CISA Releases CHIRP, a Tool to Detect SolarWinds Malicious Activity

Security Affairs

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. ” reads the description provided on GitHub for the tool.

Cloud 112

Fraudsters Flooding Collaboration Tools With Malware

Data Breach Today

Cisco Talos: Reliance on These Tools Expands Attack Surface The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Signal Founder Says Cellebrite's Forensics Tools Flawed

Data Breach Today

Flaws Described by Moxie Marlinspike Raise Questions About Extracted Data's Trustworthiness Law enforcement agencies use forensics tools from Israeli company Cellebrite to gain access to locked mobile devices and extract data.

Chinese Hacking Group 'Cloned' NSA Exploit Tool

Data Breach Today

Researchers: 'Jian' Hacking Tool Targeted Zero-Day Flaw in Windows A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research.

213
213

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Productivity Tools May Be Monitoring Workers' Productivity

Data Breach Today

Regulatory and Employee Litigation Risks Face Businesses That Violate Privacy Rules Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it.

Free Tool Helps Hospitals Block Ransomware

Data Breach Today

To help strengthen the healthcare sector's defenses, the Center for Internet Security is offering all U.S. hospitals and healthcare delivery systems a free protection service designed to help block ransomware and other malware, says Ed Mattison, the center's executive vice president

Siemens Patches 21 Vulnerabilities in 2 Tools

Data Breach Today

Flaws, If Exploited, Could Enable Remote Control, Data Exfiltration Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash.

IT 188

Best Vulnerability Scanner Tools

eSecurity Planet

Vulnerability scanning tools can make that process easier by finding and even patching vulnerabilities for you, reducing burden on security staff and operations centers. Best vulnerability scanning tools. Tenable Nessus is a widely used, open source vulnerability assessment tool.

Best Network Security Tools 2021

eSecurity Planet

Top network security tools. MCAS integrates smoothly for organizations leaning on Microsoft software tools. Whether it’s consumers or staff, Okta specializes in tools and APIs that optimize security while providing access to clients.

Cloud 66

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

How WastedLocker Evades Anti-Ransomware Tools

Data Breach Today

Sophos Says Malware Designed to Avoid Security Measures WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos

Hackers Use Cloud Monitoring Tool to Install Cryptominers

Data Breach Today

Reports: TeamTNT Using Weave Scope Tool to Target Cloud Platforms TeamTNT, a recently uncovered hacking group, is weaponizing Weave Scope, a legitimate cloud monitoring tool, to help install cryptominers in cloud environments, according to reports from Intezer and Microsoft

Cloud 242

Updated Trickbot Deploys Fresh Reconnaissance Tool

Data Breach Today

Report: Botnet Now Capable of Exfiltrating Additional Data From Networks The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks, according to a Kryptos Logic report.

166
166

Additional Hacking Tools Tied to North Korean-Linked Group

Data Breach Today

Cybereason Finds Kimsuky Group Using Fresh Spying Tools, Infrastructure Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

236
236

Catch Them If You Can: The Passive Candidates Edition

With the right tools and mindset, it’s possible to track down this candidate (and many others like them!). How? Simple: By thinking like one. To get started on your search, we’ve gathered clues you’ll need to get in the mind of your passive prospects.

EU Adopts New Privacy-Focused Data Sharing Tools

Data Breach Today

Tech Giants Welcome the New Data Transfer Move The European Commission has released two new tools aimed at easing the current legal hurdles associated with data sharing by European Union-based organizations and other businesses operating in the region.

EU Launches Decryption Tool for Law Enforcement

Data Breach Today

Move Seen as Alternative to Weakening Encryption Europol, the European Union's law enforcement agency, and the European Commission are launching a new decryption platform to help law enforcement agencies decrypt data that has been obtained as part of a criminal investigation, a move seen as an alternative to weakening encryption.

Can Evidence Collected by Cellebrite's Tools Be Trusted?

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools.

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions.

The Ultimate Marketing Efficiency Checklist

Here are 7 creative ways marketers can work smarter (not harder) - with the resources you already have!

Google COVID-19 Contact-Tracing Tool Exposes Data: Lawsuit

Data Breach Today

Complain Alleges 'Exposure Notification System' Allows Third-Party Access to Personal Info A lawsuit alleges that a security flaw in a Google COVID-19 contact tracing tool is exposing personal and medical information of millions of users to third parties through device system logs.

Access 161

Gamaredon Group Using Fresh Tools to Target Outlook

Data Breach Today

Suspected Russia-Linked Hackers Have Previously Focused on Ukraine The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET.

Free Auditing Tool Helps Detect SolarWinds Hackers' Malware

Data Breach Today

FireEye Also Describes Hackers' Tools and Techniques Security firm FireEye has released a free auditing and remediation tool on GitHub that it says can help organizations determine if the hacking group that targeted SolarWinds used similar techniques within their network to gain access to Microsoft Office 365 accounts.

Access 179

Microsoft Issues Mitigation Tool for an Exchange Server Flaw

Data Breach Today

One-Click Mitigation Tool' Provides Quick Fix for Proxy Logo Exchange Flaw Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched Proxy Logon flaw in on-premises Microsoft Exchange servers

161
161

The Recruiting Crossword Puzzle

Test your recruiter-brain with this crossword puzzle, which reveals the best ways to move forward in your efforts with every answer!

AI Security Risk Assessment Tool

Schneier on Security

Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” ” Details on their blog. Uncategorized artificial intelligence automation machine learning risk assessment

Risk 77

MSBuild tool used to deliver RATs filelessly

Security Affairs

MSBuild is a free and open-source build tool set for managed code as well as native C++ code and was part of.NET Framework. The post MSBuild tool used to deliver RATs filelessly appeared first on Security Affairs.

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

And according to data gathered by a new automated Zoom meeting discovery tool dubbed “ zWarDial ,” a crazy number of meetings at major corporations are not being protected by a password. zWarDial, an automated tool for finding non-password protected Zoom meetings.

DroidMorph tool generates Android Malware Clones that

Security Affairs

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. The post DroidMorph tool generates Android Malware Clones that appeared first on Security Affairs.

Paper 71

2020 Database Strategies and Contact Acquisition Survey Report

As buyer expectations continue to heighten, marketing and sales teams are feeling pressured to deliver authentic messaging to buyers at every point of their customer journey. This report aims to highlight the current state of B2B database and contact acquisition strategies, and organizations’ goals to leverage data to fuel their go-to-market strategies in 2020 and beyond.

New Jailbreak Tool Works on Most iPhones

Dark Reading

The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack

111
111

FireEye Cyberattack Compromises Red-Team Security Tools

Threatpost

An attacker stole FireEye's Red Team assessment tools that the company uses to test its customers’ security. Government Hacks cyberattack Cybersecurity FireEye hack red team tool state sponsored attack zero day

FireEye Says Nation-State Attackers Stole Pen Test Tools

Data Breach Today

Security Vendor Believes No Customer Data Was Exfiltrated FireEye, one of the world's top cybersecurity firms, says in a striking announcement on Tuesday that attackers stole its penetration testing tools and sought information about its government clients.

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. The security firm also excluded that the tool was developed by the Chinese threat actors. .

IT 89

Additional Hacking Tools Tied to North Korea-Linked Group

Data Breach Today

Kimsuky Group Employs Fresh Spying Tools, Infrastructure, Cybereason Reports Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

166
166

Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web

Security Affairs

The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls. Such activity is not limited to just payments – bad actors are also abusing social media and e-mail accounts using such tools.

Was JetBrains Tool an Infection Vector for SolarWinds Hack?

Data Breach Today

JetBrains CEO Says Investigators Have Not Contacted Company Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators.

152
152

Ryuk Ransomware Delivered Using Malware-as-a-Service Tool

Data Breach Today

Sophos: Cybercriminals Renting Buer Loader The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than botnets such as Trickbot and Emotet, the security firm Sophos reports

CISA Builds Out Defensive Tools for Security Teams

Dark Reading

Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox

IT 112