What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-04-25 18:28:33 | Lazarus APT cible les utilisateurs Mac avec un document de mot empoisonné Lazarus APT Targets Mac Users with Poisoned Word Document (lien direct) |
Les acteurs de la menace ont le savoir-faire pour développer des campagnes qui ciblent votre maillon le plus faible.Découvrez comment Lazarus APT a apporté son malware sur la plate-forme macOS d'Apple \\.
Threat actors have the know-how to develop campaigns that target your weakest link. Learn how Lazarus APT took their malware to Apple\'s macOS platform. |
Malware | APT 38 | ★★★ |
 |
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
 |
2019-04-11 19:58:01 | FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT (lien direct) | According to a joint report published by the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), North Korea-linked Lazarus APT group is using a new Trojan in attacks. According to a joint report issued by the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), North […] | APT 38 | ||
 |
2019-04-11 17:00:04 | (Déjà vu) DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware (lien direct) | It has been reported that the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. According to the MAR AR19-100A advisory published on the US-CERT website, the new Trojan was detected while tracking … The ISBuzz Post: This Post DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware | Malware | APT 38 | |
 |
2019-04-11 12:28:03 | New Hoplight malware marks re-emergence of Lazarus Group. (lien direct) | The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it. This according to a report from US-Cert, which say that the group (also known as “Hidden Cobra”) has a new piece of spyware […] | Malware Medical | APT 38 | |
 |
2019-04-10 14:06:04 | DHS and FBI Issue Advisory on North Korean HOPLIGHT Malware (lien direct) | The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. [...] | Malware | APT 38 | |
|
2019-03-28 16:12:00 | Lazarus Group Widens Tactics in Cryptocurrency Attacks (lien direct) | MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea. | APT 38 | ||
|
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 | |
 |
2019-03-27 15:00:02 | North Korea-Linked Hackers Target macOS Users (lien direct) | New Lazarus Operation Targets Windows, macOS Systems The North Korea-linked Lazarus group has been leveraging PowerShell to target both Windows and macOS machines as part of an attack campaign that has been ongoing since at least November 2018, Kaspersky Lab reports. | Medical | APT 38 | |
 |
2019-03-27 10:52:01 | North Korean hackers continue attacks on cryptocurrency businesses (lien direct) | Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine. | Malware Medical | APT 38 | |
 |
2019-03-18 14:57:01 | A week in security (March 11 – 17) (lien direct) |
A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google's Nest, and Firefox Send.
Categories:
Security world
Week in security
Tags: Apex LegendsChinese DNAemotetfacebookFacebook outageFirefox SendGoogle NestGoogle PlayLazarus Groupnetflixpsd2Spotify
(Read more...)
|
Medical | APT 38 | |
|
2019-03-12 16:27:00 | The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat Medical | Wannacry APT 38 | |
 |
2019-03-05 14:15:00 | Lazarus Research Highlights Threat from North Korea (lien direct) | A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. | Threat Medical | APT 38 | |
|
2019-03-04 12:42:03 | Experts collect more evidence that link Op \'Sharpshooter\' to North Korea (lien direct) | Security researchers at McAfee have linked the Op. Sharpshooter with the North Korea-linked Lazarus APT group after analyzing code from a command and control (C2) server. Security experts at McAfee analyzed the code of a C2 server involved in the cyber espionage campaign tracked as Op. Sharpshooter and linked it with the North Korea-linked APT […] | APT 38 | ||
|
2019-03-04 11:43:02 | Researchers granted server by gov officials link Sharpshooter attacks to North Korea (lien direct) | Analysis of the server revealed links to North Korea's Lazarus Group. | Medical | APT 38 | |
|
2019-03-03 23:30:04 | Op \'Sharpshooter\' Connected to North Korea\'s Lazarus Group (lien direct) | After analyzing a command and control (C2) server used in the global cyber-espionage campaign dubbed 'Sharpshooter', security researcher found more evidence linking it to North Korea's Lazarus threat actor. [...] | Threat | APT 38 | |
|
2019-02-20 12:20:01 | North Korea\'s Lazarus APT targets Russian Entities (lien direct) | Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […] | APT 38 | ||
|
2019-02-19 15:53:03 | North Korea\'s Lazarus Hackers Found Targeting Russian Entities (lien direct) | It has long been thought that Russia is a no-go area for North Korean hacking group Lazarus. Russia is one of North Korea's few friends, along with China. | APT 38 | ||
|
2019-02-19 13:32:00 | North Korean APT Lazarus Targets Russian Entities with KEYMARBLE Backdoor (lien direct) | Bluenoroff, a subdivision of the North Korean sponsored APT group Lazarus, recently switched its sights to Russian entities as unveiled by a newly discovered campaign which uses malicious Office documents specifically crafted to target Russian organizations. [...] | APT 38 | ||
|
2019-01-31 10:29:01 | (Déjà vu) FBI Maps and Further Disrupts North Korean Jonap Botnet. (lien direct) | The United States Department of Justice (DoJ) announced its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”-an Advanced Persistent Threat (APT) actors’ group often known as […] | Threat Medical | APT 38 | |
 |
2019-01-31 00:03:04 | FBI Mapping \'Joanap Malware\' Victims to Disrupt the North Korean Botnet (lien direct) | The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"-an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of
|
Threat Medical | APT 38 | |
|
2019-01-16 15:51:01 | Disclosure of Chilean Redbanc Intrusion Leads To Lazarus Ties. (lien direct) | By Vitali Kremez, Director of Research, Flashpoint Flashpoint analysts believe that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked advanced persistent threat (APT) group Lazarus. Redbanc confirmed that the malware was installed on the company's corporate network without triggering antivirus […] | Malware Threat | APT 38 | |
|
2019-01-16 08:59:01 | Experts link attack on Chilean interbank network Redbanc NK Lazarus APT (lien direct) | Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […] | Malware | APT 38 | |
 |
2019-01-10 14:00:00 | Top 12 Blogs of 2018 (lien direct) |
Time to look back on the top AlienVault blogs of 2018! Here we go:
A North Korean Monero Cryptocurrency Miner by Chris Doman
Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours.
VLAN Hopping and Mitigation by Pam
This type of exploit allows an attacker to bypass any layer 2 restrictions built to divide hosts. With proper switch port configuration, an attacker would have to go through a router and any other layer 3 devices to access their target. However, many networks either have poor VLAN implementation or have misconfigurations which will allow for attackers to perform said exploit. In this article, I will go through the two primary methods of VLAN hopping, known as 'switched spoofing', and 'double tagging'. I will then discuss mitigation techniques.
DNS Poisoning and How To Prevent It by Jeff Thompson
The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.]
4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security by Stephen Roe
Companies both large and small must plan to protect their data. Failing to do so puts you at risk for financial trouble, legal liability, and loss of goodwill.
Make sure to deploy SIEMs to prevent such misfortunes befalling your business. If you know how to put them to use, SIEMs provide value out of the box. Here’s a quick recap on how SIEMs can benefit you with a few clicks.
Prevent SQL injection attacks by keeping an eye on the health of your systems. This will keep you ready if and when attacks do happen.
For handling watering hole intruders, SIEMs make it easy to monitor suspicious communication hinting at an attack in progress.
If you’re worried about malware infection, commun |
Malware Guideline | Wannacry APT 38 | |
|
2019-01-08 19:49:04 | Ryuk ransomware attacks businesses over the holidays (lien direct) |
Over the holiday, a little-known ransomware family called Ryuk caused serious damage to numerous organizations. The attacks leave a lot of questions unanswered. What do we know so far?
Categories:
Cybercrime
Malware
Tags: attributionBitPaymer ransomwareChristmasdata resolutiondataresolution.netemotetexploitHermesholidayLazarusmalicious office documentsmalspammalwarebytes anti-exploitmalwarebytes anti-ransomwareNorth KoreaOnslow water and sewer authorityOWASAprotectionransomransomwareryukstatstipstribune publishingtrickbot
(Read more...)
|
Ransomware | APT 38 | |
|
2018-12-13 15:01:02 | Operation Sharpshooter targets critical infrastructure and global defense (lien direct) | McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in […] | Malware Threat | APT 38 | |
|
2018-12-12 11:26:05 | Op \'Sharpshooter\' Uses Lazarus Group Tactics, Techniques, and Procedures (lien direct) | A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group [...] | Malware Tool Threat Medical | APT 38 | |
|
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-23 15:32:05 | North Korean Hackers Hit Latin American Banks (lien direct) | The North Korean hacking group know as Lazarus recently targeted financial institutions in Latin America, Trend Micro security researchers have discovered. | APT 38 | ||
|
2018-11-10 14:47:00 | (Déjà vu) Symantec shared details of North Korean Lazarus\'s FastCash Trojan used to hack banks (lien direct) | North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan, that was used by the Lazarus APT Group, in a string of attacks against ATMs. The ATP group has been using this malware […] | Malware Hack Medical | APT 38 | |
|
2018-11-08 17:45:00 | Symantec Uncovers North Korean Group\'s ATM Attack Malware (lien direct) | Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs. | Malware Medical | APT 38 | |
 |
2018-11-06 08:56:00 | Worst malware and threat actors of 2018 so far (lien direct) | What's the worst malware so far into 2018? The worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10. | Malware Threat Medical | APT 38 | |
|
2018-10-19 13:00:00 | Things I Hearted this Week, 19th October 2018 (lien direct) |
It’s been another eventful week in the world of cyber security. So let’s just jump right into it.
NCSC has Been Busy
NCSC collaborated with Australia, Canada, New Zealand, UK, and the USA to give us a report that highlights which publicly-available tools criminals are using to aid their cyber crimes.
Joint report on publicly available hacking tools | NCSC
The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week.
NCSC also published its Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre.
Targeting Crypto Currencies
It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
Targeted attacks on crypto exchanges resulted in a loss of $882 million | HelpNet Security
Twitter Publishes Data on Iranian and Russian Troll Farms
In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms.
Twitter’s focus is on a healthy public conversation | Twitter
In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran.
British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents | Motherboard
Equifax Engineer Sentenced
An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop.
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet
Mind the Skills Gap
(ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million.
It’s worth bearing in mind that estimating the skills gap isn’t an eas |
Guideline | Equifax APT 38 | |
|
2018-10-04 06:55:00 | APT38 is behind financially motivated attacks carried out by North Korea (lien direct) | Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Threat Medical | APT 38 | |
|
2018-10-03 20:02:03 | Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide (lien direct) | A joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” used by Hidden Cobra APT. The US-CERT has released a joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” being used by the […] | Medical | APT 38 | |
|
2018-10-03 19:42:00 | North Korean Attacks on Banks Attributed to \'APT38\' Group (lien direct) | A report published on Wednesday by FireEye details the activities of a financially motivated threat actor believed to be operating on behalf of the North Korean government. | Threat | APT 38 | |
|
2018-10-03 15:01:00 | North Korea\'s APT38 hacking group behind bank heists of over $100 million (lien direct) | New FireEye report provides insight into North Korea's financially-motivated hacking operations. | APT 38 | ||
 |
2018-10-03 07:00:00 | APT38: Détails sur le nouveau groupe de menaces soutenu par le régime nord-coréen APT38: Details on New North Korean Regime-Backed Threat Group (lien direct) |
Aujourd'hui, nous publions des détails sur un un groupe avancé de menace persistante qui, selon nous, est responsable de la conduite d'un crime financierAu nom du régime nord-coréen, volant des millions de dollars aux banques dans le monde.Le groupe est particulièrement agressif;Ils utilisent régulièrement des logiciels malveillants destructeurs pour rendre les réseaux de victimes inopérables après le vol.Plus important encore, les efforts diplomatiques, y compris la récente plainte du ministère de la Justice (DOJ) qui ont décrit l'attribution à la Corée du Nord, n'ont jusqu'à présent pas mis fin à leur activité.Nous appelons ce groupe apt38.
nous publions un
Today, we are releasing details on a advanced persistent threat group that we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide. The group is particularly aggressive; they regularly use destructive malware to render victim networks inoperable following theft. More importantly, diplomatic efforts, including the recent Department of Justice (DOJ) complaint that outlined attribution to North Korea, have thus far failed to put an end to their activity. We are calling this group APT38. We are releasing a |
Malware Threat | APT 38 APT 38 | ★★★★ |
|
2018-10-03 04:18:05 | Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash (lien direct) | The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations,
|
Medical | APT 38 | |
 |
2018-09-07 18:26:02 | North Korean hacker charged for WannaCry and Sony cyberattacks (lien direct) | U.S. charges North Korean hacker for WannaCry, Sony cyber attacks The U.S. government on Thursday charged and sanctioned a North Korean hacker for the 2014 Sony hack and the 2017 WannaCry global ransomware cyberattack, U.S. officials said. The accused, Park Jin Hyok worked as part of a team of hackers, also known as the Lazarus […] | Ransomware Hack | Wannacry APT 38 | |
|
2018-09-07 17:29:00 | (Déjà vu) Industry Reactions to U.S. Charging North Korean Hacker: Feedback Friday (lien direct) | A North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the notorious Lazarus Group. | Medical | APT 38 | |
|
2018-09-07 09:00:01 | Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks (lien direct) | A 34-year-old North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the Lazarus Group. An affidavit filed by an FBI special agent reveals how investigators linked the man to the notorious threat actor. | Threat Medical | APT 38 | |
|
2018-09-06 23:00:05 | U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy (lien direct) | The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world." | APT 38 | ||
|
2018-09-06 21:43:04 | How US authorities tracked down the North Korean hacker behind WannaCry (lien direct) | US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers. | Malware Medical | Wannacry APT 38 | |
|
2018-09-06 18:04:01 | U.S. Charges North Korean Over Lazarus Group Hacks (lien direct) | The U.S. Department of Justice on Thursday announced charges against a North Korean national who is believed to be a member of the notorious Lazarus Group, to which governments and the cybersecurity industry have attributed several high profile attacks. | Medical | APT 38 | |
 |
2018-09-01 15:54:03 | (Déjà vu) Lazarus (lien direct) | Type: Malware Platform: Mac OS X Last updated: 09/01/18 10:50 pm Threat Level: High Description Lazarus is malware. Lazarus Threat Removal MacScan can detect and remove Lazarus Malware from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan | Malware Threat | APT 38 | |
 |
2018-08-29 02:01:03 | North Korea\'s Lazarus Tied to Cryptojacking Campaign Targeting MacOS (lien direct) | North Korean state-sponsored hacking group Lazarus is believed to be behind a recent crypto jacking attack on several banks with an unexpected twist–the use of a Trojan that tricked a company employee into downloading malware, according to Kaspersky Lab. Kaspersky researchers made what they call the “unexpected discovery” while...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/566684710/0/thesecurityledger -->» | APT 38 | ||
|
2018-08-28 13:00:00 | AlienVault Product Roundup July / August 2018 (lien direct) |
It’s been a busy summer at AlienVault! Amid some major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases:
New EDR capabilities with the new AlienVault Agent
On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent - a lightweight and adaptable endpoint agent based on osquery - you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote.
The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities.
AlienApp for ConnectWise
The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information.
Slaying Defects and Optimizing the UX
In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details.
USM Central Roundup and Look Ahead
Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include:
Two-way alarm status and label synchronization
Orchestration rules management across USM Anywhere deployments
USM Central API availability (You can find the API documentation here.)
Threat Intelligence Highlights
USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team.
The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are rese |
Threat Medical | APT 38 | |
|
2018-08-28 06:39:00 | Security firm attributes Cosmos Bank cyberheist to Lazarus APT (lien direct) | Security experts from Securonix have published a report that attributes the attack against on the Cosmos Bank to the Lazarus APT group. Cosmos Bank is one of the largest Indian cooperative banks, it was the victim of a cyberheist a couple of weeks ago when hackers stole over 940 million rupees ($13.5 million) in just three […] | APT 38 | ||
|
2018-08-27 17:06:01 | A week in security (August 20 – 26) (lien direct) |
A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.
Categories:
Security world
Week in security
Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup
(Read more...)
|
Medical | APT 38 |
To see everything:
Our RSS (filtrered)
