What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-28 00:00:00 | Enquêter sur le risque de références compromises et d'actifs exposés à Internet explorez le rapport révélant les industries et les tailles d'entreprise avec les taux les plus élevés d'identification compromises et d'actifs exposés à Internet.En savoir plus Investigating the Risk of Compromised Credentials and Internet-Exposed Assets Explore the report revealing industries and company sizes with the highest rates of compromised credentials and internet-exposed assets. Read More (lien direct) |
IntroductionIn this report, Kovrr collected and analyzed data to better understand one of the most common initial access vectors (1) - the use of compromised credentials (Valid Accounts - T1078) (2) to access internet-exposed assets (External Remote Services - T113) (3). The toxic combination of these two initial access vectors can allow malicious actors to gain a foothold in company networks before moving on to the next stage of their attack, which can be data theft, ransomware, denial of service, or any other action. There are numerous examples of breaches perpetrated by many attack groups that have occurred using this combination, for example, breaches by Lapsus (4) and APT39 (5), among others. âThis report seeks to demonstrate which industries and company sizes have the highest percentage of compromised credentials and number of internet-exposed assets and face a higher risk of having their networks breached by the toxic combination of the initial access vectors mentioned above.âIt should be noted that having an asset exposed to the internet does not inherently pose a risk or indicate that a company has poor security. In our highly digitized world, companies are required to expose services to the internet so their services can be accessed by customers, vendors, and remote employees. These services include VPN servers, SaaS applications developed by the company, databases, and shared storage units. However, there are some common cases when having an asset exposed to the internet can be extremely risky, for example:âWhen a company unintentionally exposes an asset due to misconfiguration.When a malicious third party obtains compromised credentials of a legitimate third party and accesses an exposed asset.  âTo limit unnecessary internet exposure, companies should employ the following possible mitigations:âUse Multi-Factor Authentication (MFA) for any services or assets that require a connection so that compromised credentials on their own will not be enough to breach an exposed asset.Limit access to the asset to only specific accounts, domains, and/or IP ranges.Segment the internal company network and isolate critical areas so that even if a network is breached through access to an external asset, attackers will not be able to use that access to reach wider or more sensitive areas of the company network. âSummaryâThe following are the main findings from the collected data:âThe Services industry is by far the most exposed to attackers. Companies from that industry have the highest percentage of compromised credentials (74%). However, they have a relatively low amount of internet-exposed assets per company (34%). However, given that an average cyber loss in this industry has been shown to be about $45M, this is highly concerning (6). The Services industry (SIC Division I) is followed by Division E (Transportation, Communications, Electric, Gas, and Sanitary Services, with an average loss of around $58M), which is followed by Division D (Manufacturing, with an average loss of around $25M). The revenue range for companies with the highest number of compromised credentials is $1M-$10M, followed by $10M-$50M. A similar trend is also observed when evaluating company size by the number of employees. Indeed, companies with fewer employees have a higher share of compromised credentials. On average, the larger the company (both in terms of revenue and number of employees (7)), the greater the number of internet-exposed assets.There is a correlation between the industries and revenue ranges of companies targeted by ransomware and those with the highest share of compromised credentials.   âMethodologyâThe data for this research was collected as follows:âData regarding compromised credentials was first collected from Hudson Rock, a provider of various cybercrime data. Data was collected for the previous six months, beginning March 2023. This data | Ransomware Threat Studies Prediction Cloud | APT 39 APT 39 APT 17 | ★★★ |
 |
2023-10-26 13:08:32 | Expediting the investigation of widespread Trojan infections with Darktrace (lien direct) | Darktrace helps security operations centre (SOC) teams become more efficient by drastically cutting down the time needed to investigate incidents.
Darktrace helps security operations centre (SOC) teams become more efficient by drastically cutting down the time needed to investigate incidents. |
APT 39 | ★★ | |
 |
2022-09-09 16:48:02 | US Sanctions Iran Over APT Cyberattack Activity (lien direct) | The Treasury Department links the MuddyWater APT and APT39 to Iran's intelligence apparatus, which is now blocked from doing business with US entities. | Prediction | APT 39 | |
 |
2021-10-12 17:41:00 | Anomali Cyber Watch: Aerospace and Telecoms Targeted by Iranian MalKamak Group, Cozy Bear Refocuses on Cyberespionage, Wicked Panda is Traced by Malleable C2 Profiles, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Ransomware, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report
(published: October 7, 2021)
Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%).
Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions.
MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110
Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran
Ransomware in the CIS
(published: October 7, 2021)
Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto |
Ransomware Malware Tool Threat Guideline Prediction | APT 41 APT 41 APT 39 APT 29 APT 29 APT 28 | |
 |
2021-05-10 06:00:29 | Ep. 145 – Baking a Human Behavior Cake with Jack Schafer (lien direct) | In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD. Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI’s National Security Division’s Behavioral Analysis Program. May 10, 2021 Download Ep. 145 […] | Prediction | APT 39 | |
 |
2020-09-17 23:41:21 | US sanctions Iranian government front company hiding major hacking operations (lien direct) | US says the Iranian government used the "Rana Intelligence Computing Company" as a front for the APT39 hacking group. | Prediction | APT 39 | |
|
2020-09-17 17:10:00 | Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data (lien direct) | Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign. | Malware Prediction | APT 39 | |
 |
2020-07-24 13:00:18 | Check Point CloudGuard Connect Protects Microsoft Azure Branch Office Internet Connections from Cyber Attacks (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprises are moving their applications, workloads and services out of the data center into the cloud. As enterprises become more distributed, organizations need flexible solutions that deliver secure and predictable application performance across a global footprint. Companies need to securely connect their branch offices to the… | Prediction | APT 39 | |
|
2020-07-17 10:00:58 | Check Point IoT Protect Uses Automation and Threat Intelligence to Prevent the most advanced IoT cyber-attacks (lien direct) | Integrated solution prevents attacks at both IoT network and device level, even on unpatchable devices: protects critical infrastructure, industrial, healthcare, smart city and smart building environments By Russ Schafer, Head of Product Marketing, Security Platforms It is estimated that over 41 billion IoT devices will be connected in the next few years. Given 127 new… | Threat Prediction | APT 39 | |
 |
2020-05-21 11:49:49 | Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia (lien direct) | Cybersecurity researchers uncovered an Iranian cyber espionage campaign conducted by Chafer APT and aimed at critical infrastructures in Kuwait and Saudi Arabia. Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer […] | Prediction | APT 39 | |
 |
2020-05-21 01:11:42 | Iranian APT Group Targets Governments in Kuwait and Saudi Arabia (lien direct) | Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal |
Threat Prediction | APT 39 | |
|
2020-05-20 13:00:40 | Check Point and Citrix: Securing the SD-WAN Edge with Multi-layered Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms The coronavirus has challenged enterprises to quickly enable their employees to work productively from home. Enterprises are turning away from traditional WAN architectures and adopting SD-WAN to provide better support for cloud SaaS applications. SD-WAN enables users to connect through their local Internet providers instead of… | Prediction | APT 39 | |
|
2019-12-06 13:00:09 | Protect Your Network Edge with VMware SD-WAN and Check Point Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published December 6th, 2019 As enterprise branch offices expand their use of cloud applications, they are adopting software defined wide area networking (SD-WAN) to improve application performance by intelligently routing traffic directly to the Internet without passing it through the data center. Connecting branch offices directly… | Prediction | APT 39 | |
|
2019-11-05 19:13:49 | Check Point Protects Branch Office Microsoft Azure Internet Connections and SaaS Applications from Cyber Attacks (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published November 5, 2019 Enterprises are moving their applications, workloads and services out of the data center into the cloud. As enterprises become more distributed, organizations need flexible solutions that deliver secure and predictable application performance across a global footprint. Companies need to securely connect their… | Prediction | APT 39 | |
|
2019-10-01 15:00:44 | Check Point and VMware Partner to Secure Branch Office SD-WAN Connections to the Cloud (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms As more applications move from the datacenter to the cloud, enterprise users rely on these applications to do their daily jobs. These SaaS applications range from productivity software like Office 365 to virtual meeting and collaboration tools like Zoom and Slack. Applications that include voice and… | Prediction | APT 39 | |
|
2019-09-05 13:00:43 | (Déjà vu) Check Point, VMware and Silver Peak Transform Branch Office SD-WAN with Cloud Security Services (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Prediction | APT 39 | |
|
2019-09-05 13:00:04 | Transforming Branch Security with Top-Rated Threat Prevention Cloud Services Integrated with VMware and Silver Peak SD-WAN (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Threat Prediction | APT 39 | |
 |
2019-04-12 13:00:00 | Things I hearted this week 12th April 2019 (lien direct) |
Hello again to another weekly security roundup. This week, I have a slightly different spin on the roundup in that the net has been slightly widened to include broader technology topics from more than just this last week. However, all of the articles were written by ladies. With that, let’s dive straight in.
A beginner's guide to test automation
If you’re new to automated testing, you’re probably starting off with a lot of questions: How do I know which tests to automate? Why is automated testing useful for me and my team? How do I choose a tool or framework? The options for automated testing are wide open, and you may feel overwhelmed.
If so, this is a great article on how to get started.
A Beginner's Guide to Test Automation | Sticky Minds
.jpg)
All roads lead to exploratory testing
When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy.
All roads lead to exploratory testing | Womentesters
While on the topic of testing
Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan
Single-page, server-side, static… say what?
An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps.
If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA).
But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website?
Single-Page, Server-Side, Static… say what? | Marie Chatfield
If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to.
Strengthen your security posture: start with a cybersecurity framework
The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million.
Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months.
It is mor |
Guideline Prediction | Equifax APT 39 | |
|
2019-04-11 13:00:03 | Protect Your Business by Managing Network Security from the Palm of Your Hand (lien direct) | by Russ Schafer, Head of Product Marketing, Security Platforms, published April 11th 2019 Next generation cyber security attacks can happen at any time to any size business, so you need to be prepared to react immediately. Based on the 2018 Verizon Data Breach report, 58% of security breach victims are categorized as small… | Data Breach Prediction | APT 39 | |
|
2019-03-05 21:23:03 | Iran-Linked Chafer APT recently used python-based backdoor (lien direct) | The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […] | Malware Prediction | APT 39 | |
 |
2019-03-05 15:30:05 | Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (lien direct) | The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity, Palo Alto Networks reveals. | Threat Prediction | APT 39 | |
 |
2019-02-01 19:35:02 | Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware (lien direct) | The Remexi spyware has been improved and retooled. | Malware | APT 39 | |
|
2019-01-30 08:58:00 | Iran-Linked APT39 group use off-the-shelf tools to steal data (lien direct) | An Iran-linked cyber-espionage group tracked as APT39 is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The APT39 cyberespionage group is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The group has been active at least since November 2014, its operations are aligned […] | Prediction | APT 39 | |
 |
2019-01-29 11:00:00 | APT39: Un groupe de cyber-espionnage iranien s'est concentré sur les informations personnelles APT39: An Iranian Cyber Espionage Group Focused on Personal Information (lien direct) |
Mise à jour (30 janvier): La figure 1 a été mise à jour pour refléter plus précisément le ciblage APT39.Plus précisément, l'Australie, la Norvège et la Corée du Sud ont été supprimées.
En décembre 2018, Fireeye a identifié l'APT39 comme un groupe de cyber-espionnage iranien responsable du vol généralisé d'informations personnelles.Nous avons suivi l'activité liée à ce groupe depuis novembre 2014 afin de protéger les organisations de l'activité APT39 à ce jour.APT39 \\ est l'accent mis sur le vol répandu d'informations personnelles le distingue des autres groupes iraniens Fireeye, qui ont été liés à opérations d'influence , perturbateurs
UPDATE (Jan. 30): Figure 1 has been updated to more accurately reflect APT39 targeting. Specifically, Australia, Norway and South Korea have been removed. In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39\'s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive |
APT33 APT 39 APT 39 APT 33 | ★★★★ | |
 |
2018-03-08 21:11:01 | Chafer : un groupe de cyber attaquants basé en Iran (lien direct) | Un groupe de pirates informatiques, baptisé Chafer s’attaquerait aux entreprises du monde entier. Des amateurs du blackmarket... L'article Chafer : un groupe de cyber attaquants basé en Iran est apparu en premier sur Data Security Breach. | Prediction | APT 39 | |
|
2018-03-01 19:06:00 | Iran-Linked Chafer Group Expands Toolset, Targets List (lien direct) | The Iran-based targeted attack group known as "Chafer" has been expanding its target list in the Middle East and beyond and adding new tools to its cyberweapon arsenal, Symantec warns. | Prediction | APT 39 | |
 |
2018-03-01 15:32:02 | Iran Taps Chafer APT Group amid Civil Aviation Crisis (lien direct) | Iran’s Chafer hacking group is targeting aviation repair and maintenance firms in an apparent effort to obtain information needed to shore up the safety of that country’s fleet of domestic aircraft, according to research by the firm Symantec. When an Aseman Airlines flight crashed in bad weather in a mountainous region of southern Iran...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/529622610/0/thesecurityledger -->» | Prediction | APT 39 |
1
We have: 27 articles.
We have: 27 articles.
To see everything:
Our RSS (filtrered)
