Table of Contents
- Checkpoint Security Researchers Discover Fast Ransomware ‘Rorschach’ with Unique Features
- The Digital Insider | What is an ‘island hopping’ attack? (and how to stop one)
- Printers Pose Persistent But Ignored Menace
- Technisanct to launch Falconfeedsio – A threat intelligence platform for cyber security professionals and enthusiasts – Republic News India
- iOS 16.4.1 and macOS 13.3.1 fix two “actively exploited” security vulnerabilities – GAMINGDEPUTY
- Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike
- Artificial intelligence can learn to repeat your voice – how are cybercriminals taking advantage?
- Searchlight Cyber launches Stealth Browser for safe dark web access | CSO Online
- UltraViolet Cyber Launches to Help Organizations Worldwide Accelerate Readiness and Resilience Against Cybersecurity Threats
- Wazuh launches version 4.4 with a suite of new capabilities
- Rorschach Ransomware: How to Handle the Fastest Encryptor So Far
- Kali Linux 2023.2 Release (New Tools in Kali, Desktop Updates, New Hyper-V VM Image) | Black Hat Ethical Hacking
- MSPs: How to Deliver Best-Fit Cybersecurity for Every Client
- Fewer Organizations Outsourcing SOC Activities in 2023
- GTT Improves Cyber Protections with MDR, DDoS Offerings
- PQShield announces major new collaborations with Tata Consultancy Services and eShard as organisa….
- Events Ripper Update – Malware News – Malware Analysis, News and Indicators
- 🚀 Launching Automated Threat Escalations: Focus Only On What Matters – Malware News – Malware Ana….
- Seceon Expands Leadership Team with William Toll as VP of Marketing to Serve MSP and MSSP Communi….
- Thinking straight in the SoC: How AI erases cognitive bias – Source: go.theregister.com
- Kaspersky launches Interactive Protection Simulation multiplayer update with new chat features – ….
- Google Cloud brings simplified end-to-end TDIR to Chronicle – Techzine Europe
- Deloitte announces new managed end-to-end enterprise cloud security and compliance offering with ….
- Forensia – Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitat….
- 10 Best Vulnerability Scanner Tools For Penetration Testing – 2023
- Technologies that Enhance Physical Security
- Cyber Security Automation: 12 Key Functions Your Organization Needs to Automate Now | by Neetamve….
- Threat Detection and Incident Response in the Cloud: Enhancing Security Operations | by Emmanuel ….
- Incident Response: Bring Out the Body File
- Pilot Applicant Information for American, Southwest Hacked
- Incident Response System Market Progress Rapidly Due to increasing number of regulations and comp….
- Lessons From Clop: Combating Ransomware and Cyber Extortion Events
- Anatsa Android Banking Trojan Targeting U.S, U.K & DACH with New Campaign
- Critical authentication bypass found in Arcserve backup system
- Igor’s Tip of the Week #146: Graph printing – Malware Analysis – Malware Analysis, News and Indic….
- Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator – Malware ….
- Malware Execution Method Using DNS TXT Record – Malware Analysis – Malware Analysis, News and Ind….
- Sandfly Review – Agentless Linux Security with Unmatched Speed and Reliability – Malware News – M….
- Double extortion attacks by 8Base ransomware ramp up – Malware News – Malware Analysis, News and ….
- VMware ESXi servers subjected to Akira for Linux ransomware attacks – Malware News – Malware Anal….
- MOVEit hackers may have found simpler business model beyond ransomware – Malware News – Malware A….
- Human oversight key to keeping AI honest – Malware News – Malware Analysis, News and Indicators
- Leveraging Intezer’s Smart Decision Making in Your SOAR
- MOVEit hackers may have found simpler business model beyond ransomware – Malware News – Malware A….
- Human oversight key to keeping AI honest – Malware News – Malware Analysis, News and Indicators
- Leveraging Intezer’s Smart Decision Making in Your SOAR
- Hackrate releases ethical hacking monitoring platform HackGATE
Checkpoint Security Researchers Discover Fast Ransomware ‘Rorschach’ with Unique Features
Security researchers at Checkpoint security firm discovered malware that looks like a Ransomware strain with fairly distinctive features, which they named Rorschach.The security firm ran a test to find how fast Rorschach encryption is, a test which had 220,000 files set up on a Six core CPU PC, and it took Rorschach about 4.5 minutes to encrypt all data and in the meantime LockBit v3.0, which is considered the fastest ransomware strain finished in about 7 minutes.
Link: https://tech-latest.com/checkpoint-security-researchers-discover-fast-ransomware-rorschach-with-unique-features/
The Digital Insider | What is an ‘island hopping’ attack? (and how to stop one)
For instance, cyber adversaries may compromise a large organization’s third-party partners in order to eventually gain access to the intended target.Network-based island hopping This occurs when cyber attackers compromise one organization’s network and then use that network access in order to move directly into another company’s network.Why cyber attackers choose island hopping Cyber attackers use island hopping attacks in order to deploy ransomware, to cryptojack, to steal intellectual property, and to determine which organizations to target in even larger attacks, among other things.
Link: https://thedigitalinsider.com/what-is-an-island-hopping-attack-and-how-to-stop-one/
Printers Pose Persistent But Ignored Menace
“Most fashionable printers lack safety detection and prevention measures and are sometimes not monitored by organizations — for these causes, there isn’t any concrete knowledge on how a lot printer compromise would possibly truly be occurring globally.” Bringing the Hazard Dwelling A major twist within the printer risk panorama is the enlargement of hybrid work and the commensurate dangers posed by workers’ dwelling printers.
Link: https://hobbies-hub.com/printers-pose-persistent-but-ignored-menace/
Technisanct to launch Falconfeedsio – A threat intelligence platform for cyber security professionals and enthusiasts – Republic News India
Link: https://republicnewsindia.com/technisanct-to-launch-falconfeedsio-a-threat-intelligence-platform-for-cyber-security-professionals-and-enthusiasts/
iOS 16.4.1 and macOS 13.3.1 fix two “actively exploited” security vulnerabilities – GAMINGDEPUTY
Here is the complete information: IOSurfaceAccelerator Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact.Apple is aware of a report that this issue may have been actively exploited.webkit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact.Apple is aware of a report that this issue may have been actively exploited.
Link: https://www.gamingdeputy.com/ios-16-4-1-and-macos-13-3-1-fix-two-actively-exploited-security-vulnerabilities/
Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike
In essence, Defendants are able to leverage cracked versions of Cobalt Strike to brutally force their way into victim machines and deploy malware.” reads the https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9.pdf).
Link: https://blog.deurainfosec.com/microsoft-aims-at-stopping-cybercriminals-from-using-cracked-copies-of-cobalt-strike/
Artificial intelligence can learn to repeat your voice – how are cybercriminals taking advantage?
Artificial intelligence (AI) is making everyday tasks much easier, already able to process large amounts of information, simplify a complex document, and even imitate your voice.With enough data, hackers can imitate your voice using artificial intelligence, which analyzes leaked audio recordings and gradually learns the timbre, tone, rate of speech, etc.
Link: https://www.archynewsy.com/artificial-intelligence-can-learn-to-repeat-your-voice-how-are-cybercriminals-taking-advantage/
Searchlight Cyber launches Stealth Browser for safe dark web access | CSO Online
Link: https://www.csoonline.com/article/3693052/searchlight-cyber-launches-stealth-browser-for-safe-dark-web-access.html
UltraViolet Cyber Launches to Help Organizations Worldwide Accelerate Readiness and Resilience Against Cybersecurity Threats
Backed by Achieve Partners, UltraViolet brings together four trailblazing firms to deliver a first-of-its-kind unified cybersecurity platform
MCLEAN, Va. , April 13, 2023 /PRNewswire/ — UltraViolet Cyber, Inc., whose unique security-as-code platform unifies offensive and defensive cybersecurity solutions, today announced its launch to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat.
Link: https://www.prnewswire.com/news-releases/ultraviolet-cyber-launches-to-help-organizations-worldwide-accelerate-readiness-and-resilience-against-cybersecurity-threats-301796166.html
Wazuh launches version 4.4 with a suite of new capabilities
Shweta Sharma
CSO Online
This article discusses the new features of Wazuh 4.4, an open source security platform, including IPv6 support, vulnerability detection, Azure integration, and SCA policy updates.
Key takeaways:
Wazuh 4.4 includes IPv6 support for agent-manager communication.
Vulnerability detection has been added for Suse Linux.
Azure integration has been added for Linux agents.
Link: https://www.csoonline.com/article/3692878/wazuh-launches-version-4-4-with-a-suite-of-new-capabilities.html
Rorschach Ransomware: How to Handle the Fastest Encryptor So Far
I think there’s an issue with my storage device, but I’m not sure
[Start a free evaluation →](/request-help/)
I need help getting my data back right now
[Call now (800) 972-3282](tel:18009723282)
Rorschach ransomware, also known as BabLock, is a new malware that targets small and medium size businesses.- No
Detection Names
– Avast Win64:RansomX-gen [Ransom]
– Emsisoft Gen:Variant.Lazy.228670 (B)
– Kaspersky Trojan.Win64.DLLhijack.cw
– Malwarebytes Malware.AI.3750245446
Symptoms
– Can’t open files stored on the computer
– Ransom demand letter on the desktop and every folder
– Files have a new extension of random letters and two numbers from 00-99
– A note with instructions pops up when the victim tries to open an encrypted file
Distribution methods
– Vulnerable remote access (such as RDP)
– Infected email attachments (phishing emails)
– Torrent websites (infected links or files)
– Malicious ads (malvertising)
Consequences
– Files are encrypted and locked until the ransom payment
– Password stealing
– Additional malware can be installed
– Data leak
Prevention
– Antivirus and anti-malware
– Updated software
– Updated operating system (OS)
– Firewalls
– Don’t open an email attachment from an unknown source
– Do not download files from suspicious websites
– Don’t click on ads unless you’re sure it’s safe
– Only access websites from trustworthy sources
How did Rorschach infect your computer
Rorschach ransomware finds its way into your computer or network through many methods:
– Trojans.Attackers will exploit Remote Desktop Protocol (RDP) tools whose credentials are known, reused, weak, or rephrased to gain access to businesses’ networks and leak data.Mails to contact us(Write the decryption ID in the title of your message)
How does Rorschach ransomware work
Rorschach (BabLock) ransomware deployed on infected machines a multicomponent package (winutils.dll) with files like:
– The encrypted ransomware file (config.ini)
– DarkLoader, a decryptor and ransomware injector
– A non-malicious executable
– A CMD file to execute the non-malicious binary using the correct password
It’s subtle ransomware, not having many cases in 2022, staying under the radar.To report a ransomware attack you must gather every information you can about it, including:
– Screenshots of the ransom note
– Communications with Rorschach actors (if you have them)
– A sample of an encrypted file
You must not delete the ransomware, and keep every evidence of the attack.Remove the ransomware and eliminate exploit kits
Before recovering your data, you must guarantee that your device is ransomware-free and that the attackers can’t make a new attack through exploit kits or other vulnerabilities.
Link: https://www.salvagedata.com/rorschach-ransomware/
Kali Linux 2023.2 Release (New Tools in Kali, Desktop Updates, New Hyper-V VM Image) | Black Hat Ethical Hacking
Kali Linux 2023.2 Release (New Tools in Kali, Desktop Updates, New Hyper-V VM Image) Reading Time: 2 Minutes Kali Linux 2023.2 Release Kali Linux 2023.2 has arrived, building upon the momentum of its 10 year anniversary .The changelog highlights over the last few weeks since March’s release of 2023.1 is: – New VM image for Hyper-V – With “Enhanced Session Mode” out of the box – Xfce audio stack update: enters PipeWire – Better audio for Kali’s default desktop i3 desktop overhaul – i3-gaps merged with i3 – Desktop updates – Easy hashing in Xfce – GNOME 44 – Gnome Shell version bump Icons & menus updates – New apps and icons in menu – New tools – As always, various new packages added We will explore the key highlights from the latest release.Xfce & PipeWire With this release, they changed the audio stack for Kali’s default desktop: PipeWire now replaces PulseAudio.Here are some of the new features for this update: – Enhanced Shell Quick Settings Panel – Quickly connect or disconnect to bluetooth devices – Updated Settings App – GNOME’s file chooser dialog can now display thumbnails – Updated Kali theming Tiling Assistant Extension With this release, they are introducing a new extension for Kali’s GNOME Shell desktop: Tiling Assistant.A quick run down of what has been added (to the network repositories): Cilium-cli – Install, manage & troubleshoot Kubernetes clusters Cosign – Container Signing Eksctl – Official CLI for Amazon EKS Evilginx – Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication GoPhish – Open-Source Phishing Toolkit Humble – A fast security-oriented HTTP headers analyzer Slim(toolkit) – Don’t change anything in your container image and minify it Syft – Generating a Software Bill of Materials from container images and filesystems Terraform – Safely and predictably create, change, and improve infrastructure Tetragon – eBPF-based Security Observability and Runtime Enforcement TheHive – A Scalable, Open Source and Free Security Incident Response Platform Trivy – Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more Wsgidav – Generic and extendable WebDAV server based on WSGI There has also been numerous packages updates and new libraries as well.
Link: https://www.blackhatethicalhacking.com/news/kali-linux-2023-2-release-new-tools-in-kali-desktop-updates-new-hyper-v-vm-image/
MSPs: How to Deliver Best-Fit Cybersecurity for Every Client
1.
Assess client’s environment to determine what security solutions would work best for their current setup and future goals.
2.
Thoroughly educate the client on their current security posture and explain the importance of maintaining a secure environment.
3.
Offer multiple solutions that would meet their needs and objectives.
Always be sure to explain the pros and cons of each solution.
4.
Ensure the client is properly utilizing the security products and services that are already in place.
5.
Monitor security levels regularly and respond quickly to any threats.
6.
Develop an incident response plan with clients to ensure that all security incidents are addressed and handled quickly and properly.
7.
Extend security solutions to a level that would protect the client from sophisticated potential threats and risks.
8.
Provide regular security training and awareness sessions for the client to ensure they are staying informed about the latest security developments.
9.
Work closely with the client to ensure their environment is being monitored and that their security policies and practices are up to date.
10.
Offer additional security products and services to clients that can extend protection and provide additional layers of security.
Link: https://www.msspalert.com/cybersecurity-guests/msps-how-to-deliver-best-fit-cybersecurity-for-every-client/
Fewer Organizations Outsourcing SOC Activities in 2023
devo
But as cyber threats grew more frequent and expensive, most organizations pulled security functions in-house and built comprehensive SOCs to monitor for breaches and sniff out weaknesses in security coverage.Just about two-thirds of the organizations that get third-party help on threat hunting are satisfied with the results,
according to the SANS survey.As organizations mature their cybersecurity postures, they tend to see less benefit from outsourcing threat hunting entirely and better outcomes when they tap the knowledge of their internal team members to perform threat hunting.
Link: https://www.devo.com/blog/fewer-organizations-outsourcing-soc-activities-in-2023/
GTT Improves Cyber Protections with MDR, DDoS Offerings
Bruce Christian
These include a heightened service-level agreement (SLA) for GTT Managed Detection and Response (MDR), assuring early detection and prevention, and the introduction of a new standard service option for enterprises to augment and uplift their network security with protection against distributed denial of service (DDoS) attacks.
Link: https://channelvisionmag.com/gtt-improves-cyber-protections-with-mdr-ddos-offerings/
PQShield announces major new collaborations with Tata Consultancy Services and eShard as organisa….
PRNewswire
PQShield is a leading contributor to NIST’s process to standardise post-quantum cryptography, which concludes this summer The company is experiencing high commercial demand for implementations of its quantum-proof cryptography PQShield has signed an MoU with Tata Consultancy Services to support their clients in the transition to quantum-proof security PQShield has also entered into a collaboration with eShard on advanced side-channel protection for critical systems LONDON , May 30, 2023 /PRNewswire/ — PQShield today announces a series of deals that reflect growing commercial demand for the real-world implementation of post-quantum cryptography (PQC).The company has signed a Memorandum of Understanding (MoU) with Tata Consultancy Services (TCS), a leading IT Services, consulting, and business solutions organization, to help clients transition to quantum-secure solutions and a collaboration with eShard , a side-channel analysis and testing tools provider, to further accelerate advanced side-channel secured implementations of PQC that are critical for high-security standards across industries.PQShield is also a leading contributor to the National Institute of Standards and Technology (NIST) post-quantum cryptography standardisation project, and has contributed multiple cryptographic extensions to RISC-V.
Headquartered in the UK, with teams in the United States , France , Belgium , the Netherlands and Japan , PQShield is principally backed by Addition, Crane Venture Partners, Oxford Science Enterprises (formerly OSI), Kindred Capital, and InnovateUK.
Link: https://www.benzinga.com/pressreleases/23/05/n32623633/pqshield-announces-major-new-collaborations-with-tata-consultancy-services-and-eshard-as-organisat
Events Ripper Update – Malware News – Malware Analysis, News and Indicators
MalBot
The Ripper Update was a significant update to the malware Ripper that was released in August 2018.
It was designed to make the malicious program more effective and easier to use by allowing users to customize their attack vectors and add new features such as proxy support and the ability to target specific processes.
Ripper is a unique and powerful type of malware that can be used to collect sensitive information, inject malicious code, and launch ransomware attacks.
This update is significant because it substantially improves the malware’s capability and effectiveness at collecting, exfiltrating, and introducing malicious code into vulnerable applications and networks.
Link: https://malware.news/t/events-ripper-update/70096
🚀 Launching Automated Threat Escalations: Focus Only On What Matters – Malware News – Malware Ana….
MalBot
The launch of automated threat escalations is an important step in the fight against cyber threats.
With automated threat escalations, companies are able to quickly and efficiently respond to threats in a targeted manner, without wasting valuable resources.
Automated threat escalations are also able to provide more reliable and accurate threat intelligence, enabling organizations to make more informed decisions in a timely manner.
By relying on automated tools, organizations can focus only on what matters instead of wasting time and resources on false alarms or irrelevant information.
Automated threat escalations can also ensure that remediation measures are implemented quickly and efficiently, allowing organizations to effectively block malicious actors from accessing their networks and data.
Link: https://malware.news/t/launching-automated-threat-escalations-focus-only-on-what-matters/70086
Seceon Expands Leadership Team with William Toll as VP of Marketing to Serve MSP and MSSP Communi….
Pushpendra Mishra
Seceon Expands Leadership Team with William Toll as VP of Marketing to Serve MSP and MSSP Communities Seceon , the pioneer of the first cybersecurity platform that augments and automates security operations services for MSPs and MSSPs, with an AI and ML-powered aiSIEM, aiXDR and aiMSSP platform, announced that it hired William Toll, a long-time IT channel industry veteran as VP of Marketing.“The need for an effective, yet profitable platform to build managed security services is growing quickly and with William’s leadership, Seceon will accelerate the growth of our market share around the globe.” William has led B2B Marketing, Product Marketing, and Product Management positions in the cybersecurity, managed service provider, and cloud computing industries.“Managed services have been a career long focus of mine and connecting Seceon with the MSP and MSSP community with an efficient and effective AI and ML-powered cybersecurity platform to build security services on top of is timely.” “Seceon’s push to accelerate revenue growth, empower our existing MSP and MSSP partner community, and grow across the globe has led to several key appointments this month including the strategic marketing leader, William Toll, to serve this community,” said Lalit Shinde, Seceon CRO.
Link: https://securityboulevard.com/2023/05/seceon-expands-leadership-team-with-william-toll-as-vp-of-marketing-to-serve-msp-and-mssp-communities/
Thinking straight in the SoC: How AI erases cognitive bias – Source: go.theregister.com
“It’s always looking to maximise resource and minimise decision making because it takes a lot of cognitive processing.”
When faced with a stressful situation like running into a grumpy bear, the brain puts its energy exactly where it’s needed.“That means you’re operating in fight, flight, or freeze mode, and you’re unable to make thoughtful decisions,” Darley warns.“Human psychology is important to consider from a security team perspective, because we all have cognitive biases,” explains Darley.“This takes a huge decision making element out of the human team’s hands, which gives them brain space to ideally de-stress a little bit and come back with logic.”
An unflappable assistant
For example, in the middle of a compromise an autonomous decision-making agent could make time-critical decisions about containment.“When you use as much metric and data as you can, you move away from cognitive bias because you’re not operating on instinct,” Darley explains.“You’re operating on data alone, which is a lot harder to argue your way out of.”
AI tools are adaptive, learning from past attacks and behavioural patterns to watch more accurately for things that deviate from the norm.
Link: https://ciso2ciso.com/thinking-straight-in-the-soc-how-ai-erases-cognitive-bias-source-go-theregister-com/
Kaspersky launches Interactive Protection Simulation multiplayer update with new chat features – ….
NCN News Network
Often there is a lack of understanding between IT and non-IT staff: as Kaspersky research shows, 98 percent of business leaders and non-IT respondents have faced at least one IT security miscommunication, and 62 percent of managers admit it led to at least one cybersecurity incident as a result.Basic training or the same approach as for all other employees doesn’t work for C-levels — they require a special format and a special presentation that will allow them to see the relation to the business.Through this training we help CISOs to engage C-suite executives in cybersecurity, make them see the connection between business revenue and cybersecurity, as well as increase cooperation and mutual understanding between CEO, IT security, IT and Business managers,” comments Alexey Malnev, Head of Services and Education Product Line at Kaspersky.
Link: https://www.ncnonline.net/kaspersky-launches-interactive-protection-simulation-multiplayer-update-with-new-chat-features/
Google Cloud brings simplified end-to-end TDIR to Chronicle – Techzine Europe
Erik van Klinken
Since the Chronicle tool operates within Google’s own cloud, everything is integrated with its associated products: Security Command Center (SCC) Premium and Google Cloud telemetry can plug in directly with the new capabilities.With pre-built playbooks and best practices matching Google Cloud, users can respond “quickly and precisely.” This is assisted by Chronicle SOAR (Security Orchestration Automation and Response) which combines alerts from multiple sources.
Link: https://www.techzine.eu/news/security/107402/google-cloud-brings-simplified-end-to-end-tdir-to-chronicle/
Deloitte announces new managed end-to-end enterprise cloud security and compliance offering with ….
Deloitte
With escalating security demands, Deloitte leverages the power of AWS to deliver managed cyber solutions to enable end-to-end enterprise cloud transformation and adoption
ANAHEIM, Calif. , June 13, Deloitte, a leader in global cyber services, today announces it is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud focused security and compliance service.ConvergeSECURITY allows enterprises to accelerate their cloud transformation efforts through a combination of artificial intelligence (AI)-enabled cloud security and compliance product solutions, consulting expertise and tailored resources leveraging actionable security threat intelligence and Amazon Security Lake, all in conjunction with the AWS Global Partner Security Initiative.”With ConvergeSECURITY, the fusion of Deloitte’s world-class services and solutions and AWS cloud security services with a go-to-market approach is a market differentiator.”By leveraging Amazon Security Lake and Amazon Bedrock, a Foundation Model API Service, and Deloitte’s security and compliance services, ConvergeSECURITY is designed to allow enterprise customers to effectively analyze greater volumes of data than ever before.”We are delighted to be working with Deloitte to provide our customers with security solutions and expertise that enable secure cloud migrations,” says Julia Chen , vice president, Partner Core at AWS.
Link: https://www.prnewswire.com/news-releases/deloitte-announces-new-managed-end-to-end-enterprise-cloud-security-and-compliance-offering-with-aws-convergesecurity-301849798.html
Forensia – Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitat….
Unknown (noreply@blogger.com)
Forensia is a tool designed to help security professionals detect and nullify red teaming attempts that are taking place on their systems.
It leverages artificial intelligence and heuristic analysis to identify suspicious activity and generate comprehensive reports that can be used to investigate and remediate the issue.
Forensia is an advanced forensics tool that can be used to diagnose and mitigate insider threats as well as detect malicious activity.
By utilizing its AI-driven analysis, Forensia quickly identifies malicious actors, provides an overview of the attack vector and allows for an in-depth look into the network, associated files, registries, processes, and traffic.
All of this can be used to effectively discover the root cause of the attack and plan a course of action to reduce the risk of a successful breach.
Link: https://www.kitploit.com/2023/06/forensia-anti-forensics-tool-for-red.html
10 Best Vulnerability Scanner Tools For Penetration Testing – 2023
Charlie
1.
Nmap:
Nmap (Network Mapper) is an open-source security scanner used for network discovery and security auditing.
It scans for live hosts, determines operating systems, services, and their associated versions.
Nmap is one of the best tools for identifying vulnerabilities in systems and networks.
2.
Nessus:
Nessus is a vulnerability scanner developed by Tenable.
It is the most popular vulnerability scanner on the market with more than one million users regularly using it.
It provides a comprehensive list of vulnerabilities and is able to find security gaps in a variety of systems, including Linux, Windows, and macOS.
3.
OpenVAS:
OpenVAS is a free and open-source vulnerability scanner that utilizes a large collection of network security testing tools.
It is a very comprehensive tool and allows for effective network scanning and vulnerability testing.
4.
Kali Linux:
Kali Linux is a Linux distribution specifically built for penetration testing and security audits.
It comes pre-installed with a wide variety of hacking and security tools, including vulnerability scanners.
Kali Linux and its scanner is a favorite of many hackers and pen-testers.
5.
WPScan:
WPScan is a vulnerability scanner specifically designed for
Link: https://www.hackerzzz.com/security/10-best-vulnerability-scanner-tools-for-penetration-testing-2023/
Technologies that Enhance Physical Security
Bob Mesnik
1. Access Control Systems: Access control systems, such as biometric readers and card readers, can help restrict entry into a facility to only authorized personnel.
These systems are typically integrated with an alarm system or CCTV camera system for added security.
2. Video Surveillance Systems: Video surveillance systems offer a powerful deterrence against crime, since potential intruders will be recorded as they try to enter or move around the premises.
In addition, images from these systems can be used to identify suspects and provide evidence in the event of a crime taking place.
3. Intrusion Detection Systems: Intrusion detection systems monitor for suspicious activities and alert security when something out of the ordinary is detected.
These systems can be integrated with access control systems and video surveillance systems for a complete security solution.
4. Physical Barriers: Physical barriers, such as fencing and barricades, can help prevent unauthorized access to the facility.
These barriers should be placed strategically around the perimeter, and must be regularly checked to ensure it is still effective.
5. Lock Systems: Lock systems are a critical component of a security solution.
Different types of locks, such as combination locks and keyless locks, can be installed on doors, gates, and cabinets to help
Link: https://kintronics.com/technologies-that-enhance-physical-security/
Cyber Security Automation: 12 Key Functions Your Organization Needs to Automate Now | by Neetamve….
Neetamveer
The Need for Cyber Security Automation One significant benefit of automating security functions is that it can quickly handle and process numerous datasets, whereas manual security systems may consume much time.For example, Organizations can collect and analyze enormous volumes of data from multiple sources using automated technologies such as SIEM systems and threat intelligence platforms to discover trends and anomalies that may indicate a security threat.Security teams can dedicate more time to investigating and responding to more advanced threats that may necessitate more in-depth study by automating typical processes like vulnerability detection, patching, and system updates.Automating compliance, audit, and incident response processes can help businesses improve their security posture, increase efficiency, and reduce the risk of non-compliance or security breaches.However, security operations can be more effective by automating processes like log and asset management and data collection, freeing skilled security team members’ time to work on high-value jobs requiring human participation.Businesses can utilize automated solutions to safeguard their applications by verifying authentication, authorization, and encryption protocols.The technology starts gathering intelligence as soon as attackers engage with these spoofs, which it then utilizes to alert organizations’ security staff, enabling them to address/remove these threats, halt prospective breaches, and guarantee data protection.Businesses can utilize automated solutions to safeguard their applications by verifying authentication, authorization, and encryption protocols.
Link: https://medium.com/@neetamveer/cyber-security-automation-12-key-functions-your-organization-needs-to-automate-now-4cdaff4baa8
Threat Detection and Incident Response in the Cloud: Enhancing Security Operations | by Emmanuel ….
Emmanuel Odenyire Anyira
This article delves into various techniques and best practices for detecting and responding to security threats in cloud environments, including log monitoring, threat intelligence, incident response planning, and security automation.This section highlights the significance of log monitoring in detecting potential security incidents, tracking user activities, and analyzing system behavior for proactive threat detection.This section highlights the significance of log monitoring in detecting potential security incidents, tracking user activities, and analyzing system behavior for proactive threat detection.4.2 Automation Use Cases: Discuss specific use cases where security automation can be implemented in cloud environments, such as automated threat hunting, automated incident triage and prioritization, and automated response actions, such as isolating compromised resources or blocking malicious IP addresses.
Link: https://eodenyire.medium.com/threat-detection-and-incident-response-in-the-cloud-enhancing-security-operations-cda3ad94c525
Incident Response: Bring Out the Body File
Roza Maille
This TrustedSec blog post discusses Incident Response and the Bring Out the Body File process.
The article starts off by explaining the importance of understanding how to properly respond to an incident, as well as the relevance of using a tool like Bring Out the Body File.
It then goes on to explain what the Bring Out the Body File process is, and how it can be used to detect malicious activity and investigate an incident.
It provides step-by-step instructions for setting up the process, including deploying the requisite files and running the scan.
The post also includes tips on crawling logs to uncover evidence of malicious activity, as well as advice on best practices for incident response.
Link: https://www.trustedsec.com/blog/incident-response-bring-out-the-body-file/
Pilot Applicant Information for American, Southwest Hacked
Nate Nelson
/d/d-id/1335609
The personal information of 6,000 applicants for a pilot job at Southwest Airlines was hacked by an unauthorized third party.
The airline discovered the breach in October, and notified applicants of the breach soon after.
Data leaked in the breach includes the names, Social Security numbers, and other personal information of applicants.
A Southwest spokesperson said that no financial information or flight information was compromised, and that the airline has taken additional security measures to protect customers’ data.
The airline is offering affected customers one year of credit monitoring and identity protection services to help them protect their personal information.
Southwest declined to comment on the identity of the hacker or the technique used to access the data.
Link: https://www.darkreading.com/attacks-breaches/pilot-applicant-information-for-american-southwest-hacked-
Incident Response System Market Progress Rapidly Due to increasing number of regulations and comp….
Sandeep
Incident Response System Market Progress Rapidly Due to Increasing Number of Regulations and Compliance Requirements
The growing demand for the Incident Response System Market across the globe is driven by the increasing number of regulations and compliance requirements, rising cyber threats, and the emergence of cloud-based incident response solutions.
Incident response solutions are gaining traction as enterprises are seeing the need for comprehensive and advanced granular solutions to address the vulnerabilities, threats, and malicious activities occurring in their networks.
The increasing need for incident response systems can be attributed to the growing global security compliance requirements and increased cyber threats across the world.
The market is growing rapidly with the rising need for the centralized security monitoring solutions and the flourishing businesses in the wake of data privacy, security, and compliance requirements.
Enterprises are increasingly deploying the incident response systems to meet these requirements.
Additionally, the growing demand for cloud-based solutions is contributing to the global incident response system market growth.
The cloud-based incident response solutions provide organizations with the ability to manage their response to cyber incidents faster than traditional on-premise systems.
Furthermore, the rising demand for incident response systems among small and medium-sized businesses (SMBs) is boosting the global incident response system market size.
SMBs are adopting managed security services such
Link: https://linkewire.com/2023/06/27/incident-response-system-market-progress-rapidly-due-to-increasing-number-of-regulations-and-compliance-requirements-2/
Lessons From Clop: Combating Ransomware and Cyber Extortion Events
Devaney Devoe
The Clop ransomware attacks of 2020 highlighted the vulnerability of complex organizational networks that rely heavily on digital technology.
In these attacks, cyber criminals infiltrated a company’s systems and held their data for ransom – an attack known as a cyber extortion attack.
The attackers demanded payment from the companies in exchange for the release of their data.
The security lapses that enabled these attacks to occur can be attributed to a lack of basic cyber security measures.
Poorly managed access to privileged accounts and insufficiently secured access control along with insufficient segmentation between systems were a few of the primary vulnerabilities that allowed the attackers to gain access in the first place.
It also highlighted some of the common mistakes organizations make when it comes to data security, such as failing to keep current backups of their data and not having an incident response plan in place.
It is critical for companies to run regular cyber security assessments to identify and remediate any vulnerabilities in their IT infrastructure.
Protecting privileged accounts and systems should be a priority, as gaining access to a single privileged account can be enough for attackers to gain a beachhead into a company’s systems.
Implementing a comprehensive multi-factor authentication solution should also be considered, and access control policies should be regularly monitored and updated.
Link: https://flashpoint.io/blog/lessons-from-clop-ransomware-cyber-extortion-attacks/
Anatsa Android Banking Trojan Targeting U.S, U.K & DACH with New Campaign
s)
Anatsa is a new banking trojan that is targeting users in the United States, United Kingdom and the DACH region.
It is designed to steal user credentials and banking information from Android users.
The malware is spread via phishing emails, SMS and malicious downloads from the Google Play store.
Once a device has been infected, Anatsa will launch a malicious activity to intercept the user’s banking information.
It will then display an overlay on top of the legitimate application requiring users to enter their login credentials.
The malware is highly persistent and will remain on the device until it is removed manually by the user.
It has the capability to hide itself from being noticed and can spread to other devices connected to the same Wi-Fi network.
Link: https://www.secureblink.com/cyber-security-news/anatsa-android-banking-trojan-targeting-u-s-u-k-and-dach-with-new-campaign
Critical authentication bypass found in Arcserve backup system
Steve Zurier
SC Magazine
Summary:
This article discusses a critical authentication bypass vulnerability found in Arcserve Unified Data Protection (UDP) enterprise data protection product, and the steps taken by Arcserve to patch the vulnerability.
Key takeaways:
1) An authentication bypass vulnerability was found in Arcserve UDP enterprise data protection product.
2) Arcserve released a patch for the vulnerability on June 27.
3) Rapid7 researchers found that more than half of the vulnerabilities they tracked were exploited within seven days of public disclosure.
Link: https://www.scmagazine.com/news/vulnerability-management/critical-authentication-bypass-found-in-arcserve-backup-system
Igor’s Tip of the Week #146: Graph printing – Malware Analysis – Malware Analysis, News and Indic….
MalBot
Igor S.’s Tip of the Week #146: Graph Printing
When we speak of malware analysis, often the first thing that comes to mind is printing the graph of a suspicious process or thread.
Graph printing is an immensely powerful technique and, as a matter of fact, can be used to uncover various anomalies that may lead to malware infection.
Graph printing is extremely useful when trying to uncover unknown threats.
Essentially, it involves printing the graph of a suspicious process or thread in order to analyze the control flow graph and identify potential malicious activities.
It works like this: the printer will take the graph and convert it into a nice-looking picture, allowing you to inspect it for anomalies.
As you examine the graph, you will be able to spot suspicious behaviors like calls to external libraries, API execution, data flow, and other anomalies that may have been used by a malware to attack the system.
In conclusion, graph printing is an invaluable tool in malware analysis that can help uncover various malicious activities and threats.
It is important to remember to print the graph of any suspicious process or thread in order to properly analyze the control flow and identify any potential threats.
Link: https://malware.news/t/igor-s-tip-of-the-week-146-graph-printing/70991
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator – Malware ….
MalBot
Malvertising is a form of deceptive online advertising that uses third-party advertising networks to spread malicious software or engage in other malicious activities.
This type of malvertising is often used as an entry vector for malicious actors who can then leverage spyware and ransomware campaigns to target victims.
In this case, researchers discovered a malvertising campaign from the Blackcat actors that was used to send users to a malicious landing page.
The page hosted the SpyBoy Terminator, which is a form of spyware.
The malware was then used to steal sensitive personal information such as credit card numbers, passwords, and other credentials.
In order to combat these types of attacks, users should ensure their systems are up-to-date with the latest security patches and that firewalls are enabled.
Additionally, users should be wary of clicking on suspicious links and refrain from installing any programs or files from untrusted sources.
Link: https://malware.news/t/malvertising-used-as-entry-vector-for-blackcat-actors-also-leverage-spyboy-terminator/70988
Malware Execution Method Using DNS TXT Record – Malware Analysis – Malware Analysis, News and Ind….
MalBot
Malware authors have been increasingly using DNS TXT records to facilitate the download and execution of malicious software.
This approach is known as “DNS Tunneling”.
When enabled on a malicious actor’s command and control server, DNS tunneling allows an attacker to establish a communications channel with a target machine by configuring the DNS server of that machine to periodically issue requests for specially-crafted TXT records.
The response received contains instructions to be executed by the target device, which may, for example, download and run malicious code.
In addition to the above, attackers also use DNS TXT records to propagate malicious content such as ransomware, malware, and malicious scripts.
This is done by placing a malicious link in the TXT records, which when clicked by the user triggers the download of malicious content from the attacker’s command and control server.
To help limit the potential abuse of DNS TXT records, organizations are advised to consider limiting the number of TXT records issued by their DNS servers and to carefully monitor their use.
Additionally, administrators should be especially wary of TXT records originating from suspicious domains and IP addresses.
Link: https://malware.news/t/malware-execution-method-using-dns-txt-record/70981
Sandfly Review – Agentless Linux Security with Unmatched Speed and Reliability – Malware News – M….
MalBot
Sandfly is an agentless Linux security solution that combines speed, reliability, and ease of use.
It offers a robust suite of tools for proactively detecting and patching common Linux vulnerabilities.
Additionally, it is designed to be secure, with no reliance on third-party vendors or any external sources.
This makes Sandfly particularly attractive for organizations with stringent security requirements.
The core feature set of Sandfly focuses on five key areas:
Asset Discovery: Sandfly leverages advanced inventory scanning and discovery techniques to quickly identify and classify endpoints.
This provides a comprehensive view of the network and any potential security weaknesses.
Vulnerability Scanning: By leveraging powerful scanning engine, Sandfly can quickly detect existing vulnerability issues and provide remediation steps.
It is also capable of identifying and analyzing zero-day threats.
Threat Detection: Sandfly features an advanced threat detection system that can detect and block malicious actors from exploiting vulnerable applications.
Patch Management: Sandfly provides automated patching of systems.
This ensures system stability and security, even when there is an active threat.
Configuration Corruption Detection: Sandfly has the ability to detect any unanticipated changes to system configurations.
This helps prevent potential malicious interference.
Overall, Sand
Link: https://malware.news/t/sandfly-review-agentless-linux-security-with-unmatched-speed-and-reliability/70979
Double extortion attacks by 8Base ransomware ramp up – Malware News – Malware Analysis, News and ….
MalBot
Double extortion attacks by 8base ransomware continue to ramp up as more victims fall prey to the cybercriminals behind the scheme.
The malware is mainly distributed via phishing emails that contain malicious attachments.
Once installed on a system, the ransomware encrypts the victim’s data and demands payment for the key needed to unlock the files.
In addition to the ransom, the hackers threaten to post the stolen data on the dark web unless a second payment is received.
The choice is either to pay the ransom or face the risk of your confidential data being revealed to the world.
As ways to protect against 8base ransomware and other threats, experts recommend that organizations patch their systems regularly, maintain backups of data, and practice good email security protocols.
Link: https://malware.news/t/double-extortion-attacks-by-8base-ransomware-ramp-up/70973
VMware ESXi servers subjected to Akira for Linux ransomware attacks – Malware News – Malware Anal….
MalBot
VMware ESXi servers are being subjected to a ransomware attack dubbed Akira for Linux.
In the attacks, malicious actors gain access to the target machines, encrypt the data, and then demand a ransom for its decryption.
After a successful attack, the hackers demand a ransom be paid in exchange for decrypting the data.
The ransom amount demanded usually varies between 0.3 and 5 bitcoins.
This attack is particularly dangerous as it is capable of encrypting not only the data stored on the targeted server but also any external storage devices attached to it.
In order to protect their servers from such threats, it is important for administrators to ensure their servers are regularly patched, use secure passwords and two-factor authentication, run anti-virus and malware-detection software, implement access controls, and regularly backup their data.
Furthermore, it is also essential to keep all software and systems up to date with the latest patches and security updates.
Link: https://malware.news/t/vmware-esxi-servers-subjected-to-akira-for-linux-ransomware-attacks/70971
MOVEit hackers may have found simpler business model beyond ransomware – Malware News – Malware A….
MalBot
Moveit Hackers May Have Found Simpler Business Model Beyond Ransomware
With ransomware attacks becoming increasingly more common, many hackers have begun turning to more straightforward tactics to make money off of unsuspecting victims.
Moveit hackers, a group of Russian-speaking cybercriminals, have recently been observed exploiting an easier-to-use exploit that requires minimal effort.
Moveit hackers have been observed exploiting a weak configuration on Windows server machines.
It grants privileged access to the server and allows for the download of executable files, such as ransomware.
With this exploit, the attackers can simply host the ransomware executable on their own server and wait for victims to download it before holding their data for ransom.
By hosting the executable on their own server, Moveit hackers can take advantage of distributed denial-of-service protection without running the risk of being shut down or taken offline.
As well, by eliminating the need for complex malware infection techniques, the attackers are able to focus on their simpler task and target more victims in a shorter period of time.
It’s important to note that the Moveit hackers’ tactics are not new.
Experts have seen similar kinds of attacks going back to the mid-2010s, and attackers have certainly been using servers to host
Link: https://malware.news/t/moveit-hackers-may-have-found-simpler-business-model-beyond-ransomware/70959
Human oversight key to keeping AI honest – Malware News – Malware Analysis, News and Indicators
MalBot
Human oversight is essential to keeping AI honest, and a combination of human and AI can be powerful when it is used correctly.
To ensure that AI systems are honest, companies and developers should be mindful of the data they feed into the system and audit the system regularly.
This could be accomplished through frequent tests, simulation runs, and human review of results.
Additionally, companies must be aware of potential biases in the data they use and avoid using datasets that could lead to unfavorable or discriminatory outputs.
Moreover, developers must be attentive to the AI’s environment and carefully monitor its interactions with people, which can help identify and address potential problems before they become an issue.
Finally, companies should define and enforce standards of privacy, safety, and fairness for their AI decisions.
Link: https://malware.news/t/human-oversight-key-to-keeping-ai-honest/70953
Leveraging Intezer’s Smart Decision Making in Your SOAR
Intezer
For example, instead of engineering a custom playbook that collects multiple evidence for a
Crowdstrike alert, analyze each piece of evidence and then build complex logic to come up with an incident-wide conclusion, Intezer already does that for you, providing a clear triage assessment that has been abstracted into a simple block in your SOAR playbook.- Associated threat actor or malware family
– IOCs from all the pieces of evidence that are associated with the alert
– Analysis results of every piece of collected evidence
– Recommended next steps
Traditionally, getting to such conclusions (for example, deciding if a certain alert is a false positive) requires human involvement, even in cases of well-implemented SOARs.How to Incorporate Intezer’s Smart Decision Making into Your SOAR
Integrating your endpoint security (EDR)
In order for Intezer to send triage assessments to your SOAR, you first need to make sure to integrate Intezer with one of our supported endpoint security products (mainly
https://support.intezer.com/hc/en-us/articles/5750612758812-CrowdStrike, SentinelOne and Microsoft Defender).While there are numerous use cases and playbooks that can benefit from Intezer’s alert triage assessment, we highly recommend incorporating it into these key workflows:
– Resolving False Positives: Intezer’s assessment can be used to automatically resolve or de-prioritize tickets that have been identified as false positives.We would also recommend using the “alert_id” field to link to Intezer’s portal for deeper, visual investigation: “https://analyze.intezer.com/alerts/[alert_id]” which could be added to tickets .Conclusion
Incorporating Intezer’s smart decision-making into your SOAR tool can truly automate Tier 1-2 investigations, enhancing your security operations and reducing the workload for your team.
Link: https://intezer.com/blog/alert-triage/leveraging-intezers-smart-decision-making-in-your-soar/
MOVEit hackers may have found simpler business model beyond ransomware – Malware News – Malware A….
MalBot
Moveit Hackers May Have Found Simpler Business Model Beyond Ransomware
With ransomware attacks becoming increasingly more common, many hackers have begun turning to more straightforward tactics to make money off of unsuspecting victims.
Moveit hackers, a group of Russian-speaking cybercriminals, have recently been observed exploiting an easier-to-use exploit that requires minimal effort.
Moveit hackers have been observed exploiting a weak configuration on Windows server machines.
It grants privileged access to the server and allows for the download of executable files, such as ransomware.
With this exploit, the attackers can simply host the ransomware executable on their own server and wait for victims to download it before holding their data for ransom.
By hosting the executable on their own server, Moveit hackers can take advantage of distributed denial-of-service protection without running the risk of being shut down or taken offline.
As well, by eliminating the need for complex malware infection techniques, the attackers are able to focus on their simpler task and target more victims in a shorter period of time.
It’s important to note that the Moveit hackers’ tactics are not new.
Experts have seen similar kinds of attacks going back to the mid-2010s, and attackers have certainly been using servers to host
Link: https://malware.news/t/moveit-hackers-may-have-found-simpler-business-model-beyond-ransomware/70959
Human oversight key to keeping AI honest – Malware News – Malware Analysis, News and Indicators
MalBot
Human oversight is essential to keeping AI honest, and a combination of human and AI can be powerful when it is used correctly.
To ensure that AI systems are honest, companies and developers should be mindful of the data they feed into the system and audit the system regularly.
This could be accomplished through frequent tests, simulation runs, and human review of results.
Additionally, companies must be aware of potential biases in the data they use and avoid using datasets that could lead to unfavorable or discriminatory outputs.
Moreover, developers must be attentive to the AI’s environment and carefully monitor its interactions with people, which can help identify and address potential problems before they become an issue.
Finally, companies should define and enforce standards of privacy, safety, and fairness for their AI decisions.
Link: https://malware.news/t/human-oversight-key-to-keeping-ai-honest/70953
Leveraging Intezer’s Smart Decision Making in Your SOAR
Intezer
For example, instead of engineering a custom playbook that collects multiple evidence for a
Crowdstrike alert, analyze each piece of evidence and then build complex logic to come up with an incident-wide conclusion, Intezer already does that for you, providing a clear triage assessment that has been abstracted into a simple block in your SOAR playbook.- Associated threat actor or malware family
– IOCs from all the pieces of evidence that are associated with the alert
– Analysis results of every piece of collected evidence
– Recommended next steps
Traditionally, getting to such conclusions (for example, deciding if a certain alert is a false positive) requires human involvement, even in cases of well-implemented SOARs.How to Incorporate Intezer’s Smart Decision Making into Your SOAR
Integrating your endpoint security (EDR)
In order for Intezer to send triage assessments to your SOAR, you first need to make sure to integrate Intezer with one of our supported endpoint security products (mainly
https://support.intezer.com/hc/en-us/articles/5750612758812-CrowdStrike, SentinelOne and Microsoft Defender).While there are numerous use cases and playbooks that can benefit from Intezer’s alert triage assessment, we highly recommend incorporating it into these key workflows:
– Resolving False Positives: Intezer’s assessment can be used to automatically resolve or de-prioritize tickets that have been identified as false positives.We would also recommend using the “alert_id” field to link to Intezer’s portal for deeper, visual investigation: “https://analyze.intezer.com/alerts/[alert_id]” which could be added to tickets .Conclusion
Incorporating Intezer’s smart decision-making into your SOAR tool can truly automate Tier 1-2 investigations, enhancing your security operations and reducing the workload for your team.
Link: https://intezer.com/blog/alert-triage/leveraging-intezers-smart-decision-making-in-your-soar/
Hackrate releases ethical hacking monitoring platform HackGATE
Michael Hill
CSO Online
HackGATE is designed to help organizations better manage and oversee security testing and penetration testing initiatives, offering enhanced project control and cybersecurity, the firm said in a press release.
Its capabilities allow businesses to access improved transparency, project analysis, and proactive monitoring of ethical hacking activities, it added.
HackGATE employs “advanced technologies” and integrates with a leading security information and event management (SIEM) system to ensure comprehensive project analysis, Hackrate claimed.
Its features include the ability to identify attack types, log security data, and generate individual pen test reports in clickable PDF format, it added.
Link: https://www.csoonline.com/article/644922/hackrate-releases-ethical-hacking-monitoring-platform-hackgate.html