What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-21 10:05:00 | Hacked Sites Up By 32% in 2016 Over 2015, Says Google (lien direct) | Webmasters should register on Search Console for hack notifications, advises the company. | APT 19 | ||
 |
2017-03-20 13:00:00 | Interview with Daniel Cid, founder of OSSEC (lien direct) |
Daniel Cid
Daniel Cid is the founder and CTO for Sucuri. He’s also on the AlienVault Technology Advisory Board and is the founder of OSSEC HIDS. I interviewed him to get his thoughts on website security, and the security of content management systems (CMS).
Q: What are the most serious challenges and trends you are seeing with website security?
At a high level, the most popular CMS platforms (eg. WordPress, Magento, Drupal, etc) and frameworks are getting a lot better in terms of security, whether it’s a secure by default configurations or employing more appropriate security coding and best practices. We rarely see major issues in the core of these applications, and even when they do have issues there is a system in place that helps streamline the process of patching environments at scale. The platform that is leading the charge on this is WordPress, and a perfect example of this system is best illustrated with the vulnerability we disclosed in the new REST API. Via their auto-update feature they were able to patch very quickly and effectively millions of sites in a one-week time period.
As impactful as these change are however, they aren't& stopping the attacks and the compromises. Simply put, it’s not because platform security is the problem, but rather website security is much more complex than code or tools, and needs the people and processes behind it to remain secure.
Consider WordPress, for example. They have their famous 5-minute install. What a great message, and it has been huge in achieving their broad user adoption. Note, it actually takes a lot more than 5 minutes to secure and harden the environment, let it alone configure it to be fully functional to your liking. That isn’t the message a webmaster wants to receive, and this becomes especially challenging when you take into consideration the technical aptitude of most of today’s webmasters - which is very low.
So I think the main challenge I see right now is that there needs to be a level of education to the people deploying websites. There are additional steps that go beyond the basic installation and configuration requirements, and it includes investing some energy into security. These steps need to be more visible, actionable and easier to adopt.
Q: Can just buying products really fix website security?
No. Technology alone will never be the solution; just buying a product won’t work at any level of security.
Note that we do sell a cloud-based security software (a WAF for websites), but we work very hard to have a dialog with our customers where we try to educate and communicate the importance of people, process and technology in their security posture.
Q: What do you think about OWASP and other organizations that are focused on web application security?
I think they are great. They are a powerful resource for developers and security professionals to be more aware of web application security issues.
Q: We hear a lot of fear, uncertainty and doubt (FUD) around WordPress security. What helpful advice could you give our readers who are using Wordpress currently?
The problem in the WordPress security space is that the majority of users are not very technical, and there is also a lot of misinformation and disinformation being spre |
Guideline | APT 19 | |
 |
2017-03-17 08:00:00 | Bejtlich Moves On (lien direct) |  Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013.The highlights of my time at Mandiant involved two sets of responsibilities.First, as CSO, I enjoyed working with my small but superb security team, consisting of Doug Burks, Derek Coulsen, Dani Jackson, and Scott Runnels. They showed that "a small team of A+ players can run circles around a giant team of B and C players."Second, as a company spokesperson, I survived the one-of-a-kind ride that was the APT1 report. I have to credit our intel and consulting teams for the content, and our marketing and government teams for keeping me pointed in the right direction during the weeks of craziness that ensued.At FireEye I transitioned to a strategist role because I was spending so much time talking to legislators and administration officials. I enjoyed working with another small but incredibly effective team: government relations. Back by the combined FireEye-Mandiant intel team, we helped policy makers better understand the digital landscape and, more importantly, what steps to take to mitigate various risks.Where do I go from here?Twenty years ago last month I started my first role in the information warfare arena, as an Air Force intelligence officer assigned to Air Intelligence Agency at Security Hill in San Antonio, Texas. Since that time I've played a small part in the "cyber wars," trying to stop bad guys while empowering good guys.I've known for several years that my life was heading in a new direction. It took me a while, but now I understand that I am not the same person who used to post hundreds of blog entries per year, and review 50 security books per year, and write security books and articles, and speak to reporters, and testify before Congress, and train thousands of students worldwide.That mission is accomplished. I have new missions waiting.My near-term goal is to identify opportunities in the security space which fit with my current interests. These include:Promoting open source software to protect organizations of all sizesAdvising venture capitalists on promising security start-upsHelping companies to write more effective security job descriptions and to interview and select the best candidates availableMy intermediate-term goal is to continue my Krav Maga training, which I started in January 2016. My focus is the General Instructor Course pr |
