Bleeping Computer® is a information security and technology news publication created in 2004. Millions of visitors come to BleepingComputer.com every month to learn about the latest security threats, technology news, ways to stay protected online, and how to use their computer more efficiently.
CISA releases open source Untitled Goose Tool to detect malicious activity in Azure, Azure Active Directory and Microsoft 365 environments
The CISA has launched a new security tool designed to help protect various Microsoft cloud services. The open source Untitled Goose Tool is available for both Windows and macOS.
-
'Bitter' espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
- MARCH 24, 2023
- 10:47 AM
- 0
-
Get started in macOS with this refurbished MacBook Pro deal
The MacBook Pro is a workhorse of a laptop, and having one handy can be a lifesaver. This refurbished MacBook Pro can join your kit for $298.99, 44% off the $536 MSRP.
- MARCH 24, 2023
- 07:16 AM
- 0
-
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution."
- MARCH 24, 2023
- 04:33 AM
- 0
-
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products.
- MARCH 23, 2023
- 07:33 PM
- 0
-
BlackGuard stealer now targets 57 crypto wallets, extensions
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets.
- MARCH 23, 2023
- 06:08 PM
- 0
-
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores.
- MARCH 23, 2023
- 05:39 PM
- 0
-
City of Toronto confirms data theft, Clop claims responsibility
City of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city government include UK's Virgin Red and the statutory corporation, Pension Protection Fund.
- MARCH 23, 2023
- 05:05 PM
- 0
-
New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
- MARCH 23, 2023
- 02:34 PM
- 0
-
Develop new IT skills with this lifetime training bundle deal
Practice makes perfect, especially in IT. This 13-unit exam prep bundle gives you all the practice you need for $19.97, 93% off the $459 MSRP, but act quickly, as this price is only available until the end of April 3rd.
- MARCH 23, 2023
- 02:17 PM
- 0
-
Windows 11 gets phishing protection boost and SHA-3 support
Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions.
- MARCH 23, 2023
- 01:57 PM
- 0
-
Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images.
- MARCH 23, 2023
- 01:23 PM
- 0
-
Exploit released for Veeam bug allowing cleartext credential theft
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software.
- MARCH 23, 2023
- 12:18 PM
- 2
-
CloudPanel installations use the same SSL certificate private key
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings.
- MARCH 23, 2023
- 11:56 AM
- 0
-
Python info-stealing malware uses Unicode to evade detection
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices.
- MARCH 23, 2023
- 11:09 AM
- 0
New CISA tool detects hacking activity in Microsoft cloud services
- March 23, 2023
- 02:34 PM
- 0
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.
"Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer's Azure Active Directory (AzureAD), Azure, and M365 environments," CISA says.
"Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT)."
With the help of CISA's cross-platform Microsoft cloud interrogation and analysis tool, security experts and network admins can:
- Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
- Query, export, and investigate AAD, M365, and Azure configurations.
- Extract cloud artifacts from Microsoft's AAD, Azure, and M365 environments without performing additional analytics.
- Perform time bounding of the UAL.
- Extract data within those time bounds.
- Collect and review data using similar time-bounding capabilities for MDE data.
Earlier this month, CISA released an open-source tool called 'Decider' to help defenders generate MITRE ATT&CK mapping reports to adjust their security posture based on adversaries' tactics and techniques.
Decider was released after publishing a "best practices" guide about MITRE ATT&CK mapping in January, highlighting the importance of using the standard.
It also announced that starting January 2023, it warns critical infrastructure entities of Internet-exposed systems vulnerable to ransomware attacks.
"Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community," CISA revealed today.
This followed the launch of a new partnership in August 2021 to protect U.S. critical infrastructure from ransomware and other cyber threats, known as the Joint Cyber Defense Collaborative (JCDC).
The cybersecurity agency previously released in June 2021 a new module for its Cyber Security Evaluation Tool (CSET) known as Ransomware Readiness Assessment (RRA) to help organizations assess their readiness to prevent and recover from ransomware attacks.
Two months later, it published guidance to help at-risk private sector and government organizations prevent data breaches resulting from ransomware attacks.
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs