What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-04-17 23:24:00 | Source code of Iranian cyber-espionage tools leaked on Telegram (lien direct) | APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. | APT 34 | ||
 |
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
 |
2019-04-12 13:00:00 | Things I hearted this week 12th April 2019 (lien direct) |
Hello again to another weekly security roundup. This week, I have a slightly different spin on the roundup in that the net has been slightly widened to include broader technology topics from more than just this last week. However, all of the articles were written by ladies. With that, let’s dive straight in.
A beginner's guide to test automation
If you’re new to automated testing, you’re probably starting off with a lot of questions: How do I know which tests to automate? Why is automated testing useful for me and my team? How do I choose a tool or framework? The options for automated testing are wide open, and you may feel overwhelmed.
If so, this is a great article on how to get started.
A Beginner's Guide to Test Automation | Sticky Minds
.jpg)
All roads lead to exploratory testing
When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy.
All roads lead to exploratory testing | Womentesters
While on the topic of testing
Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan
Single-page, server-side, static… say what?
An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps.
If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA).
But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website?
Single-Page, Server-Side, Static… say what? | Marie Chatfield
If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to.
Strengthen your security posture: start with a cybersecurity framework
The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million.
Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months.
It is mor |
Guideline Prediction | Equifax APT 39 | |
 |
2019-04-11 19:58:01 | FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT (lien direct) | According to a joint report published by the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), North Korea-linked Lazarus APT group is using a new Trojan in attacks. According to a joint report issued by the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), North […] | APT 38 | ||
 |
2019-04-11 17:00:04 | (Déjà vu) DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware (lien direct) | It has been reported that the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. According to the MAR AR19-100A advisory published on the US-CERT website, the new Trojan was detected while tracking … The ISBuzz Post: This Post DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware | Malware | APT 38 | |
 |
2019-04-11 13:00:03 | Protect Your Business by Managing Network Security from the Palm of Your Hand (lien direct) | by Russ Schafer, Head of Product Marketing, Security Platforms, published April 11th 2019 Next generation cyber security attacks can happen at any time to any size business, so you need to be prepared to react immediately. Based on the 2018 Verizon Data Breach report, 58% of security breach victims are categorized as small… | Data Breach Prediction | APT 39 | |
 |
2019-04-11 12:28:03 | New Hoplight malware marks re-emergence of Lazarus Group. (lien direct) | The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it. This according to a report from US-Cert, which say that the group (also known as “Hidden Cobra”) has a new piece of spyware […] | Malware Medical | APT 38 | |
 |
2019-04-10 14:06:04 | DHS and FBI Issue Advisory on North Korean HOPLIGHT Malware (lien direct) | The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. [...] | Malware | APT 38 | |
 |
2019-04-09 09:30:05 | OceanLotus: macOS malware update (lien direct) | >Latest ESET research describes the inner workings of a recently found addition to OceanLotus's toolset for targeting Mac users | Malware | APT 32 | |
 |
2019-04-05 15:08:01 | Sea Levels Are Rising. Time to Build ... Floating Cities? (lien direct) | If climate change ends up coming for your home, you could move inland. Or you could decamp to tessellated platforms floating on the ocean. | APT 32 | ||
|
2019-04-03 17:25:04 | OceanLotus APT group leverages a steganography-based loader to deliver backdoors (lien direct) | The OceanLotus APT group, also known as APT32 or Cobalt Kitty, leverages a steganography-based loader to deliver backdoors on compromised systems. Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty, group is using a loader leveragingsteganography to deliver a version of Denes backdoor and an updated version of […] | APT 32 | ||
|
2019-04-03 14:44:02 | OceanLotus APT Uses Steganography to Shroud Payloads (lien direct) | The OceanLotus APT is using two new loaders which use steganography to read their encrypted payloads. | APT 32 | ★★★★ | |
|
2019-03-28 16:12:00 | Lazarus Group Widens Tactics in Cryptocurrency Attacks (lien direct) | MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea. | APT 38 | ||
 |
2019-03-28 09:11:00 | APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (lien direct) | Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Vulnerability | APT33 APT 33 | |
|
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 | |
 |
2019-03-28 06:57:04 | Microsoft Takes Control of 99 Domains Used by Iranian Cyberspies (lien direct) | Microsoft on Wednesday announced that it had taken control of 99 domains used by an Iran-linked cyberespionage group it tracks as Phosphorus. | Conference | APT 35 | |
 |
2019-03-28 01:18:01 | Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms (lien direct) | An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.
Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide |
APT33 APT 33 | ||
|
2019-03-27 18:04:01 | Microsoft takes control of 99 domains operated by Iranian state hackers (lien direct) | Microsoft takes control of 99 domains operated by APT35/Phosphorus cyber-espionage group. | Conference | APT 35 | |
|
2019-03-27 15:39:03 | Microsoft Retaliates Against APT35 Hacker Group by Seizing 99 Domains (lien direct) | Court documents unsealed today show how Microsoft's Digital Crimes Unit was able to block some of the cyber attacks conducted by an Iranian-backed advanced persistence threat (APT) group by taking over domains used as part of their core operations. [...] | Threat | APT 35 | |
|
2019-03-27 15:00:02 | North Korea-Linked Hackers Target macOS Users (lien direct) | New Lazarus Operation Targets Windows, macOS Systems The North Korea-linked Lazarus group has been leveraging PowerShell to target both Windows and macOS machines as part of an attack campaign that has been ongoing since at least November 2018, Kaspersky Lab reports. | Medical | APT 38 | |
|
2019-03-27 14:00:02 | Iran-Linked Cyberspy Group APT33 Continues Attacks on Saudi Arabia, U.S. (lien direct) | An Iran-linked cyberespionage group tracked as Elfin and APT33 continues targeting organizations in Saudi Arabia and the United States, Symantec reported on Wednesday. | APT33 APT 33 | ||
|
2019-03-27 10:52:01 | North Korean hackers continue attacks on cryptocurrency businesses (lien direct) | Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine. | Malware Medical | APT 38 | |
|
2019-03-21 12:17:02 | OceanLotus adopts public exploit code to abuse Microsoft Office software (lien direct) | APT32 is using a public exploit to abuse Office and compromise targeted systems. | APT 32 | ||
|
2019-03-20 10:28:00 | Fake or Fake: Keeping up with OceanLotus decoys (lien direct) | >ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar | APT 32 | ||
 |
2019-03-18 14:57:01 | A week in security (March 11 – 17) (lien direct) |
A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google's Nest, and Firefox Send.
Categories:
Security world
Week in security
Tags: Apex LegendsChinese DNAemotetfacebookFacebook outageFirefox SendGoogle NestGoogle PlayLazarus Groupnetflixpsd2Spotify
(Read more...)
|
Medical | APT 38 | |
|
2019-03-12 16:27:00 | The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat Medical | Wannacry APT 38 | |
|
2019-03-08 14:53:02 | Details About Shadowy Hacking, Cyber Espionage Group Revealed. (lien direct) | Security researchers have been aware of the OceanLotus hacking and cyber espionage group since at least 2015, but new information about the scope of the group’s operations were revealed here at RSA. Researchers are now confident the group has been running a sophisticated fake news operation targeting activists in Vietnam. Source: PC Mag | APT 32 | ||
|
2019-03-07 13:00:00 | Oceans Are \'Spiking a Fever\' With Record Heat Waves (lien direct) | More frequent and severe ocean heat waves are behaving like wildfires, wiping out sea life across large areas. | APT 32 | ||
|
2019-03-05 21:23:03 | Iran-Linked Chafer APT recently used python-based backdoor (lien direct) | The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […] | Malware Prediction | APT 39 | |
|
2019-03-05 15:30:05 | Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (lien direct) | The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity, Palo Alto Networks reveals. | Threat Prediction | APT 39 | |
 |
2019-03-05 14:15:00 | Lazarus Research Highlights Threat from North Korea (lien direct) | A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. | Threat Medical | APT 38 | |
|
