AEB introduceert nieuwe website met dagelijks actuele content Elke dag nieuws over internationale handel en logistiek

AEB heeft zijn website volledig vernieuwd én verrijkt met waardevolle content. Bedrijven die actief zijn in internationale handel, logistiek en supply chain kunnen op www.aeb.com/nl niet alleen terecht voor slimme oplossingen, maar ook dagelijks nieuwe inspiratie en inzichten halen uit artikelen over nieuwe trends, ontwikkelingen en actualiteiten.

Nu de Verenigde Staten, China en de Europese Unie voortdurend nieuwe handelsbarrières opwerpen, is de vraag naar inzichten en oplossingen groter dan ooit. AEB speelt daarop in met een volledig nieuwe website. Deze nieuwe website laat belangrijke ontwikkelingen in het productportfolio zien zoals AEB’s cloud-oplossingen en het innovatieve softwareplatform nEXt. Bedrijven kunnen zelf ontdekken wat vandaag de dag de mogelijkheden zijn om export management, import management, trade compliance en supply chain collaboration te digitaliseren.

Dagelijks nieuws

De nieuwe website van AEB is echter niet alleen bedoeld om mensen die werkzaam zijn in de internationale handel, logistiek en supply chain te informeren over software, maar ook over hun vak. Dagelijks verschijnen nieuwe artikelen of video’s via het digitale AEB Magazine over actuele onderwerpen, nieuwe trends en belangrijke ontwikkelingen. Voor Iedereen die wil bijblijven en in deze onzekere tijden op zoek is naar nieuwe inzichten en inspiratie, is dat magazine een must. AEB Magazine biedt dagelijks nieuwe content over:

·         Supply Chain Management en Logistiek

·         Global Trade en Customs Management

·          Export Controle en Compliance

·         IT-management en Digitalisering

Nieuwe huisstijl

De website is opgemaakt in de nieuwe AEB-huisstijl. De slanke letters en de nieuwe kleuren tonen het dynamische karakter van het internationale softwarehuis met het hoofdkantoor in Stuttgart en een Nederlandse vestiging in Capelle aan den IJssel.

Natuurlijk is AEB ook op sociale media actief. Wilt u op de hoogte blijven van relevant nieuws voor u en uw collega’s? Wilt u direct op de hoogte worden gesteld als nieuwe artikelen in het digitale AEB Magazine verschijnen? Volg ons dan op LinkedIn (https://www.linkedin.com/company/aeb-nl/). 

Over AEB (www.aeb.com – www.aeb.com/nl) 

AEB ontwikkelt al meer dan 35 jaar software voor de ondersteuning van internationale handel en logistieke processen van bedrijven in de industriële, commerciële en dienstverlenende sectoren. Meer dan 5000 klanten uit meer dan 35 landen gebruiken de oplossingen van AEB voor transport en warehouse management, voor import en export management, preferentie management en veel meer. Zij profiteren van een verbeterde efficiëntie, compliancy en transparantie – in binnen- en buitenland – dankzij toepassingen zoals douane- en embargocontroles, verbeterde samenwerking met supply chain partners en automatisering va verzendprocessen. AEB’s portfolio strekt zich uit van online plug-and-play oplossingen tot uitgebreide logistieke systemen.

AEB heeft zijn hoofdkantoor en datacenters in Stuttgart en beschikt daarnaast over internationale vestigingen in het Verenigd Koninkrijk, Singapore, Zwitserland, Zweden, Tsjechië, Frankrijk en de Verenigde Staten. Het Nederlandse kantoor is gevestigd in Capelle aan den IJssel.

Certificats de sociétés de technologie taïwanaises volés pour la campagne de logiciel malveillant Plead

Anton Cherepanov

Les chercheurs d’ESET ont découvert une nouvelle campagne de logiciels malveillants utilisant des certificats numériques volés. Nous avons repéré cette campagne de logiciels malveillants lorsque nos systèmes ont marqué plusieurs fichiers suspects. Fait intéressant, les fichiers marqués ont été signés numériquement à l’aide d’un certificat de signature de code de D-Link Corporation valide. Le même

Les chercheurs d’ESET ont découvert une nouvelle campagne de logiciels malveillants utilisant des certificats numériques volés.

Nous avons repéré cette campagne de logiciels malveillants lorsque nos systèmes ont marqué plusieurs fichiers suspects. Fait intéressant, les fichiers marqués ont été signés numériquement à l’aide d’un certificat de signature de code de D-Link Corporation valide. Le même certificat avait été utilisé pour signer un logiciel D-Link non malveillant; le certificat a donc probablement été volé.

Après avoir confirmé la nature malveillante du fichier, nous avons avisé D-Link, qui a lancé sa propre enquête sur l’affaire. Par conséquent, le certificat numérique compromis a été révoqué par D-Link le 3 juillet 2018.

La suite sur https://www.welivesecurity.com/fr/2018/07/10/certificats-voles-taiwan-plead/

Irishman extradited to the US to face charges relating to Silk Road

Shane Curtis

Gary Davis accused of working as an administrator for the notorious dark web marketplace appears in a federal court in New York

A 30-year-old Irish man accused of working for the dark web marketplace Silk Road has been extradited to the United States to face charges.

