当前节点:rss
时间节点
2022年6月24日 05:40malware.news
These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on. Malware analysts and security professionals can learn a lot from these reports, but not much of the content has an immediate or practical use. With the release of the report Common TTPs of modern ransomware, Kaspersky experts have taken a different approach. We want to familiarize the reader with the different stages of ransomware deployment, how cybercriminals use RATs and other tools across the various stages and what they aim to achieve. The report also provides a visual guide to defending against targeted ransomware attacks, using the most prolific groups as examples, and introduces the reader to the SIGMA detection rules that we created.
What 
2022年6月24日 05:40malware.news
Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency.
The group was involved in fraud, money laundering, phishing, and scams.
According to a Europol press release, the group’s modus operandi started with an email, text message, or private message containing a link to a phishing page.
Once recipients opened the link, they would be directed to a bogus bank website. Here, they were encouraged to enter their banking credentials. Money mules then used these credentials to cash out millions in Euros from victim accounts.
On top of fraud, the group was also involved in drug and possible firearms trafficking.
“Europol facilitated the information exchange, the operational coordination
2022年6月24日 05:40malware.news
After the corresponding cyber attacks timelines, it’s time to publish the statistics of May 2022 once again, unsurprisingly, characterized by…
Article Link: May 2022 Cyber Attack Statistics – HACKMAGEDDON
1 post - 1 participant
Read full topic
在相应的网络攻击时间表之后,是时候再次发布2022年5月的统计数据了,毫不奇怪,拥有属性... ..。
文章链接: 2022年5月网络攻击统计数据
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
PowerShell is often abused by attackers but defenders should not switch off the Windows command-line tool, warn cybersecurity agencies.
Article Link: NSA, CISA say: Don't block PowerShell, here's what to do instead | ZDNet
1 post - 1 participant
Read full topic
网络安全机构警告说,PowerShell 经常被攻击者滥用,但是防御者不应该关闭 Windows 命令行工具。
文章链接: NSA,CISA 说: 不要阻止 PowerShell,这里是代替做什么 | ZDNet
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
Criminals still like using email to phish credentials but ransomware delivered by email has tapered off.
Article Link: Your email is a major source of security risks and it's getting worse | ZDNet
1 post - 1 participant
Read full topic
犯罪分子仍然喜欢使用电子邮件钓鱼凭证,但通过电子邮件发送的勒索软件已逐渐减少。
文章链接: 你的电子邮件是安全风险的主要来源,而且情况越来越糟
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
The U.S. Department of Justice (DOJ) seized a Russian-controlled proxy server known as RSOCKS. In a statement released on Thursday, the DOJ stated that the infrastructure of the large-sized botnet RSOCKS had been completely dismantled. The Russian-operated botnet is responsible for hacking millions of computers and other connected electronic devices.
A message on the seized website states that it has been detained by the Federal Bureau of Investigation (FBI) following a seizure warrant obtained by multiple government security agencies. DOJ’s efforts were actively supported by security agencies in Germany, the United Kingdom, and the Netherlands, as well as numerous companies from the private sector.
Russian cybercriminals controlled the group of hacked internet-connected devices. The hackers were selling access to compromised devices without the owner’s knowledge. Those devices and their I.P. addresses were then actively used for malicious purposes such as major attacks against authentication services, also k
2022年6月24日 05:40malware.news
Type: Threat Analysis

BRONZE STARLIGHT Ransomware Operations Use HUI Loader



Article Link: BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks
1 post - 1 participant
Read full topic
类型: 威胁分析

青铜星光勒索软件操作使用慧载入器



文章链接: 青铜星光勒索软件操作使用 HUI 加载器 | Secureworks
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
The next 2022 IDA training course will take place online 12–16 and 19-21 September 2022, CEST time.
standard training: (12-16 September) aims to teach standard knowledge about IDA by demonstrating its use to analyze binary programs on modern operating systems.
advanced training: (19-21 September) intended for experienced IDA users who want to take advantage of its open architecture by extending and improving it.
The training session offers its participants an opportunity to improve their analysis with IDA’s limitless capabilities with theoretical and practical courses. After each theoretical section hands-on exercises will be carried out so as to master thorough understanding of concepts and methods. Training material is always updated to include the latest additions to IDA.
Detailed information including course programs, cost and registration forms can be found in our dedicated training page. If needed, additional information may be requested by emailing our sales team.
Visit the training page  Book your sea
2022年6月24日 05:40malware.news
The House Armed Services Committee on Thursday overwhelmingly approved its version of the annual defense policy bill that included multiple cybersecurity provisions.
The panel voted 57-1 during the pre-dawn hours to advance its $840 billion National Defense Authorization Act after a marathon markup session.
Lawmakers approved a handful of cyber-related amendments during their roughly 16-hour hearing, including one that would require the Homeland Security Department to submit a report to Congress detailing federal cyber incident response roles and responsibilities.
Another amendment would require the Pentagon to conduct a “comprehensive assessment” of the cybersecurity vulnerabilities of its weapons systems — an issue that has plagued the massive department for years.
The panel also approved an amendment that would require the Treasury secretary to submit an annual report to the Financial Services Committee on the status of the department’s cybersecurity efforts to safeguard the U.S. financial sector, which ha
2022年6月24日 05:40malware.news
(Almost) everything you always wanted to know about virtual private networks, but were afraid to ask
The post Virtual private networks: 5 common questions about VPNs answered appeared first on WeLiveSecurity
Article Link: Virtual private networks: 5 common questions about VPNs answered | WeLiveSecurity
1 post - 1 participant
Read full topic
(几乎)关于虚拟专用网络你一直想知道但又不敢问的所有事情
虚拟专用网络: 关于 VPN 的5个常见问题首先出现在 WeLiveSecurity 上
文章链接: 虚拟专用网络: VPN 的5个常见问题解答 | WeLiveSecurity
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
Weaknesses in operational technology systems need to be addressed.
Article Link: CISA warns over software flaws in industrial control systems | ZDNet
1 post - 1 participant
Read full topic
需要解决操作技术系统中的薄弱环节。
文章链接: CISA 警告工业控制系统中的软件缺陷 | ZDNet
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
Five ransomware strains have been linked to Bronze Starlight activities.
Article Link: These hackers are spreading ransomware as a distraction - to hide their cyber spying | ZDNet
1 post - 1 participant
Read full topic
五种勒索软件与青铜星光的活动有关。
文章链接: 这些黑客传播勒索软件是为了分散注意力——以隐藏他们的网络间谍活动
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
Almost one in three detected Russian attacks are successful, Microsoft said.
Article Link: Microsoft: Russia Stepping Up Hacking, Cyber Penetration Efforts on 42 Ukraine Allies - Nextgov
1 post - 1 participant
Read full topic
微软表示,几乎三分之一的被侦测到的俄罗斯攻击是成功的。
文章链接: 微软: 俄罗斯加大对42个乌克兰盟友的黑客攻击和网络渗透力度
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
ClearSky discovered a new malware associated with the Iranian SiameseKitten (Lyceum) group with
medium-high confidence.
The file is downloaded from a domain registered on June 6th, and it communicates with a previously unknown command and control server whose IP address is adjacent to that of the domain.
This indicates an attacker-controlled at least two IP’s on the same range.
The downloaded file is a reverse shell that impersonates an Adobe update.
The reverse shell is dropped by a parent file signed with a fake Microsoft certificate, along with a lure PDF document and an executable designed to establish persistence.
There seems to be a shared use of fake Microsoft certificates by a variety of Iranian groups, as Phosphorus was previously observed.
Additionally, the lure PDF document relates to drone attacks conducted in Iran, resembling a similar document previously employed by SiameseKitten3.
Read the full report: https://www.clearskysec.com/wp-content/uploads/2022/06/Lyceum-suicide-drone-23.6.pdf
Article 
2022年6月24日 05:40malware.news
Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI.
Article Link: Python packages upload your AWS keys, env vars, secrets to the web
1 post - 1 participant
Read full topic
上周,Sonatype 发现了多个 Python 包,它们不仅可以解密 AWS 凭证和环境变量,而且还可以将它们上传到公开的端点。
这些软件包是由 Sonatype 的自动恶意软件检测系统发现的,该系统是 Nexus 平台产品的一部分,包括 Nexus 防火墙。在进一步的审查中,我们认为这些包是恶意的,并将它们报告给 PyPI。
文章链接: Python 包将您的 AWS 密钥、 env vars 和机密上传到 Web
1名1职参与者
阅读全部主题
2022年6月24日 05:40malware.news
Fluentd is an open source data collector widely used for log aggregation in Kubernetes. Monitoring and troubleshooting Fluentd with Prometheus is really important to identify potential issues affecting your logging and monitoring systems.
In this article, you’ll learn how to start monitoring Fluentd with Prometheus, following Fluentd docs monitoring recommendations. You’ll also discover the most common Fluentd issues and how to troubleshoot them.
How to install and configure Fluentd to expose Prometheus metrics
You can install Fluentd in different ways, as seen in Fluentd documentation. We recommend deploying Fluentd in Kubernetes by using the Helm chart:
helm repo add fluent https://fluent.github.io/helm-charts helm repo update helm install fluentd fluent/fluentd
You’ll need to enable a few Fluentd Prometheus plugins for Fluentd to expose metrics. But don’t worry, they are already activated in the Helm chart, so if you installed Fluentd that way, you’re good to go.
Monitoring Fluentd with Prometheus: Inputs
2022年6月24日 05:40malware.news
Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been (mostly) legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send you offers. Stores follow your movements and tailor products accordingly, occasionally with very bad results. It’s such a common practice that you even see digital advertising used to track appearing in video games.
Attacks we’ve seen in the real world typically involve QR code stickers and take two main forms:
Letters or emails/chat app conversations which direct victims to Bitcoin ATMs. These attacks can often tie into money mule schemes.
Real world alteration/tampering of genuine QR codes. This can involve bogus QR code stickers placed over locations you’d expect to see a real code. Parking meters and car parks generally are prime targets for this type of scam.
We can now add rogue billboards to the list.
Beware 
2022年6月24日 05:40malware.news
Members of the Cybersecurity Advisory Committee of CISA (Cybersecurity and Infrastructure Security Agency) have proposed an emergency cybersecurity call line for small and medium-sized businesses (SMBs). Should the proposition be approved, SMBs would be able to call 311 in the event of a cybersecurity incident.
CISA’s cyberhygiene subcommittee head, George Stathakopoulos, originally floated the idea that CISA should “launch a 311 national campaign, to provide an emergency call line and clinics for assistance following cyber incidents for small and medium businesses.” The communications subcommittee also floated a similar idea.
CISA and other cybersecurity experts have pushed for more robust incident response reporting. In March, President Joe Biden signed the Strengthening American Cybersecurity Act, a cyber incident reporting bill requiring critical infrastructure operators to report a breach to CISA within 72 hours, and 24 hours if they made a ransomware payment.
CISA Executive Assistant Director for Cybers
2022年6月24日 05:40malware.news
The sensitive information of 1.1 million patients served by Indiana University Health hospital was leaked in a data breach that took place in 2020, according to notification letters sent out by a vendor of the hospital.
Filings with the Maine Attorney General’s office say the breach came from MCG Health and involved names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth and genders.
MCG Health – based in Seattle – is part of Hearst Health and says it provides healthcare facilities with artificial intelligence, technology solutions and “objective clinical expertise” designed to improve “financial and clinical outcomes.”
The company began sending out thousands of breach notification letters on June 10 after it discovered it was hacked on March 25.
In the letters sent to victims, MCG Health said it hired a “forensic investigation firm” to help with the response and is “coordinating with the FBI.”
The letters to victims omit the fact that the investigat
2022年6月24日 05:40malware.news
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for securing access to Azure Cosmos DB and show how monitoring relevant control plane operations, when performed by Microsoft Defender for Azure Cosmos DB, can help detect potentially compromised identities.
Authentication and authorization
Operating Azure Cosmos DB databases requires valid credentials to be provided for each request. The main type of credentials is a pair of access keys, known as primary and secondary, which are generated as part of the Azure Cosmos DB account creation and can be retrieved through management API using the ListKeys operation. These keys provide full control over the account, including configuration of databases, deployment of server-side logic, and common read and write data transactions.
2022年6月24日 05:40malware.news
This blog was written by an independent guest blogger.
Cyberthreats don't affect only large enterprises and governments – they can also affect small businesses. According to research, nearly half of small businesses have experienced a cyberattack, and 69% are concerned about future attacks. Small businesses should be aware of cyber security statistics and take tangible steps to protect their businesses against cyberattacks.
Employee records, customer information, loyalty schemes, transactions, and data collection are critical pieces of information that businesses need to protect. This is to prevent third parties from using the information for fraudulent purposes, such as phishing scams and identity theft.
It's crucial to safeguard your company from cyberattacks, but some business owners are unsure how to do it.
This article is intended to help small business owners navigate the realm of cyber threats and fortify their data security. The benefits of data security for small businesses are also discussed.
Data s
2022年6月24日 05:40malware.news
The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware threats.
The Conti leak site is down (June 22, 2022)
Ransomware gangs like Conti use the threat of leaking stolen data on their dark web sites to extort enormous ransoms from their victims, making the sites a vital cog in the ransomware machine.
While the cause of the site’s disappearance isn’t known for sure, and criminal dark web sites are notoriously flaky, there is good reason to suspect that Conti has gone permanently.
However, while anything that stops Conti from terrorising businesses, schools, and hospitals is welcome, the disappearance of its leak site is unlikely to make potential ransomware victims any safer, sadly.
As we explained in our May ransomware review, recent research by Advintel suggests that Con
2022年6月24日 05:39malware.news
The RSA Conference brings some of the brightest minds in information security together in one place. We wrote about some of the interesting and must-see talks at this year’s show. We also had the opportunity to sit down with some RSA speakers to hear first hand about their research and insights. We’re highlighting those conversations in three new episodes of our ConversingLabs podcast series that we’re releasing now (thereby allowing you to “binge” Netflix-style on ConversingLabs.)
Here are the ConversingLabs Café-edition episodes from this year’s RSA Conference:
Episode 6: Robert Martin of MITRE on Supply Chain System of Trust
Robert Martin is a Senior Principal Engineer at MITRE and an expert on supply chain security. He’s also one of the principal creators of MITRE’s supply chain System of Trust (sot.mitre.org), which provides a framework for supply chain security risk assessments that is customizable, evidence-based, scalable and repeatable. Once implemented, the SoT will give organizations within the sup
2022年6月24日 05:39malware.news
A new report from Microsoft puts a spotlight on the cyberfront of the Russian invasion of Ukraine — including cyberespionage against think tanks outside Ukraine which can be valuable targets for intelligence gathering or launchpads for additional campaigns.
In the report released Wednesday, Microsoft said it “has detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine.” Roughly half of the attacks targeted government agencies, but 12 percent were non-government organizations (NGOs), primarily think tanks with foreign policy expertise or groups assisting in the humanitarian efforts to assist Ukrainian refugees, according to the company.
“Since the start of the war, the Russian targeting we’ve identified has been successful 29 percent of the time,” the report said. A quarter of those intrusions led to confirmed data exfiltration, but Microsoft warned that figure “likely understates the degree of Russian success.”
Think tanks and nonprofit organizations have long been targeted i
2022年6月24日 05:39malware.news
Google’s Threat Analysis Group (TAG) released a new report on Thursday chronicling an Italian spyware vendor selling technology used on victims in Italy and Kazakhstan.
The report mirrors another from cybersecurity company Lookout that was published last week covering “Hermit” – a brand of surveillanceware developed by spyware vendor RCS Labs and telecoms company Tykelab Srl.
The Google report examined the spyware from RCS Labs, noting that the Italian vendor “uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android.”
Google TAG researchers Benoit Sevens and Clement Lecigne also touch on the wider commercial spyware industry, noting that Google continues to track the activities of vendors and recently testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work they’re doing “to monitor and disrupt this thriving industry.”
Today I had the opportunity to testify at the European Parliament @EP_PegaInqu
2022年6月24日 05:39malware.news
Original release date: June 23, 2022

Summary
Actions to take today:

• Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised.

• Minimize the internet-facing attack surface by hosting essential services on a segregated demilitarized (DMZ) zone, ensuring strict network perimeter access controls, and implementing regularly updated web application firewalls (WAFs) in front of public-facing services
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtai
2022年6月24日 05:39malware.news
Brazilian retail giant Fast Shop has regained control of its Twitter account after hackers took it over and sent several messages about a cyberattack.
The Sao Paulo-based retail company has more than 80 physical locations across Brazil and brought in a revenue of more than $430 million last quarter.
But on Wednesday, hackers took over the company’s Twitter account and said they had been launching “an extortion attack” on Fast Shop’s IT and cloud systems.
“We have gained access to some TB’s of your data from VCenter and various cloud services, AWS, AZURE, IBM GITLAB. The data includes source codes, PCI data, various user and corporate data,” the hackers wrote from the hijacked account.
“We are happy to negotiate with you to prevent the leakage of this data and to help resolve the issues.”
A screenshot of the Tweets, which were later deleted. (Credit: Felipe Payão)
The hackers provided a link to a Telegram channel where they wanted Fast Shop officials to negotiate a ransom. The threat actors also managed to pin
2022年6月24日 05:39malware.news
The Energy and Commerce subcommittee also forwarded a bipartisan privacy and data security bill to the full committee but—lacking support from Senate leadership—that legislation appears dead in the water.
Article Link: House Panel Passes RANSOMWARE Act to Get FTC Reports on Cross-Border Work - Nextgov
1 post - 1 participant
Read full topic
能源和商务小组委员会还向全体委员会提交了一份两党共同提出的隐私和数据安全法案,但该法案似乎已经无法通过,因为它没有得到参议院领导层的支持。
文章链接: 众议院小组通过 RANSOMWARE 法案以获取 FTC 关于跨境工作的报告
1名1职参与者
阅读全部主题
2022年6月24日 05:39malware.news
The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) warned organizations that unpatched VMWare Horizon and Unified Access Gateway (UAG) servers are still being exploited through CVE-2021-44228 – known widely as Log4Shell.
The government agencies said the vulnerability is being used in attacks by a range of threat actors, including state-backed groups.
In an alert published on Thursday, the agencies included detailed rundowns of two different incidents affecting unnamed organizations where CVE-2021-44228 was exploited.
“As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2),” the agencies explained.
“In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.”
In the second incident detailed in the alert, CISA said it
2022年6月24日 03:36Stories by SAFARAS K A on Medi
Gartner: “By 2023, 60% Of Enterprises Will Use the Zero Trust Security Model”
The research company Gartner, in its status report Zero Trust Architecture and Solutions, predicted the future of ZTA. By 2023, 60% of organizations will use a Zero Trust security model instead of virtual private networks. This is because the network infrastructure of enterprises is becoming more complex, and many employees work remotely. There are more loopholes for hackers to break into a corporate network and steal data. The Zero Trust approach to cybersecurity is designed to protect businesses from today’s threats. Let’s take a closer look at how it works.
Why new methods of protection are needed
Traditional security methods are based on logins and passwords for entering a corporate network. Firewalls prevent unauthorized persons from entering the system. Virtual private networks (VPN) controlled by IT departments strengthen protection.
When employees began to work remotely using tablets and smartphones, the security situation c
2022年6月24日 03:36Stories by SAFARAS K A on Medi
NOTE: This article explains about How easy to accumulate Personal Data which are then allegedly used for offensive purposes by Cybercriminals using Surface/Deep/Dark Web. This article is intended for only EDUCATIONAL PURPOSES.
Getting hold of Personal Data in this Digitized world (which is meant to be kept strictly personal) is a walk in the park nowadays as most of them get exposed (un)intentionally in various instances.
As plenty of data is being exposed in various instances, the chances of getting your data misused is a doddle for anyone who holds your data.
Criminals use OSINT for Data Collection | Source: peakpx.com
Often, the exposed information (which includes Shopping Habits, Diet Plans, Travel Interests, Dating Preferences, Health Information, Financial Status, Password Choices, etc) would help the bad actors to tailor their cyber attacks against the victims more efficiently.
Snippet from Business Insider Report
Snippet from TheHinduBusinessLine
Such leaks are the anchor points for cyber criminals to
2022年6月24日 03:34CXSECURITY Database RSS Feed -
Topic: Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification Risk: Medium Text:Advisory ID: SYSS-2022-013 Product: Executive Fingerprint Secure SSD Manufacturer: ...
2022年6月24日 03:34CXSECURITY Database RSS Feed -
Topic: Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto Risk: Medium Text:Advisory ID: SYSS-2022-010 Product: Executive Fingerprint Secure SSD Manufacturer: ...
讲题: 逐字逐句执行指纹安全 SSD GDMSFE01-INI3637-C VER1.1高风险加密风险: 中等文本: 咨询 ID: SYSS-2022-010产品: 执行指纹安全 SSD 制造商: ..。
2022年6月24日 02:10Exploitalert
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification
2022年6月24日 02:10Exploitalert
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto
逐字执行指纹安全 SSD GDMSFE01-INI3637-C VER1.1高风险加密
2022年6月24日 01:34Microsoft Security Blog
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for securing access to Azure Cosmos DB and show how monitoring relevant control plane operations can help in the detection of potentially compromised authorization.
The post Detecting malicious key extractions by compromised identities for Azure Cosmos DB appeared first on Microsoft Security Blog.
Azure Cosmos DB 是一个完全管理的现代应用程序开发 NoSQL 云数据库服务。它提供了各种高级的内置特性,例如全球范围的自动数据复制、快如闪电的响应类型和各种 API。在这篇博客文章中,我们描述了安全访问 Azure Cosmos DB 的安全实践,并展示了监控相关的控制平面操作如何有助于检测潜在的受损授权。
微软安全博客上首次出现了 Azure Cosmos DB 通过身份泄露检测恶意密钥提取的帖子。
2022年6月24日 01:32Mozilla Hacks – the Web develo
For the last year, we've been working on the development of rust-minidump, a pure-Rust replacement for the minidump-processing half of google-breakpad. The final part in this series takes you through fuzzing rust-minidump.
The post Fuzzing rust-minidump for Embarrassment and Crashes – Part 2 appeared first on Mozilla Hacks - the Web developer blog.
去年,我们一直致力于开发锈蚀微型转储,一个纯粹的锈蚀替代品,处理谷歌断路器的一半小型转储。本系列的最后一部分将带您了解模糊生锈的小型垃圾场。
Fuzzing 的文章《尴尬和崩溃的铁锈垃圾堆——第2部分》最早出现在 Mozilla Hacks 上,这是一个网络开发者的博客。
2022年6月24日 00:40Packet Storm
Ubuntu Security Notice 5491-1 - Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.
Ubuntu 安全通知5491-1-Joshua Rogers 发现 Squid 错误地处理了 Gopher 协议。远程攻击者可能会利用这个问题导致 Squid 崩溃,从而导致分布式拒绝服务攻击。
2022年6月24日 00:40Packet Storm
Red Hat Security Advisory 2022-5114-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments.
Red Hat Security Advisory 2022-5114-01-Barbican 是一个针对安全存储、提供和管理机密(包括在 OpenStack 环境中)而设计的 ReST API。
2022年6月24日 00:40Packet Storm
Red Hat Security Advisory 2022-5116-01 - An update for puppet-firewall is now available for Red Hat OpenStack Platform 16.2.3 (Train). An issue was address where unmanaged rules could leave the system in an unsafe state via duplicate a comment.
Red Hat Security Advisory 2022-5116-01-针对 Red Hat OpenStack Platform 16.2.3(Train)的木偶防火墙更新现在可用。一个问题是,非托管规则可能通过重复注释使系统处于不安全状态。
2022年6月24日 00:40Packet Storm
Red Hat Security Advisory 2022-5115-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2.3 (Train). Issues addressed include a remote SQL injection vulnerability.
Red Hat Security Advisory 2022-5115-01-针对 python-django20的更新现在可用于 Red Hat OpenStack Platform 16.2.3(Train)。所解决的问题包括远程 SQL 注入漏洞。
2022年6月24日 00:40Packet Storm
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu 安全公告5487-2-USN-5487-1修复了 Apache 中的一个漏洞。不幸的是,这个更新在 Ubuntu 14.04 ESM 的某些配置中代理平衡管理器连接时引入了回归。此更新将恢复这些更改,直到进一步修复。我们发现 Apache HTTP Server mod _ xy _ ajp 错误地处理了某些精心设计的请求。远程攻击者可能会使用这个问题来执
2022年6月24日 00:40Packet Storm
Red Hat Security Advisory 2022-5029-01 - This release of Red Hat build of Eclipse Vert.x 4.2.7 GA includes security updates. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2022-5029-01-这个 Eclipse Vert.x 4.2.7 GA 的 Red Hat 版本包含安全更新。所处理的问题包括分布式拒绝服务攻击和反序列化脆弱性。
2022年6月24日 00:40Packet Storm
2022年6月24日 00:40Packet Storm
2022年6月24日 00:40Packet Storm
2022年6月24日 00:40Packet Storm
2022年6月23日 23:38阿小信的博客
i18n国际化多语言本质上就是先写好一堆映射,在根据想要的语言取对应的文字。 Golang的i18n网上查了一下,文章都讲的不太细致,而且代码看起来也不太好理解。 之前写Python代码时有使用过babel做多语言集成,通过命令生存pot、po、mo等文件,然后动态获取即可,当时没有详细去研究其原理,今天了解了一下,其实是封装的的[GNU gettext](https://www.gnu.org/software/gettext/manual/gettext.html),gettext就是专门用来做多语言的,它由一系列命令行工具,比如xgettext、msginit、msgmerg ... 微博全文同步输出地址:http://weibo.com/u/5023553094 阅读全文:http://axiaoxin.com/article/263
2022年6月23日 23:37Software Integrity Blog
Building trust in your software is important, but software trust is even more important in M&A transactions.
The post M&A, trust in software, and a good night’s sleep appeared first on Application Security Blog.
在软件中建立信任很重要,但是在并购交易中,软件信任更为重要。
应用程序安全博客上首次出现了并购、对软件的信任以及睡个好觉的帖子。
2022年6月23日 23:35Geek Freak
Hi Everyone
I’m back with another blog on Deep Dive into AWS Cloud Security from scratch.
What is Cloud Security ?
Cloud security is a set of policies, strategies, controls, procedures, and practices designed to safeguard the data, resources, and applications hosted on the cloud.
Why to Learn Cloud Security ?
Cloud security is critical since most organizations are already using cloud computing in one form or another.
Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to total $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner, Inc
Top Cloud Providers
From the above statistics, it shows Amazon AWS dominates the cloud industry, so i decided to start with AWS Cloud Security, but :(
So i started to look where i can create and deploy a vulnerable cloud enviroment for learning,i end up by finding CloudGoat.
CloudGoat(☁️🐐)
CloudGoat is Rhino Security Labs "Vulnerable by Design" AWS deployment tool.
Set-Up Requirements
Linux or Mac OS
Pyth
2022年6月23日 23:31burp
Amendment applies to bill related to 5G rollout and connected products
修正案适用于与5G 推出和连接产品有关的法案
2022年6月23日 22:40burp
This release upgrades Burp's browser to Chromium 103.0.5060.53, which patches a critical security issue. It also fixes several minor bugs related to Repeater tabs.
这个版本将 Burp 的浏览器升级到 Chromium 103.0.5060.53,这修补了一个关键的安全问题。它还修复了几个与“重复者”选项卡相关的小错误。
2022年6月23日 21:34Hex Rays
The next 2022 IDA training course will take place online 12–16 and 19-21 September 2022, CEST time. standard training: (12-16 September) aims to teach standard knowledge about IDA by demonstrating its use to analyze binary programs on modern operating systems. advanced training: (19-21 September) intended for experienced IDA users who want to take advantage [...]
2022年国际开发协会的下一个培训课程将于2022年9月12日至16日和19日至21日(欧洲空间科学与技术研究中心时间)在线举办。标准培训: (9月12-16日)旨在通过演示 IDA 用于分析现代操作系统上的二进制程序来传授关于 IDA 的标准知识。高级培训: (9月19日至21日)针对有经验的 IDA 用户,他们希望从中获益[ ... ]
2022年6月23日 21:31burp
Users call for security update back-port to support earlier versions
用户需要安全更新后端口来支持早期版本
2022年6月23日 17:39malware.news
The Information Technology Industry Council is maintaining its call for a voluntary approach as Canada, the United Kingdom and Europe all signal strict new cybersecurity requirements.
Article Link: Big Tech Pushes for Harmonized Global Policy Amid Emerging Regulations from Allies - Nextgov
1 post - 1 participant
Read full topic
信息技术产业理事会(Information Technology Industry Council)继续呼吁采取自愿方式,因为加拿大、英国和欧洲都发出了严格的新网络安全要求的信号。
文章链接: 大型科技公司推动协调一致的全球政策,同盟国新出台的规定-下一政府
1名1职参与者
阅读全部主题
2022年6月23日 17:39malware.news
US cybersecurity agencies – alongside the New Zealand and UK National Cybersecurity Centres – said security officials should not disable or remove Microsoft’s PowerShell tool, which is typically used for automating the management of systems but is often abused by hackers.
The agencies released an 8-page document with recommendations for how defenders can properly configure and monitor PowerShell as opposed to removing or disabling it entirely.
PowerShell is a popular scripting language and command line tool included with Microsoft Windows and Azure that provides many features, including the ability to automate tasks, improve incident response and enable forensics efforts.
But it has been used extensively by hackers and ransomware groups as a post-exploitation tool, according to the National Security Agency (NSA).
The Cybersecurity and Infrastructure Security Agency (CISA) said the recommendations are designed to help defenders “detect and prevent abuse by malicious cyber actors, while enabling legitimate use 
2022年6月23日 17:39malware.news
A powerful House panel on Wednesday fully funded the Defense Department’s request for $11.2 billion for cyberspace activities in the next fiscal year.
The House Appropriations Committee voted 32-26 to advance its $761 billion defense spending bill for fiscal 2023. The topline figure in the legislation, which now goes to the full chamber for a vote, is $33.2 billion above what was enacted in fiscal 2022.
The $11.2 billion Pentagon ask is an increase of $800 million, or roughly eight percent, over the previous year. The additional funds come as policymakers, and the department, place more emphasis on the digital domain, in large part because of Russia’s ongoing invasion of Ukraine.
In a report released Wednesday, tech giant Microsoft said that Russian hackers have attempted to infiltrate networks at more than 100 organizations in the U.S. and dozens across 42 other countries since the Kremlin launched its unprovoked assault in February.
The Pentagon plans to spend the money on a wide range of digital security e
2022年6月23日 17:39malware.news
Members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Advisory Committee proposed the creation of an emergency “311” cybersecurity call line for incidents affecting small and medium-sized businesses.
The committee – made up of cybersecurity experts from several leading companies – held its third meeting in Austin, Texas on Wednesday and provided several recommendations to CISA Director Jen Easterly.
The committee was founded in June 2021, held its first meeting in December and is split up into six subcommittees focused on several different issues – including the cyber workforce, information dissemination, cyber hygiene efforts, technical advisories, critical infrastructure and misinformation.
The cyber hygiene subcommittee, led by Apple vice president of corporate information security George Stathakopoulos, suggested CISA “launch a ‘311’ national campaign, to provide an emergency call line and clinics for assistance following cyber incidents for small and medium businesses.”
T
2022年6月23日 17:39malware.news
Article Link: Malware-Traffic-Analysis.net - 2022-06-21 - aa distribution Qakbot with DarkVNC and Cobalt Strike
1 post - 1 participant
Read full topic
文章链接:  malware-traffic-analysis.net  -2022-06-21-aa 发行版 Qakbot,搭载黑暗 VNC 和钴打击
1名1职参与者
阅读全部主题
2022年6月23日 17:39malware.news
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读全部主题