2019-03-04 12:42:03 | Experts collect more evidence that link Op \'Sharpshooter\' to North Korea (lien direct) | Security researchers at McAfee have linked the Op. Sharpshooter with the North Korea-linked Lazarus APT group after analyzing code from a command and control (C2) server. Security experts at McAfee analyzed the code of a C2 server involved in the cyber espionage campaign tracked as Op. Sharpshooter and linked it with the North Korea-linked APT […] | APT 38 | ||
|
2019-03-04 11:43:02 | Researchers granted server by gov officials link Sharpshooter attacks to North Korea (lien direct) | Analysis of the server revealed links to North Korea's Lazarus Group. | Medical | APT 38 | |
 |
2019-03-04 09:00:05 | Ocenaudio – L\'éditeur audio qu\'il vous faut (lien direct) | Ocenaudio est un freeware dispo pour Linux, Windows et macOS qui permet d’éditer des fichiers audio. L’édition peut se faire de manière simultanée sur 2 canaux, avec tous les outils classiques que l’ont peut trouver dans ce genre de soft, ainsi qu’une visualisation spectrale de votre fichier audio. Ocenaudio dispose … Suite | APT 32 | ||
|
2019-03-03 23:30:04 | Op \'Sharpshooter\' Connected to North Korea\'s Lazarus Group (lien direct) | After analyzing a command and control (C2) server used in the global cyber-espionage campaign dubbed 'Sharpshooter', security researcher found more evidence linking it to North Korea's Lazarus threat actor. [...] | Threat | APT 38 | |
|
2019-02-20 12:20:01 | North Korea\'s Lazarus APT targets Russian Entities (lien direct) | Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […] | APT 38 | ||
|
2019-02-20 12:00:00 | Boaty McBoatface Gears Up for Epic Swim Across the Arctic (lien direct) | The probe with the famous name may soon have a new claim to fame, by crossing the Arctic Ocean on the longest underwater robot journey yet. | APT 32 | ||
|
2019-02-19 15:53:03 | North Korea\'s Lazarus Hackers Found Targeting Russian Entities (lien direct) | It has long been thought that Russia is a no-go area for North Korean hacking group Lazarus. Russia is one of North Korea's few friends, along with China. | APT 38 | ||
|
2019-02-19 13:32:00 | North Korean APT Lazarus Targets Russian Entities with KEYMARBLE Backdoor (lien direct) | Bluenoroff, a subdivision of the North Korean sponsored APT group Lazarus, recently switched its sights to Russian entities as unveiled by a newly discovered campaign which uses malicious Office documents specifically crafted to target Russian organizations. [...] | APT 38 | ||
|
2019-02-01 19:35:02 | Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware (lien direct) | The Remexi spyware has been improved and retooled. | Malware | APT 39 | |
|
2019-01-31 10:29:01 | (Déjà vu) FBI Maps and Further Disrupts North Korean Jonap Botnet. (lien direct) | The United States Department of Justice (DoJ) announced its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”-an Advanced Persistent Threat (APT) actors’ group often known as […] | Threat Medical | APT 38 | |
|
2019-01-31 00:03:04 | FBI Mapping \'Joanap Malware\' Victims to Disrupt the North Korean Botnet (lien direct) | The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"-an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of
|
Threat Medical | APT 38 | |
|
2019-01-30 08:58:00 | Iran-Linked APT39 group use off-the-shelf tools to steal data (lien direct) | An Iran-linked cyber-espionage group tracked as APT39 is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The APT39 cyberespionage group is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The group has been active at least since November 2014, its operations are aligned […] | Prediction | APT 39 | |
 |
2019-01-29 11:00:00 | APT39: Un groupe de cyber-espionnage iranien s'est concentré sur les informations personnelles APT39: An Iranian Cyber Espionage Group Focused on Personal Information (lien direct) |
Mise à jour (30 janvier): La figure 1 a été mise à jour pour refléter plus précisément le ciblage APT39.Plus précisément, l'Australie, la Norvège et la Corée du Sud ont été supprimées.
En décembre 2018, Fireeye a identifié l'APT39 comme un groupe de cyber-espionnage iranien responsable du vol généralisé d'informations personnelles.Nous avons suivi l'activité liée à ce groupe depuis novembre 2014 afin de protéger les organisations de l'activité APT39 à ce jour.APT39 \\ est l'accent mis sur le vol répandu d'informations personnelles le distingue des autres groupes iraniens Fireeye, qui ont été liés à opérations d'influence , perturbateurs
UPDATE (Jan. 30): Figure 1 has been updated to more accurately reflect APT39 targeting. Specifically, Australia, Norway and South Korea have been removed. In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39\'s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive |
APT33 APT 39 APT 39 APT 33 | ★★★★ | |
|
2019-01-21 16:15:03 | Has two-factor authentication been defeated? A spotlight on 2FA\'s latest challenge (lien direct) | Read more...) | Conference | APT 35 | |
|
2019-01-16 15:51:01 | Disclosure of Chilean Redbanc Intrusion Leads To Lazarus Ties. (lien direct) | By Vitali Kremez, Director of Research, Flashpoint Flashpoint analysts believe that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked advanced persistent threat (APT) group Lazarus. Redbanc confirmed that the malware was installed on the company's corporate network without triggering antivirus […] | Malware Threat | APT 38 | |
|
2019-01-16 08:59:01 | Experts link attack on Chilean interbank network Redbanc NK Lazarus APT (lien direct) | Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […] | Malware | APT 38 | |
|
2019-01-10 14:00:00 | Top 12 Blogs of 2018 (lien direct) |
Time to look back on the top AlienVault blogs of 2018! Here we go:
A North Korean Monero Cryptocurrency Miner by Chris Doman
Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours.
VLAN Hopping and Mitigation by Pam
This type of exploit allows an attacker to bypass any layer 2 restrictions built to divide hosts. With proper switch port configuration, an attacker would have to go through a router and any other layer 3 devices to access their target. However, many networks either have poor VLAN implementation or have misconfigurations which will allow for attackers to perform said exploit. In this article, I will go through the two primary methods of VLAN hopping, known as 'switched spoofing', and 'double tagging'. I will then discuss mitigation techniques.
DNS Poisoning and How To Prevent It by Jeff Thompson
The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.]
4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security by Stephen Roe
Companies both large and small must plan to protect their data. Failing to do so puts you at risk for financial trouble, legal liability, and loss of goodwill.
Make sure to deploy SIEMs to prevent such misfortunes befalling your business. If you know how to put them to use, SIEMs provide value out of the box. Here’s a quick recap on how SIEMs can benefit you with a few clicks.
Prevent SQL injection attacks by keeping an eye on the health of your systems. This will keep you ready if and when attacks do happen.
For handling watering hole intruders, SIEMs make it easy to monitor suspicious communication hinting at an attack in progress.
If you’re worried about malware infection, commun |
Malware Guideline | Wannacry APT 38 | |
|
2019-01-09 13:00:00 | Ocean Cleanup\'s Plastic Catcher Is Busted. So What Now? (lien direct) | First, the 600-meter-long plastic catcher didn't catch plastic. Then it split in two. What is the right way, then, to cleanse our oceans of the plastic menace? | APT 32 | ||
|
2019-01-08 19:49:04 | Ryuk ransomware attacks businesses over the holidays (lien direct) |
Over the holiday, a little-known ransomware family called Ryuk caused serious damage to numerous organizations. The attacks leave a lot of questions unanswered. What do we know so far?
Categories:
Cybercrime
Malware
Tags: attributionBitPaymer ransomwareChristmasdata resolutiondataresolution.netemotetexploitHermesholidayLazarusmalicious office documentsmalspammalwarebytes anti-exploitmalwarebytes anti-ransomwareNorth KoreaOnslow water and sewer authorityOWASAprotectionransomransomwareryukstatstipstribune publishingtrickbot
(Read more...)
|
Ransomware | APT 38 |
To see everything:
Our RSS (filtrered)
