Chinese Hacking Group 'Cloned' NSA Exploit Tool

Data Breach Today

Researchers: 'Jian' Hacking Tool Targeted Zero-Day Flaw in Windows A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research.

212
212

Siemens Patches 21 Vulnerabilities in 2 Tools

Data Breach Today

Flaws, If Exploited, Could Enable Remote Control, Data Exfiltration Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash.

IT 197
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Productivity Tools May Be Monitoring Workers' Productivity

Data Breach Today

Regulatory and Employee Litigation Risks Face Businesses That Violate Privacy Rules Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it.

Updated Trickbot Deploys Fresh Reconnaissance Tool

Data Breach Today

Report: Botnet Now Capable of Exfiltrating Additional Data From Networks The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks, according to a Kryptos Logic report.

173
173

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

EU Launches Decryption Tool for Law Enforcement

Data Breach Today

Move Seen as Alternative to Weakening Encryption Europol, the European Union's law enforcement agency, and the European Commission are launching a new decryption platform to help law enforcement agencies decrypt data that has been obtained as part of a criminal investigation, a move seen as an alternative to weakening encryption.

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions.

Hackers Use Cloud Monitoring Tool to Install Cryptominers

Data Breach Today

Reports: TeamTNT Using Weave Scope Tool to Target Cloud Platforms TeamTNT, a recently uncovered hacking group, is weaponizing Weave Scope, a legitimate cloud monitoring tool, to help install cryptominers in cloud environments, according to reports from Intezer and Microsoft

Cloud 238

Free Auditing Tool Helps Detect SolarWinds Hackers' Malware

Data Breach Today

FireEye Also Describes Hackers' Tools and Techniques Security firm FireEye has released a free auditing and remediation tool on GitHub that it says can help organizations determine if the hacking group that targeted SolarWinds used similar techniques within their network to gain access to Microsoft Office 365 accounts.

Access 184

Additional Hacking Tools Tied to North Korean-Linked Group

Data Breach Today

Cybereason Finds Kimsuky Group Using Fresh Spying Tools, Infrastructure Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

233
233

Catch Them If You Can: The Passive Candidates Edition

With the right tools and mindset, it’s possible to track down this candidate (and many others like them!). How? Simple: By thinking like one. To get started on your search, we’ve gathered clues you’ll need to get in the mind of your passive prospects.

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. The security firm also excluded that the tool was developed by the Chinese threat actors. .

IT 78

FireEye Says Nation-State Attackers Stole Pen Test Tools

Data Breach Today

Security Vendor Believes No Customer Data Was Exfiltrated FireEye, one of the world's top cybersecurity firms, says in a striking announcement on Tuesday that attackers stole its penetration testing tools and sought information about its government clients.

FireEye Cyberattack Compromises Red-Team Security Tools

Threatpost

An attacker stole FireEye's Red Team assessment tools that the company uses to test its customers’ security. Government Hacks cyberattack Cybersecurity FireEye hack red team tool state sponsored attack zero day

IT 101

Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool

Dark Reading

APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report

90

The Ultimate Marketing Efficiency Checklist

Here are 7 creative ways marketers can work smarter (not harder) - with the resources you already have!

Additional Hacking Tools Tied to North Korea-Linked Group

Data Breach Today

Kimsuky Group Employs Fresh Spying Tools, Infrastructure, Cybereason Reports Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

173
173

Was JetBrains Tool an Infection Vector for SolarWinds Hack?

Data Breach Today

JetBrains CEO Says Investigators Have Not Contacted Company Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators.

158
158

Ryuk Ransomware Delivered Using Malware-as-a-Service Tool

Data Breach Today

Sophos: Cybercriminals Renting Buer Loader The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than botnets such as Trickbot and Emotet, the security firm Sophos reports

Gamaredon Group Using Fresh Tools to Target Outlook

Data Breach Today

Suspected Russia-Linked Hackers Have Previously Focused on Ukraine The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET.

The Recruiting Crossword Puzzle

Test your recruiter-brain with this crossword puzzle, which reveals the best ways to move forward in your efforts with every answer!

LockBit Ransomware Uses Automation Tools to Pick Targets

Data Breach Today

Sophos: Malware Excels at Evading Detection and Picking Specific Victims The operators behind the LockBit ransomware strain use automation tools and techniques that help the malware quickly spread through a compromised network and also assist in picking specific targets, according to Sophos

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020

Dark Reading

Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

And according to data gathered by a new automated Zoom meeting discovery tool dubbed “ zWarDial ,” a crazy number of meetings at major corporations are not being protected by a password. zWarDial, an automated tool for finding non-password protected Zoom meetings. “Zoom recently said they fixed this but I’m using a totally different URL and passing a cookie along with that URL,” Lo said, describing part of how the tool works on the back end.

When It Comes To Security Tools, More Isn't More

Dark Reading

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success

Cloud 94

2020 Database Strategies and Contact Acquisition Survey Report

As buyer expectations continue to heighten, marketing and sales teams are feeling pressured to deliver authentic messaging to buyers at every point of their customer journey. This report aims to highlight the current state of B2B database and contact acquisition strategies, and organizations’ goals to leverage data to fuel their go-to-market strategies in 2020 and beyond.

Malware Developers Refresh Their Attack Tools

Dark Reading

Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features

IT 107

6 Open Source Tools for Your Security Team

Dark Reading

Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started

Cloud 107

How to Achieve Collaboration Tool Compliance

Dark Reading

Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams

Leak Exposes OilRig APT Group's Tools

Data Breach Today

Group, Apparently Backed By Iran, Was Broadening Its Targets, Analysts Say A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say

IT 171

TeamTNT Cloaks Malware With Open-Source Tool

Threatpost

The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. Malware

87

Best Password Management Software & Tools

eSecurity Planet

Password manager tools allow organizations and their employees to seamlessly and securely handle login credentials. With these tools, all passwords for an account are stored in a unique, encrypted vault only accessible using a key that the individual user possesses.

Built-In DevOps Tools for IBM i

Rocket Software

Many organizations are resigned to the belief that there’s no way to integrate their IBM i environment with the DevOps tools they use on their Windows, Linux, and Unix platforms. Today, IT and R&D teams can run the latest open source tools like Git and Jenkins on IBM i.

Leaked NSA Hacking Tools

Schneier on Security

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question. Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.

Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools

Dark Reading

Attackers are using legitimate enterprise tools to execute attacks and carry out malicious actions. Security teams must take action now

How Criminals Are Using PPE as a Money-Laundering Tool

Data Breach Today

Sizing Up Emerging Fraud Trends During the COVID-19 Crisis Money launderers are devising new tactics during the COVID-19 pandemic.

179
179

Top Vulnerability Scanning Tools

eSecurity Planet

Here are a dozen vulnerability scanning tools that can help Staying on top of vulnerabilities is a critical IT security practice.

Report: Chinese Hackers First to Use NSA Cyberattack Tools

Data Breach Today

Symantec Report Deepens Mystery Around Lost NSA Tools and Exploits A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. The surprising report deepens the mystery around an extraordinary situation in which the U.S.'s s most effective cyberweapons were compromised

164
164

CrowdStrike releases free Azure tool to review assigned privileges

Security Affairs

CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. The tool is available on GitHub.

Cloud 95

HHS Updates Security Risk Assessment Tool

Data Breach Today

The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis. But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations?

Risk 147