What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
DarkReading.png 2023-11-22 19:52:00 Les obus Web acquièrent une sophistication pour la furtivité, la persistance
Web Shells Gain Sophistication for Stealth, Persistence
(lien direct)
Un outil de post-exploitation préféré continue de gagner une sophistication, avec un exemple récent ajoutant des pages de connexion déguisées, du vol d'identification et de la collecte d'informations via des services tels que Virustotal.
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
Tool ★★★
TechWorm.webp 2023-11-22 18:26:04 Tout ce que vous devez savoir sur le cryptage
Everything You Need to Know About Encryption
(lien direct)
Data in any shape or form has been one of the most valuable assets ever since the dawn of human beings.  In good hands, data can drastically enhance the development of a nation. While in the wrong hands, data can end up being disastrous for a nation. Consequently, humans have relied upon Encryption for centuries to prevent valuable data from being stolen, changed, or compromised. While the methods of encrypting data have come a long way, the core purpose of Encryption has more or less remained the same. Utilizing Encryption, data (plaintext) is scrambled into a secret code (ciphertext), and it can only be unlocked and accessed by authorized parties.  In this article, we have shared everything you need to know about Encryption. Encryption: Where Did It All Begin You will be surprised to know that Encryption existed during the ancient and medieval periods.  As revealed by ExpressVPN, the Spartans in the 7th century developed a tool, namely, Scytale, that helped them encode a message. Scytale was a wooden rod with parchment wrapped around it.  During the preparation phase, the sender wrote and encoded the message while the parchment was on the rod. Scytale When the receiver took off the parchment, the words would automatically get jumbled. So, to decode it, the receiver wrapped the parchment around a rod with the same diameter. Encryption witnessed massive developments during the Two World Wars. During the Second World War, Germans developed one of the most feature-packed and reliable encryption tools, The Enigma Machine. The Enigma Machine used rotor mechanics that scrambled the 26 letters of the alphabet and converted the actual message into a complex puzzle. During the early- to mid-20th century, The Enigma Machine was considered super secure, and it was used to encode the most top-secret messages. Tool ★★
The_Hackers_News.png 2023-11-22 16:38:00 Les solutions AI sont la nouvelle ombre IT
AI Solutions Are the New Shadow IT
(lien direct)
Les employés ambitieux vantent de nouveaux outils d'IA, ignorent les risques de sécurité SaaS sérieux comme le SaaS l'ombre du passé, l'IA place les CISO et les équipes de cybersécurité dans un endroit dur mais familier. Les employés utilisent secrètement l'IA avec peu de considération pour les procédures de révision informatique et de cybersécurité établies.Considérant que la fulguration de Chatgpt \\ est de 100 millions d'utilisateurs dans les 60 jours suivant le lancement, en particulier avec peu
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT\'s meteoric rise to 100 million users within 60 days of launch, especially with little
Tool Cloud ★★★
Intigriti.webp 2023-11-22 11:30:00 BUG BYTES # 217 & # 8211;Comment soumettre des vulnérabilités, rédiger un excellent article et 2 ans de prime de bogue
Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
(lien direct)
> Bug Bytes est une newsletter hebdomadaire organisée par les membres de la communauté Bug Bounty.La deuxième série est organisée par InsiderPhd.Chaque semaine, elle nous tient à jour avec une liste complète des articles, des outils, des tutoriels et des ressources.Ce numéro couvre les semaines du 6 novembre au 19 novembre Intigriti News de mon cahier
>Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from November 6th to November 19th Intigriti News From my notebook
Tool Vulnerability ★★
AlienVault.png 2023-11-22 11:00:00 Cyber Fête de Thanksgiving: sauvegarde contre les escroqueries saisonnières
Thanksgiving Cyber feast: Safeguarding against seasonal scams
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  As the Thanksgiving season rapidly approaches, many look forward to the warmth of family gatherings, the aroma of roasted turkey, and the joy of gratitude. Yet, just as we prepare our homes and hearts for this festive season, cybercriminals are gearing up to unleash a different kind of feast—a cyber feast—rife with sophisticated scams targeting unsuspecting individuals and businesses alike.  This article will take a closer look at various Thanksgiving-themed cyber threats, illuminating the nature and impact of devious digital deceptions while unpacking the methodologies these digital bad actors try to use. But fear not, because we’ll also offer some key strategies to help you secure and fortify your digital domains throughout the holidays. The rise of seasonal cyber threats As November and the holiday season roll around, a surge in online activity sweeps across the United States, both good and bad. Thanksgiving not only signifies a time of family gatherings and festive meals but also marks the beginning of the holiday shopping season, especially with Black Friday and Cyber Monday right around the corner—in response to this, cybercriminals see a ripe opportunity to scam.  According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in.  However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds.  Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand Malware Tool Vulnerability Threat ★★
Korben.png 2023-11-22 09:21:21 LM Studio – Pour faire tourner des LLMs en local et les utiliser directement dans votre code (lien direct) Face aux évolutions d'OpenAI, l'auteur explore des alternatives pour intégrer une IA similaire à ChatGPT dans ses scripts sans trop de modifications. Il teste OpenChat et d'autres outils comme llamacpp et Ollama, mais rencontre des problèmes techniques. LM Studio est présenté comme une solution prometteuse qui permet de faire fonctionner des modèles de langage en local et de les intégrer facilement via une API, bien que certains réglages soient encore nécessaires. Tool ★★★
RiskIQ.png 2023-11-21 21:19:53 Agent Tesla: le format d'archive ZPAQ inhabituel fournit des logiciels malveillants
Agent Tesla: Unusual ZPAQ Archive Format Delivers Malware
(lien direct)
#### Description Une nouvelle variante de l'agent Tesla a été découverte qui utilise l'extension de fichier archive ZPAQ et .wav pour infecter les systèmes et voler des informations à environ 40 navigateurs Web et divers clients de messagerie.ZPAQ est un format de compression de fichiers qui offre un meilleur rapport de compression et une fonction de journalisation par rapport à des formats largement utilisés comme ZIP et RAR.Cependant, le ZPAQ a un support logiciel limité, ce qui rend difficile le travail, en particulier pour les utilisateurs sans expertise technique.Le fichier exécutable .NET est gonflé avec zéro octets, ce qui permet aux acteurs de menace de contourner les mesures de sécurité traditionnelles et d'augmenter l'efficacité de leur attaque. L'utilisation du format de compression ZPAQ soulève plus de questions que de réponses.Les hypothèses ici sont que les acteurs de la menace ciblent un groupe spécifique de personnes qui ont des connaissances techniques ou utilisent des outils d'archives moins connus, ou ils testent d'autres techniques pour diffuser plus rapidement les logiciels malveillants et contourner les logiciels de sécurité. Le malware utilise Telegram en tant que C&C en raison de son utilisation juridique généralisée et du fait que son trafic est souvent autorisé à travers des pare-feu, ce qui en fait un support utile pour une communication secrète.Comme tout autre voleur, l'agent Tesla peut nuire non seulement aux particuliers mais aussi aux organisations.Il a gagné en popularité parmi les cybercriminels pour de nombreuses raisons, notamment la facilité d'utilisation, la polyvalence et l'abordabilité sur le Dark Web. #### URL de référence (s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-Tesla-zpaq #### Date de publication 20 novembre 2023 #### Auteurs) Anna Lvova
#### Description A new variant of Agent Tesla has been discovered that uses the ZPAQ archive and .wav file extension to infect systems and steal information from approximately 40 web browsers and various email clients. ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR. However, ZPAQ has limited software support, making it difficult to work with, especially for users without technical expertise. The .NET executable file is bloated with zero bytes, which allows threat actors to bypass traditional security measures and increase the effectiveness of their attack. The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software. The malware uses Telegram as a C&C due to its widespread legal usage and the fact that its traffic is often allowed through firewalls, making it a useful medium for covert communication. Like any other stealer, Agent Tesla can harm not only private individuals but also organizations. It has gained popularity among cybercriminals for many reasons including ease of use, versatility, and affordability on the Dark Web. #### Reference URL(s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq #### Publication Date November 20, 2023 #### Author(s) Anna Lvova
Malware Tool Threat Technical ★★★