APT 1 | ||
 |
2017-03-07 12:03:12 | WordPress webmasters urged to upgrade to version 4.73 to patch six security holes (lien direct) | Another day, another important security update for WordPress. If your running a self-hosted version of WordPress, you must update the software on your website now. | APT 19 | ||
 |
2017-02-17 13:47:01 | RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop), (Fri, Feb 17th) (lien direct) | Have you ever been asked for the config of a router or switch you (or someone else) put in so long ago you didnt remember that device was there? So long ago that the layer of dust inside that switch is probably why the fan stopped spinning and melted it? Yup, me too. So when it comes time to rebuild it, you go to that customers CATTOOLS directory (or configuration manager, or whatever backup tool that they have), and find out that: They retired that VM and didnt tell you They let the license lapse They forgot about that device when they set up their backups They upgraded the backup tool, but then never started the service? They installed something else that broke the backup service Yes, stuff happens, and backups sometimes dont, for lots of reasons. This got me to thinking that what I really want (this week) is a PowerShell backup utility for an arbitrary list of network gear at any given client. This beats my previous method of snarfing up cattools directories (when I remember) or backing things up manually whenever I change them (and when I remember) - you see the recurring problem in that method? Why PowerShell? Theres so many other approaches with Python, Expect, Ansible and so on (all of which can do way more than just backups) why build something new in PowerShell? Mostly because I can run that on any customer Windows machine and expect it to work, without installing anything the client might have a problem with. Plus I really wanted to play with Carlos Perezs Posh-SSH code ( https://github.com/darkoperator/Posh-SSH ) So, first, what to back up? What most of my clients run is some subset of: Cisco IOS Cisco Nexus Cisco ASA HP Procurve HP Comware Palo Alto Networks Firewall Seems like a reasonable starter list? OK, now how to back them up? Again, with the theme of dont install anything, dont change the host youre running on, and (to quote Ed Skoudis), to live off the land this is all in SSH, and all in PowerShell. Essentially for each device: login, do a show running-config (or equivalent for that platform), capture the output and save it to ASCII. margin-right:0in">NAME,IP,DEVTYPE cisco_ios_router_or_switch,192.168.12.101,1 cisco_asa,192.168.12.102,2 cisco_wireless_controller,192.168.12.103,3 hp_procurvesw01,192.168.12.104,4 hp_comwaresw01,192.168.12.105,5 pan_firewall_set,192.168.12.106,6 pan_firewall_xml,192.168.12.106,7 The code reads the file as a CSV, so populates a devices variable with properties of: devices.name, devices.IP (which can also be a CN or FQDN, it just needs to resolve), and devices.devtype The 7 device types are covered in the example.in file above. Note that the Palo Alto is in there twice, devicetype 6 for setbase64,iVBORw0KGgoAAAANSUhEUgAAAjEAAACPCAIAAACEUh2PAAAgAElEQVR4nOydeXwcV5Xvz71V3ZIs29mcxJvUXXXvrW7JGyQhGZhhgOxeZKm7qu6t6tbiLc5GbGBmGOANAzMPHhBI7GwEsjghiSFACImy285GHNuxnFje90WyJVt7q6WWZHmp90d1t1qLTQJ8CIH25/fxR253V926VTrfPvecew4gyrPKKqusssrqb0HwsY8gq6yyyiqrrFxlmZRVVlllldXfirJMyiqrrLLK6m9FWSZllVVWWWX1t6KPn0mwdMOh2uq/wHFIdU08fmj1ssx/JhKJRCIRP+fxgSyrrtuznJh/8UtbXjswnoHTrdgTr9tg/0VP93dwCVlllVVW6GxMyjToiUQibYCALKuuG+H1EWWvbhx45zmpsLy2sXrphzVw9urGcx/tT3g/rNgz3PKe9c1LNxyKfygA/DUN+ke7BFJdE/9Qc/5XZpL74H2k+5tVVln9PekcTEraLNdM1Kww0Vks1IiyVzfGP5zhRhmuEqgCUYEZR64oB8oRMZFqADVB4+AT89883lGzCgIcaSbWTGAG0LDERI5WLlEbiAnMhmA5MAEkjNQof/XIyU3PAzOBcVnjiHGJWphyRAxMuaRZoJQiddnzxxvvYbpUaAE1gbrvEe4AgJqIcolwSeWyYsr/sW5/9/6HlSqgYUTCWAkjVQdiIGIgamBqYmoC5UD4sk19B1//EQRtrFmYCqwK8JfB43Wn69/jqgWqDloIMRNTC1ELUQFUQPKMroa/wuFsc/hRXK | APT 15 | ||
 |
2017-02-16 19:00:11 | menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations (lien direct) | In 2016, from September through November, an APT campaign known as “menuPassâ€Â targeted Japanese academics working in several areas of science, along with Japanese pharmaceutical and a US-based subsidiary of a Japanese manufacturing organizations. In addition to using PlugX and Poison Ivy (PIVY), both known to be used the group, they also used a new Trojan called “ChChes†by the Japan Computer Emergency Response Team Coordination Center (JPCERT). In contrast to PlugX and PIVY, which are used by multiple campaigns, ChChes appears to be unique to this group. An analysis … | APT 10 | ||
 |
2017-02-09 17:06:50 | Google Makes WordPress Site Owners Nervous Due to Confusing Security Alerts (lien direct) | For the past few days, Google has been making a lot of webmasters very nervous, as its Google Search Console service, formerly known as Google Webmaster, has been sending out security alerts to people it shouldn't. [...] | APT 19 | ★★★ | |
 |
2017-02-08 11:41:55 | Thousands of WordPress websites defaced through patch failures (lien direct) | A patched zero-day vulnerability is at fault, but webmasters are not paying attention to updates. | APT 19 | ||
|
2017-01-26 14:00:00 | The Evolution of Threat Intelligence (lien direct) | Hi! My name is Chris Doman and I‘ve just joined AlienVault to work on the Open Threat Exchange (OTX) platform. As a way to say hello, I’ve put down some thoughts on why I was so keen to come work on OTX. A lot has changed since I jumped into cyber security just 5 years ago. First there was the Target breach. Then Sony. OPM. Yahoo. The elections. Between those infamous landmark case studies IT administrators have been battling constant attacks against their own networks. Ransomware trashing network shares. Users clicking “Enable Macros”. Finance teams approving fraudulent wire transactions. The security industry has had to continuously evolve to respond to ever-changing threats. The Evolution of Threat Intelligence Back in 2011 an employee of an incident response company was frustrated at the lack of threat intelligence sharing across the industry. So, they leaked the domain names used by the biggest group of attackers to Pastebin. It was a desperate attempt to prevent the mass of attacks the group was committing against both companies and governments. Two years, and hundreds of compromised organisations later, Mandiant released their landmark APT1 report. It was on the very same attackers, still using many of the same domain names. We’ve come a long way since then. Now security vendors race each other to share new waves of attacks first and government institutions are mandated to do the same. But this has led to other problems. Keeping up with all the reports is in itself a full-time job. And some reports contain false positives that set off security devices like Christmas tree lights. OTX From my viewpoint, Alienvault OTX solves these problems by: Reducing the manpower and effort organisations require to pull IoC’s out of every report. The indicators are peer reviewed for problems and fixes are applied almost instantly. The information is easy in, easy out with a growing API and list of integrations. The power of the massive community that can perform vetted information sharing in a structured format at no-cost. The key for any network like OTX is the community, and so far it’s going strong. Interested in vetted sharing of ransomware indicators? An OTX user has made a group for that. How about importing the indicators into your MISP instance? There's a group for that too. AlienVault has a long history of building community solutions that are available to organisations of all sizes, not just those with the largest security budgets. Some of you may know me from a community project I’ve worked on in my spare-time called ThreatCrowd - another open threat intelligence platform. ThreatCrowd has become used by more people than I could have hoped. It’s been a fun experiment to keep a prototype running for thousands of simultaneous users from a single Linux box! But there are serious limitations to how much I can tack onto a prototype, in my spare time and limited by my own knowledge. I’m looking forward to working with the top-notch team of AlienVault engineers to help enhance OTX and the overall community experience. I’ve only been at AlienVault a few days but I’ve seen there are some awesome enhancements planned to the interface, data-set and integrations. I won’t ruin the surprise! If you’re a user of Thr | Yahoo APT 1 | ||
 |
2016-12-26 13:30:46 | Les bonnes résolutions 2017 pour votre sécurité (lien direct) | Tags: Mot de passeNavigationAdwareMalwareSauvegardeVPN*Cet article a été écrit avec la participation de Keltounet* L'année 2016 a été émaillée de quelques incidents de sécurité de grande ampleur. Histoire de ne pas être le dindon de la farce, voici quelques conseils pour que l'informatique ne soit plus votre pire cauchemar. Des mots de passe complexes et différents pour chaque service On ne le répétera jamais assez : chaque service que vous utilisez doit avoir un mot de passe différent et chaque mot de passe doit être composé au minimum de huit caractères, avec des majuscules, des minuscules, des chiffres et des caractères spéciaux. On n'utilise pas le même mot de passe pour sa boîte mail que pour se connecter à Twitter ou Facebook ou à ses applicatifs métiers. Problème : comment s'en souvenir ? N'hésitez pas à utiliser un gestionnaire de mots de passe comme KeePass. Il va gérer les mots de passe à votre place, ne vous restera qu'à définir un seul mot de passe, fort évidemment. Côté sites Web, certains services proposent des authentifications à double facteur, ce qui limite les soucis de vols de mots de passe. Des bloqueurs sur des navigateurs Les sites couverts de publicités et de traqueurs en tout genre sont encore malheureusement légion. Résultats : des informations concernant votre navigation et vos habitudes de vie sont stockées, vendues, revendues, sans que vous n'ayez votre mot à dire, ni même que vous soyez au courant. On aura donc recours à un bon bloqueur de publicités, uBlock Origin, par exemple et à Privacy Badger. Il ne faut pas non plus oublier que les publicités peuvent être aussi un vecteur important de malwares. Des extensions/modules/applications vérifiées | Uber APT 15 | ||
|
2016-12-16 14:00:00 | 2016 Recap from the Alien Eye in the Sky (lien direct) | Today is the last Alien Eye in The Sky episode for 2016, so rather than just recapping the week, we thought we’d take a look at what’s transpired over the course of 2016. To be honest, I underestimated the huge task at hand, and after researching several hundred breaches, decided that it was better to break down the incidents into trends and take samples from each. Hopefully this will give a renewed appreciation of how much the cyber security challenge is growing across the world and across all industries. So, without further ado, all the stories mentioned in the video are linked below. Happy holidays everybody! Online dating Adult Friend Finder Fling Mate1 Shadi.com Muslim Match Password re-use attacks Carbonite Netflix GoToMyPC Reddit TeamViewer Camelot Deliveroo KFC Heathcare Banner Health which impacted 3.7m patients Turkish state hospitals 10m patients Queen Mary Hospital in Hong Kong saw 3,600 records accessed Al Zahra Private Medical Centre in the UAE had 4,600 records accessed. Specialist healthcare providers such as the New Jersey Spine Centre, and the | Yahoo APT 15 | ||
