What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-09 01:00:00 | New Bazel Ruleset aide les développeurs à construire des images de conteneurs sécurisées New Bazel Ruleset Helps Developers Build Secure Container Images (lien direct) |
Un nouvel ensemble de règles de Bazel, un outil de construction et de test open source de Google, permet aux développeurs de créer des images Docker et de générer des factures de matériaux logicielles sur ce qui se trouve à l'intérieur des conteneurs.
A new ruleset from Bazel, an open source build and test tool from Google, allows developers to create Docker images and generate software bills of materials about what is inside the containers. |
Tool | ★★ | |
|
2023-05-05 20:47:00 | (Déjà vu) Satori dévoile le scanner des autorisations de données universelles, un outil open source gratuit qui met en lumière l'autorisation d'accès aux données Satori Unveils Universal Data Permissions Scanner, a Free Open Source Tool that Sheds Light on Data Access Authorization (lien direct) |
Abordant des données d'accès aux données auxquelles les entreprises sont couramment confrontées par les entreprises, le leader de la sécurité des données lance le premier outil d'analyse d'autorisation open source pour fournir une visibilité universelle dans les autorisations d'accès aux données dans plusieurs magasins de données.
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores. |
Tool | Satori Satori | ★★ |
|
2023-04-18 17:58:00 | APT41 Taps Google Red Teaming Tool dans les attaques de vol d'informations ciblées APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (lien direct) |
Le groupe APT41 lié à la Chine a ciblé une organisation médiatique taïwanaise et une agence d'emploi italienne avec des outils de test de pénétration standard et open source, dans un changement de stratégie.
China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy. |
Tool | APT 41 APT 41 | ★★★ |
|
2023-04-14 19:21:03 | Les données de dépendance des logiciels offrent une sécurité aux développeurs Software-Dependency Data Delivers Security to Developers (lien direct) |
Google a ouvert sa base de données de dépendance logicielle, ajoutant aux données de sécurité disponibles pour les développeurs et les fabricants d'outils.Maintenant, les développeurs doivent l'utiliser.
Google has opened up its software-dependency database, adding to the security data available to developers and tool makers. Now developers need to use it. |
Tool | ★★ | |
|
2023-03-29 00:00:00 | Microsoft Security Copilot utilise GPT-4 pour renforcer la réponse aux incidents de sécurité [Microsoft Security Copilot Uses GPT-4 to Beef Up Security Incident Response] (lien direct) | Le nouvel outil d'assistant AI de Microsoft aide les équipes de cybersécurité à enquêter sur les incidents de sécurité et à rechercher des menaces.
Microsoft\'s new AI assistant tool helps cybersecurity teams investigate security incidents and hunt for threats. |
Tool | ★★ | |
|
2023-03-28 00:00:00 | CISA publie un outil de chasse aux services cloud de Microsoft \\ [CISA Releases Hunt Tool for Microsoft\\'s Cloud Services] (lien direct) | CISA a publié l'outil de chasse et de réponse pour aider les défenseurs à extraire des artefacts de cloud sans effectuer d'analyses supplémentaires.
CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics. |
Tool Cloud | ★★★★ | |
|
2023-03-07 19:50:00 | Hacker Cracks Toyota Customer Search Tool (lien direct) | Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says. | Tool | ★★★★ | |
|
2023-03-07 00:46:00 | Machine Learning Improves Prediction of Exploited Vulnerabilities (lien direct) | The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching. | Tool | ★★★★ | |
|
2023-03-02 23:06:00 | CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds (lien direct) | The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. | Tool | ★★★ | |
|
2023-02-14 19:08:00 | Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (lien direct) | Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems. | Tool | ★★ | |
|
2023-02-14 15:10:00 | SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community (lien direct) | Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems. | Tool Industrial | ★★★ | |
|
2023-02-07 08:00:00 | A Fool With a Tool Is Still a Fool: A Cyber Take (lien direct) | New tech often requires new thinking - but that's harder to install. | Tool | ★★★ | |
|
2023-02-03 03:00:00 | MITRE Releases Tool to Design Cyber Resilient Systems (lien direct) | Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber resiliency capabilities. | Tool | ★★ | |
|
2023-01-30 15:00:00 | Spotlight on 2023 DevSecOps Trends (lien direct) | Solutions that provide more actionable results - remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation - are among the DevSecOps strategies that will prevail this year. | Tool | ★★ | |
|
2023-01-10 17:00:00 | Microsoft: Kinsing Targets Kubernetes via Containers, PostgreSQL (lien direct) | The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments. | Tool | Uber | ★★ |
|
2022-12-21 15:51:30 | How to Run Kubernetes More Securely (lien direct) | The open source container tool is quite popular among developers - and threat actors. Here are a few ways DevOps teams can take control. | Tool Threat | Uber | ★★ |
|
2022-09-29 13:37:18 | XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data (lien direct) | Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data. | Tool | ||
|
2022-09-27 13:51:25 | BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (lien direct) | Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say. | Ransomware Tool | ||
|
2022-09-22 18:31:41 | Malicious npm Package Poses as Tailwind Tool (lien direct) | Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts. | Tool | ||
|
2022-09-20 14:24:25 | Byos Releases Free Assessment Tool to Provide Companies with Tailored Network Security Recommendations (lien direct) | Assessment tool instantly generates a detailed report breaking down a company's current network security maturity and recommended next steps. | Tool | ||
|
2022-09-13 22:34:00 | Bishop Fox Releases Cloud Enumeration Tool CloudFox (lien direct) | CloudFox is a command-line tool to help penetration testers understand unknown cloud environments. | Tool | ||
|
2022-09-13 19:50:24 | U-Haul Customer Contract Search Tool Compromised (lien direct) | Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company. | Tool | ||
|
2022-09-12 21:28:40 | How Machine Learning Can Boost Network Visibility for OT Teams (lien direct) | Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management. | Tool | ||
|
2022-09-07 15:53:37 | Next-Gen Linux Malware Takes Over Devices With Unique Tool Set (lien direct) | The Shikitega malware takes over IoT and endpoint devices, exploits vulnerabilities, uses advanced encoding, abuses cloud services for C2, installs a cryptominer, and allows full remote control. | Malware Tool | ||
|
2022-08-30 22:21:30 | New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries (lien direct) | New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note. | Tool | ||
|
2022-08-26 15:45:25 | \'Sliver\' Emerges as Cobalt Strike Alternative for Malicious C2 (lien direct) | Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns. | Ransomware Tool | ||
|
2022-08-25 16:09:19 | ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users (lien direct) | Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online. | Tool | ||
|
2022-08-24 19:29:23 | Efficient \'MagicWeb\' Malware Subverts AD FS Authentication, Microsoft Warns (lien direct) | The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user. | Malware Tool | ||
|
2022-08-23 11:57:26 | Charming Kitten APT Wields New Scraper to Steal Email Inboxes (lien direct) | Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials. | Tool | Yahoo APT 35 | |
|
2022-08-22 20:30:34 | Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to \'runZero\' (lien direct) | HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves. | Tool | ||
|
2022-08-22 13:30:00 | How Qualys Reduces Risk and Enables Tool Consolidation (lien direct) | Sumedh Thakar, CEO of Qualys, explains how moving to a cloud-based asset management platform can simplify their strategies and improve overall security. | Tool | ||
|
2022-08-18 18:34:08 | China\'s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (lien direct) | The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. | Tool Threat | APT 41 | |
|
2022-08-09 20:25:07 | Microsoft Patches Zero-Day Actively Exploited in the Wild (lien direct) | The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit. | Tool | ||
|
2022-08-09 17:12:16 | Researchers Debut Fresh RCE Vector for Common Google API Tool (lien direct) | The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices. | Tool | ||
|
2022-08-02 19:31:09 | Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges (lien direct) | Launches industry's first ZTNA Migration Tool and ZTNA Buyback Program, setting the stage for migration away from ZTNA 1.0. | Tool | ||
|
2022-07-27 18:49:47 | Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (lien direct) | Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests. | Tool | ||
|
2022-07-27 14:00:00 | The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications (lien direct) | IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states. | Tool | ||
|
2022-07-11 21:38:10 | \'Luna Moth\' Group Ransoms Data Without the Ransomware (lien direct) | Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private. | Ransomware Tool | ||
|
2022-07-07 21:33:41 | Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival \'Brute Ratel\' Pen Test Tool (lien direct) | The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries. | Tool | ||
|
2022-07-05 23:56:37 | (Déjà vu) NIST Picks Four Quantum-Resistant Cryptographic Algorithms (lien direct) | The US Department of Commerce's National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard. | Tool | ||
|
2022-06-30 16:57:48 | Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion (lien direct) | Titaniam's 'State of Data Exfiltration & Extortion Report' also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands. | Ransomware Tool | ||
|
2022-06-30 15:17:15 | Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) | An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. | Tool Vulnerability | ||
|
2022-06-21 20:57:06 | China-Linked ToddyCat APT Pioneers Novel Spyware (lien direct) | ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says. | Tool | ||
|
2020-12-16 17:40:00 | Attackers Leverage IMAP to Infiltrate Email Accounts (lien direct) | Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP. | Tool | ||
|
2020-10-19 17:25:00 | GravityRAT Spyware Targets Android & MacOS in India (lien direct) | The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android. | Tool | ||
|
2020-08-27 15:55:00 | Old Malware Tool Acquires New Tricks (lien direct) | Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients. | Malware Tool | ★★ | |
|
2020-08-14 16:25:00 | DHS CISA Warns of Phishing Emails Rigged with KONNI Malware (lien direct) | Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code. | Malware Tool | ||
|
2020-08-03 16:45:00 | DHS Urges \'Highest Priority\' Attention on Old Chinese Malware Threat (lien direct) | "Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008. | Malware Tool Threat | ||
|
2020-07-31 09:25:00 | \'Hidden Property Abusing\' Allows Attacks on Node.js Applications (lien direct) | A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities. | Tool | ||
|
2020-06-25 09:40:00 | Lucifer Malware Aims to Become Broad Platform for Attacks (lien direct) | The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems. | Malware Tool |
To see everything:
Our RSS (filtrered)
