Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery
Microsoft Copilot for Security: General Availability details
Microsoft Copilot for Security will be generally available on April 1st. Read this blog to learn about new productivity research, product capabilities,..
Mail in the middle – a tool to automate spear phishing campaigns
The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.
Magika: AI powered fast and efficient file type identification
Today we are open-sourcing Magika, Google’s AI-powered file-type identification system, to help others accurately detect binary and textual file types. Under the hood, Magika employs a custom, highly optimized deep-learning model, enabling precise file identification within milliseconds, even when running on a CPU.
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.
Introducing HAR Sanitizer: secure HAR sharing
As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.
Introducing: Red Canary Mac Monitor
Mac Monitor is Red Canary’s newly available tool for collection and dynamic system analysis on macOS endpoints. Red Canary Mac Monitor is a feature-rich dynamic analysis tool for macOS that leverages our extensive understanding of the platform and Apple’s latest APIs to collect and present relevant security events. Mac Monitor is practically the macOS version of the Microsoft Sysinternals tool, Procmon. Mac Monitor collects a wide variety of telemetry classes, including processes, interprocess, files, file metadata, logins, XProtect detections, and more—enabling defenders to quickly and effectively analyze enriched, high-fidelity macOS security events in a native, modern, and customizable user interface
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Key Takeaways * Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing. * Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team. * We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild. * The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code. P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
Emsisoft Decryptor for Maze / Sekhmet / Egregor - Emsisoft: Free Ransomware Decryption Tools
Free Maze / Sekhmet / Egregor ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
Emsisoft Decryptor for Maze / Sekhmet / Egregor - Emsisoft: Free Ransomware Decryption Tools
Free Maze / Sekhmet / Egregor ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
Emsisoft Decryptor for Maze / Sekhmet / Egregor - Emsisoft: Free Ransomware Decryption Tools
Free Maze / Sekhmet / Egregor ransomware decryptor by Emsisoft. Unlock your files without paying the ransom.
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.