|
2016-12-02 14:35:57 | Protecting Powershell Credentials (NOT), (Fri, Dec 2nd) (lien direct) | If youre like me, youve worked through at least one Powershell tutorial, class or even a how-to blog. And youve likely been advised to use the PSCredential construct to store credentials. The discussion usually covers that this a secure way to collect credentials, then store them in a variable for later use. You can even store them in a file and read them back later. Awesome - this solves a real problem you thought - or does it? For instance, to collect credentials for a VMware vSphere infrastructure (Im wrapping up a number of audit scripts this week), youbase64,iVBORw0KGgoAAAANSUhEUgAAAYMAAAFKCAIAAABw4aQ5AAAgAElEQVR4nOy9Z1TbaX73ffEiu5vkyUxy57k3s0l23GdcxgUbd4zBFWzTQfSOChJCqCIJkJCEJBBIAvXeERICdSEJUW3PeJrt8ZSdmW3JJjuZna2Z3b3P5jnnOSfPi+uvAvbMbMqT5MX+z+f4qEuA9dH397uKAPjvOP51O/9Djv+Zr+oPxx+OPxx/OP5w/OH4w/HfcfzpX+3/xv/69tf//K+//uff+trzL/z7+PpTfOP5F77x/At//PwLf/L8C3/6/At/9vwLzz3/wvPPv/Dnz7/w/PMvPPf8C889/8KfPf/C//X8C3/y/At/nL79N571UP9xvvbUa8t9VfCFQXa8pMzdv/yH/Z/Pv/XP95/1yP///br+W570fxT/7nfrfyd//q2v/8XffON/793moG/85a6hscnl1XuffPrTf/71b/7517/5+S//+T+dX3wp6Zv96ue/+NXPf/Grn/0e/PQXv/zpz/+T+Nkvf7adnyL84qc/+8VnX8VPfvaLn/z0aX6ey6c7+CzDzyD/lMtPtvHJT36a5dOd/BjhM4R/+uzH//TZPz6bn/zjJz/5h6/g0x998umPfvz78vf/iPCjH3/69z/+9O+/6vb/8ONPv+oF/OQfIc/6EX6c4dPPfpz92Z/6tSC/rp998pOdv8zML/nTLD/fRs6fKf3ne9bf92cIz/wv8bvf/Utbe8f/+19yaAfQ/zVP9J91tNy8+rt/+Zcf/sMn3lCCzZ9CNHSm+JZ9IfL2kw819qUxmZEmUNDHlbkwhF/GjhunUeTCGFcwBIohgYIpULAECjaEP8vmz7L4s0z+7BB/lsGfpfFnqPwZKm+Gwpuh8GbIPPngmGyQKyNxZSSudIAzTRydJo5M9Y9MEYYlePZkH2uijzWBY07gmBPYITF2SIxliDEMEZouQtOFkF76OKSHloYqyNBLFaCpAgxFgIWQ+RnQZH7PIK97kNdJGusgjbUPcNsHuG0D3NYBbks/B9LcP9rcP9qEH2nCjzTiRxr6hhv6hlE4NgrHrsey6rGsOgyzFs2sRTOrexk1vUPVvYyqbnplN62ii1bRRSvvpN7poNxuJ99uJ99qGyxrJZW2kG62DNxoJl5vIl5rJFxrJFxtIFxB4Uvq+4rr+i7X4opqsJeqsYXVmItVmIuV6PMVvecres5X9Jwr7z5zu+v07c7TtzoLyjpOlbafLG3Lv9l24kbriRutx661HL/Wcuxq09GrTa9caXylpPFIScPh4obDl1GHLqMOFtUfLKp7+VLdS4W1BwprD1ys2X+hZt+F6n3nq/eer9p7vmrP+co95yr3nKvcfa5i19mKXWcrXjxTDvn26Tt/m+bbp+9kLoc3232ucs+5qj3nqvacr9p7vnrv+ep952v2XajZf6H2wMXaA4V1LxXWvXyp/mBR/cEi1KHLqMOXGw4XNx4paXylpOmVK01HrzYfu9p8/FrL8Wst+Tfa8m+0nbzZfqq0/VRpx+myzjO3Os/c7jp7u+tcec/5it7zFb0XKtGFVZjCasylGmxRDa6oFldc11dcj7+CIlxtIFxr7L/eSLzeSLzRPHCzmVTaOljWOnirjXy7nXKnA0Kt6KJVdtMru+lV3YzqbnpND6O2d6i6h1GLZtb2DtWhmRAUllWPZcE/dEPfcGPfcGPfMPxv0ExAePD2uwdeOfnkO9+NpO5Gs9yLZVjdwX2EtfvLuazfj6+/miGx/lpi/bXExmuJjQeQx+9/rMC0f3j37lsm/Vsm/SOz/rFV/9iqf9eqf8+qf9+q+8iq+8iq+65V932r7vtWzQ+tmr+zav7+y9DuxLaTH23n723av7Npf2DT/sCm/75N/z2b/mOb/iOb/gOb/gOb4T2b4YnN8MRmeMdqeGgxfLi60ni16PH7H4/JTXpX4K0n3wEAgD/+v3fbFyL+5fUc6aiGRBD1kEjNFKtZYg1LrGFNPAPmhIYpfhr1TkRqpkjNEqlZIjUbIlRBWEIVS6hiClVDuYIbV9LGFbRxBU2goPJnKfxZCm+GMjZDHpOTx2RkrozEkZJGpQOj08SR6f7hKcLwFGFYQmBL8KzJPtZkH3OyjzmJY4ozIJ4aEmMZop3QhTi6CEcT4mjCPpoQnsBSxzHUcTR1vIci6KEIuin8bgq/i8LvGORB2gfH2gfH2tJuah3gthA5LcTR5v7RJsJIE2GkCT/chB9u7BtuwLEbcGwUjlWPZdZjmHWYodpeRk0vo7qHXt1Dr+qmVXXTKrqo5fDN0E653U6+1Zq2UvPAjSZopf6rjf1XUIQSFL64Hl9c13e5Dne5FltUg71UjSmsQl+sQl+o6j1f0XOuovtsedeZO12nb3eevt1ZcKvjVFn7ydK2/NK2/Jut+TdaT9xoOX695fi15mPXmo9ebXrlStORksYjJY2HixsOFzccutxw8DIK8vLl+peK6l66VPfSpdqXLtUeKKw9UFi7/2INZN+F6r2Q81UIF6r3Xqjed6E6c5sDhXUHCuEj1L10qf6lovqXL6MOXm6AHLrceLi48XBx45GSpiMZ9VxrPn6t5fj11hM3WvNvtOXfbDtZ2n6qtL2grOP0rc4zt7vO3O46e6f7XHn3+YqeCxW9F6vQhVXoS9WYSzXYy7W4y7W44vq+knp8CQp/pYFwtaH/WiPxehPxRtPAzWZSaQuprHXwViv5VhvlTjvlTgelvJNa0Umt7KLBP0d1D6Omd6gGPVSDZtahmbXooVoMsw7NrMew6tDMOgyrHsOqx7DgCRSW1YBFZNTQx97ho9fefnf/EcREO2QU/T1kFPtyGW1kePD4/Y9ne9o+3Nx4S6eCPNSpHhtUjw2Kdw2K9wyKDwyKj4yKj4yK7xkV3zcqvm9U/PCrUe7g70xfwQ/SfN+k/Nik/Mik/NCo/MCofM+ofGJUvmNQPzaoHxrUDw3qDxLxupKix+9/TBUoqAIFTaAAAIARoezhux8yhKohoWoI+kKsYU9ohie1w5PaEYludEo/OqXnTBu+kKlc9M9A8jS6XEYlulGJbkSiG5FoRyTaYYmWPZkDlJ1IPSRSDwnVDKGKDj0lUND4CmgoCjQURzbIkQ5ypCSOlMSZJnGmBzjTxNEphBEJpD9zYljSPywhDkv62RIiW0JkS/rZkn62hMCaJLAm+5gTENyQGDckxtBF6bQlQtOFaJqwlzreSx3voY73UMehqjrJPEjH4FhH2lNtiKQ42fSU/hRtgNEJg/ynr0EzqnvoVT20SuimTkp5B6Uchqa2QURPzaQbTQM3mojXGvuvNfZfbSBAPZXU9xXX44rrcJfrsJdqMJdqMIXV6ItV6AuVvecre89X9Jwr7zlb3n2mvDstqY7TtzsKbnUUlLWfKms/Vdp28iaiqrStmo9faz5+rfnYtaajSJjKautISePhksbDJQ2HSxoOFSPAs4fTNzhS0gjvcvRqc1Yx11qOX29BLANFA2NOWUdBWUfBrU4o0NO3u87c6Tpb3nOuvOd | APT 10 | ||
 |
2016-12-01 04:01:02 | Amplify IT Security by Integrating Solutions (lien direct) | The lowly banana. It's a great source of potassium. As a stand-alone food source, it's rather boring. Mono-flavored (like a banana). It's sometimes squishy or bruised or otherwise imperfect. And it's often part of a dull breakfast routine (mine). But pair banana slices with bran cereal or as the basis for a smoothie, and your […]… Read More | APT 10 | ||
|
2016-11-26 01:17:07 | RocketTab, l\'adware persistant (lien direct) | Tags: AdwareMalwareUn adware est un logiciel publicitaire, non-désiré évidemment. Certains logiciels disponibles gratuitement en sont parfois équipés. Ils viennent aussi se greffer à votre navigateur. Au-delà de l'imposition de publicités sur toutes les pages que vous consultez, publicités évidemment basées sur vos précédentes navigations, ces programmes indésirables sont occasionnellement difficiles à détecter parce qu'ils ne sont ni dans les programmes installés, dans les clefs de registre, ni aucun dans les extensions de navigateurs. Ainsi, le " programme " RocketTab en est une magnifique illustration.
RocketTab sur Chrome
Depuis quelques semaines, lors de ma navigation sur Chrome, je voyais apparaître un encart publicitaire. Ayant testé quelques programmes dédiés au Black SEO durant l'été, j'avais attribué cette apparition à Jingling, 10k Hits ou encore Hitleap. Après un nettoyage en règle, l'encart n'était plus présent.
Puis, il est réapparu. Ayant identifié qu'il s'agissait de RocketTab, j'ai commencé par regarder dans mes programmes pour voir s'il était présent. Rien à l'horizon. J'ai regardé dans mes extensions pour Chrome. Toujours rien. J'ai regardé mes clefs de registre. Encore rien. J'ai fait mouliner Avast et AdwCleaner.
Néant. Et pourtant, la sale bête était toujours là :Â
En désespoir, j'ai réinitialisé Chrome et j'ai vérifié tout ce qu'il y avait dans le dossier AppData. Il me restait un dernier test : les extensions de Chrome.
J'ai désactivé toutes les extensions et j'ai fait une recherche sur Amazon – car RocketTab me polluait aussi ma recherche Amazon. L'encart parasite avait disparu. C'est en réactivant une extension d'historique de navigation que j'ai trouvé le coupable : History Calendar 2.1.6. Cette application, trouvée sur le magasin officiel des extensions de Chrome, avait intégré une nouvelle petite fonctionnalité : l'autorisation de publicités et la case était cochée par défaut.
Initialement, cette extension avait été vérifiée et autorisée par Google et cette " fonctionnalité " n'y était pas. La dernière mise à jour de cette extension date du 19 juillet 2016 et l'application a été supprimée du magasin officiel de Google Chrome à la mi-septembre 2016.
Se débarrasser de RocketTab
On le voit, dans mon cas, c'était relativement vicieux car je n'avais aucune raison de me méfier d'une mise |
APT 15 | ||
|
2016-11-21 16:35:08 | Russian Spammer Uses Fake Google Domain to Tell Webmasters to Vote Trump (lien direct) | Some clever Russian crook has found a way to register a lookalike Google domain by taking advantage of Unicode characters to create an alternative way of spelling Google. [...] | APT 19 | ||
 |
2016-11-15 07:50:00 | Goodbye, NAC. Hello, software-defined perimeter (lien direct) | Those of us who've been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now, the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco's network admission control (aka Cisco NAC), Microsoft's network access protection (NAP) and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors: Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe laptop sales first overtook desktop computer sales around this same timeframe, so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network. A wave of internet worms. The early 2000s produced a steady progression of internet worms, including Code Red (2001), Nimda (2001), SQL Slammer (2003), Blaster (2003), Bagel (2004), Sasser (2004), Zotob (2005), etc. These worms could easily spread across an entire enterprise network from a single PC as soon as a user logged on. NAC was seen as a solution to this problem by providing point-to-point PC inspection and authentication over Layer 2 before systems were granted Layer 3 network access. NAC really was a good idea, but the space was over invested and many of the products were difficult to deploy and manage. As a result, NAC enthusiasm faded, although NAC deployment was making slow but steady progress. As NAC became a niche product, it lost its panache. Heck, my friends at Gartner even killed the NAC MQ when there were few vendors left and not much to write about.To read this article in full or to leave a comment, please click here | APT 15 | ||
|
2016-11-15 00:49:31 | Le spam analytics (lien direct) | Tags: SpamBotsBlack SEOSurveiller ses logs, c'est bien mais regarder ce qui se passe du côté de ses statistiques de fréquentation, c'est mieux. En faisant un tour sur mon Google Analytics, j'ai eu l'immense surprise de voir ceci dans la catégorie langue :
En faisant une recherche rapide, j'ai découvert qu'il s'agissait d'une variété de spam : le spam analytics.
Le spam analytics : pourquoi ?
Cette technique, que je classe dans la section Black SEO, peut aussi – comme le spam traditionnel – être vectrice de malware. Dans le cas illustré ici, il s'agissait surtout d'une campagne électorale. L'idée générale est de pourrir les rapports analytics des webmasters, community managers, développeurs, etc. pour les inciter à visiter des sites et voir dans quel contexte on parle de leur application Web. Il peut aussi s'agir de générer du trafic vers ses sites. En effet, certains portails laissent publics leurs backlinks et leurs référents, améliorant du même coup les backlinks-spammeurs et donc leur notoriété et donc leur rang dans les résultats de recherche. C'est ce qu'on appelle du spamindexing.
En résumé, le spam analytics sert à :
Générer un faux trafic ;
Propager des malwares ;
Faire grimper sa propre notoriété.
On a vu le pourquoi, passons au comment.
Comment fonctionne le spam analytics ?
En matière de spam analytics, il y a deux techniques :
Le bot Referral Spam ;
Le Ghost Referral Spam.
Comme son nom l'indique, le premier est un robot qui va effectivement visiter votre site, donc générer du trafic. Cette technique est simple et tout le monde sait le faire. Le second est un peu plus vicieux car il ne concerne que les sites fonctionnant avec Google Analytics, il ne visite pas votre site mais il laisse quand même une empreinte dans vos statistiques, soit par faux référents, par faux langages ou par faux mots-clefs.
Mais alors, comment peut-on polluer des statistiques en ne visitant pas un site Web ? En utilisant une petite " faille " de Google Analytics, qui en réalité une fonctionnalité, faisant ainsi une démonstration remarquable de la phrase " it's not a bug, it's a feature ". On commence par générer des codes Google Analytics. On envoie ensuite de fausses données grâce au protocole de mesure de Google Analytics et ces fausses données sont ensuite enregistrées dans les statistiques des comptes ciblés. |
APT 19 | ||
|
2016-11-14 11:12:00 | Your security mirages (lien direct) | Yes, I was hit last week. Forensics are in progress. I got doxxed, too.It has made me realize that most of systems security is an illusion. Here are my favorite alternate realities:1. Everything is safe behind the firewall.Ever heard of UBFWI-as in User's Been Fooling With It? While IPD/IPS and firewall networked-technology has improved so vastly, there's nothing like a user with an infected laptop to bring in a lulu.2. Obscure operating systems never get hit. Hackers only go for the gold with Windows.Here, let me laugh out loud and roll on the floor. Mine was an obscure server version on an obscure branch of an obscure BSD limb. Listen to the sound of lunch getting eaten: mine. Chomp, chomp, burp.To read this article in full or to leave a comment, please click here | APT 15 | ||
|
2016-11-10 11:03:00 | Google punishes web backsliders in Chrome (lien direct) | Google said it will deal with website recidivists that have dodged the company's punishments for spreading malware and spawning email scams.When Google flags sites for hosting malicious code or unwanted software, or running some kind of scam, users see warnings in Chrome and other browsers. The alerts appear as long as Google believes the site poses a threat.But after making changes to align their sites with Google's "Safe Browsing" terms, webmasters may ask Google to lift the virtual embargo.Not surprisingly, some took advantage of the mechanism for lifting the warnings. Sites would cease their illicit practices, but only long enough to get back into Google's good graces. Once Google gave the all-clear, the once-dirty-then-clean site would have a serious relapse and again distribute malware or spew phishing emails.To read this article in full or to leave a comment, please click here | APT 19 | ||
 |
2016-11-02 03:21:37 | Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System (lien direct) | Hey Webmasters, are you using Memcached to boost the performance of your website?
Beware! It might be vulnerable to remote hackers.
Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers.
Memcached is a fabulous
|
APT 19 | ||
|
2016-10-11 04:00:00 | A breach alone means liability (lien direct) | Rich Santalesa, a programmer turned writer and lawyer, brought an interesting turn of events to my attention last week. We need to pay heed: A litigant can have standing in a U.S. Federal breach case where no personal fraud or identity theft has yet occurred.Usually, a litigant has to have suffered injury-a breech caused them identity theft or other fraudulent activity based upon information released in a security breach. This means if you're cracked, you can be liable if personally identifiable information is released, exfiltrated, absconded, whatever. It also means that should you believe the axiom that currently most of us are hacked, we're in for a litigious treat. To read this article in full or to leave a comment, please click here | APT 17 | ||
 |
2016-09-28 08:16:27 | WordPress remporte la palme du CMS le plus visé par les cyberattaques (lien direct) |  La firme de sécurité Sucuri vient de publier le Website Hacked Trend Report pour le deuxième trimestre de 2016, en mettant en évidence l'impressionnant palmarès du CMS WordPress. Bien entendu, c'est la faute à la négligence des webmasters et non du système en lui-même... |
APT 19 | ||
|
2016-09-13 13:00:00 | Free and Commercial Tools to Implement the Center for Internet Security (CIS) Security Controls, Part 17: Data Protection (lien direct) | This is Part 17 of a 'How-To' effort to compile a list of tools (free and commercial) that can help IT administrators comply with what was formerly known as the "SANS Top 20 Security Controls". It is now known as the Center for Internet Security (CIS) Security Controls. A summary of the previous posts is here: Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure Configurations. Part 4 - we looked at Continuous Vulnerability Assessment and Remediation. Part 5 - we looked at Malware Defenses. Part 6 - we looked at Application Security. Part 7 - we looked at Wireless Access Control. Part 8/9 – we looked at Data Recovery and Security Training. Part 10/11 - we looked at Secure Configurations for Network Devices such as Firewalls, Routers, and Switches and Limitation and Control of Network Ports, Protocols and Services. Part 12 - we looked at Controlled Use of Administrative Privileges Part 13 - we looked at Boundary Defense Part 14 - we looked at Maintenance, Monitoring and Analysis of Audit Logs Part 15 - We looked at Controlled Access Based on the Need to Know. | APT 17 | ||
|
2016-09-11 10:43:41 | Google Chrome : Vers une signalisation des pages HTTP “non sécurisées†(lien direct) |  Google Chrome affiche actuellement une icône informative grise sur les sites HTTP. Mais le géant explique sur son blog qu'à partir du début 2017, son navigateur avertira les utilisateurs qui se trouvent sur une page non protégée par HTTPS. Lorsqu'une alerte s'affichera pour tous les visiteurs d'un site, cela pourra être considéré comme un important moyen de pression pour forcer les webmasters à passer leur site en HTTPS. |
APT 19 | ||
|
2016-08-26 08:14:40 | Mozilla launches free website security scanning service (lien direct) | In order to help webmasters better protect their websites and users, Mozilla has built an online scanner that can check if web servers have the best security settings in place.Dubbed Observatory, the tool was initially built for in-house use by Mozilla security engineer April King, who was then encouraged to expand it and make it available to the whole world.She took inspiration from the SSL Server Test from Qualys' SSL Labs, a widely appreciated scanner that rates a website's SSL/TLS configuration and highlights potential weaknesses. Like Qualys' scanner, Observatory uses a scoring system from 0 to 100 -- with the possibility of extra bonus points -- which translates into grades from F to A+.To read this article in full or to leave a comment, please click here | APT 19 | ||
|