Gary Davis, was arrested in 2014 and charged with being an administrator for the now defunct dark web site. Davis went by the alias “Libertas” and allegedly began his role in 2013.

According to a report by RTE.ie, Mr. Davis is “charged with one count of conspiracy to distribute narcotics, which carries a maximum sentence of life in prison, one count of conspiracy to commit computer intrusion and one count of conspiracy to commit money laundering”.

It is alleged that the accused was paid a weekly salary — reported to be $1,500 per week— and his duties on the site included making transactions between drug dealers and buyers run smoothly.

He has appeared before a federal court in Manhattan, New York. If found guilty, Mr. Davis could receive a life sentence.

In an official press release, Geoffrey S. Berman, the United States Attorney for the Southern District of New York said: “Gary Davis allegedly served as an administrator who helped run the Silk Road, a secret online marketplace for illegal drugs, hacking services, and an assortment of other criminal activities.  Thanks to our partner agencies here and abroad, Davis now faces justice in an American court.”

Mr. Davis had appealed the extradition order on the grounds that he suffers from both a form of autism known as Asperger’s Syndrome and depression. That appeal was rejected by the High Court in Dublin, Ireland, in February 2018.

During its two and half year run, Silk Road was a haven for several thousand drug dealers and other cybercriminals that used the virtual marketplace to distribute drugs, weapons and other illegal items to over 100,000 buyers.

The founder of Silk Road, Ross Ulbricht a.k.a. “Dread Pirate Roberts”, was sentenced to life in prison in 2015 following a high-profile FBI investigation following his arrest in a San Francisco public library.

https://www.welivesecurity.com/2018/07/16/irishman-extradited-us-silk-road/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

A deep dive down the Vermin RAThole

Kaspars Osis

ESET researchers have analyzed remote access tools cybercriminals have been using in an ongoing espionage campaign to systematically spy on Ukrainian government institutions and exfiltrate data from their systems

In this blogpost, we will sum up the findings published in full in our white paper “Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign”.

The attackers behind the campaign have been tracked by ESET since mid-2017; their activities were first publicly reported in January 2018. Our analysis shows that these cybercriminals continue to improve their campaigns by developing new versions of their espionage tools.

According to ESET’s telemetry, the attacks have been targeted at Ukrainian government institutions, with a few hundred victims in different organizations. Attackers have been using stealthy remote access tools (RATs) to exfiltrate sensitive documents from the victims’ computers.

Malware distribution based on ESET’s detection systems (Map data ©2018 Google, ORION ME)

We have detected three different strains of .NET malware in these campaigns: Quasar RAT, Sobaken RAT, and a custom-made RAT called Vermin. All three malware strains have been in active use against different targets at the same time, they share parts of their infrastructure and connect to the same C&C servers.

Quasar is an open-source RAT, which is freely available on GitHub. We were able to trace campaigns by these threat actors using Quasar RAT binaries back to October 2015.

Sobaken is a heavily modified version of the Quasar RAT. Some functionality was removed to make the executable smaller, and several anti-sandbox, and other evasion, tricks were added.

Vermin is a custom-made backdoor. It first appeared in mid-2016 and is still in use at the time of writing. Just like Quasar and Sobaken, it is written in .NET. To slow down analysis, the program code is protected using commercial .NET code protection system, .NET Reactor, or open-source protector ConfuserEx.

Vermin is a full-featured backdoor with several optional components. Its latest known version supports 24 commands, implemented in the main payload, and several additional commands implemented via optional components, including audio recording, keylogging and password stealing.

The analyzed campaigns have been based on basic social engineering, but also using several tricks to better lure the victims into downloading and executing the malware, served as email attachments. Among these tricks are using right-to-left override to obscure the attachments’ real extension, email attachments disguised as RAR self-extracting archives, and a combination of a specially crafted Word document carrying a CVE-2017-0199 exploit.

All three malware strains are installed in the same way: a dropper drops a malicious payload file (Vermin, Quasar or Sobaken malware) into the %APPDATA% folder, into a subfolder named after a legitimate company (usually Adobe, Intel or Microsoft). Then, it creates a scheduled task that runs the payload every 10 minutes to ensure its persistence.

To make sure that the malware runs on targeted machines only and avoids automated analysis systems and sandboxes, the attackers have deployed several measures. The malware terminates if neither Russian or Ukrainian keyboard layouts are installed, and also if the target system’s IP address is located outside these two countries, or is registered to one of several selected antimalware vendors or cloud providers. The malware also refuses to run on computers with usernames typical of automated malware analysis systems. To determine whether it is run in an automated analysis system, it tries to reach a randomly generated website name/URL and checks if the connection to the URL fails, as would be expected on a real system.

These attackers haven’t received much public attention compared to others who target high-profile organizations in Ukraine. However, they have proved that with clever social engineering tricks, cyber-espionage attacks can succeed even without using sophisticated malware. This underscores the need for training staff in cybersecurity awareness, on top of having a quality security solution in place.

ESET detection names and other Indicators of Compromise for the mentioned campaigns can be found in the full white paper: Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign.

https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29