What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-13 10:00:00 | 25 conseils essentiels de cybersécurité et meilleures pratiques pour votre entreprise 25 Essential Cybersecurity tips and best practices for your business (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercrime is quickly becoming one of the biggest threats worldwide, impacting businesses across all sectors. To avoid the risk of a damaging security breach, it\'s crucial to stay updated on the latest cybersecurity tips and practices. Protecting yourself or your business from cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1. Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. | Ransomware Malware Tool Vulnerability Mobile Cloud | LastPass | ★★ |
|
2023-11-30 11:00:00 | Sécration sécurisée: un guide pour parcourir Internet en toute sécurité Secure browsing: A guide to browsing the internet safely (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an age when the internet is an integral part of our daily lives, ensuring your online safety and privacy is critical. Secure browsing is about protecting sensitive personal information and yourself from cyber threats such as malware, phishing, and hacking. This article delves into the various aspects of web browsing securely, from understanding the risks to implementing best practices and using the right tools to improve your online security. Understanding the risks Before delving into secure browsing techniques, it\'s critical to understand the risks. The internet is full of hazards, and a lack of awareness can leave you vulnerable. Here are a few of the most common dangers: Malware: When you download files, click on untrustworthy links, or visit compromised websites, malicious software can infect your device. Malware can steal your data, damage your system, or track your online activities once infected. Phishing: Phishing attacks involve duping users into disclosing sensitive information such as login credentials, credit card information, or personal information. These attacks frequently disguise themselves as legitimate emails or websites. Data protection: Many websites and online services collect and share your personal information without your permission, which can invade privacy and unwanted tracking. Hacking: Cybercriminals may try to gain unauthorized access to your accounts or devices, resulting in financial loss and damage to your online identity. Unsecured connections: Unsecured Wi-Fi networks expose your data to interception, as attackers can intercept your data. Browsing safely Now that you know the dangers, let\'s look at how to browse the web safely. Use a secure browser: Select a browser with a strong reputation for security features. Google Chrome, Mozilla Firefox, and Microsoft Edge provide regular security updates. Maintain software updates: Regularly update your browser and other software to patch vulnerabilities that cybercriminals may exploit. Use strong, unique passwords: Use solid, one-time passwords for each online account. To keep track of complex passwords, consider using a password manager. Enable two-factor authentication (2FA): Enable two-factor authentication wherever possible to add an extra layer of security to your online accounts. Stay informed: To stay informed about emerging threats and vulnerabilities, keep up with the latest cybersecurity news and best practices. Exercise caution with Email: Unsolicited emails should be avoided, especially those with attachments or links. Check the sender\'s identity before clicking on any links or downloading attachments. Use HTTPS: Look for HTTPS (secure browsing protocol) websites. Most modern browsers display a padlock icon in the address bar for secure sites. Install ad blockers and privacy extensions: Browser extensions such as uBlock Origin, Privacy Badger, and HTTPS Everywhere can help you protect your online privacy by blocking advertisements, tracking scripts, and forcing secure connections. Avoid public Wi-Fi for sensitive transactions: Avoid using public Wi-Fi networks when conducting sensitive transactions such as online banking or shopping. Consider using a Virtual Private Network (VPN) to encrypt your connection if you must use public Wi-Fi. Regularly clear browser data: Clear your browsing history, cookies, and cached data regularly to reduce your digital footprint. Tools for secure browsing Virtual private networks (VPNs): VPNs encrypt your internet connection, ma | Malware Tool Vulnerability Threat | LastPass LastPass | ★★ |
 |
2023-09-14 10:03:42 | BlastPass: les agences gouvernementales ont dit de sécuriser les iPhones contre les attaques de logiciels espions BLASTPASS: Government agencies told to secure iPhones against spyware attacks (lien direct) |
Ce qui s'est passé?CISA, l'agence de sécurité de cybersécurité et d'infrastructure des États-Unis, a ordonné aux agences fédérales de corriger leurs iPhones contre les vulnérabilités qui peuvent être utilisées dans le cadre d'une attaque en clic zéro pour installer des logiciels espions du célèbre groupe NSO.Une "attaque zéro cliquez sur"?C'est une attaque qui ne nécessite aucune interaction de l'utilisateur.Souvent, un pirate malveillant exige qu'un utilisateur ouvre un fichier joint ou visite un lien Web dangereux, afin d'activer une attaque.Avec une attaque zéro cliquez, l'utilisateur ne doit rien faire.Alors, comment ça marche?Dans ce particulier ...
What\'s happened? CISA, the United States\'s Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That\'s an attack that doesn\'t require any interaction from the user. Often times a malicious hacker requires a user to open an attached file, or visit a dangerous web link, in order to activate an attack. With a zero-click attack, the user doesn\'t have to do anything. So how does it work? In this particular... |
Vulnerability | LastPass | ★★ |
 |
2023-09-12 09:00:00 | Le gouvernement américain a ordonné de corriger de toute urgence les bogues d'Apple zéro-jour US Government Ordered to Urgently Patch Apple Zero-Day Bugs (lien direct) |
Les agences fédérales ont un mois pour corriger les vulnérabilités BlastPass
Federal agencies have one month to fix BlastPass vulnerabilities |
Vulnerability | LastPass | ★★ |
 |
2023-09-07 22:47:27 | Apple Patches «Clickless» Vulnérabilité de traitement d'image de 0 jour dans iOS, macOS Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS (lien direct) |
Le bug "BlastPass" peut installer des logiciels malveillants sans interaction utilisateur.
"BLASTPASS" bug can install malware without user interaction. |
Malware Vulnerability | LastPass | ★★ |
 |
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
 |
2023-03-11 11:28:14 | CISA warns of actively exploited Plex bug after LastPass breach (lien direct) | CISA has added an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. [...] | Vulnerability | LastPass LastPass | ★★★ |
 |
2023-01-18 16:35:00 | Anomali Cyber Watch: FortiOS Zero-Day Has Been Exploited by an APT, Two RATs Spread by Four Types of JAR Polyglot Files, Promethium APT Continued Android Targeting (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Polyglot, RATs, Russia, Skimmers, Trojanized apps, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware
(published: January 16, 2023)
On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens.
Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent.
MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores
Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows
Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd
(published: January 11, 2023)
In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries.
Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads.
MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host
Tags: FG-IR-22-398, CVE-2022-42 |
Malware Tool Vulnerability Threat Guideline | LastPass | ★★ |
|
2023-01-04 16:30:00 | Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Data breaches, North Korea, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays
(published: January 1, 2023)
Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server.
Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity.
MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel
Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux
Linux Backdoor Malware Infects WordPress-Based Websites
(published: December 30, 2022)
Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect.
Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use |
Malware Tool Vulnerability Threat Patching Medical | APT 38 LastPass | ★★ |
|
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
|
2022-01-05 19:55:00 | Anomali Cyber Watch: $5 Million Breach Extortion, APTs Using DGA Subdomains, Cyberespionage Group Incorporates A New Tool, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Data breach, DGA, Infostealer, Phishing, Rootkit, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom
(published: December 29, 2021)
The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD).
Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: ONUS, Log4Shell, CVE-2021-44228,
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
(published: December 29, 2021)
Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified.
Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats.
MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: DGA , Pegasus, Phishing
Implant.ARM.iLOBleed.a
(published: December 28, 2021)
Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen |
Malware Hack Tool Vulnerability Threat | LastPass | |
 |
2019-09-17 08:08:04 | LastPass users automatically updated to fix security vulnerability in browser extension (lien direct) | Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software. | Vulnerability | LastPass | |
|
2019-09-16 14:40:28 | LastPass Patches Bug Leaking Last-Used Credentials (lien direct) | A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones. | Vulnerability | LastPass | |
 |
2019-09-16 11:57:15 | A flaw in LastPass password manager leaks credentials from previous site (lien direct) | A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […] | Vulnerability | LastPass | |
 |
2019-09-16 08:45:40 | LastPass bug leaks credentials from previous site (lien direct) | LastPass has released a fix last week. Vulnerability details are now public. Users advised to update. | Vulnerability | LastPass | |
|
2019-09-16 08:24:36 | Password-Revealing Bug Quickly Fixed in LastPass Extensions (lien direct) | A security vulnerability in the extension of LastPass password manager could have allowed stealing the credentials last used for logging into a website. [...] | Vulnerability | LastPass | |
|
2018-11-19 14:00:00 | Is the Internet of Things Threatening Your Company\'s Security? (lien direct) |
The internet of things (IoT) is changing nearly every industry. Smart devices that can collect and process data, and even make decisions based on that data, though artificial intelligence promises to disrupt business as we know it for years to come.
However, there are some legitimate concerns. The more connected devices your company has, the more potential vulnerabilities are out there. As business owners we want to be able to access the data we collect through the IoT, but we also need to be able to protect that data, and we bear the responsibility for keeping that data secure.
This, like many areas of business, is a time for brutal honesty. If you have vulnerabilities, you need to fix them. You don’t want to be part of the headlines about companies who acted too late or not at all. Your security must adapt to the IoT, and it needs to do so now.
Is the internet of things threatening your company’s security? There are a few questions you will need to ask yourself and your IT department to truly determine the answer:
How do I know?
Most experts agree that the weakness in any network is the devices that make up the IoT. For example, if you have smart light bulbs in your home, they are likely controlled by a hub which not only provides you with more flexibility in controlling them, but also provides security so they do not become a weak point in your network.
This is why an intrusion detection system (IDS) is so important. Technologies from companies like AlienVault allow you to monitor for threats and even give you advice on how to prevent harm from them. Remember there is more than one area of vulnerability in any system. Cloud-based IDS, network IDS, and host-based IDS, along with file integrity management systems, are all essential parts of your strategy.
These alerts tell you there is an attack and can even reveal threats to you, which allows you to put remediation and prevention strategies in place. But what are the threats you should be aware of?
What are the threats?
Why don’t we have houses that are completely smart and controlled by IoT devices? What about our cars? Part of the reason is that a hacker with the right tools could potentially take over control of a house or even a connected car from the owner or driver. For example, the Bangladesh National Bank lost $81 million due to an IoT-based attack.
What are these types of attacks? There are actually several, and they mirror other types of cyberattacks.
Distributed Denial of Service (DDoS): Chrysler/Jeep was vulnerable to this type of attack. Essentially, control of devices or a system is taken by a hacker. Sometimes this comes with ransomware, where the owner or user has to pay to get that control back.
Malware: IoT devices can be used by an attacker to spread malware, sometimes to more than one devic |
Spam Tool Vulnerability | LastPass |
1
We have: 17 articles.
We have: 17 articles.
To see everything:
Our RSS (filtrered)