2016-07-01 04:22:19 | APT and why I don\'t like the term, (Fri, Jul 1st) (lien direct) | IntroductionIn May 2015, I wrote a dairy describing a SOC analyst pyramid. It describes the various types of activity SOC analysts encounter in their daily work [1]. In the comments, someone stated I shouldve included the term advanced persistent threat (APT) in the pyramid. But APT is supposed to describe an adversary, not the activity.As far as Im concerned, the media and security vendors have turned APT into a marketing buzzword. I do not like the term APT at all.With that in mind, this diary looks at the origin of the term APT. It also presents a case for and and a case against using the term.Origin of APTIn 2006 members of the United States Air Force (USAF) came up with APT as an unclassified term to refer to certain threat actors in public [2].Background on the term can be found in the July/August 2010 issue of Information Security magazine. It has a feature article titled, What APT is (And What it Isnt) written by Richard Bejtlich." />Shown above: An image showing the table of contents entry for Bejtlichs article.According to Bejtlich, If the USAF wanted to talk about a certain intrusion set with uncleared personnel, they could not use the classified threat actor name. Therefore, the USAF developed the term APT as an unclassified moniker (page 21). Based on later reports about cyber espionage, I believe APT was originally used for state-sponsored threat actors like those in China [3].A case for using APTBejtlichs article has specific guidelines on what constitutes an APT. He also discussed it on his blog [4]. Some key points follow:Advanced means the adversary can operate in the full spectrum of computer intrusion.Persistent means the adversary is formally tasked to accomplish a mission.Threat refers to a group that is organized, funded, and motivated.If you follow these guidelines, using APT to describe a particular adversary is well-justified.Mandiants report about a Chinese state-sponsored group called APT1 is a good example [3]. In my opinion, FireEye and Mandiant have done a decent job of using APT in their reporting.A case against APTThe terms advanced and persistent and even threat are subjective. This is especially true for leadership waiting on the results of an investigation.Usually, when Ive talked with people about APT, theyre often referring to a targeted attack. Some people I know have also used APT to describe an actor behind a successful attack, but it wasnt something I considered targeted. We always think our organization is special, so if were compromised, it must be an APT! If your IT infrastructure has any sort of vulnerability (because people are trained to balance risk and profit), youre as likely be compromised by a common cyber criminal as you are by an APT.Bejtlich states that after Googles Operation Aurora breach in 2010, wide-spread attention was brought to APT. At that point, many vendors saw APT as a marketing angle to rejuvenate a slump in security spending [2]." />Shown above: An example of media reporting on APT.A good example of bad reporting is the Santa-APT blog post from CloudSek in December 2015. however, other sources have reported the info [ | Guideline | APT 1 | |
|
2016-06-29 08:21:43 | États-Unis – Le FBI libre de pirater n\'importe quel PC légalement ? (lien direct) |  Au cours des turbulences liées à l'affaire de pédophilie Playpen, un juge américain a déclaré que le FBI n'avait pas besoin de mandat pour obtenir s'introduire et fouiller un ordinateur à distance. Dérive ? |
APT 10 | ||
|
2016-06-08 09:28:01 | Ransomware Web – Le CMS Drupal attaqué via une injection SQL (lien direct) | Ce n'est pas la première fois que des cybercriminels ciblent les webmasters avec leurs ransomwares dédiés au Web. Cette fois, c'est une campagne malveillante ciblant les sites sous le CMS Drupal qui sont touchés. |
APT 19 | ||
 |
2016-06-02 16:00:17 | 6 best html5 libraries 2016 (lien direct) | For any web developer or designer, HTML5 tools and libraries prove to be a great help when it comes to step up their workflow and perform repetitive tasks. These tools are blessed with all the richness and power that help webmasters to augment the value of their work and improve the usability of their web designs and development.Here we are showcasing some of the best HTML5 tools and libraries for web developers and designers. BEST HTML5 TOOLS & LIBRARIES Being the finest online animation tool, HTML5 Maker makes it easy for developers to add interactive content to their website with | APT 19 | ||
 |
2016-05-27 14:13:19 | IXESHE Derivative IHEATE Targets Users in America (lien direct) | Since 2012, we've been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.We also noticed that there were some changes to the underlying behavior of the malware used. While there were some incremental improvements in the observed behavior of the new sample, the underlying pattern of behavior is similar to what we observed earlier from IXESHE.These attacks targeting users in the United States used a variant of IXESHE which has been seen in Taiwan since 2009 named IHEATE. These showed some differences from known IXESHE variants: they had a different command-and-control (C&C) communication model and encryption methods.Post from: Trendlabs Security Intelligence Blog - by Trend MicroIXESHE Derivative IHEATE Targets Users in America | APT 12 | ||
|
2016-05-27 03:00:57 | From Monkey to Man – The Evolution of a CISO (lien direct) | I think we are all familiar with the popular axiom, “It's not IF you get compromised, it's WHEN you get compromised.” I'm also pretty sure we all know that IT security is no longer viewed purely as an operational concern but as a significant contributor to business risk. As a result of this, IT security […]… Read More | APT 17 | ||
 |
2016-05-25 16:10:43 | Wekby hacker gang using DNS requests in new malware campaign (lien direct) | A long-time hacker group is using DNS requests as a command-and-control mechanism in a new series of malware attacks. |
APT 18 | ||
|
2016-05-24 18:30:30 | New Wekby Attacks Use DNS Requests As Command and Control Mechanism (lien direct) | We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such… | APT 18 | ||
|
2016-05-23 01:00:26 | Operation Ke3chang Resurfaces With New TidePool Malware (lien direct) | Introduction Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve… | APT 15 APT 25 | ||
|
2016-05-07 16:25:00 | WordPress 4.5.2 : Mise à jour de sécurité critique (lien direct) | L'équipe de WordPress vient de mettre à disposition la version 4.5.2, qui est une mise à jour de sécurité. Webmasters, il est urgent de la déployer au plus vite si vous n'avez pas activé les mises à jours automatiques de votre WordPress. Sinon, elle a déjà été appliquée. |
APT 19 | ★★ | |
|
2016-03-30 07:00:00 | Cmstar APT Malware Exploits CVE-2012-0158 (lien direct) | BackgroundAPTs (Advanced Persistent Threats) are a type of threat that targets a specific group of potential victims. For example, they have been used in cyber-espionage campaigns to target governments, anti-government activists, military organizations, as well as private companies. Their goal is to penetrate a targeted system or network, remain hidden for extended periods, and collect and exfiltrate data.A common compromise technique is for an APT to target the victims with a spear phishing campaign. Spear phishing campaigns are successful in part because of the great deal of information we have posted about ourselves online. With only a few minutes of research, a cyber criminal can usually identify one or more people in our professional circles whose name, when we see it in the ‘from’ field in an email, would likely cause us to open the email.The attachment exploits a common vulnerability (CVE-2012-0158) which installs the Cmstar downloader onto the compromised system. Cmstar then contacts the Command and Control (C&C) server for the BBSRAT remote access malware to download, and installs it on the compromised system. The attacker can now control the compromised system directly.Impact on YouHaving any type of malware (especially one designed to steal data) on your network puts your sensitive or regulated information at risk.Once installed, Cmstar has the ability to download malware that can infect other machines as well as pull down additional malware variants as