globalsecuritymag.png 2023-11-21 15:32:19 Guardz a présenté son centre de croissance pour les fournisseurs de services gérés
Guardz introduced its Growth Hub for Managed Service Providers
(lien direct)
Guardz lance Growth Hub pour autonomiser les MSP avec le soutien des ventes de cybersécurité, les rapports de retour sur investissement et les outils de prospection La dernière offre de Cybersecurity Company \\ permet aux MSP de mieux protéger et servir les clients des PME existants et favoriser la conversion de nouvelles entreprises - revues de produits
Guardz Launches Growth Hub to Empower MSPs with Cybersecurity Sales Support, ROI Reports, and Prospecting Tools The cybersecurity company\'s latest offering enables MSPs to better protect and serve existing SME customers and foster new business conversion - Product Reviews
Tool ★★
Blog.png 2023-11-21 12:48:00 Top 5 des meilleures applications clients télégrammes pour Android
Top 5 Best Telegram Client Apps for Android
(lien direct)
> Par owais sultan Classé et décrit les fonctionnalités des 5 meilleures applications clients télégrammes pour Android.Telegram Messenger est & # 8230; Ceci est un article de HackRead.com Lire la publication originale: Top 5 des meilleures applications client télégrammes pour Android
>By Owais Sultan Ranked and described the functionality of the top 5 best Telegram client applications for Android. Telegram messenger is… This is a post from HackRead.com Read the original post: Top 5 Best Telegram Client Apps for Android
Tool Android ★★★
AlienVault.png 2023-11-21 11:00:00 7 Questions incontournables pour les leaders sur la culture de la sécurité
7 must-ask questions for leaders on security culture
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  It\'s not uncommon in today\'s corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren\'t the ultimate solution. People are the weak spot. In fact, researchers from Stanford University revealed that roughly 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train Ransomware Tool Prediction ★★★
ProofPoint.png 2023-11-21 08:35:02 Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation
Preventing MFA Fatigue Attacks: Safeguarding Your Organization
(lien direct)
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account.  The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location.   MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category.  What are MFA fatigue attacks-and how do they work?  MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device.  Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence.   So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it.  Here\'s an overview of how an MFA attack works:  A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web.  The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.)  Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go.  3 examples of successful MFA fatigue attacks  To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor:  Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites.  Cisco. Cisco suffer Ransomware Data Breach Malware Tool Threat Technical ★★★
RiskIQ.png 2023-11-20 20:25:28 Une plongée profonde dans le ransomware de Phobos, récemment déployé par le groupe 8Base
A Deep Dive into Phobos Ransomware, Recently Deployed by 8Base Group
(lien direct)
#### Description Cisco Talos a récemment observé une augmentation de l'activité menée par 8Base, un groupe de ransomwares qui utilise une variante des ransomwares Phobos et d'autres outils accessibles au public pour faciliter leurs opérations. La plupart des variantes Phobos du groupe \\ sont distribuées par SmokeLoader, un cheval de Troie de porte dérobée.Ce chargeur de marchandises baisse ou télécharge généralement des charges utiles supplémentaires lors du déploiement.Dans les campagnes 8Base, cependant, il a le composant Ransomware intégré à ses charges utiles cryptées, qui est ensuite déchiffrée et chargée dans la mémoire du processus smokeloader \\ '. ####URL de référence (s) 1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. https://blog.talosintelligence.com/Understanding-the-phobos-affiliate-structure/ #### Date de publication 17 novembre 2023 #### Auteurs) Guilherme Veree
#### Description Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader process\' memory. #### Reference URL(s) 1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/ #### Publication Date November 17, 2023 #### Author(s) Guilherme Venere
Ransomware Tool ★★★
Chercheur.png 2023-11-20 11:57:37 Utilisation de l'IA génératrice pour la surveillance
Using Generative AI for Surveillance
(lien direct)
L'IA générative sera un outil puissant pour l'analyse et la résumé des données.Ici & # 8217; est un Exemple Il est utilisé pour l'analyse des sentiments.Je suppose que ce n'est pas encore très bon, mais qu'il ira mieux.
Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.
Tool ★★★
AlienVault.png 2023-11-20 11:00:00 Comment effectuer la criminalistique numérique de base sur un ordinateur Windows
How to perform basic digital forensics on a Windows computer
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Digital forensics is a critical field in the investigation of cybercrimes, data breaches, and other digital incidents. As our reliance on computers continues to grow, the need for skilled digital forensics professionals is more crucial than ever. In this guide, we will explore the basics of performing digital forensics on a Windows computer, including key steps, tools, and techniques. The digital forensics process Performing digital forensics on a Windows computer involves a structured process to ensure the integrity and admissibility of evidence. The process typically includes the following steps: Identification: The first step is to identify the target computer or storage device that needs to be investigated. This could be a desktop computer, laptop, external hard drive, or even a cloud storage account. Collection: Once identified, digital evidence is collected in a forensically sound manner. This often involves creating a bit-for-bit copy (image) of the storage device to ensure that the original data remains intact. Preservation: To maintain the integrity of the evidence, the collected data is preserved in a secure environment. This includes ensuring that the evidence remains unaltered during storage. Analysis: Forensic analysts examine the collected data to extract relevant information. This step includes examining files, system logs, and other digital artifacts for evidence. Documentation: Detailed documentation is essential throughout the process. It includes the chain of custody, actions taken, and the tools and techniques used. Reporting: A detailed forensic report is generated, summarizing the findings and the methodology used. This report may be used as evidence in legal proceedings. Basic digital forensics tools for Windows To perform digital forensics on a Windows computer, you\'ll need a set of specialized tools. Here are some of the basic tools that can aid in the process: Forensic imaging tools: FTK Imager: A user-friendly tool that allows you to create disk images and analyze them. dc3dd: A command-line tool for creating disk images. WinHex: A versatile hex editor and disk editor that can be used for forensic analysis. File Analysis Tools: Autopsy: An open-source digital forensic platform that provides various modules for file analysis, keyword search, and registry analysis. Encase: A commercial digital forensics tool that offers extensive file analysis capabilities. Memory Analysis Tools: Volatility: A popular tool for analyzing memory dumps to identify suspicious processes, network connections, and more. Rekall: An open-source memory analysis framework that is compatible with Windows memory dumps. Registry Analysis Tools: Registry Explorer: A tool for viewing and analyzing Windows registry hives. RegRipper: A command-line tool for parsing Windows registry hives and extracting useful information. Network Analysis Tools: Wireshark: A powerful network protocol analyzer that allows you to capture and analyze network traffic. NetworkMiner: A tool for network forensics that can extract files, emails, and other artifacts from captured network traffic. We have covered FTK, Tool Cloud Commercial ★★★
CyberWarzone.jpg 2023-11-19 20:36:10 Quelle est l'extension McRypt en PHP et pourquoi a-t-elle été obsolète?
What Is the Mcrypt Extension in PHP and Why Was It Deprecated?
(lien direct)
Comprenant le rôle de McRypt dans le développement de PHP dans le domaine du développement de PHP, l'extension McRypt était autrefois un outil crucial pour les données [Plus ...]
Understanding the Role of Mcrypt in PHP Development In the realm of PHP development, the mcrypt extension once stood as a crucial tool for data [more...]
Tool Threat ★★★
DarkReading.png 2023-11-17 14:00:00 Détection et réponse qui évolue: une approche à 4 volets
Detection & Response That Scales: A 4-Pronged Approach
(lien direct)
La construction d'une équipe de réponse aux incidents résilientes nécessite plus qu'une simple combinaison d'outils et de rotations sur appel.
Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.
Tool ★★★
RecordedFuture.png 2023-11-17 13:46:00 Remcos, encore une fois: les agences ukrainiennes ciblées dans une nouvelle campagne d'espionnage
Remcos, again: Ukrainian agencies targeted in a new spying campaign
(lien direct)
Un groupe de piratage qui cible l'Ukraine depuis un certain temps a lancé une nouvelle campagne sur les agences gouvernementales en utilisant un outil de surveillance familier - Remcos.Le logiciel sophistiqué d'accès à distance, commercialisé comme un outil administratif légitime, peut être abusé par des pirates pour prendre le contrôle total d'un système infecté.Dans une récente campagne, les pirates
A hacking group that has been targeting Ukraine for a while has launched a new campaign on government agencies using a familiar surveillance tool - Remcos. The sophisticated remote access software, marketed as a legitimate administrative tool, can be abused by hackers to gain full control over an infected system. In a recent campaign, hackers
Tool ★★
Checkpoint.png 2023-11-17 13:00:07 Décrypting Danger: Vérifier les recherches sur le point de plongée en profondeur dans les tactiques de cyber-espionnage par les attaquants d'origine russe ciblant les entités ukrainiennes
Decrypting Danger: Check Point Research deep-dive into cyber espionage tactics by Russian-origin attackers targeting Ukrainian entities
(lien direct)
> Faits saillants: Gamaredon, un joueur approprié distinct de l'espionnage russe, se distingue par ses campagnes à grande échelle ciblant principalement les entités ukrainiennes.Le ver USB, Litterdrifter, révèle un impact mondial avec des infections potentielles dans des pays comme les États-Unis, le Vietnam, le Chili, la Pologne, l'Allemagne et Hong Kong, s'étendant au-delà de ses cibles d'origine.Récemment déployé par Gamaredon, Litterdrifter est un ver rédigé par VBS conçu pour se propager à travers des disques USB, démontrant les tactiques évolutives du groupe dans le maintien d'une infrastructure flexible et volatile.Les principaux résultats sur Litterdrifter: Litterdrifter, le dernier outil de Gamaredon & # 8217; dans son cyber arsenal, est un ver écrit par VBS avec deux fonctionnalités.Ses principaux objectifs sont la propagation automatique sur [& # 8230;]
>Highlights: Gamaredon, a distinct APT player in Russian espionage, stands out for its large-scale campaigns primarily targeting Ukrainian entities. The USB worm, LitterDrifter, reveals a global impact with potential infections in countries like the USA, Vietnam, Chile, Poland, Germany, and Hong Kong, expanding beyond its original targets. Recently deployed by Gamaredon, LitterDrifter is a VBS-written worm designed to spread through USB drives, demonstrating the group’s evolving tactics in maintaining a flexible and volatile infrastructure. Key Findings on LitterDrifter: LitterDrifter, Gamaredon’s latest tool in its cyber arsenal, is a VBS-written worm with dual functionalities. Its primary objectives are automatic spreading over […]
Tool ★★
ProofPoint.png 2023-11-17 12:01:12 Démystifier l'IA et ML: six questions critiques à poser à votre fournisseur de cybersécurité
Demystifying AI and ML: Six Critical Questions to Ask Your Cybersecurity Vendor
(lien direct)
As cyber threats continue to evolve at an unprecedented pace, many organizations are turning to artificial intelligence (AI) and machine learning (ML) in hopes of keeping up.  While these advanced technologies hold immense promise, they\'re also more complex and far less efficient than traditional threat detection approaches. The tradeoff isn\'t always worth it.  And not all AI and ML processes are created equal. The models used, the size and quality of the data sets they\'re trained on-and whether an advanced computational process is suitable for the problem at hand-are all critical factors to consider when deciding how both AI and ML fit into your cybersecurity strategy.  In this blog post, we explore the vital questions you should ask your cybersecurity vendor about these technologies. We will also demystify their role in safeguarding your people, data and environment.  Note: Though often conflated, AL and ML are related but distinct concepts. For simplicity, we\'re using AI when discussing the broader technology category and ML to discuss narrower learning models used in AI.  Question 1: Why is AI suitable for this security problem?  You\'ve probably heard the old saying that when your only tool is a hammer, every problem looks like a nail. While AI has rightly generated enthusiasm in cybersecurity, it may not be the optimal approach to every task.  On one hand, the technologies can help analyze large amounts of data and find anomalies, trends and behaviors that indicate potential attacks. And the technologies can automate response and mitigation of security incidents.   But depending on the size and complexity of the learning model, they can also be computationally intensive (read: expensive) to maintain. And worse, execution time can be much longer than less complex approaches such as rules and signatures.  On the other hand, rules and signatures are static, so they don\'t automatically evolve to detect new threats. But they\'re also fast, easy on computing resources and highly effective for certain aspects of threat detection. Other signals, such as email sender reputation and IP addresses, can also be as effective as AI for many detections-and in most cases are faster and much more cost-effective.  Getting AI right starts with understanding what cybersecurity tasks they\'re best suited to and applying them to the right problems. In the same vein, how the technology is applied matters.   In cybersecurity, every second counts. Making decisions in real time and blocking malicious content before it can be delivered is today\'s key challenge. If the processing time of the vendor\'s AI means the technology is relegated solely to post-delivery inspection and remediation, that\'s a major drawback.   Question 2: Where do you get your training data?  The performance of ML models hinges on the source and quality of their data. That\'s because AI models learn from examples and patterns, not rules. And that requires a large amount of data. The more data, and the higher the quality of that data, the better the model can learn and generalize to new conditions.  Like any ML model, those used in cybersecurity need a wide-ranging, diverse data set that accurately reflects the real world. Or more precisely, the data used to train your vendor\'s AI model should reflect your world-the threats targeting your organization and users.  Finding data for general-purpose AI applications is easy. It\'s all over the internet. But threat data-especially data well-suited for the type of ML model the vendor intends to use- is scarcer. Gaining malware samples is a lot harder than acquiring data used in applications such as image and natural language processing.   First, not much attack data is publicly available. Most security vendors hold on tightly to the threat data they collect, and for good reason. Beyond the obvious competitive advantages it offers, threat data is sensitive and comes with a bevy of privacy concerns. As a result, few cybersecurity vendors have a dataset large enough to trai Malware Tool Vulnerability Threat ★★
AlienVault.png 2023-11-17 11:00:00 Procurations gratuites et dangers cachés
Free proxies and the hidden dangers
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Data privacy continues to be a growing concern for all internet users. While the internet gives us so much more freedom and access to information we might not have otherwise, online privacy continues to be a significant risk. It’s not just cybercriminals that invade your privacy, but businesses as well. Data has become more valuable than ever, and companies will do whatever they can to collect your information. Proxies have been a popular option for protecting your online privacy. Now, these proxies offer even more benefits and specific use cases. You might even be looking into getting one and considering a free proxy. In this article, we’ll look at free proxies and why they can be a bigger danger than you might realize. We’ll also examine why residential proxies from a reliable provider like Smartproxy are better if security and privacy are your goals. Keep reading to discover how free proxies work and the dangers they pose. What is a proxy? A proxy is an intermediary server that accepts and forwards all your requests to the web server. This means that instead of connecting directly to the internet, you first connect to the proxy server. You might be wondering why using an intermediary server like a proxy is effective. Usually, it’s better to cut out the middleman, right? In this case, by connecting to the proxy first, your personal information, such as your IP and other associated data, is replaced by a new IP. This completely hides your information from the websites you visit. By changing your IP address through a proxy, websites or apps cannot track you, and your data is more secure. However, that’s not all a proxy does. What can you use a proxy for? By now, we know that proxies are great tools when it comes to online security and privacy. By hiding your real IP, the websites that you visit won’t be able to collect the data associated with your IP. This usually includes your name, location, ISP, devices, operating system, and more. Residential proxies, in particular, are great for anonymity because they use the IPs from real devices. As such, they don’t look like proxies and are much less likely to be detected as such. However, proxies can be used for many other ways aside from security and privacy. Another use is managing multiple social media accounts. Social media platforms are quick to issue IP bans if they find the same IP address creating multiple accounts. Account limits are usually only a handful per IP address, and the moment you create too many, you might receive an IP ban. This is frustrating if you’re a digital marketer who creates and manages accounts for clients. However, by using a proxy, you can change the IP that creates the accounts and avoid IP bans. Another use of proxies is related to automation. This can affect a wide range of automated tools, from sneaker bots to data scrapers and even social media automation. Many websites and social media platforms block automation tools as part of their anti-bot protection. However, by linking residential proxies to these tools, you can make them appear like natural users and bypass these limitations. However, to be successful, you’ll need to use residential proxies with a real IP. Finally, proxies can also help improve your connection speed and stabilize it. This is because you’re routing all your traffic through larger servers instead of your own device. These servers are much more capa Malware Tool Vulnerability Threat ★★
RecordedFuture.png 2023-11-16 21:32:00 Coutums et protection des frontières acquises \\ 'Énorme quantité de puissance de surveillance \\'
Customs and Border Protection acquired \\'huge amount of surveillance power\\'
(lien direct)
Un contrat signé l'année dernière par les douanes et la patrouille frontalière des États-Unis (CBP) semble donner à l'agence le package le plus agressif et le plus vaste d'outils de surveillance qu'il ait jamais utilisés, selon un groupe de plaidoyer.L'accord avec le courtier de données LexisNexis Risk Solutions a fourni à CBP des capacités telles que la collecte de données de géolocalisation, la surveillance sociale
A contract signed last year by U.S. Customs and Border Patrol (CBP) appears to give the agency the most aggressive and expansive package of surveillance tools it has ever used, according to an advocacy group. The deal with the data broker LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social
Tool ★★
RecordedFuture.png 2023-11-16 17:30:00 Meridianlink confirme la cyberattaque après que le gang de ransomware prétend signaler la société à la SEC
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC
(lien direct)
La société de logiciels financiers Meridianlink a confirmé qu'elle faisait face à une cyberattaque après que les pirates derrière l'incident aient pris des mesures extraordinaires pour faire pression sur l'entreprise pour payer une rançon.Meridianlink, qui a déclaré plus de 76 millions de dollars de revenus au dernier trimestre, fournit des outils aux banques, aux coopératives de crédit, aux prêteurs hypothécaires et aux agences de rapports de consommation aux États-Unis
Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million in revenue last quarter, provides tools to banks, credit unions, mortgage lenders and consumer reporting agencies in the United
Ransomware Tool ★★
RecordedFuture.png 2023-11-16 17:00:00 Le comité de renseignement de la maison propose sa propre réécriture de pouvoirs de surveillance
House Intelligence panel proposes its own rewrite of surveillance powers
(lien direct)
Pour la deuxième fois en autant de semaines, un groupe de législateurs américains a dévoilé jeudi une législation pour renouveler un puissant outil d'espionnage avant une date limite critique et de fin d'année.Le comité du renseignement de la Chambre dirigée par les républicains a lancé une introduction aux réformes réautoriser l'article 702 du
For the second time in as many weeks, a group of U.S. lawmakers on Thursday unveiled legislation to renew a powerful spy tool before a critical, year-end deadline. The Republican-led House Intelligence Committee rolled out a primer on the reforms that will be proposed in a forthcoming bipartisan measure to reauthorize Section 702 of the
Tool Legislation ★★
silicon.fr.png 2023-11-16 16:28:21 Ignite 2023 : dans la " boîte à outils IA " de Microsoft (lien direct) La conférence Ignite 2023 offre une vitrine sur l'évolution de l'offre Azure AI sous l'angle " LLMOps ". En voici quelques marqueurs. Tool ★★
ProofPoint.png 2023-11-16 14:15:19 Informations exploitables: simplifier l'explication des menaces via le résumé de la condamnation
Actionable Insights: Simplifying Threat Explainability via the Condemnation Summary
(lien direct)
In this blog series we cover how to improve your company\'s security posture with actionable insights. Actionable insights are a critical tool to help you improve your security posture and stop initial compromise in the attack chain. You can use them to identify and respond to potential risks, enhance your incident response capabilities, and make more informed security decisions.   In previous actionable insights blog posts, we covered these topics:  People risk  Origin risk  Business email compromise (BEC) risk  Ensuring proper risk context  Risk efficacy  Telephone-oriented attack delivery (TOAD) risk  Threat intelligence  Your risk profile In this post, we are excited to announce the new TAP Condemnation Summary-which is available to all Proofpoint Targeted Attack Protection (TAP) customers who use the Proofpoint Aegis threat protection platform. We\'ll explain why it is an invaluable resource and we\'ll explore some of its key reports.   Threat explainability: Introducing the Condemnation Summary  In the ever-evolving cybersecurity landscape, clear communication and rapid understanding of email threats are essential. Proofpoint introduced the Condemnation Summary to enhance threat visibility and explain-in plain, everyday language-why a particular threat is condemned.   The summary makes it easier for both technical and nontechnical users to comprehend email threats. You can find the TAP Condemnation Summary in the Evidence section of the threat details page for any individual threat within your Aegis platform.  Let\'s explore how this new feature can help your business.  Insights: What you can learn from the Condemnation Summary  The Condemnation Summary helps demystify email threats and streamline the decision-making process for threat remediation. Here\'s what you can expect from this innovative feature.  User and VIP insights  The Condemnation Summary includes a highlights card that spotlights impacted users and VIPs. With drilldown options and actionable items, you can quickly determine who is affected. You can use these insights to understand the steps you need to take to mitigate the threat.    Details about affected users shown in the Condemnation Summary.  Threat state overview  This section of the summary breaks down the state of the threat or campaign, complete with timestamps. A chronological view provides you with a clear understanding of how the threat evolved, so you can assess its severity and impact.    The threat state overview section in the Condemnation Summary.  User-friendly descriptions  The Condemnation Summary offers high-level observations from our behavioral and machine learning detection layers. Threats are described in everyday language. So nontechnical users can better grasp the nature of a threat and its potential consequences.    High-level observations in plain language in the Condemnation Summary.  Source attribution  It\'s helpful to understand where a threat originated. Condemnation Sources gives you insight into which sources contributed to the detection and condemnation of the threat.     The Condemnation Sources section in the Condemnation Summary.  Targeted controls: Taking action  The Condemnation Summary isn\'t just a feature for visibility or explainability. It\'s a tool for action. Here\'s how to make the most of this new feature:  Mitigate threats faster. With user and VIP insights, you can respond promptly to threats that are impacting specific individuals. Take immediate actions to protect these users and mitigate risks.  Improve your communication about threats. The user-friendly descriptions in the Condemnation Summary make it easier to communicate threat details to nontechnical stakeholders. This, in turn, helps to foster better collaboration around security across your business.  See how threats evolve. When you have a timeline of a threat\'s progression, you can assess how a threat evolved and whether it is part of a broader campaign.  Track where threats come from. It is cruci Tool Threat Technical ★★★
AlienVault.png 2023-11-16 11:00:00 Histoires du SOC: étapes proactives pour protéger les clients contre le MFA mal configuré
Stories from the SOC: Proactive steps to protect customers from misconfigured MFA
(lien direct)
Résumé de l'exécutif Authentification multifactrice, ou MFA, offre aux utilisateurs une couche de sécurité ajoutée lors de la connexion aux applications Web.Dépassant son prédécesseur, l'authentification à deux facteurs, en 2023, le MFA est une option standard pour une autre couche de sécurité pour les comptes en ligne.. En mai 2022, la cybersécurité et l'ampli;Infrastructure Security Agency (CISA) a publié le conseil en sécurité aa22-074a & nbsp; décrire comment les configurations par défaut dans les applications MFA sont considérées comme une vulnérabilité.La tactique a été utilisée par les cyber-acteurs parrainés par l'État russe dès mai 2021 dans un compromis réussi d'une organisation américaine. Sur la base de ces directives de la CISA, les AT & amp; T cybersecurity a géré la détection gérée par la cybersecurity.et réponse (MDR) Centre d'opérations de sécurité (SOC) a analysé de manière proactive dans notre flotte de clients et a découvert un client qui utilisait la configuration par défaut, qui peut être exploitée.Les analystes de SOC ont contacté le client pour l'informer du risque et ont fourni des recommandations sur la façon de sécuriser leur réseau. Investigation Recherche d'événements Les analystes ont utilisé l'outil open-source, Elastic Stack, pour rechercher nos clients pour & ldquo; défaillance, & rdquo; qui est la configuration par défaut dans les applications MFA qui rend possible un accès non autorisé. ElasticStack Open Source & nbsp; & nbsp; Événement Deep-Dive La recherche a révélé un client avec son ensemble de candidatures MFA sur Rectendopen = 1, qui est le paramètre qui permet à un acteur malveillant de contourner l'authentification lorsqu'il est exploité.Le & ldquo; défaillance & rdquo;Le paramètre permet une tentative incorrecte de connexion, ce qui permettrait alors un accès sans entrave à un compte avec ce paramètre sur le réseau client. rackpen Revue pour des indicateurs supplémentaires De là, les analystes SOC ont pivoté pour rechercher l'environnement client pour toutes les informations qui identifieraient les actifs et les comptes des clients associés et qui indiqueraient une activité malveillante extérieure.Ils ont découvert que l'utilisateur responsable était répertorié comme administrateur dans l'environnement client. utilisateur responsable Source Asset Réponse Construire l'enquête Les analystes ont ouvert une enquête pour traiter la mauvaise configuration de l'application mobile MFA ainsi que pour confirmer si l'activité associée à l'utilisateur identifié a été autorisée.L'enquête comprenait une explication de la vulnérabilité ainsi qu'un résumé de l'activité de l'utilisateur impliqué sur les actifs identifiés au cours des 30 derniers jours. Analyse MFA Interaction client Les analystes ont créé une enquête à faible sévérité, ce qui, dans ce cas, signifiait qu'ils n'étaient pas tenus de contacter le client.(Nos clients MDR déterminent quand et comment le SOC communique avec eux.) Cependant, pour s'assurer que le problème a été résolu en temps opportun, les analystes ont également informé le groupe Hu Tool Vulnerability Threat ★★★
RiskIQ.png 2023-11-15 21:25:29 #Stopransomware: ransomware Rhysida
#StopRansomware: Rhysida Ransomware
(lien direct)
#### Description Les variants de ransomwares émergents de Rhysida, ont été principalement déployés contre les secteurs de l'éducation, des soins de santé, de la fabrication, des technologies de l'information et du gouvernement depuis mai 2023. Les acteurs de la menace tirent parti des ransomwares de Rhysida sont connus pour avoir un impact sur les «objectifs d'opportunité», y compris les victimes de l'éducation,Les secteurs de la santé, de la fabrication, des technologies de l'information et du gouvernement.Les rapports open source détaillent les similitudes entre l'activité de la vice Society (Dev-0832) et les acteurs ont observé le déploiement du ransomware de Rhysida.De plus, les rapports open source ont confirmé que les cas observés d'acteurs de Rhysida opérant dans une capacité de ransomware en tant que service (RAAS), où les outils de ransomware et l'infrastructure sont loués dans un modèle de renseignement.Toutes les rançons payées sont ensuite divisées entre le groupe et les affiliés. #### URL de référence (s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a #### Date de publication 15 novembre 2023 #### Auteurs) Cisa
#### Description Rhysida-an emerging ransomware variant-has predominately been deployed against the education, healthcare, manufacturing, information technology, and government sectors since May 2023. Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors. Open source reporting details similarities between Vice Society (DEV-0832) activity and the actors observed deploying Rhysida ransomware. Additionally, open source reporting has confirmed observed instances of Rhysida actors operating in a ransomware-as-a-service (RaaS) capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model. Any ransoms paid are then split between the group and the affiliates. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a #### Publication Date November 15, 2023 #### Author(s) CISA
Ransomware Tool Threat ★★
News.png 2023-11-15 16:32:26 Les manifestants de la ville de Cop ont tenté de planter des arbres.La police d'Atlanta les a battus pour cela.
Cop City Protesters Tried to Plant Trees. Atlanta Police Beat Them for It.
(lien direct)
> Les organisateurs ont juré de violence, mais les flics ont utilisé leurs outils de jardin comme excuse pour les attaquer de toute façon.
>Organizers swore off violence, but the cops used their garden tools as an excuse to attack them anyway.
Tool ★★
AlienVault.png 2023-11-15 11:00:00 Dans quelle mesure votre entreprise est-elle préparée pour une attaque en chaîne d'approvisionnement?
How prepared is your company for a supply chain attack?
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In a supply chain attack, hackers aim to breach a target\'s defenses by exploiting vulnerabilities in third-party companies. These attacks typically follow one of two paths. The first involves targeting a service provider or contractor, often a smaller entity with less robust security. The second path targets software developers, embedding malicious code into their products. This code, masquerading as a legitimate update, may later infiltrate the IT systems of customers. This article delves into specific instances of supply chain attacks, explores the inherent risks, examines common strategies employed by attackers, as well as effective defense mechanisms, and offers supply chain risk management tips. Understanding the scope and danger of supply chain cyberattacks In their assaults on supply chains, attackers are driven by various objectives, which can range from espionage and extortion to other malicious intents. These attacks are merely one of many strategies hackers use to infiltrate a victim\'s infrastructure. What makes supply chain attacks particularly dangerous is their unpredictability and extensive reach. Companies can find themselves compromised by mere misfortune. A case in point is the 2020 incident involving SolarWinds, a network management software firm. The company fell victim to a hack that resulted in extensive breaches across various government agencies and private corporations. Over 18,000 SolarWinds customers unknowingly installed malicious updates, which led to an undetected, widespread malware infiltration. Why do companies fall victim to supply chain attacks? Several factors contribute to the susceptibility of companies to supply chain attacks: Inadequate security measures A staggering 84% of businesses have high-risk vulnerabilities within their networks. For companies involved in software production and distribution, a supply chain attack represents a significant breach of security protocols. Reliance on unsafe components Many firms utilize components from third-party vendors and open-source software (OSS), seeking to cut costs and expedite product development. However, this practice can backfire by introducing severe vulnerabilities into a company\'s infrastructure. OSS platforms and repositories frequently contain security loopholes. Cybersecurity professionals have identified over 10,000 GitHub repositories susceptible to RepoJacking, a form of supply chain attack exploiting dependency hijacking. Furthermore, the layered nature of OSS, often integrating third-party components, creates a chain of transitive dependencies and potential security threats. Overconfidence in partners Not many companies conduct thorough security evaluations of their service providers, typically relying on superficial questionnaires or legal compliance checks. These measures fall short of providing an accurate picture of a partner\'s cybersecurity maturity. In most cases, real audits are an afterthought triggered by a security incident that has already taken place. Additional risk factors precipit Malware Hack Tool Vulnerability Threat ★★
CyberWarzone.jpg 2023-11-14 17:32:41 Installez Metasploit sur Kali Linux (fonctionne également pour Ubuntu 22.04)
Install Metasploit on Kali Linux (Also works for Ubuntu 22.04)
(lien direct)
Vous êtes-vous déjà demandé comment les professionnels de la cybersécurité et les pirates éthiques restent au courant de leur jeu?Ils utilisent des outils puissants, et un de ces outils est Metasploit.Ainsi, [plus...]
Ever wondered how cybersecurity professionals and ethical hackers stay on top of their game? They use powerful tools, and one such tool is Metasploit. So, [more...]
Tool ★★
AlienVault.png 2023-11-14 11:00:00 Quelles sont les clés pour conserver les meilleurs talents en cybersécurité?
What are the keys to retaining top talent in cybersecurity?
(lien direct)
This is part two of a two-part blog. See part one here. This is a continuation of my interview with Scott Scheppers, chief experience officer for AT&T Cybersecurity, on the cybersecurity talent shortage. Scheppers points out that organizations have to pay attention to compensation when it comes to talent retention. “Good pay - don’t discount that. You need to be competitive and compensate people well, but that’s not the only thing that matters.” To expand on this, he points to other key factors that help retain good workers. “Having said that, it’s not just about the pay. People really care about the culture and work environment. There’s often a lot of pressure in the cybersecurity world, but if people enjoy working with their peers and feel supported, they are much more likely to stick around. Cutthroat cultures with ‘zero sum’ mentalities can only go so far. A culture of teamwork is very important.” Scheppers continues, “Everything starts with leadership. As a leader, you must be able to set an example. You can’t just promise things- you must deliver as well.” Alongside a supportive and consistent culture, Scheppers emphasizes the importance of providing workers with a path for growth, “If you don’t have an internal path of growth for people, they’re eventually going to go elsewhere. As a leader, you need to take the time to understand where people want to go and help them get there. Of course, you can’t retain everyone. Sometimes you may not have the job opening someone is looking for, but that is okay. Growth for anyone often means seeing and doing different things in different companies or organizations.” According to Scheppers, the key to building a strong team in cyber is not different than in other industries. Leaders need to focus on the career aspirations of their people and finding a path to help them achieve their goals. “Give your team the tools and training needed to excel at the job—and then hold them accountable! No one understands the dynamics of a team better than the team itself. Sometimes the leader, especially those higher in the chain of command, don’t understand all the group dynamics at play. But, if you as a leader have someone that’s not pulling their weight and holding everyone back, know that other team members will see it and it will pull the team down. When people on the team understand that they must keep to a certain standard, it propels them. They know that they will be recognized for good and bad work. This is one key aspect of a strong culture.” How can we increase diversity in the field? According to the 2021 Aspen Digital Tech Policy report, only 9% of cybersecurity professionals were black, 9% were Asian, and 4% were Hispanic. CREST, the global not-for-profit membership body that ‘helps represent the global cyber security industry’, commented that inclusion and diversity need to be a priority in 2023.  “Diversity is very important but note that it goes deeper than just race or gender,” Scheppers begins. “You can find two white males, one from a farm in Alabama and one from the big city of Seattle. Both people can bring unique experiences and different viewpoints to the table. But if I looked around the room and saw that everyone on my team was a white male, I might start to ask what’s going on. Of course, race and gender can play a large part of your worl Tool Conference ★★★
globalsecuritymag.png 2023-11-14 09:04:35 Rapport HP Wolf Security : les " Meal Kits ", une menace sérieuse pour les entreprises (lien direct) Rapport HP Wolf Security : les " Meal Kits ", une menace sérieuse pour les entreprises Ces kits de logiciels malveillants prêts-à-l'emploi permettent aux cybercriminels d'échapper aux outils de détection, leur permettant de pénétrer plus facilement dans les infrastructures des entreprises et de voler des données sensibles. - Investigations Tool ★★
kovrr.png 2023-11-14 00:00:00 Les évaluations de la cybersécurité et la fortification des défenses numériques avec CRQ évaluant les cyber-risques sont essentielles pour développer des plans d'action basés sur les données pour stimuler les défenses numériques.Découvrez quelle évaluation vous soutient le mieux pour atteindre les objectifs de cybersécurité.En savoir plus
Cybersecurity Assessments and Fortifying Digital Defenses With CRQ Assessing cyber risk is critical for developing data-driven action plans to boost digital defenses. Discover which assessment best supports you in reaching cybersecurity goals. Read More
(lien direct)
The Vital Role of Cyber Assessments and Fortifying Digital Defenses ‍As cyber attacks become more sophisticated and complex and regulatory bodies impose stricter cybersecurity requirements, organizations worldwide are facing mounting pressure to adopt security solutions. Understandably, many executives have reacted by implementing a multitude of security tools that supposedly complement one another and better protect organization systems.  ‍However, this strategy often falls short, preventing stakeholders from comprehensively understanding their unique cyber environments. Instead of developing an intimate knowledge of the business units most vulnerable to threats, organizations risk exposing their assets due to their adopt-as-many-tools-as-possible approach. ‍After all, providing effective protection against what remains relatively unknown is impossible.‍This widespread ignorance about the cyber environment is precisely why cyber assessments are so crucial. These evaluations offer a structured approach to identifying, analyzing, and mitigating digital vulnerabilities and provide organizations with a detailed blueprint of their most susceptible business units.‍Not All Assessments Are Created Equal ‍While all cyber assessments help businesses become more aware of their cyber risk levels, it’s essential to note that not all reveal the same insights. There are various types of assessments, each tailored to meet specific goals. Some analyze overall cybersecurity posture, while others dive deeper into specific areas, such as compliance and incident response planning. ‍Each of the available assessments offers organizations valuable data, security leaders can leverage to make informed decisions. Before choosing which IT environment evaluation to invest in, it’s important to discuss with key stakeholders and executives what you’d like to achieve with the new information you’ll discover. ‍Defining a Goal: Risk, Governance, or Compliance ‍A great place to start when determining organizational goals for the assessment is cybersecurity risk, governance, and compliance (GRC). Cyber GRC is a commonly used industry framework and set of practices that businesses of all sizes harness to manage and secure their information systems, data, and assets. Each of these components serves a specific purpose.  ‍Risk ‍A cyber risk assessment aims to identify the factors that make a company vulnerable, generate conclusions regarding the vectors most likely to be the origin of an attack (due to those vulnerabilities), and offer insights about the level of damage a cyber event would cause. ‍Companies can proactively address the relevant business units by revealing threat likelihood levels. This information also helps cyber teams determine which areas they want to devote the most resources to. It\'s important to note that both qualitative and quantitative risk assessments exist. ‍Governance ‍The role of cyber governance is to establish a framework of policies, procedures, and decision-making processes to ensure that cybersecurity efforts are embedded within the broader company culture and align with business goals. It likewise evaluates how well cyber strategies match overall objectives, offering cyber teams an opportunity to better coordinate with other executives and teams. ‍An assessment focused on governance also determines if cybersecurity responsibilities are appropriately distributed throughout the organization, such as whether employees are required to use multi-factor authentication (MFA). Other included evaluation points are training programs, incident reporting mechanisms, and event response planning, all of which directly impact an organization’s risk level. ‍Compliance ‍One would conduct a compliance assessment to ensure an organization Data Breach Tool Vulnerability Threat Technical ★★★
Blog.png 2023-11-13 23:18:17 Abrax666 malveillant AI Chatbot exposé comme arnaque potentielle
Malicious Abrax666 AI Chatbot Exposed as Potential Scam
(lien direct)
> Par waqas abrax666 L'AI Chatbot est vanté par son développeur comme une alternative malveillante à Chatgpt, affirmant qu'il est un outil multitâche parfait pour les activités éthiques et contraires à l'éthique. . Ceci est un article de HackRead.com Lire la publication originale: Abrax666 malveillant AI Chatbot exposé comme escroquerie potentielle
>By Waqas Abrax666 AI Chatbot is being boasted by its developer as a malicious alternative to ChatGPT, claiming it\'s a perfect multitasking tool for both ethical and unethical activities. This is a post from HackRead.com Read the original post: Malicious Abrax666 AI Chatbot Exposed as Potential Scam
Tool ★★
AlienVault.png 2023-11-13 11:00:00 Élimination solidement de l'ancienne électronique et des données: un guide médico-légal pour protéger vos informations
Securely disposing of old electronics and data: A forensic guide to protecting your information
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In our rapidly evolving digital landscape, the accumulation of old electronic devices is a common occurrence. Laptops, smartphones, external hard drives, and USB flash drives quickly become outdated and obsolete, yet they often contain a wealth of sensitive information. Safeguarding your personal and confidential data during the disposal process is of utmost importance. This article presents an in-depth guide on how to forensically dispose of old electronics and data, ensuring that your privacy and security are maintained at every step. Back up and transfer data Before you embark on the journey of disposing of an electronic device, it\'s essential to initiate a thorough backup process. This backup serves two crucial purposes: preserving valuable data and enabling its transfer to a new device or storage medium. Here\'s how to proceed: Identify valuable data: Start by identifying and categorizing the data that you want to preserve. This includes documents, photos, music, and any other information that holds personal or professional significance. Backup methods: Utilize a variety of backup methods to safeguard your data. These include external hard drives, cloud storage services, or network-attached storage (NAS) systems. Ensure that all data, including files stored in the cloud, is included in your backup. Wipe your data Once your data is securely backed up, the next step is to thoroughly wipe your electronic device to make any data unrecoverable by standard means. Depending on the type of device, follow these procedures: A. Use data-wiping software: Software options: Employ reputable data-wiping software such as DBAN (Darik\'s Boot and Nuke), Eraser, or CCleaner. Follow instructions: Carefully follow the instructions provided by the software to ensure your data is erased securely and unrecoverably. B. Factory reset: For mobile devices: Perform a factory reset on smartphones and tablets to erase all data and return the device to its original settings. Remember to remove any SIM cards or memory cards before initiating the reset. C. Securely erase hard drives: For computers and external hard drives: Use the Secure Erase feature for solid-state drives (SSDs) or employ the "shred" command on Linux systems for hard disk drives (HDDs). Physical destruction When dealing with devices that may still contain sensitive data or those that are too damaged or outdated to be wiped effectively, physical destruction is the most secure method to guarantee the protection of your data. Consider these approaches: a. Smash or shred: Utilize a hammer, drill, or engage a professional shredding service to physically destroy hard drives, SSDs, and other storage devices. Ensure that the platters or chips are shattered beyond recovery. b. Degaussing: Some companies offer degaussing services that employ strong magnets to erase data on magnetic media, such as tapes or older hard drives. Dispose of electronics responsibly After your data is securely wiped or destroyed, the final step is to dispose of your electronic devices in a responsible and environmentally friendly manner. To ensure responsible disposal, consider the following actions: a. Recycle: Many electronics retailers and recycling centers accept old devices for recycling. Look for e-waste recycling programs in your local area to ensure your old electronics do not end up in a landfill. b. Trade-in or donate: If your device is still in working condition, consider trading it in or donating it to a charitable organization. This practice promotes sustainability by extending the useful life of your elect Tool Cloud ★★★
DarkReading.png 2023-11-13 08:00:00 La sécurité est un processus, pas un outil
Security Is a Process, Not a Tool
(lien direct)
Les échecs de processus sont la cause profonde des incidents de cybersécurité les plus graves.Nous devons traiter la sécurité comme un problème de processus, et n'essayez pas de le résoudre avec une collection d'outils.
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
Tool ★★★
ProofPoint.png 2023-11-13 07:23:13 ProofPoint reconnu en 2023 Gartner & Reg;Guide du marché pour la prévention de la perte de données
Proofpoint Recognized in 2023 Gartner® Market Guide for Data Loss Prevention
(lien direct)
The risk of data loss increases as your business embraces digital transformation, remote work and cloud computing. Legacy data loss prevention (DLP) solutions weren\'t developed with these new dynamics in mind.   In today\'s world, your DLP platform must provide visibility across multiple channels for data loss-email, cloud services, endpoint and web. It must scale with your needs while protecting data without interruption. And since data doesn\'t lose itself, it should be people centric. Part of that means providing insight into user behavior.  The Gartner Market Guide for Data Loss Prevention explains that “DLP technology is mature, but today, organizations look for comprehensive solutions that go beyond traditional DLP measures.” It also notes that “Security and risk management leaders should focus on risk-based adaptive data protection techniques to strengthen the data security of their organization.”   Let\'s take a look at some other insights from the report.  Adaptive DLP: Enhanced with classification and converged with insider threat management  The Gartner Market Guide states that “DLP vendors are increasingly converging with insider risk management platforms. This convergence enables better detection of data exfiltration as it enriches DLP events with anomalous user behaviors, improved risk scoring and real-time monitoring capabilities.” This, the report  notes, enables an adaptive, risk based DLP approach.   It also shares important insights such as:  Enterprise DLP (EDLP) solutions offer centralized policy management and reporting functionality  Enterprise DLP (EDLP) solutions generally incorporate advanced content inspection techniques to identify complex content and apply remediation Content inspection within IDLP solutions has improved considerably, and many of these solutions can recognize classification tags from more sophisticated classification tools DLP solutions use data classification labels and tags, content inspection techniques and contextual analysis to identify sensitive content and analyze actions related to the use of that content Gartner sees that DLP vendors are increasingly converging with insider risk management platforms. This convergence enables better detection of data exfiltration as it enriches DLP events with anomalous user behaviors, improved risk scoring and real-time monitoring capabilities.   Gartner recommends in its Market Guide that a business use enterprise DLP if it has limited resources and its “users are transacting sensitive information through multiple channels.” The report  also mentions that consulting and managed services can help “shorten the time to value and augment lean IT and security departments.”  Proofpoint delivers adaptive DLP  As a key player in the space, we think Proofpoint Enterprise DLP expands on the capabilities that Gartner shares in its report. The following is an overview of how we do that.  People-centric insights and risk-based adaptive DLP  Proofpoint Enterprise DLP protects against data loss across email, cloud, endpoint and web. Our solution combines content, behavior and threat telemetry from all these channels to address the full spectrum of people-centric data loss scenarios such as:  Leavers who feel entitled to take intellectual property with them  Compromised users whose data is stolen by threat actors  Careless users who accidently email sensitive documents to your partners  People-centric information protection is an adaptive, risk-based approach to DLP. Our Enterprise DLP solution uses people and application risk scoring and modeling for dynamic policies.   Figure 1. Web security risk-based access rule.  In Figure 1, “Leavers Policy 2” applies isolation as a data control when “Risky Leavers”  access “Critical Business Cloud Apps.”  One console, one agent, one cloud-native platform  Proofpoint provides what administrators and analysts need to accurately detect DLP and insider threats:  Policy management  Workflows  Alert management  Tool Threat Cloud
ProofPoint.png 2023-11-13 07:14:17 Informations exploitables: comprenez votre profil de risque global avec le rapport de résumé exécutif
Actionable Insights: Understand Your Overall Risk Profile with the Executive Summary Report
(lien direct)
In this blog series we cover how to improve your company\'s security posture with actionable insights. Actionable insights are a critical tool to help you improve your security posture and stop initial compromise in the attack chain. You can use them to identify and respond to potential risks, enhance your incident response capabilities, and make more informed security decisions.  In previous actionable insights blog posts, we covered these topics:  People risk  Origin risk  Business email compromise (BEC) risk  Ensuring proper risk context  Risk efficacy  Telephone-oriented attack delivery (TOAD) risk  Threat intelligence  In this post, we introduce the new TAP Executive Summary Report-which is available to all Proofpoint Targeted Attack Protection (TAP) customers who use the Proofpoint Aegis threat protection platform. We\'ll show you why the Executive Summary Report is so useful so you can use it effectively to enhance your company\'s security posture.     Unlock powerful insights with the Executive Summary Report  Email security is more crucial than ever in today\'s fast-evolving threat landscape. To protect your business and users from emerging threats, you need the right tools-like the TAP Dashboard Executive Summary Report.   We designed this new report specifically to meet the high-level reporting needs of executives and other decision-makers. It empowers these users by providing quick, easy-to-consume insights on their email security, which helps to accelerate their decision-making. You can find it in the Reports section of the TAP Dashboard as the new first tab.  Let\'s explore how this new feature can help your business.  Insights: What you can learn from the Executive Summary  This report gives you a comprehensive overview of your business\'s email threat landscape. It equips your teams and executives with actionable intelligence.   End-to-end threat protection insights  Integrating data from the Proofpoint email gateway, the Executive Summary Report offers a holistic view of your company\'s inbound email threat protection effectiveness. This end-to-end visibility helps you understand how your security measures perform across your email stack.   Inbound email protection breakdown  This new visualization in the TAP Threat Insight Dashboard provides an at-a-glance breakdown of the total number of messages received through your email protection stack. It reveals how and when Proofpoint identified and blocked malicious messages. With this detailed insight, you can identify threats and detect anomalies-and make data-driven decisions to enhance your email security.  The inbound email protection breakdown.  Exposure insights  The Executive Summary Report also provides insight into potentially exposed messages. With drilldowns and actionable items, you can address these threats quickly to minimize the risk of a breach.    Exposure insights in the Executive Summary Report.  Messages protected  This chart offers a trended view of messages protected by advanced threat detection capabilities in Proofpoint TAP. The information presented is broken down by threat type or category. It lets you see the evolving nature of threats over time, so you can conduct a more in-depth analysis of your company\'s email security.  The messages protected trend chart-by threat type.  Efficacy metrics  There are two charts that report on Proofpoint TAP\'s efficacy. The first is the “threat landscape effectiveness” chart. It provides you with a clear understanding of where the most significant threats exist within your email landscape. It displays top objectives, malware families and threat actors by total message volume.    The threat landscape effectiveness chart with a breakdown of threat objectives.  The second chart is “inbound protection overview.” This donut-style chart combines traditional email security and advanced threat detection (TAP) metrics. This single statistic reflects the overall effectiveness of your Proofpoint inbound email prote Malware Tool Threat Prediction ★★
Veracode.png 2023-11-12 22:55:15 Sécuriser vos applications Web et vos API avec Veracode Dast Essentials
Securing Your Web Applications and APIs with Veracode DAST Essentials
(lien direct)
Les applications Web sont l'un des vecteurs les plus courants pour les violations, représentant plus de 40% des violations selon le rapport de violation de données de Verizon \'s 2022.S'assurer que vos applications Web sont suffisamment protégées et continuent d'être surveillées une fois qu'elles sont en production est essentielle à la sécurité de vos clients et de votre organisation. Rester en avance sur la menace Les attaquants recherchent constamment de nouvelles façons d'exploiter les vulnérabilités et de violer les applications Web, ce qui signifie que à mesure que leurs méthodes mûrissent et deviennent plus agressives, même les applications les plus développées peuvent devenir vulnérables.Les organisations qui effectuent uniquement des tests de pénétration annuelle sur leurs applications Web peuvent se laisser ouvertes à une violation qui pourrait être facilement empêchée par une analyse de production régulière. La sécurité des applications décrit une collection de processus et d'outils axés sur l'identification, la correction et la prévention des vulnérabilités au niveau des applications tout au long du développement logiciel…
Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon\'s 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization.  Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their methods mature and they become more aggressive, even the most securely developed applications can become vulnerable. Organizations that only perform annual penetration tests on their web applications may be leaving themselves open to a breach that could be easily prevented with regular production scanning.  Application security outlines a collection of processes and tools focused on identifying, remediating, and preventing application-level vulnerabilities throughout the entire software development…
Data Breach Tool Vulnerability Threat ★★
Korben.png 2023-11-12 08:00:00 GPT fdisk – L\'outil ultime pour gérer vos disques GPT (lien direct) Aujourd'hui, je présente GPT fdisk et ses amis (gdisk, cgdisk, sgdisk, fixparts), des outils de partitionnement pour disques GPT, disponibles sur Linux, FreeBSD, macOS et Windows. GPT, successeur du MBR, offre une meilleure gestion des partitions et prise en charge des disques de grande capacité. GPT fdisk permet de convertir MBR en GPT, réparer des structures endommagées et créer un MBR hybride, parmi d'autres fonctionnalités. Tool ★★
RiskIQ.png 2023-11-10 19:10:55 Malvertiser copie le site d'information PC pour livrer un infoster
Malvertiser Copies PC News Site to Deliver Infostealer
(lien direct)
#### Description Dans une nouvelle campagne, MalwareBytes a observé un acteur de menace copiant un portail d'information Windows légitime pour distribuer un installateur malveillant pour l'outil de processeur populaire CPU-Z.Cet incident fait partie d'une plus grande campagne de malvertising qui cible d'autres services publics comme Notepad ++, Citrix et VNC Viewer, comme le montre son infrastructure (noms de domaine) et les modèles de camouflage utilisés pour éviter la détection.MalwareBytes a informé Google des détails pertinents pour le retrait. #### URL de référence (s) 1. https://www.malwarebytes.com/blog/thereat-intelligence/2023/11/malvertiste-copies-pc-news-site-to-deliver-infostealer #### Date de publication 8 novembre 2023 #### Auteurs) J & eacute; r & ocirc; moi segura
#### Description In a new campaign, Malwarebytes observed a threat actor copying a legitimate Windows news portal to distribute a malicious installer for the popular processor tool CPU-Z. This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection. Malwarebytes have informed Google with the relevant details for takedown. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer #### Publication Date November 8, 2023 #### Author(s) Jérôme Segura
Tool Threat ★★
bleepingcomputer.png 2023-11-10 14:57:04 Les pirates infligent les orgs de soins de santé via Screenconnect à distance un accès à distance
Hackers breach healthcare orgs via ScreenConnect remote access
(lien direct)
Les chercheurs en sécurité avertissent que les pirates ciblent plusieurs organisations de soins de santé aux États-Unis en abusant de l'outil d'accès à distance Screenconnect.[...]
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. [...]
Tool Vulnerability ★★
The_Hackers_News.png 2023-11-10 14:30:00 La nouvelle règle 80/20 pour SECOPS: Personnaliser là où elle est importante, automatiser le reste
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest
(lien direct)
Il existe une quête apparemment sans fin pour trouver les bons outils de sécurité qui offrent les bonnes capacités pour votre organisation. Les équipes SOC ont tendance à passer environ un tiers de leur journée à des événements qui ne constituent pas une menace pour leur organisation, ce qui a accéléré l'adoption de solutions automatisées pour remplacer (ou augmenter) des siems inefficaces et encombrants. Avec environ 80% de
There is a seemingly never-ending quest to find the right security tools that offer the right capabilities for your organization. SOC teams tend to spend about a third of their day on events that don\'t pose any threat to their organization, and this has accelerated the adoption of automated solutions to take the place of (or augment) inefficient and cumbersome SIEMs. With an estimated 80% of
Tool Threat ★★
AlienVault.png 2023-11-10 11:00:00 Ne vérifiez pas!& # 8211;Activité d'écrémage de la carte de crédit observée
Don\\'t check out! – Credit card skimming activity observed
(lien direct)
Our friends at BlackBerry recently released an in-depth blog post on a campaign by threat actors targeting online payment businesses that discusses what happens from initial compromise to the skimmer scripts themselves. You can read their blog here. This blog is focused on what we found across the AT&T Cybersecurity customer base as we looked for the indicators of compromise (IOCs) identified in the BlackBerry blog and on the quick-follow up analysis we performed and provided to our customers. As a part of the AT&T Managed Threat Detection and Response (MTDR) threat hunter team, we have the unique opportunity to perform threat hunting across our fleet of customers in a very fast and efficient manner. Leveraging the logs across hundreds of data sources, we can come up with our own hunt hypotheses and develop extremely complex searches to find potential prior incidents and compromises. We can also work with the AT&T Alien Labs team to turn that search syntax into a correlation rule. The Alien Labs team uses this backend data that we gather to create thousands of rules and signatures within the USM Anywhere platform. Threat hunters can also search for specific known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) as we ingest and process cyber threat intelligence from both open sources (i.e., publicly available data) and closed sources (i.e., government or private data that is not publicly available). When we looked for the TTPs that the attackers were using to deploy the credit card skimming scripts, our searches yielded no results, but when we searched for IOCs related to where the credit card data was exfiltrated during this campaign, we observed one domain come up across a few customers. Armed with key information such as time frames and which customers and users were impacted, we could now go deeper into USM Anywhere to investigate. allowed request Figure 1 – Web request for credit card skimming exfiltration domain Figure 1 shows that the request for the credit card skimming site referred from another website for a well-known food company with an online purchasing option. We observed this to be the case for all the other customers too, with the food site being either the direct referer or being the HTTP request right before the connection to the cdn[.]nightboxcdn[.]com site. One of the other observed impacted customers had a user’s credit information skimmed from a different compromised site (see Figure 2). destination asset Figure 2 – Traffic going to shopping site (redacted) followed by traffic to the skim exfiltration and then a legitimate payment site We can see that the user is on an online shopping site (redacted) followed by traffic to the exfiltration domain as well as to a legitimate payment portal service. We can conclude from the traffic flow that the user went to checkout and that after they input their payment details, this information went to both the exfiltration site and the legitimate payment service, ProPay. By using the website scanning tool urlscan.io and by looking at a scan of the shopping site from May 23, 2023, we could see the skimming script appended to the jquery.hoverIntent.js file (legitimate script ends after });). get skim skimming script appended Figure 3 – Skimming script appended to legitimate script Tool Threat ★★
ProofPoint.png 2023-11-10 08:04:20 2023 Prédictions de l'escroquerie de vacances, si ce que vous devez savoir
2023 Holiday Scam Predictions-Here\\'s What You Should Know
(lien direct)
\'Tis the season for cyberscams. As the holiday season nears, adversaries will try to take advantage of people\'s generosity and holiday spirit. That\'s why it\'s critical to be alert.   While it\'s still early to detect and analyze seasonal trends, we anticipate to see several new and emerging techniques in attackers\' creativity and lures, along with tried-and-true tactics from previous holiday seasons.   From generative AI that helps telephone-oriented attack delivery (TOAD) to multifactor authentication (MFA) bypass that leans on shipping alerts, here\'s a look at five holiday scam predictions. These are the tricks and trends that you might see evolve in this year\'s winter threat landscape.  1: Generative AI will make threat detection trickier   What\'s blown up since last holiday season? A little thing called generative AI. This emerging technology might change the game of crafting emails that include those too-good-to-be-true offers. Phony shipping emails are always favorites for attackers, and they always become more frequent during the holidays. Nobody wants a problem with merchandise they\'ve ordered or packages they\'ve shipped.  Last year, many holiday season shipping phishing attempts featured standard red flags, like grammatical errors and non-native language structure. These are easily detectable at a quick glance. But this year, we expect to see many attackers using generative AI to write their emails and texts, potentially reducing easy detection.   So go a level deeper when you\'re trying to determine whether a holiday season shipping email is a scam. Take a closer look these emails and ask these questions:  Is the message generic or personalized?  Are you being asked for unnecessary sensitive information?  Does the sender display name match the email address? (This is a safety checklist item that people learn in security awareness training.)  Are you being asked to pay a fee to receive a package? (Note: In this case, it\'s best to refuse the delivery until you can confirm the shipment is legitimate.)  2: TOAD scams might get an AI boost   TOAD has become part of the threat toolkit, as attackers push victims to take unsafe actions over the phone. Writing with generative AI could increase the believability of TOAD attacks that use a holiday playbook.   Need to stop an expensive gift purchase on your credit card or accept a heavily discounted travel offer? Then, contact this (fake) call center! If an AI-generated email successfully imitates a legitimate company, it\'s more likely that the victim will dial the phone number they\'re directed to.  Generative AI could also provide opportunities to expand holiday scams globally. For instance, every Christmas and New Year, we see English-language vacation scams that target a Western audience. But there is also a huge volume of travel and celebration for Lunar New Year in China, South Korea, Vietnam and Hong Kong. If attackers previously lacked cultural knowledge or language skills to target these populations, they might now use freely available AI tools to quickly research what experiences might feel meaningful and create holiday lures that are localized and enticing.   Luckily, generative AI is unlikely to improve interaction with the fraudulent call center. If you call the TOAD number, red flags should still be detectable. For instance, be wary if the “operator” is:  Clearly following a script.  Pressuring you to take an action.  Speaking in a regional accent that your security awareness training has taught you is where call center fraud often originates.   3: MFA bypass could surface more often   MFA bypass surged in popularity last year, and we continue to see an increase in the number of lures that use this technique. The attacker steals account credentials in real time by intercepting the MFA short code when the victim types it into an account login page that is fake or compromised.   Since MFA bypass is an ongoing threat trend, we expect to see the techniques applied this year to holiday- Tool Threat Prediction ★★★
Korben.png 2023-11-10 08:00:00 Dites adieu à Postman grâce à Bruno qui vous aidera à concevoir les meilleurs API de l\'univers (lien direct) Bruno est un projet open source offrant une alternative légère et polyvalente aux clients API traditionnels. Il facilite la collaboration et la gestion des collections API en intégrant les collections directement dans le dépôt de code source avec le langage Bru. Le Bruno CLI simplifie le test et l'automatisation des API. Tool ★★★★
ProofPoint.png 2023-11-10 07:55:46 New Gartner & Reg;Rapport BEC: les recommandations sont entièrement prises en charge par Proofpoint
New Gartner® BEC Report: Recommendations Are Fully Supported by Proofpoint
(lien direct)
Business email compromise (BEC) is costly. The latest Internet Crime Report from the FBI\'s Internet Crime Complaint Center notes that businesses lost more than $2.7 billion due to these scams in 2022. Another staggering statistic that is less reported: BEC losses were almost 80 times that of ransomware last year.  The rate of BEC attacks and the average loss per incident are likely to keep climbing, which makes BEC an ongoing concern for businesses. A recent report by Gartner, How to Protect Organizations Against Business Email Compromise Phishing, offers companies several recommendations to help them reduce the risk of these attacks and minimize potential losses.  Below, we share five top takeaways and key findings from this 2023 report. We also explain how Proofpoint can help protect your business against BEC attacks by linking what we do to Gartner\'s recommendations.  1. To combat BEC, businesses need to invest in email security rather than relying on endpoint protection  Not all BEC scams contain a malicious payload like malware or malicious links. That\'s why endpoint protection and endpoint detection and response platforms are not effective defenses for these types of attacks.  Gartner recommends: If you\'re a security and risk management leader who is responsible for infrastructure security, you can maximize your protection against BEC by seeking out and implementing artificial intelligence (AI)-based secure email gateway solutions. Look for solutions that offer:  Advanced BEC phishing protection  Behavioral analysis  Impostor detection  Internal email protection  Proofpoint protects: Proofpoint believes that Gartner report\'s recommendation stems from the understanding that stopping BEC attacks before they reach a recipient\'s inbox is the best method to minimize risks. This strategy is at the heart of the Proofpoint Aegis threat protection platform.   Proofpoint has used machine learning (ML) for more than two decades to detect email threats. We create the highest levels of BEC detection efficacy through our combination of AI/ML-driven behavioral analysis and rich threat intelligence.  2. Supplement email security with additional controls to reduce the risk of ATO  Account takeover fraud (ATO) is often a feature in BEC attacks. It occurs when an adversary gains control of a legitimate account. To reduce the risk of ATO, businesses need to be able to recognize whether an email is from a genuine sender.  Gartner recommends: Businesses should supplement their existing email security solutions with additional controls to further reduce the risk of BEC attacks like ATO and domain abuse.  Proofpoint protects: To protect against account takeover, you need to identify accounts that might be compromised and automate remediation. If you rely solely on behavioral analytics to detect these accounts, you could end up with a high volume of false alerts.   Proofpoint combines behavioral analysis with our rich threat intelligence to detect both compromised employee accounts and compromised third-party accounts.   How Proofpoint helps when ATO occurs  If an internal account has been compromised, a password reset isn\'t enough. Attackers in your environment can still manipulate third-party apps and gain persistent access to the account to wage attacks at will.   Proofpoint TAP Account Takeover (TAP ATO) provides insights into what types of threats are targeting your users\' email accounts. And it provides you with the tools you need to take corrective action to protect a compromised account.  TAP ATO correlates threat intelligence with artificial intelligence, ML and behavioral analytics to find malicious events across the email attack chain. It helps you see who is being attacked and how, and it provides automated remediation.  How Proofpoint helps when supplier accounts are compromised  Proofpoint Supplier Threat Protection gives you insight into which third-party and supplier accounts may be compromised.   We combine AI/ML-driven behavioral analysis with threat in Ransomware Malware Tool Threat ★★
DarkReading.png 2023-11-09 19:07:00 Quand les bons programmes de sensibilisation à la sécurité se trompent
When Good Security Awareness Programs Go Wrong
(lien direct)
Évitez de faire ces erreurs lors de l'élaboration d'une stratégie de sensibilisation à la sécurité dans votre organisation.
Avoid making these mistakes when crafting a security awareness strategy at your organization.
Tool ★★★
The_Hackers_News.png 2023-11-09 18:56:00 La nouvelle campagne de malvertising utilise un faux portail d'information Windows pour distribuer des installateurs malveillants
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
(lien direct)
Il a été constaté qu'une nouvelle campagne de malvertising utilise de faux sites qui se faisaient passer pour un portail d'information Windows légitime pour propager un installateur malveillant pour un outil de profilage système populaire appelé CPU-Z. "Cet incident fait partie d'une plus grande campagne de malvertising qui cible d'autres services publics comme Notepad ++, Citrix et VNC Viewer comme le montre son infrastructure (noms de domaine) et les modèles de camouflage utilisés
A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used
Tool Threat ★★
RecordedFuture.png 2023-11-09 17:45:00 Un gang de ransomware derrière les attaques de Moevit cible le nouveau jour zéro, dit Microsoft
Ransomware gang behind MOEVit attacks are targeting new zero-day, Microsoft says
(lien direct)
Le gang de ransomes russes derrière l'exploitation de plusieurs outils de transfert de fichiers populaires exploite désormais une nouvelle vulnérabilité dans le logiciel de support informatique SYSAID, selon un nouveau rapport.Mercredi soir, les responsables de la sécurité à Microsoft a déclaré le gang ransomware declop - qu'ils appellent Lance Tempest - vise de nouvelles victimes à travers
The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report. On Wednesday night, security officials at Microsoft said the Clop ransomware gang - which they refer to as Lance Tempest - is targeting new victims through
Ransomware Tool Vulnerability ★★
Last update at: 2023-11-29 21:09:40
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter