What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
Kaspersky.png 2019-03-25 14:00:01 FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors (lien direct)

The contractor with whom it shared the data has a vulnerable, unpatched network.

TechRepublic.png 2019-03-25 13:56:03 How to use Franz for your one-stop-shop messenger needs (lien direct)

Franz is easy to install, easy to use, and makes your daily messaging task more efficient.

CSO.png 2019-03-25 13:56:00 Get a two-year subscription to Ivacy VPN for only $2.03/mo (lien direct)

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location - but they can also run frustratingly slowly, delaying the way you\'d usually use the internet for entertainment and work.

That\'s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here

TechRepublic.png 2019-03-25 13:49:05 How to stop remote workers from causing a security incident: 3 tips (lien direct)

Some 36% of organizations said they experience security breaches due to remote work, according to an OpenVPN report. Here\'s how to help.

TechRepublic.png 2019-03-25 13:35:05 Why 61% of CIOs believe employees maliciously leak data (lien direct)

One in five employees surveyed believes data belongs to them, not the company, according to an Opinion Matters / Egress report.

no_ico.png 2019-03-25 13:30:04 From Preparation To Implementation: How To Fully Adopt Automation In 2019 (lien direct)

The last 12 months have seen a shift in how enterprises view automation and its benefits to their security and DevOps teams. Last year, it was found that more than three-quarters of organisations would like the ability to automate some of the day-to-day manual tasks related to their security information and event management (SIEM) systems. Yet, many …

The ISBuzz Post: This Post From Preparation To Implementation: How To Fully Adopt Automation In 2019 appeared first on Information Security Buzz.

SecurityAffairs.png 2019-03-25 13:26:05 Free Tools: spotting APTs through Malware streams (lien direct)

Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as […]

The post Free Tools: spotting APTs through Malware streams appeared first on Security Affairs.

bleepingcomputer.png 2019-03-25 13:05:00 Emsisoft has Released a Decryptor for the Hacked Ransomware (lien direct)

A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users. [...]

WiredThreatLevel.png 2019-03-25 13:00:00 Simple Experiments Show How Motion Is Equivalent to Heat (lien direct)

A big idea in thermodynamics is the mechanical equivalent of heat, a concept that spells out how moving objects and changing temperatures relate.

AlienVault.png 2019-03-25 13:00:00 The odd case of a Gh0stRAT variant (lien direct)

This is a guest post by independent security researcher James Quinn. This will be Part 1 of a series titled Reversing Gh0stRAT Variants. 

As 2018 drew to a close and 2019 took over, I began to see a different behavior from SMB malware authors.  Instead of massive, multi-staged cryptocurrency miners, I began to see more small, covert RATs serving as partial stage1’s.  Of these samples, there was one specific sample that stood out to me.  A Gh0stRAT variant, this sample not only changed the Gh0stRAT header from “Gh0st” to “nbLGX”, it also hid its traffic with an encryption algorithm over the entire TCP segment, in addition to the standard Zlib compression on the Gh0stRAT data.  Some key functionality is below:

  • Can download more malware

  • Offline Keylogger

  • Cleans Event logs.

[Screenshot 1] Encrypted Login Packet sent by Gh0stRAT infected PC

In addition to a standard malware analysis blog post, I’d also like to take this time to document and describe my methods for analysis, in the hopes that you as a reader will use these techniques in the future.

Malware Analysis

Before we begin the analyses, I’d like to clarify on some of the terms used.

Stage1 - Typically the first contact or entry point for malware.  This is the first part of the malware to arrive on a system.

SMB Malware - Any malware that uses the SMB protocol to spread.  SMB is typically used for file sharing between printers and other computers, however in recent years malware authors have been able to leverage this protocol to remotely infect hosts.

RAT - Remote Access Trojan.  This type of malware allows for the complete control of an infected computer.

Gh0stRAT - An open source RAT used primarily by Chinese actors. A more detailed analysis of the standard Gh0stRAT can be found here.

Despite being a Gh0stRAT sample, this variant is very different than your standard Gh0stRAT sample.  One of the most noticeable differences is the use of encryption over the entire TCP segment, as a way for it to evade detection.  Additionally, this seems to be a lightweight version of Gh0stRAT, as it only has 12 commands, compared to the 73 for a full Gh0stRAT sample; 3 of those commands are undocumented.  Also, unlike most samples that I receive on my honeypot, this sample did not start as a DLL that communicates to a distribution server in order to download the stage1.  Instead, dropped on my honeypot was a full exe that served as the dropper.

Domains

  • http://mdzz2019.noip[.]cn:19931
  • http://mdzz2019.noip[.]cn:3654/

From my analyses, I was able to identify http://mdzz2019.noip[.]cn:19931 as its main C2 url.  This is a dynamic DNS, meaning the actual IP changes quite frequently. Additionally, on that same url, http://mdzz2019.noip[.]cn:3654/ is used to distribute more versions of this Gh0stRAT sample, along with a .zip file containing ASPXSpy, a web shell.

Exploits

These 2 exploits are EternalBlue/Doublepulsar and are used to drop the Stage1 Dropper onto a

TechRepublic.png 2019-03-25 13:00:00 Why site reliability engineers face more security incidents and higher stress levels (lien direct)

Half of SREs have worked on outages lasting longer than a day, according to a Catchpoint report.

bleepingcomputer.png 2019-03-25 12:35:01 ASUS Live Update Infected with Backdoor in Supply Chain Attack (lien direct)

A new advanced persistent threat (APT) campaign detected by Kaspersky Lab in January 2019 and estimated to have run between June and November 2018 has allegedly impacted over 57,000 users who have downloaded the ASUS Live Update Utility on their computers. [...]

SecurityAffairs.png 2019-03-25 12:11:05 Hackers raised fake tornado alarms in two Texas towns (lien direct)

Hackers took control of the emergency tornado alarms in Texas causing the panic, it has happened on March 12th, at around 2:30 a.m., On March 12th, at around 2:30 a.m. in two towns in Texas (the DeSoto and Lancaster areas) hackers took control of the emergency tornado alarms causing the panic among residents. The alarms […]

The post Hackers raised fake tornado alarms in two Texas towns appeared first on Security Affairs.

securityintelligence.png 2019-03-25 12:10:02 Think Inside the Box to Bridge the Cybersecurity Skills Gap (lien direct)

>The threat landscape is growing more perilous each day and our white hats need all the help they can get. The problem is that many organizations are struggling to close the cybersecurity skills gap.

The post Think Inside the Box to Bridge the Cybersecurity Skills Gap appeared first on Security Intelligence.

no_ico.png 2019-03-25 12:10:00 UK Finance 2018 Fraud Statistics (lien direct)

Yesterday UK Finance, the UK\'s industry trade body, published its annual report into the UK\'s payment industry fraud, Fraud the Facts 2019.      The report reveals that in 2018:  Criminals stole £1.2 billion through fraud and scams:  Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million, an increase of 16% compared to 2017  Authorised push payment scams resulted in gross …

The ISBuzz Post: This Post UK Finance 2018 Fraud Statistics appeared first on Information Security Buzz.

WiredThreatLevel.png 2019-03-25 12:00:00 In Germany, Solar-Powered Homes Are Really Catching On (lien direct)

The country is getting closer to the solar home revolution: a panel on every roof, an EV in every garage, and a battery in every basement.

no_ico.png 2019-03-25 11:45:00 Rise In DDoS Attack Size (lien direct)

Global research has revealed the scale and quantity of DDoS (Distributed Denial of Service) attacks increased significantly across 2018 with attacks reaching 400Gbps in size or larger.  EfficientIP secures brands including Netflix, IKEA and the London Stock Exchange against exactly these types of attacks.  Specialists in network security with expert knowledge in DDoS attacks, its latest Global DNS Threat Report shows:  Although …

The ISBuzz Post: This Post Rise In DDoS Attack Size appeared first on Information Security Buzz.

ZDNet.png 2019-03-25 11:39:02 VirusTotal debuts retro, simplified interface for legacy systems (lien direct)

The interface is suitable for older browsers and systems.

WiredThreatLevel.png 2019-03-25 11:00:00 Can AI Be a Fair Judge in Court? Estonia Thinks So (lien direct)

Estonia plans to use an artificial intelligence program to decide some small-claims cases, part of a push to make government services smarter.

ZDNet.png 2019-03-25 10:50:02 Telegram now lets you remotely delete private chats from both devices (lien direct)

The Unsend feature has received a boost in the name of privacy.

bleepingcomputer.png 2019-03-25 10:18:02 Tesla Model 3 Hacked on the Last Day of Pwn2Own (lien direct)

During the last day, Fluoroacetate\'s Amat Cama and Richard Zhu successfully targeted and successfully hacked their way into a Tesla Model 3\'s Chromium-based infotainment system as part of their automotive category demo, using "a JIT bug in the renderer to display their message." [...]

WiredThreatLevel.png 2019-03-25 10:01:00 Liveblog: Live Updates From Apple\'s March 25 Event (lien direct)

On Monday morning, Apple hosts an event to outline plans for its news distribution and media streaming services. Our live coverage starts at 9 am Pacific.

WiredThreatLevel.png 2019-03-25 10:00:00 We Might Be Reaching \'Peak Indifference\' on Climate Change (lien direct)

Anyone who wants to deal with climate change may have only a brief window to sell the public on a plan.

WiredThreatLevel.png 2019-03-25 10:00:00 The Beautiful Benefits of Contemplating Doom (lien direct)

The Doomsday Clock reminds us that global catastrophe is closer than ever. But it doesn\'t have to be all gloom.

WiredThreatLevel.png 2019-03-25 10:00:00 Machines Shouldn\'t Have to Spy On Us to Learn (lien direct)

We need a breakthrough that allows us to reap the benefits of AI without savaging data privacy.

WiredThreatLevel.png 2019-03-25 10:00:00 A Clever New Strategy for Treating Cancer, Thanks to Darwin (lien direct)

Most advanced-stage cancers mutate, resisting drugs meant to kill them. Now doctors are harnessing the principles of evolution to thwart that lethal adaptation.

WiredThreatLevel.png 2019-03-25 10:00:00 Angry Nerd: The Next Big One Will Be a Dataquake (lien direct)

Platforms have become the slabs of virtual bedrock underlying life. And every day they shift.

WiredThreatLevel.png 2019-03-25 10:00:00 On the Trail of the Robocall King (lien direct)

An investigator set out to discover the source of one scammy robocall. Turns out, his target made them by the millions.

WiredThreatLevel.png 2019-03-25 10:00:00 What Happens When a Jury Grapples With Perplexing Science (lien direct)

Two decades ago, a new form of genetic testing helped send a man to prison. But the case exposed the limits of using complicated forensics in a criminal trial.

WiredThreatLevel.png 2019-03-25 10:00:00 The Engine Propelling the Fastest Woman on Four Wheels (lien direct)

A turbojet engine used on F-4 Phantom jets during the Vietnam War finds a new purpose.

WiredThreatLevel.png 2019-03-25 10:00:00 Synthetic Biology Could Bring a Pox on Us All (lien direct)

New methods are making it easier than ever to produce life-saving vaccines-and life-taking viruses that humanity is not prepared to fight.

SecurityAffairs.png 2019-03-25 09:49:05 PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel (lien direct)

It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie. T-Series is an Indian music company, […]

The post PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel appeared first on Security Affairs.

The_Hackers_News.png 2019-03-25 09:39:05 Warning: ASUS Software Update Server Hacked to Distribute Malware (lien direct)

Remember the CCleaner hack? CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017. Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS. A group of state-sponsored

SecurityAffairs.png 2019-03-25 07:42:03 Telegram allows users to delete any sent/received message from both sides with no time limit (lien direct)

Telegram development team implemented a new feature that allows users to delete any received message from the sender’s device. Telegram announced a new feature to improve user privacy, the development team implemented a functionality that allows users to delete any received message from the sender’s device. Two years ago, Telegram introduced the “unsend” feature that […]

The post Telegram allows users to delete any sent/received message from both sides with no time limit appeared first on Security Affairs.

bleepingcomputer.png 2019-03-25 03:04:00 The AZORult Legacy Lives On. Hello AZORult++! (lien direct)

Earlier this month, malware researchers noticed a new variant of the infamous information stealer AZORult that indicates a transition to a new developer and carries the promise of a more dangerous threat. [...]

WiredThreatLevel.png 2019-03-24 23:05:04 Mueller Report Says No Collusion, Barr Raises a Million Questions (lien direct)

In a convoluted letter to Congress, Attorney General William Barr summarized Robert Mueller\'s report on the Russia investigation and said he won\'t charge President Trump with obstruction.

SecurityAffairs.png 2019-03-24 18:23:04 Microsoft Defender APT now protects also macOS (lien direct)

Microsoft has announced the availability of Defender ATP Endpoint Security for Apple macOS Microsoft has announced the availability of Microsoft 365 advanced endpoint security solution across platforms, with the support of Apple Mac it added to Microsoft Defender Advanced Threat Protection (ATP). Microsoft Windows Defender ATP was first introduced in 2016 as a defensive solution […]

The post Microsoft Defender APT now protects also macOS appeared first on Security Affairs.

bleepingcomputer.png 2019-03-24 17:15:05 Telegram Now Lets You Delete a Received Message From Sender\'s Device (lien direct)

To further increase privacy, Telegram announced today that they have added a feature that allows users to delete any message in a one-on-one chat and have it be removed from both chat user\'s devices [...]

bleepingcomputer.png 2019-03-24 16:03:00 Microsoft\'s Leaked Edge Browser Should Make Google Worried (lien direct)

Over the weekend, a leaked build for the Chromium-based Edge browser has been released that is providing users with their first look at the upcoming browser from Microsoft. If you are a Chrome user, reports indicate that this browser feels, performs, and has basically the same features as Google Chrome. [...]

WiredThreatLevel.png 2019-03-24 16:00:00 How to Watch Apple\'s Event on Monday, March 25 (lien direct)

Things kick off at 10 AM on Monday, March 25, at the Steve Jobs Theater.

SecurityWeek.png 2019-03-24 14:37:05 Watchdog: FEMA Wrongly Released Personal Data of Victims (lien direct)

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

read more

SecurityAffairs.png 2019-03-24 14:30:03 Federal Emergency Management Agency\'s (FEMA) data leak exposes data of 2.3M survivors (lien direct)

The Federal Emergency Management Agency\'s (FEMA) has disclosed a data leak that exposed banking details and other personal information of 2.3 million survivors. In case of national disasters, the Federal Emergency Management Agency\'s (FEMA) offers a program called Transitional Sheltering Assistance (TSA) that provides shelter to survivors.  News of the day is that FEMA has […]

The post Federal Emergency Management Agency\'s (FEMA) data leak exposes data of 2.3M survivors appeared first on Security Affairs.

WiredThreatLevel.png 2019-03-24 13:00:00 Tesla Sues Zoox and More Car News This Week (lien direct)

Plus: Tesla sues Zoox over trade secrets, riding with Peloton\'s truck train, and more.

WiredThreatLevel.png 2019-03-24 13:00:00 Devin Nunes\' Twitter Lawsuit Tops This Week\'s Internet News Roundup (lien direct)

Last week the California congressman sued Twitter and some of its users-and that\'s barely the craziest thing that happened.

WiredThreatLevel.png 2019-03-24 12:00:00 The Mysterious Math of How Cells Determine Their Own Fate (lien direct)

During development, cells seem to use statistics to figure out what identities they should take on.

SecurityAffairs.png 2019-03-24 11:55:05 Security Affairs newsletter Round 206 – News of the week (lien direct)

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Experts uncovered a malspam campaign using Boeing 737 Max crashes gnosticplayers offers 26 Million new accounts for sale on the Dark Web Massive attacks bypass MFA on Office 365 […]

The post Security Affairs newsletter Round 206 – News of the week appeared first on Security Affairs.

SecurityAffairs.png 2019-03-24 11:01:03 WordPress Social Warfare plugin zero-day exploited in attacks (lien direct)

A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin […]

The post WordPress Social Warfare plugin zero-day exploited in attacks appeared first on Security Affairs.

SecurityAffairs.png 2019-03-24 09:56:01 Malware Static Analysis (lien direct)

Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. The following interface stands in front of a live engine which takes binary files and runs them against a plethora of hundreds of YARA rules. Some of them are publicly available […]

The post Malware Static Analysis appeared first on Security Affairs.

SecurityWeek.png 2019-03-23 17:39:00 Cisco Patches High Severity Vulnerabilities in IP Phones (lien direct)

Cisco this week released security patches to address high severity vulnerabilities in its IP Phone 8800 Series and IP Phone 7800 Series. 

A total of five vulnerabilities were addressed, all impacting the web-based management interface of Session Initiation Protocol (SIP) Software of IP Phone 8800 Series. 

read more

ZDNet.png 2019-03-23 16:30:00 Tesla car hacked at Pwn2Own contest (lien direct)

Research duo who hacked Tesla car win the competition\'s overall standings. They also get to keep the car.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-03-26 04:01:32
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter