What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
NoticeBored.webp 2018-02-28 21:54:40 NBlog March 1 - Invasion of the Cryptominers (lien direct) That's it, we're done! The 2018 malware awareness module is on its way to NoticeBored subscribers, infecting customers with ... our passion for the topic.There are 28 different types of awareness and training material, in three parallel streams as always: Stream A: security awareness materials for staff/all employees [if !supportLists]-->1.      [endif]-->Train-the-trainer guide on malware MS Word document [if gte vml 1]> Malware APT 15
zataz.webp 2018-02-18 18:58:01 Fuite des adresses mails des clients pour le site Info greffe (lien direct) Le site Info Greffe souffre d’un problème de conception. Un bug qui permet de mettre la main sur l’ensemble des adresses électroniques des clients. La CNIL alertée. Un lien Info Greffe … et c’est le bug ! Premièrement, je n’expliquerai pas pour le moment, comment un pir... Cet article Fuite des adresses mails des clients pour le site Info greffe est apparu en premier sur ZATAZ. APT 15
NoticeBored.webp 2017-12-05 08:24:37 NBlog December 5 - lurid headline (lien direct) Social-Engineer.com's newsletter is a useful source of information about social engineering methods. The latest issue outlines some of the tricks used by phishers to lure their victims initially."It is not breaking news that phishing is the leading cause of data breaches in the modern world. It is safe to ask why that is the case though, given how much of this email gets caught up in our spam filters and perimeter defenses. One trick sophisticated attackers use is triggering emotional responses from targets using simple and seemingly innocuous messaging to generate any response at all. Some messaging does not initially employ attachments or links, but instead tries to elicit an actual reply from the target. Once the attackers establish a communication channel and a certain level of trust, either a payload of the attacker's choosing can then be sent or the message itself can entice the target to act."That same technique is used by advertisers over the web in the form of lurid or intriguing headlines and images, carefully crafted to get us to click the links and so dive into a rabbit warren of further items and junk, all the while being inundated with ads. You may even see the lures here or hereabouts (courtesy of Google). Once you've seen enough of them, you'll recognize the style and spot the trigger words - bizarre, trick, insane, weird, THIS and so on, essentially meaning CLICK HERE, NOW!They are curiously attractive, almost irresistible, even though we've groped around in the rabbit warrens before and suspect or know what we're letting ourselves in for. But why is that? 'Curiously' is the key: it's our natural curiosity that leads us in. It's what led you to read this sentence. Ending the previous paragraph with a rhetorical question was my deliberate choice. Like magpies or trout chasing something shiny, I got you. You fell for it. I manipulated you.     Sorry.There are loads more examples along similar lines - random survey statistics for instance ("87% of X prone to Y") and emotive subjects ("Doctors warn Z causes cancer"). We have the newspapers to thank for the very term 'headline', not just the tabloid/gutter press ("Elvis buried on Mars") but the broadsheets and more up-market magazines and journals, even scientific papers. The vast majority of stuff we read has titles and headings, large and bold in style, both literally and figuratively. Postings on this blog all have short titles and a brief summary/description, and some of the more detailed pieces have subheadings providing structure and shortcuts for readers who lack the time or inclination to read every word ... which hints at another issue, information overload. Today's Web is so vast that we're all sipping from the fire hose.And that Guideline APT 15
SecurityAffairs.webp 2017-09-20 10:49:05 Viacom left the keys of its digital kingdom on a publicly exposed AWS S3 bucket (lien direct) The security researcher Chris Vickery discovered that Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket. Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket, a gift for hackers. Viacom controls Paramount Pictures, MTV, Comedy Central and Nickelodeon. The huge trove of data store […] APT 15
InfosecIsland.webp 2017-07-12 03:47:02 Convenience Comes at a Steep Price: Password Management Systems & SSO (lien direct) Many consumers and businesses are flocking to the mirage of safety offered by password management firms, which are only as strong as their weakest link (often humans). APT 15
SANS.webp 2017-05-04 16:20:16 Migrating Telnet to SSH without Migrating, (Thu, May 4th) (lien direct) I recently had a security assessment / internal pentest project, and one of the findings was I found an AS/400 running telnet services (actually unencrypted tn5250, but it comes to the same thing) The clients response was that this host was up for history purposes only, it was not longer production system. So it was only used occassionally when they needed transaction history from before their migration to the current system. Which doesnt really address risk around their clients information on that host. Weve all been there. Weve found a telnet service that should be migrated to SSH, but the affected device either doesnt support SSH, or the client for one reason or another cant put resources into enabling encrypted services. In the case of the AS400 above, theyd need to do an OS update, which would require an application update to an app they had retired, on a system that isnt production anymore. We see this in legacy systems, but in Industrial Control Systems (ICS) that control factories, water or hydro utilities we see this all the time in production - and the answer there is the gear doesnt support ssh, and in some cases doesnt support credentials. In ICS systems in particular, gear like this is often on the same 5,7 or 10 year depreciation cycle as might be seen on an industrial press or other manufacturing equipment, so upgrades are really a long-term thing, there are no quick fixes. Even finding where all the vulnerable gear is (physically, not on the network) can be a challenge So what to do? In some cases, Ive front-ended the problem child gear with a cheap SSH gateway. A Raspberry Pi does a decent job here for less than $100 per node. The Pi runs real linux, so you can secure it. The solution looks like this: base64,iVBORw0KGgoAAAANSUhEUgAAA5gAAADQCAIAAADtSVl2AAAgAElEQVR4nO2d/3MbZ37f8x/wOlNHSZvwprmGUSZVpp0Lpzetbqa6YdKZ8vqL2ckP7PUHq85MNJk2w5N9ImOeTd+Zx7AuebJ8Qe9CU4QFkwZtSBQh0iIDERccaUpGTMMCKZM8UaQgU+YXiTZMWgBBfNn+sMBi99nn2V0AC2D3wfs17x8kYHfxAALFFx58ns/zGwIAAAAAAAA25DeqPQAAQJGs7kT7Z8ItA75mx5SY9vHgxGKk2uMCAAAAKgREFgD7EX64d7LPW3fWSU1950j/TLjaYwQAAADKDkQWAJvRPxM+ds7FslgpTRcmV3ei1R4sAAAAUEZqRWS392Oza1uza1u+5U1H4E40lqj2iAAomHgy1Trk11VY+dSsb3mz2qMGAAAAygXPIru9H/OE1ts8Nxt7x8Tf68fOubomF2CxwKacdgWMW6z0ng8/3Kv2wAEAAICywKfIhh/uqSeuzrjntvdjqzvR4eDd7f1YdUcYvL8rzhDHk6nqjgTYhYnFSKEWK+Zkn7faYwcAAADKAoci2+a5Sfwibx3yR/YOxHvjyVRD16h4oye0XuHJqmgsMRy8K80QS4ZdyTEAOyK9b9X5Ts/IM6+PPvP66NN97q93XKIe83f/uFTtZwAAAACYD28ie8Y9J//93eyYUqvq7NqWdMDg/ErFxtY+HmSt0TnjnuufCVd9nhhYlp7pkPpt8/WOS72XLntluK+Mf/fVt9VHfu2s83dfGEaNAQAAAM7gSmQJi6076zztClCPFAsP6jtHKvbNfvjhnu5XwLNrW5UZDLAdJ7o9xLvlGy9ccl8Z99L4K8c71DfY2Edr1X4eAAAAgJnwI7LB+7vUlS7UaU7f8mbdWacjcKdiw2t2TOmKLFahASrRWEL9bnnFeZlqsSLffPkt9Snff/O9aj8VAAAAwEz4EVn1dKwYqZXm9n5MqpSdWIyc7PNWbDqWtUxHrDRodkyJze0bukZ7pkOVGRKwEeLnLnm++fJbanm9cePGrVu3QqHQ7OzsK87L6vfb033uzU104wIAAMAP/IgsqzORIPtaX+ypecY919A1Wsl6waYLk4S/tl8NNjumHL+6c7LPG40l2jw3268G67DwC8iIJ1Nia4v2qx8Q7+o//6lbrrATExP37t2Tn/vw0efqn4Vvdw+/995777///pMnT6r1pAAAAAAT4UdkuyYX1L+5mx1TgiBEYwlRCMQjI3sHwfu7FRuYujr22DmXODcsryUQl6VjOQ7Y3o91TS4QrS2I/PXP35Es9vr16wcHB+rr/N6L5Kqvp55/03N13Ov1bm2hGhsAAAAP8COy1BpZK3xTT92KiSqsz499UPnhAUsxsRip7xzRLaf+3mujkshubGyorxNPpqgnipW1xPQtAAAAYFP4EVkhV11wxj0XjSXOuOeoK72Gg3crvAcB1UviydTEYqRnOtQzHYrGEv0z4Yau0foXRqQqXlCDUHtsUSPVyAYC9L4crC4ZT/e5vV7v0pKirWxk74B446lvqS47O7ufAqDkK1TI8MVnn21V+z0FLEc8fqj7zuFKZLf3Y8fOuYaDd8W/qneZj8YSPdMhaflXZWgZ8BEy0dg7JghCPJnqnwk7AnfiyZQntD67tnXaFajvHEETrtrEE1o3aLFifvb2FbWSSrSPB6lnfeOFS16vNxgMSkfOrm2Jiw6lJh7S2rJKtvXQICMIt27deuUNL4JIuXjZt/jJSiYjZKr9/gSmED88fH8eP+aIIhM3Znd2djKZTEbz55wrkRVyc1qVLIHVRa0UrBVd4nqvhq7RCo8QVJ3t/Rhr4y5WvvE3l7xeL7ULgXbT4pcueq5fvy4dLP+gJX6IktYmHjvnqnrRdkYQ0hnh1q1bp9reQBApz73mCd9ZSaUzcFkOyAhCLH74j3M3q/6+QiyVi1dmtnd20hkhkxE0XJY3kY0nUye6PerN5aOxhCNwp+nCZH3nSCU1dzh4V11aoJ5z9S1vbu/HpGpaNJStNdT7KhvJqZ6RT359l7jU7NqWthPXd7z5w4ueqdtr4gpI+cEn+7yza1vyd2zLgE88rPJZ3YmK/3kl0xmILELkudc8t5dWDpPpVFpvugZYm4wgpDOZr57EIbIIkYtXbmx+tp1IplOan1d5E1kh98Uo1QU9ofWq1xVQJ1xn17aisYS0UN0RuNMy4BMEYWIxYqnZZVAm1J92nnr+zb/++Tuvj1zxer29ly43/oiywUHdWeeJl9/2hNbFd3vw/i5FiL9fsB9b APT 15
Korben.webp 2017-04-15 11:39:14 Keys-To-Go de Logitech (lien direct) Pour continuer de faire joujou avec ma box tv Vorke Z1, je cherchais un petit clavier, discret qui prend pas trop de place. A la base, je contrôle la box avec une souris bluetooth, pour contrôler l'interface en mode multimédia, Kodi, Molotov, Netflix etc... ça passe nickel. Mais dès qu'on lance un moteur de recherche, > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Keys-To-Go de Logitech ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. APT 15
SANS.webp 2017-02-17 13:47:01 RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop), (Fri, Feb 17th) (lien direct) Have you ever been asked for the config of a router or switch you (or someone else) put in so long ago you didnt remember that device was there? So long ago that the layer of dust inside that switch is probably why the fan stopped spinning and melted it? Yup, me too. So when it comes time to rebuild it, you go to that customers CATTOOLS directory (or configuration manager, or whatever backup tool that they have), and find out that: They retired that VM and didnt tell you They let the license lapse They forgot about that device when they set up their backups They upgraded the backup tool, but then never started the service? They installed something else that broke the backup service Yes, stuff happens, and backups sometimes dont, for lots of reasons. This got me to thinking that what I really want (this week) is a PowerShell backup utility for an arbitrary list of network gear at any given client. This beats my previous method of snarfing up cattools directories (when I remember) or backing things up manually whenever I change them (and when I remember) - you see the recurring problem in that method? Why PowerShell? Theres so many other approaches with Python, Expect, Ansible and so on (all of which can do way more than just backups) why build something new in PowerShell? Mostly because I can run that on any customer Windows machine and expect it to work, without installing anything the client might have a problem with. Plus I really wanted to play with Carlos Perezs Posh-SSH code ( https://github.com/darkoperator/Posh-SSH ) So, first, what to back up? What most of my clients run is some subset of: Cisco IOS Cisco Nexus Cisco ASA HP Procurve HP Comware Palo Alto Networks Firewall Seems like a reasonable starter list? OK, now how to back them up? Again, with the theme of dont install anything, dont change the host youre running on, and (to quote Ed Skoudis), to live off the land this is all in SSH, and all in PowerShell. Essentially for each device: login, do a show running-config (or equivalent for that platform), capture the output and save it to ASCII. margin-right:0in">NAME,IP,DEVTYPE cisco_ios_router_or_switch,192.168.12.101,1 cisco_asa,192.168.12.102,2 cisco_wireless_controller,192.168.12.103,3 hp_procurvesw01,192.168.12.104,4 hp_comwaresw01,192.168.12.105,5 pan_firewall_set,192.168.12.106,6 pan_firewall_xml,192.168.12.106,7 The code reads the file as a CSV, so populates a devices variable with properties of: devices.name, devices.IP (which can also be a CN or FQDN, it just needs to resolve), and devices.devtype The 7 device types are covered in the example.in file above. Note that the Palo Alto is in there twice, devicetype 6 for setbase64,iVBORw0KGgoAAAANSUhEUgAAAjEAAACPCAIAAACEUh2PAAAgAElEQVR4nOydeXwcV5Xvz71V3ZIs29mcxJvUXXXvrW7JGyQhGZhhgOxeZKm7qu6t6tbiLc5GbGBmGOANAzMPHhBI7GwEsjghiSFACImy285GHNuxnFje90WyJVt7q6WWZHmp90d1t1qLTQJ8CIH25/fxR253V926VTrfPvecew4gyrPKKqusssrqb0HwsY8gq6yyyiqrrFxlmZRVVlllldXfirJMyiqrrLLK6m9FWSZllVVWWWX1t6KPn0mwdMOh2uq/wHFIdU08fmj1ssx/JhKJRCIRP+fxgSyrrtuznJh/8UtbXjswnoHTrdgTr9tg/0VP93dwCVlllVVW6GxMyjToiUQibYCALKuuG+H1EWWvbhx45zmpsLy2sXrphzVw9urGcx/tT3g/rNgz3PKe9c1LNxyKfygA/DUN+ke7BFJdE/9Qc/5XZpL74H2k+5tVVln9PekcTEraLNdM1Kww0Vks1IiyVzfGP5zhRhmuEqgCUYEZR64oB8oRMZFqADVB4+AT89883lGzCgIcaSbWTGAG0LDERI5WLlEbiAnMhmA5MAEkjNQof/XIyU3PAzOBcVnjiHGJWphyRAxMuaRZoJQiddnzxxvvYbpUaAE1gbrvEe4AgJqIcolwSeWyYsr/sW5/9/6HlSqgYUTCWAkjVQdiIGIgamBqYmoC5UD4sk19B1//EQRtrFmYCqwK8JfB43Wn69/jqgWqDloIMRNTC1ELUQFUQPKMroa/wuFsc/hRXK APT 15
HR.webp 2016-12-26 13:30:46 Les bonnes résolutions 2017 pour votre sécurité (lien direct) Tags: Mot de passeNavigationAdwareMalwareSauvegardeVPN*Cet article a été écrit avec la participation de Keltounet* L'année 2016 a été émaillée de quelques incidents de sécurité de grande ampleur. Histoire de ne pas être le dindon de la farce, voici quelques conseils pour que l'informatique ne soit plus votre pire cauchemar. Des mots de passe complexes et différents pour chaque service On ne le répétera jamais assez : chaque service que vous utilisez doit avoir un mot de passe différent et chaque mot de passe doit être composé au minimum de huit caractères, avec des majuscules, des minuscules, des chiffres et des caractères spéciaux. On n'utilise pas le même mot de passe pour sa boîte mail que pour se connecter à Twitter ou Facebook ou à ses applicatifs métiers. Problème : comment s'en souvenir ? N'hésitez pas à utiliser un gestionnaire de mots de passe comme KeePass. Il va gérer les mots de passe à votre place, ne vous restera qu'à définir un seul mot de passe, fort évidemment. Côté sites Web, certains services proposent des authentifications à double facteur, ce qui limite les soucis de vols de mots de passe. Des bloqueurs sur des navigateurs Les sites couverts de publicités et de traqueurs en tout genre sont encore malheureusement légion. Résultats : des informations concernant votre navigation et vos habitudes de vie sont stockées, vendues, revendues, sans que vous n'ayez votre mot à dire, ni même que vous soyez au courant. On aura donc recours à un bon bloqueur de publicités, uBlock Origin, par exemple et à Privacy Badger. Il ne faut pas non plus oublier que les publicités peuvent être aussi un vecteur important de malwares. Des extensions/modules/applications vérifiées Uber APT 15
AlienVault.webp 2016-12-16 14:00:00 2016 Recap from the Alien Eye in the Sky (lien direct) Today is the last Alien Eye in The Sky episode for 2016, so rather than just recapping the week, we thought we’d take a look at what’s transpired over the course of 2016. To be honest, I underestimated the huge task at hand, and after researching several hundred breaches, decided that it was better to break down the incidents into trends and take samples from each. Hopefully this will give a renewed appreciation of how much the cyber security challenge is growing across the world and across all industries. So, without further ado, all the stories mentioned in the video are linked below. Happy holidays everybody! Online dating Adult Friend Finder Fling Mate1 Shadi.com Muslim Match Password re-use attacks Carbonite Netflix GoToMyPC Reddit TeamViewer Camelot Deliveroo KFC Heathcare Banner Health which impacted 3.7m patients Turkish state hospitals 10m patients Queen Mary Hospital in Hong Kong saw 3,600 records accessed Al Zahra Private Medical Centre in the UAE had 4,600 records accessed. Specialist healthcare providers such as the New Jersey Spine Centre, and the Yahoo APT 15
HR.webp 2016-11-26 01:17:07 RocketTab, l\'adware persistant (lien direct) Tags: AdwareMalwareUn adware est un logiciel publicitaire, non-désiré évidemment. Certains logiciels disponibles gratuitement en sont parfois équipés. Ils viennent aussi se greffer à votre navigateur. Au-delà de l'imposition de publicités sur toutes les pages que vous consultez, publicités évidemment basées sur vos précédentes navigations, ces programmes indésirables sont occasionnellement difficiles à détecter parce qu'ils ne sont ni dans les programmes installés, dans les clefs de registre, ni aucun dans les extensions de navigateurs. Ainsi, le " programme " RocketTab en est une magnifique illustration. RocketTab sur Chrome Depuis quelques semaines, lors de ma navigation sur Chrome, je voyais apparaître un encart publicitaire. Ayant testé quelques programmes dédiés au Black SEO durant l'été, j'avais attribué cette apparition à Jingling, 10k Hits ou encore Hitleap. Après un nettoyage en règle, l'encart n'était plus présent. Puis, il est réapparu. Ayant identifié qu'il s'agissait de RocketTab, j'ai commencé par regarder dans mes programmes pour voir s'il était présent. Rien à l'horizon. J'ai regardé dans mes extensions pour Chrome. Toujours rien. J'ai regardé mes clefs de registre. Encore rien. J'ai fait mouliner Avast et AdwCleaner. AdwCleaner Néant. Et pourtant, la sale bête était toujours là :  RocketTab dans ma recherche Amazon En désespoir, j'ai réinitialisé Chrome et j'ai vérifié tout ce qu'il y avait dans le dossier AppData. Il me restait un dernier test : les extensions de Chrome. J'ai désactivé toutes les extensions et j'ai fait une recherche sur Amazon – car RocketTab me polluait aussi ma recherche Amazon. L'encart parasite avait disparu. C'est en réactivant une extension d'historique de navigation que j'ai trouvé le coupable : History Calendar 2.1.6. Cette application, trouvée sur le magasin officiel des extensions de Chrome, avait intégré une nouvelle petite fonctionnalité : l'autorisation de publicités et la case était cochée par défaut. History Calendar et RocketTab Initialement, cette extension avait été vérifiée et autorisée par Google et cette " fonctionnalité " n'y était pas. La dernière mise à jour de cette extension date du 19 juillet 2016 et l'application a été supprimée du magasin officiel de Google Chrome à la mi-septembre 2016. Se débarrasser de RocketTab On le voit, dans mon cas, c'était relativement vicieux car je n'avais aucune raison de me méfier d'une mise APT 15
NetworkWorld.webp 2016-11-15 07:50:00 Goodbye, NAC. Hello, software-defined perimeter (lien direct) Those of us who've been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now, the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco's network admission control (aka Cisco NAC), Microsoft's network access protection (NAP) and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors: Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access.  I also believe laptop sales first overtook desktop computer sales around this same timeframe, so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network. A wave of internet worms. The early 2000s produced a steady progression of internet worms, including Code Red (2001), Nimda (2001), SQL Slammer (2003), Blaster (2003), Bagel (2004), Sasser (2004), Zotob (2005), etc. These worms could easily spread across an entire enterprise network from a single PC as soon as a user logged on. NAC was seen as a solution to this problem by providing point-to-point PC inspection and authentication over Layer 2 before systems were granted Layer 3 network access. NAC really was a good idea, but the space was over invested and many of the products were difficult to deploy and manage. As a result, NAC enthusiasm faded, although NAC deployment was making slow but steady progress. As NAC became a niche product, it lost its panache. Heck, my friends at Gartner even killed the NAC MQ when there were few vendors left and not much to write about.To read this article in full or to leave a comment, please click here APT 15
NetworkWorld.webp 2016-11-14 11:12:00 Your security mirages (lien direct) Yes, I was hit last week. Forensics are in progress. I got doxxed, too.It has made me realize that most of systems security is an illusion. Here are my favorite alternate realities:1. Everything is safe behind the firewall.Ever heard of UBFWI-as in User's Been Fooling With It? While IPD/IPS and firewall networked-technology has improved so vastly, there's nothing like a user with an infected laptop to bring in a lulu.2. Obscure operating systems never get hit. Hackers only go for the gold with Windows.Here, let me laugh out loud and roll on the floor. Mine was an obscure server version on an obscure branch of an obscure BSD limb. Listen to the sound of lunch getting eaten: mine. Chomp, chomp, burp.To read this article in full or to leave a comment, please click here APT 15
PaloAlto.webp 2016-05-23 01:00:26 Operation Ke3chang Resurfaces With New TidePool Malware (lien direct) Introduction Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve… APT 15 APT 25
AlienVault.webp 2016-03-30 07:00:00 Cmstar APT Malware Exploits CVE-2012-0158 (lien direct) BackgroundAPTs (Advanced Persistent Threats) are a type of threat that targets a specific group of potential victims. For example, they have been used in cyber-espionage campaigns to target governments, anti-government activists, military organizations, as well as private companies. Their goal is to penetrate a targeted system or network, remain hidden for extended periods, and collect and exfiltrate data.A common compromise technique is for an APT to target the victims with a spear phishing campaign. Spear phishing campaigns are successful in part because of the great deal of information we have posted about ourselves online. With only a few minutes of research, a cyber criminal can usually identify one or more people in our professional circles whose name, when we see it in the ‘from’ field in an email, would likely cause us to open the email.The attachment exploits a common vulnerability (CVE-2012-0158) which installs the Cmstar downloader onto the compromised system. Cmstar then contacts the Command and Control (C&C) server for the BBSRAT remote access malware to download, and installs it on the compromised system. The attacker can now control the compromised system directly.Impact on YouHaving any type of malware (especially one designed to steal data) on your network puts your sensitive or regulated information at risk.Once installed, Cmstar has the ability to download malware that can infect other machines as well as pull down additional malware variants as neededThe data-stealing malware can reside inside a network for months or years before detection, giving an attacker virtually unlimited access to dataHow AlienVault HelpsAPTs are sophisticated attacks conducted by well-resourced teams. Preventive technologies like sandboxing can help block some attacks, but a dedicated, focused adversary will always find a way to penetrate a network.That’s why you need the ability to detect the presence of compromised systems, downloaders, remote access malware, and other malicious content in your network quickly. And, once you have detected it, you need to be able to minimize the damage that compromised systems can cause. That’s where the AlienVault Labs team can help—the threat research team continues to research and update the ability of the USM platform to detect new downloaders, remote access toolkits (RATs), as well as new variations on existing malware.The Labs team recently updated the USM platform’s ability to detect the latest version of the Cmstar downloader on your network by adding an IDS signature to detect the malicious traffic and a correlation directive to link events from across your network that indicate that Cmstar has compromised one or more systems.These updates are included in the latest AlienVault Threat Intelligence update available now:New Detection Technique - APT CmstarCmstar is a downloader that is similar to the Lurid and Enfal families of malware. Cmstar is typically delivered through phishing emails that contain malicious Microsoft documents and has recently been used to download BBSRAT. The group that utilizes Cmstar and BBSRAT appears to be targeting Russian victims and most r APT 15 ★★★★★
Last update at: 2024-05-12 13:07:59
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter