Threatpost

• SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
  Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
• Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
  Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
• Lazarus Attackers Turn to the IT Supply Chain
  Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
• Why the Next-Generation of Application Security Is Needed
  New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
• Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
  Manipulated Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”

Security-Shell

• WAVSEP 2014 Web Application Scanner Benchmark
  The *2014* WAVSEP web application scanner benchmark has been published

  
  

  Currently includes new products that were tested for the first time (ScanToSecure, N-Stalker), as well as returning vendors that were not tested for a while (NTOSpider).

  
  

  Covering a total *63* vulnerability scanners, including commercial scanners, multiple SAAS engines and open source vendors, the research compares the performance of the various tested scanners in the following aspects:

  
  

  (*) Prices vs. Features

  (*) Automated Crawling (WIVET)

  (*) Technology and Input Delivery Method Support

  (*) Backup/Hidden File Detection Accuracy (*NEW!*)

  (*) Unvalidated Redirect Detection Accuracy (*NEW!*)

  (*) SQL Injection Detection Accuracy

  (*) Cross Site Scripting Detection Accuracy

  (*) Path Traversal / LFI Detection Accuracy

  (*) (XSS/Phishing via) Remote File Inclusion

  (*) Supported Vulnerability Detection Features (e.g. audit features)

  (*) Authentication and Usability Features

  (*) Coverage and Scan Barrier Support (AntiCSRF Tokens, CAPTCHA, etc)

  (*) Etc

  
  

  The benchmark *one page* result summary can be viewed through the following link:

  http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html

  
  

  The full article, which includes analysis and conclusions, can be accessed through the following link:

  http://sectooladdict.blogspot.com/2014/02/wavsep-web-application-scanner.html 

  
  

  To be up to date with all news just follow https://twitter.com/sectooladdict
  

  
  
• Faraday - Penetration Test IDE
  Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  
  Features:
  
  * +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
  * Collaborative support
  * Information Highlighting
  * Knowledge Filtering
  * Information Dashboard
  * Conflict Detection
  * Support for multiple Workspaces
  * IntelliSense Support
  * Easy Plugin Development
  * XMLRPC, XML and Regex Parsers
  
  More info and Download: https://github.com/infobyte/faraday
• Evil Foca - IPv4 and IPv6 Penetration testing tool
   
  

  
  
  Evil Focais a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks.  
  
  
  The tool is capable to do different attacks such as:
  

  • MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection.
  • MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAAC Attack, fake DHCPv6.
  • DoS (Denial of Service) on IPv4 networks using ARP Spoofing.
  • DoS (Denial of Service) on IPv6 networks using SLAAC Attack.
  • DNS Hijacking. 

  
  Download: http://www.informatica64.com
  

  
  

Dark Reading

27 October 2021

• Free Tool Helps Security Teams Measure Their API Attack Surface
  Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
• North Korea's Lazarus Group Turns to Supply Chain Attacks
  State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
• Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats
  Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.
• IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles
  IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.
• CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead
  As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.

• MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
• MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
• MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
• MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
• MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
• MS16-149 - Important: Security Update for Microsoft Windows (3205655) - Version: 1.1
• MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 2.0
• MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version: 2.0

• Latest Report Uncovers Supply Chain Attacks by North Korean Hackers
  Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN 
• Over 10 Million Android Users Targeted With Premium SMS Scam Apps
  A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo
• Malicious Firefox Add-ons Block Browser From Downloading Security Updates
  Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely