01-27 06:55:00 | Hackers abuse legitimate remote monitoring and management tools in attacks (lien direct) | Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization's network and systems might not raise suspicion.Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022. However, this wasn't the only such tool used.To read this article in full, please click here | Tool | ★★★ | |
|
2023-01-25 04:31:00 | Chinese threat actor DragonSpark targets East Asian businesses (lien direct) | Organizations in Taiwan, HongKong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using open source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the Remote Access Trojan (RAT) attractive to threat actors.To read this article in full, please click here | Tool Threat | ★★ | |
|
2023-01-18 02:00:00 | Why it\'s time to review your on-premises Microsoft Exchange patch status (lien direct) | We start the patching year of 2023 looking at one of the largest releases of vulnerability fixes in Microsoft history. The January 10 Patch Tuesday update patched one actively exploited zero-day vulnerability and 98 security flaws. The update arrives at a time when short- and long-term technology and budget decisions need to be made.This is particularly true for organizations using on-premises Microsoft Exchange Servers. Start off 2023 by reviewing the most basic communication tool you have in your business: your mail server. Is it as protected as it could be from the threats that lie ahead of us in the coming months? The attackers know the answer to that question.To read this article in full, please click here | Tool Vulnerability Patching | ★★ | |
|
2023-01-17 10:14:00 | BrandPost: Optimize Your Security Investments with the Right MDR Provider (lien direct) | Traditionally, Managed Detection and Response (MDR) providers deliver MDR in one of two ways. The first is to use the customer's existing technology with select and heavily curated third-party technology integrations.“They are what we call 'bring your own technology' providers,” says Eric Kokonas, Global Head of Analyst Relations with Sophos. “Those providers take advantage of a customer's existing tool set. They say, you've made investments in security tools. We're going to provide the people and processes, and we're going to help you leverage those tools to detect and respond to advanced threats.”To read this article in full, please click here | Tool | ★ | |
|
2023-01-16 02:00:00 | How AI chatbot ChatGPT changes the phishing game (lien direct) | ChatGPT, OpenAI's free chatbot based on GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of writing emails, essays, code and phishing emails, if the user knows how to ask.By comparison, it took Twitter two years to reach a million users. Facebook took ten months, Dropbox seven months, Spotify five months, Instagram six weeks. Pokemon Go took ten hours, so don't break out the champagne bottles, but still, five days is pretty impressive for a web-based tool that didn't have any built-in name recognition.To read this article in full, please click here | Tool | ChatGPT | ★★ |
|
2023-01-12 03:57:00 | CloudSek launches free security tool that helps users win bug bounty (lien direct) | Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code.BeVigil scans all the apps installed on a user's phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps and rated them. The tool also alerts software companies and app developers about vulnerabilities found through the app, and helps users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on their phone and reporting bugs.To read this article in full, please click here | Tool | ★★ | |
|
2023-01-09 02:00:00 | 11 top XDR tools and how to evaluate them (lien direct) | Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.What is XDR and what does it do? XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR). In fact, some XDR platforms listed here are the fusion of existing tools the vendor has offered for some time.To read this article in full, please click here | Tool Threat | ★★ | |
|
2023-01-04 15:19:00 | Attackers use stolen banking data as phishing lure to deploy BitRAT (lien direct) | In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. The group, which might have been responsible for the data breach in the first place, is distributing an off-the-shelf Trojan program called BitRAT that has been sold on the underground market since February 2021.Stolen data used to add credibility to future attacks Researchers from security firm Qualys spotted the phishing lures that involved Excel documents with malicious documents but appeared to contain information about real people. Looking more into the information, it appeared the data was taken from a Colombian cooperative bank. After looking at the bank's public web infrastructure, researchers found logs that suggested the sqlmap tool was used to perform an SQL injection attack. They also found database dump files that attackers created.To read this article in full, please click here | Data Breach Tool | ★ | |
|
2022-12-06 06:00:00 | Action1 launches threat actor filtering to block remote management platform abuse (lien direct) | Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or steal data from corporate environments.Action1 platform enhanced to identify and terminate RMM abuse In an announcement, Action1 stated that the new enhancement helps ensure that any attempt at misuse of its remote management platform is identified and terminated before cybercriminals accomplish their goals. “It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1's dedicated security team to investigate the issue,” it added.To read this article in full, please click here | Ransomware Tool Threat | ★★ | |
|
2022-12-02 04:33:00 | BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness (lien direct) | Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This is a primary reason why MFA was a key topic for this year's cybersecurity awareness month. For leaders and executives, the key is to ensure employees are trained to understand the importance of the security tools – like MFA – available to them while also making the process easy for them.To read this article in full, please click here | Tool Guideline | ★★ | |
|
2022-11-28 13:58:00 | BrandPost: Threat Notification Isn\'t the Solution – It\'s a Starting Point (lien direct) | Most organizations have the tools in place to receive notification of attacks or suspicious events. But taking the information gleaned from cybersecurity tools is only step one in handling a security threat.“The goal of a security practitioner is to link those data sets together and do something with the information,” says Mat Gangwer, VP of managed detection and response at Sophos. “The threat notification is just the beginning.”It's a common misconception that a tool has effectively blocked or remediated an issue simply because the IT or security team have received a notification of malicious activity.To read this article in full, please click here | Tool Threat | ★★ | |
|
2022-11-03 06:00:00 | BrandPost: New SOC Performance Report: Security Analysts Are Overworked and Under Resourced (lien direct) | The SOC is the engine that protects organizations worldwide today. Its core mission remains to help the enterprise manage cyber risk. The new Devo SOC Performance Report shows that security professionals behind the scenes are feeling the pain due to too much work and not enough resources.That means that SOC leaders today have a real balancing act when it comes to retaining analysts amid immense talent shortages and turnover. Respondents reported that average time to fill a SOC position is seven months. And 71% of SOC professionals said they're likely to quit their job, with the top reasons being information and work overload, followed by lack of tool integration, and alert fatigue.To read this article in full, please click here | Tool Guideline | ||
|
2022-10-12 02:00:00 | Top considerations when choosing a multi-factor authentication solution (lien direct) | Passwords clearly are not enough to protect networks. Any security guidance will tell you that multi-factor authentication (MFA) is a key method to keep attackers out. But what type of MFA should your firm deploy? Choosing multi-factor tokens and tools depends on your firm, your needs, and how attackers are likely to target your firm. Planning ahead will minimize deployment and migration issues when new tokens or new phones are issued.These are the most important considerations when choosing an MFA solution.Know what the MFA solution will and will not protect You have several decisions to make when deciding what MFA tool to use. First, review how the tool protects your network. Often when adding MFA to existing on-premises applications, it may not fully protect your organization from some attacks. Case in point is the recent Exchange Server zero-day attack. MFA in this situation did not protect servers. At least one victim used on-premises Exchange Server with a third-party MFA application. While it protected parts of the authentication process, it did not protect Outlook Web Access (OWA), which uses basic authentication. MFA didn't protect that part of the site, so the attackers could go around MFA and attack the servers. Consider exactly what the MFA solution you choose protects, then review what authentication processes are still exposed.To read this article in full, please click here | Tool | ||
|
2022-10-06 10:34:00 | BrandPost: Overcoming Cybersecurity Implementation Challenges (lien direct) | Cybersecurity has long been one of the most complex landscapes an organization must navigate; with each new threat or vulnerability, complexity continues to grow. This is especially true for organizations that have traditionally taken a point product approach to their security because implementing new security measures properly and reliably takes time and expertise. Today, as more businesses look to digitize their services, dealing with these cybersecurity challenges is no longer optional.Every new tool must be installed, tested, and validated, and then people must be trained to leverage them well. On average, organizations are adopting dozens of different products, services, and tools for their cybersecurity. So, finding ways to make implementing cybersecurity smoother, faster, and more efficient has become a key goal for cybersecurity professionals. As businesses plan for a post-pandemic and digitally accelerated era, many CISOs across multiple industries strive for simplicity and focus on reducing their security vendor blueprint as part of their annual KPIs. Implementation, in particular, has always been an important consideration for successful cybersecurity programs because of the time, expense, personnel, and expertise often required not only to implement individual point products but to stitch them together in order to avoid security gaps while also eliminating redundancies. In the event of a serious incident, security operations center (SOC) analysts typically confess to switching between multiple vendor consoles and event types in order to decipher alerts. Organizations and teams need a better approach, so they're not either continually exposed or overworked from the alerts created by overlap.To read this article in full, please click here | Tool Threat | ||
|
2022-10-06 05:00:00 | Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan (lien direct) | Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane's support team.Breached employee credentials on dark web pose significant threat to businesses In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials.To read this article in full, please click here | Tool Threat | ★★★ | |
|
2022-10-05 12:15:00 | North Korea\'s Lazarus group uses vulnerable Dell driver to blind security solutions (lien direct) | The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. This is a prime example of why it's important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists.“The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here | Tool Vulnerability | APT 38 | |
|
2022-09-14 08:26:00 | AutoRabit launches devsecops tool for Salesforce environments (lien direct) | Devsecops firm AutoRabit is trying to address security issues arising from policy changes and misconfigurations in Salesforce environments with a new offering, CodeScan Shield.CodeScan Shield is the next iteration of AutoRabit's static code analysis tool, CodeScan, and elevates the capabilities of CodeScan with the help of a new module called OrgScan. The new module governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.With OrgScan, a dashboard is created at the end of each scan and identifies any areas of concern. This puts the control back in an organization's hands, saving time and money, the company said.To read this article in full, please click here | Tool | ||
|
2022-09-13 02:00:00 | CNAPP buyers guide: Top tools compared (lien direct) | Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms representing possible solutions. Now there's another: the cloud native application protection platform, or CNAPP. This tool combines the coverage of four separate products: A cloud infrastructure entitlements manager (CIEM) that manages overall access controls and risk management tasks A cloud workload protection platform (CWPP) that secures code across all kinds of cloud-based repositories and provides runtime protection across the entire development environment and code pipelines A cloud access security broker (CASB) that handles authentication and encryption tasks A cloud security posture manager (CSPM) that combines threat intelligence and remediation IT and security managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.To read this article in full, please click here | Tool Threat | ||
|
2022-08-23 11:44:00 | True crime shows might be the biggest educational tool for cybercrime awareness (lien direct) | A survey of U.S. and UK residents conducted by Censuswide and commissioned by identity verification vendor Onfido released today said that popular culture – specifically, true-crime shows and movies – are having an outsized effect on the public's understanding of cybercrime.Two out of three survey respondents said that shows like Inventing Anna and documentaries like The Tinder Swindler have changed the way they view fraud in the modern day. Almost 60% of respondents also said that they're cautious about trusting other people online due to cultural depictions of fraud.Onfido CEO Mike Tuchen said in a press release that such programs have had a major impact on the public's view of fraud and cybercrime. “True crime and fraud-related entertainment stories have become widespread and popular. This is having a very real impact on how society views and perceives the prevalence and severity of fraud as a crime,” he said. “As a result, consumers are growing increasingly wary of online interactions, amid concerns over fraudster tactics and the security of their identities.”To read this article in full, please click here | Tool | ||
|
2022-08-10 13:10:00 | Sensitive data in the cloud gets new automated remediation tool from BigID (lien direct) | Data intelligence company BigID announced this week at the Black Hat conference in Las Vegas that it has rolled out new features for its privacy and data protection platform, allowing users to programmatically restrict access to sensitive cloud-based information when it's under threat.BigID's core product, its Data Intelligence platform, already boasts numerous capabilities focused on the privacy, organization and discovery of a company's data. The new features announced this week build on that framework, allowing IT staff to automatically lock down access to sensitive information tagged as having open or overprivileged access in the big three public cloud platforms.To read this article in full, please click here | Tool | ||
|
2022-08-03 07:19:00 | Qualys adds external attack management capability to cloud security platform (lien direct) | Cloud security and compliance software company Qualys on Wednesday announced it is adding external attack surface management (EASM) capabilities to the Qualys Cloud Platform.The new capability will be integrated into Qualys CSAM (cybersecurity asset management) 2.0, an inventory monitoring and resolution tool to help security teams gain visibility into previously unknown internet-facing assets.“Achieving full asset visibility remains one of cybersecurity's most elusive goals,” said Sumedh Thakar, Qualys CEO, in a press release. ”CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to address the increased threat landscape comprehensively.”To read this article in full, please click here | Tool Threat | ||
|
2022-08-03 02:00:00 | Tips to prevent RDP and other remote attacks on Microsoft networks (lien direct) | One long-favored way that ransomware enters your system is through Microsoft's Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft's Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.To read this article in full, please click here | Ransomware Tool | ||
|
2022-07-27 12:57:00 | BrandPost: How a Cybersecurity Program Can Counter Configuration Drift (lien direct) | Once your organization is secured, you'll need to ensure that your environment doesn't stray from its protected state. Configuration drift may be inevitable, but you can leverage best practices to minimize its consequences.Why does configuration drift occur? Whether by choice or chance, change happens in IT environments. Software updates roll out, ad hoc decisions take effect, end users change settings, and new systems come in. When these decisions are made in haste, security considerations can be incomplete or missing altogether.Even if systems were secure to start with, the once-hardened IT environments develop “gaps” over time. It's not always easy to keep track of the changes that can lead to configuration drift. You'll need a management tool that provides you with a big (and granular) picture so that your team can effectively monitor and remedy the situation.To read this article in full, please click here | Tool Guideline | ||
|
2022-07-15 02:00:00 | The CSO guide to top security conferences, 2022 (lien direct) | There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don't have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job - and we know it is - then attending some top-notch security conferences is on your must-do list for 2022.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full, please click here | Tool | ||
|
2022-07-06 16:17:00 | Attacker groups adopt new penetration testing tool Brute Ratel (lien direct) | Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development -- Cobalt Strike and Metasploit's Meterpreter have been used by threat groups for years -- Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams."The emergence of a new penetration testing and adversary emulation capability is significant," researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. "Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities."To read this article in full, please click here | Tool Threat | ||
|
2022-07-06 02:00:00 | How to keep attackers from using PowerShell against you (lien direct) | Living off the land is not the title of a gardening book. It's the goal of attackers going after your network. Rather than installing malicious software on your network that antivirus software might flag, attackers use the code already there to launch attacks. The tools that you use to monitor, maintain and access your network are often the same code that attackers use to attack your network. PowerShell is a prime example.The U.S. National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), New Zealand's NCSC, and the UK NCSC recently released a document called Keeping PowerShell: Security Measures to Use and Embrace. This guidance recommends keeping PowerShell in your network rather than blocking but offers the following advice to keep it secure.To read this article in full, please click here | Tool | ||
|
2022-06-21 13:28:00 | APT actor ToddyCat hits government and military targets in Europe and Asia (lien direct) | Researchers from Kaspersky Lab have published an analysis of a previously undocumented advanced persistent threat (APT) group that they have dubbed ToddyCat.The threat actor, which has targeted high-profile organizations in Asia and Europe, often breaks into organizations by hacking into internet-facing Microsoft Exchange servers, following up with a multi-stage infection chain that deploys two custom malware programs."We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'," the researchers said.To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-16 11:28:00 | BrandPost: 4 Multi-Cloud Misconceptions that Put Organizations at Risk (lien direct) | What makes cloud computing appealing is also a reason to worry. It is easy to access your cloud environment anywhere with internet access, but that also means it's easy for cybercriminals and digital adversaries to access it.With the explosion of data over the past 10 years, the adoption of 5G, and the global nature of business, embracing a multi-cloud strategy is almost non-negotiable. But there's an overlooked factor in this shift that a lot of organizations still underestimate today. And that's cybersecurity.Traditional security strategies and tools intended to protect on-premises networks simply don't work when defending in the cloud. Instead, design and implement a comprehensive security solution that can protect against an expanding array of threats and increasingly sophisticated attacks targeting multi-cloud environments.To read this article in full, please click here | Tool Threat | ||
|
2022-06-15 02:00:00 | How to mitigate Active Directory attacks that use the KrbRelayUp toolset (lien direct) | Those of you with on-premises Active Directory (AD) need to be aware of a new way to abuse Kerberos in your network. KrbRelayUp is a bundle of tools that streamlines the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn. Attackers use the toolset to impersonate an administrator via resource-based constrained delegation and execute code on a device's system account.Pure Azure AD environments are safe from this attack, but hybrid AD networks with both on-premises AD and Azure AD will be at risk. If an attacker compromises an Azure virtual machine that is synchronized with on-premises active directory, the attacker will gain system privileges on the virtual machine and be able to make more advances inside the network.To read this article in full, please click here | Tool | ||
|
2022-06-09 07:48:00 | Hackers using stealthy Linux backdoor Symbiote to steal credentials (lien direct) | Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November 2021 and seems to have been used against the financial sector in Latin America."Symbiote is a malware that is highly evasive," researchers from BlackBerry said in a new report. "Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools such as AVs and EDRs should be statically linked to ensure they are not “infected” by userland rootkits."To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-08 09:57:00 | BrandPost: 4 Factors to Consider When Choosing a Cloud Workload Protection Platform (lien direct) | Every dollar spent on security must produce a return on investment (ROI) in the form of better detection or prevention. As an IT leader, finding the tool that meets this requirement is not always easy. It is tempting for CISOs and CIOs to succumb to the “shiny toy” syndrome: to buy the newest tool claiming to address the security challenges facing their hybrid environment.With cloud adoption on the rise, securing cloud assets will be a critical aspect of supporting digital transformation efforts and the continuous delivery of applications and services to customers well into the future.However, embracing the cloud widens the attack surface. That attack surface includes private, public, and hybrid environments. A traditional approach to security simply doesn't provide the level of security needed to protect this environment and requires organizations to have granular visibility over cloud events.To read this article in full, please click here | Tool Guideline | ||
|
2022-05-31 12:29:00 | Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps (lien direct) | Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.To read this article in full, please click here | Tool Vulnerability | ||
|
2020-12-10 08:03:00 | FireEye breach explained: How worried should you be? (lien direct) | Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Tool | ||
|
2020-06-04 03:00:00 | What is pretexting? Definition, examples and prevention (lien direct) | Pretexting definition Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story - or pretext - in order to fool the victim. The pretext generally casts the attacker in the role of someone in authority who has the right to access the information being sought, or who can use the information to help the victim.Pretexting has a fairly long history; in the U.K., where it's also known as blagging, it's a tool tabloid journalists have used for years to get access to salacious dirt on celebrities and politicians. But today it's commonly used by scam artists targeting private individuals and companies to try to get access to their financial accounts and private data. And pretexters can use any form of communication, including emails, texts, and voice phone calls, to ply their trade. | Tool | ||
|
2020-05-13 03:00:00 | 9 tips to detect and prevent web shell attacks on Windows networks (lien direct) | One tool that bad guys use to go after your web servers is a web shell. A web shell is a malicious script that masquerades as a legitimate file and provides a backdoor into your server. Recent guidance from the US National Security Agency (NSA) and the Australian Signals Directorate (ASD) offers techniques to detect and prevent web shell malware from affecting web servers. The NSA document describes web shell malware as a long-standing, pervasive threat that continues to evade many security tools. | Malware Tool Threat | ||
|
2019-11-07 03:07:00 | Best Android antivirus? The top 9 tools (lien direct) | The following are the nine best business-class antivirus tools for Android, according to AV-TEST's September 2019 evaluations of 19 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six points max), performance (six points max), and usability (six points max). The products listed here all had perfect scores of 18.[ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Tool | ||
|
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-05-07 03:00:00 | How to get started using Ghidra, the free reverse engineering tool (lien direct) | The National Security Agency (NSA), the same agency that brought you blockbuster malware Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field. | Malware Tool | ||
|
2019-03-20 08:03:00 | (Déjà vu) Best Android antivirus? The top 11 tools (lien direct) | The following are the 11 best antivirus tools for Android, according to AV-TEST's November 2018 evaluations of 18 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six point max), usability (six points max) and features (one point max). Ten of the 11 Android antivirus software apps listed below received perfect protection and usability scores of 6.0. The other, F-Secure Mobile Security, lost a half point on the usability score. The apps are in alphabetical order. | Tool | ||
|
2019-02-20 05:47:00 | BrandPost: Addressing Today\'s Risks Requires Reliable Threat Intelligence (lien direct) | Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don't support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions. | Tool Threat | ||
|
2019-01-22 03:00:00 | 4 tips to mitigate Slack security risks (lien direct) | Slack, the popular enterprise workspace collaboration tool and IRC clone, does not offer end-to-end encryption, making any breach of Slack's servers potentially catastrophic for users around the world. If you or your organization would suffer severe damage if internal Slack conversations leaked, then it's time to either consider encrypted Slack alternatives or mitigate the risk by locking down your Slack workspaces. We caught up with Andrew Ford Lyons, a technologist working on digital security for at-risk groups at Internews in the UK, for his advice. | Tool | ||
|
2018-12-27 03:00:00 | The most interesting and important hacks of 2018 (lien direct) | Each year a few hackers do something new that begs further examination. The general public and Hollywood paints most hackers as these uber-smart people who can take control of entire city's infrastructure and crack any password in seconds. The reality is that most hackers are fairly average people with average intelligence. Most don't do anything new. They just repeat the same things that have worked for years, if not decades, using someone else's tool based on someone else's hack from many years ago. | Hack Tool | Uber | |
|
2018-09-04 08:04:00 | (Déjà vu) 7,500 MikroTik routers compromised, traffic forwarded to attackers (lien direct) | If you have a MikroTik router, make sure it is running the latest firmware, as security researchers discovered thousands of compromised MikroTik routers are sending traffic to nine attacker-controlled IPs.Via a honeypot since July, researchers from the China-based Netlab 360 noticed malware exploiting MikroTik routers. Attackers are exploiting the MikroTik CVE-2018-14847 flaw that was patched in April.The critical vulnerability, involving Winbox for MikroTik, “allows remote attackers to bypass authentication and read arbitrary files.” Proof-of-concept exploits have been around for several months. That same vulnerability, the researchers pointed out, was exploited by the CIA's hacking tool Chimay Red, according to WikiLeaks Vault7. | Malware Tool | ||
|
2018-08-08 07:45:00 | (Déjà vu) Weaponized AI and facial recognition enter the hacking world (lien direct) | Meet Social Mapper, a facial recognition tool that searches for targets across numerous social networks, and the highly evasive and highly targeted AI-powered malware DeepLocker.Open-source Social Mapper face recognition tool The open-source intelligence-gathering tool Social Mapper uses facial recognition to automatically search for targets across eight social media sites: Facebook, Twitter, LinkedIn, Instagram, Google+, the Russian social networking service VKontakte, and the Chinese social networking sites Weibo and Douban. | Malware Tool |
To see everything:
Our RSS (filtrered)