neededThe data-stealing malware can reside inside a network for months or years before detection, giving an attacker virtually unlimited access to dataHow AlienVault HelpsAPTs are sophisticated attacks conducted by well-resourced teams. Preventive technologies like sandboxing can help block some attacks, but a dedicated, focused adversary will always find a way to penetrate a network.That’s why you need the ability to detect the presence of compromised systems, downloaders, remote access malware, and other malicious content in your network quickly. And, once you have detected it, you need to be able to minimize the damage that compromised systems can cause. That’s where the AlienVault Labs team can help—the threat research team continues to research and update the ability of the USM platform to detect new downloaders, remote access toolkits (RATs), as well as new variations on existing malware.The Labs team recently updated the USM platform’s ability to detect the latest version of the Cmstar downloader on your network by adding an IDS signature to detect the malicious traffic and a correlation directive to link events from across your network that indicate that Cmstar has compromised one or more systems.These updates are included in the latest AlienVault Threat Intelligence update available now:New Detection Technique - APT CmstarCmstar is a downloader that is similar to the Lurid and Enfal families of malware. Cmstar is typically delivered through phishing emails that contain malicious Microsoft documents and has recently been used to download BBSRAT. The group that utilizes Cmstar and BBSRAT appears to be targeting Russian victims and most r | APT 15 | ★★★★★ | |
 |
2015-07-13 08:31:00 | Démontrant Hustle, les groupes de l'APT chinois utilisent rapidement une vulnérabilité zéro-jour (CVE-2015-5119) après une fuite d'équipe de piratage Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak (lien direct) |
Le Fireeye en tant qu'équipe de service a détecté des campagnes de phishing indépendantes menées par deux groupes de menace persistante avancés chinois (APT) que nous suivons, APT3 et APT18.Chaque groupe de menaces a rapidement profité d'une vulnérabilité zéro-jour (CVE-2015-5119), qui a été divulguée dans la divulgation des données internes de l'équipe de piratage.Adobe a publié un patch pour la vulnérabilité le 8 juillet 2015. Avant ce patcha été publié, les groupes ont lancé des campagnes de phishing contre plusieurs sociétés de l'aérospatiale et de la défense, de la construction et de l'ingénierie, de l'éducation, de l'énergie
The FireEye as a Service team detected independent phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups that we track, APT3 and APT18. Each threat group quickly took advantage of a zero-day vulnerability (CVE-2015-5119), which was leaked in the disclosure of Hacking Team\'s internal data. Adobe released a patch for the vulnerability on July 8, 2015. Before that patch was released, the groups launched phishing campaigns against multiple companies in the aerospace and defense, construction and engineering, education, energy |
Vulnerability Threat | APT 18 APT 3 | ★★★★ |
|
2014-10-27 03:00:42 | Malware APT28: une fenêtre sur les opérations de cyber-espionnage de la Russie? APT28 Malware: A Window into Russia\\'s Cyber Espionage Operations? (lien direct) |
Le rôle des acteurs de l'État-nation dans les cyberattaques a peut-être été le plus largement révélé en février 2013 lorsque mandiant href = "https://www.mandiant.com/resources/mandiant-expose-apt1-chinas-cyber-espionage-units" cible = "_ Blank"> Rapport APT1, en Chine.Aujourd'hui, nous publions un nouveau rapport: apt28:Une fenêtre sur les opérations de cyber-espionnage de la Russie?
Ce rapport se concentre sur un groupe de menaces que nous avons désigné comme APT28.Alors que les logiciels malveillants d'APT28 \\ sont assez connus dans la communauté de la cybersécurité, notre rapport détaille des informations supplémentaires exposant des opérations en cours et ciblées qui, selon nous, indiquent un sponsor gouvernemental basé à Moscou.
dans
The role of nation-state actors in cyber attacks was perhaps most widely revealed in February 2013 when Mandiant released the APT1 report, which detailed a professional cyber espionage group based in China. Today we release a new report: APT28: A Window Into Russia\'s Cyber Espionage Operations? This report focuses on a threat group that we have designated as APT28. While APT28\'s malware is fairly well known in the cybersecurity community, our report details additional information exposing ongoing, focused operations that we believe indicate a government sponsor based in Moscow. In |
Malware Threat | APT 28 APT 28 APT 1 | ★★★★ |
|
2014-09-03 18:00:29 | Le groupe APT préféré de Darwin \\ Darwin\\'s Favorite APT Group (lien direct) |
Introduction
Les attaquants appelés APT12 (également connu sous le nom d'Ixeshe, Dyncalc et DNSCALC) ont récemment lancé une nouvelle campagne ciblant les organisations au Japon et à Taïwan.L'APT12 serait un groupe de cyber-espionnage qui aurait des liens avec l'armée de libération du peuple chinois.Les objectifs d'APT12 \\ sont conformes aux objectifs de la République de Chine (PRC) de la République de Chine (PRC).Les intrusions et les campagnes menées par ce groupe sont en ligne avec les objectifs de la RPC et l'intérêt personnel à Taïwan.De plus, les nouvelles campagnes que nous avons révélées mettent davantage met en évidence la corrélation entre les groupes APT qui cessent et réoulèvent
Introduction The attackers referred to as APT12 (also known as IXESHE, DynCalc, and DNSCALC) recently started a new campaign targeting organizations in Japan and Taiwan. APT12 is believed to be a cyber espionage group thought to have links to the Chinese People\'s Liberation Army. APT12\'s targets are consistent with larger People\'s Republic of China (PRC) goals. Intrusions and campaigns conducted by this group are in-line with PRC goals and self-interest in Taiwan. Additionally, the new campaigns we uncovered further highlight the correlation between APT groups ceasing and retooling |
Technical | APT 12 | ★★★★ |
|
2013-02-19 07:00:45 | Mandiant expose APT1 & # 8211;L'une des unités de cyber-espionnage de Chine et libère 3 000 indicateurs Mandiant Exposes APT1 – One of China\\'s Cyber Espionage Units & Releases 3,000 Indicators (lien direct) |
Aujourd'hui, le Mandiant & Reg;Intelligence Center ™ a publié un rapport sans précédent Exposer la campagne d'espionnage informatique de l'APT1 \\ à l'échelle de l'entreprise.APT1 est l'une des dizaines de groupes de menaces, des pistes mandiantes du monde entier et nous le considérons comme l'un des plus prolifiques en termes de quantité d'informations qu'elle a volée.
Les faits saillants du rapport incluent:
Preuve liant APT1 au 2e Bureau de la Chine de la Chine du Département général de l'Armée de libération (PLA) \'s (GSD) 3e département (désignateur de couverture militaire 61398).
Une chronologie de l'espionnage économique de l'APT1 réalisée depuis 2006
Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1\'s multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen. Highlights of the report include: Evidence linking APT1 to China\'s 2nd Bureau of the People\'s Liberation Army (PLA) General Staff Department\'s (GSD) 3rd Department (Military Cover Designator 61398). A timeline of APT1 economic espionage conducted since 2006 |
Threat | APT 1 | ★★★★ |
To see everything:
Our RSS (filtrered)
