Recently we learned that this project got a pile of dosh from the Bill and Melinda Gates foundation, so we thought we might look into it with you. Tazama is an Open Source Real-Time Transaction Monitoring Software built to support any Digital Financial Services Provider (DFSP) that requires Transaction Monitoring for Fraud and Money Laundering (AML) detection. Whether that DFSP is a small provider running one or 2 transactions per day or a national payment switch running at over 3,000 Transactions per second. With Tazama they can implement simple or complex rules, implement Fraud Detection controls or support Anti-Money Laundering activities. Could this be the first attempt at the democratization of Fraud and AML software? It seems so. Tazama is a system designed to keep an eye on transactions happening in real-time. It gathers data from various sources in the financial world, like banks and payment services, and analyzes it to detect any suspicious activity, such as fraud or money laundering.
The system works by storing all the gathered transaction data in a database. Then, it uses rule processors to evaluate each transaction and its participants to find any signs of suspicious behavior. These evaluations are summarized into scenarios called typologies, which help identify potential fraudulent activities. When the system detects enough evidence of suspicious behavior based on the rules and typologies, it sends out alerts for investigation. In serious cases, it can even stop transactions to prevent the transfer of funds. Tazama is built to work with the ISO20022 standard for financial messaging. Even if a system doesn't use this standard, it can still communicate with Tazama through a special adapter that converts messages into the ISO20022 format. To understand how Tazama works in more detail, we'll look at its key components, like the Transaction Monitoring Service API, Channel Router and Setup Processor, Rules Processor, Typology Processor, and Transaction Aggregator and Decision Processor. Each of these parts plays a specific role in keeping transactions safe and secure. These components work together to analyze transactions, detect any signs of financial crime, and take appropriate actions to safeguard the financial ecosystem. By understanding how Tazama operates, we can better protect against fraud and money laundering in the world of finance. Tazama is a system designed to keep an eye on transactions happening in real-time. It gathers data from various sources in the financial world, like banks and payment services, and analyzes it to detect any suspicious activity, such as fraud or money laundering. The system works by storing all the gathered transaction data in a database. Then, it uses rule processors to evaluate each transaction and its participants to find any signs of suspicious behavior. These evaluations are summarized into scenarios called typologies, which help identify potential fraudulent activities. When the system detects enough evidence of suspicious behavior based on the rules and typologies, it sends out alerts for investigation. In serious cases, it can even stop transactions to prevent the transfer of funds. Tazama is built to work with the ISO20022 standard for financial messaging. Even if a system doesn't use this standard, it can still communicate with Tazama through a special adapter that converts messages into the ISO20022 format. To understand how Tazama works in more detail, we'll look at its key components, like the Transaction Monitoring Service API, Channel Router and Setup Processor, Rules Processor, Typology Processor, and Transaction Aggregator and Decision Processor. Each of these parts plays a specific role in keeping transactions safe and secure. These components work together to analyze transactions, detect any signs of financial crime, and take appropriate actions to safeguard the financial ecosystem. By understanding how Tazama operates, we can better protect against fraud and money laundering in the world of finance. Tazama is a system designed to keep an eye on transactions happening in real-time. It gathers data from various sources in the financial world, like banks and payment services, and analyzes it to detect any suspicious activity, such as fraud or money laundering. The system works by storing all the gathered transaction data in a database. Then, it uses rule processors to evaluate each transaction and its participants to find any signs of suspicious behavior. These evaluations are summarized into scenarios called typologies, which help identify potential fraudulent activities. When the system detects enough evidence of suspicious behavior based on the rules and typologies, it sends out alerts for investigation. In serious cases, it can even stop transactions to prevent the transfer of funds. Tazama is built to work with the ISO20022 standard for financial messaging. Even if a system doesn't use this standard, it can still communicate with Tazama through a special adapter that converts messages into the ISO20022 format. To understand how Tazama works in more detail, we'll look at its key components, like the Transaction Monitoring Service API, Channel Router and Setup Processor, Rules Processor, Typology Processor, and Transaction Aggregator and Decision Processor. Each of these parts plays a specific role in keeping transactions safe and secure. These components work together to analyze transactions, detect any signs of financial crime, and take appropriate actions to safeguard the financial ecosystem. By understanding how Tazama operates, the hope is that we can, one day in the future, better protect against fraud and money laundering in the world of finance. Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks. You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9. Find it here: https://github.com/prowler-cloud/prowler/#requirements-and-installation
If you have been running fail2Ban on a server or servers to block port probing for vulnerable services on servers and felt that high RAM usage and general log parsing a little bit taxing, you'll be excited to hear that fail2ban's creator has crafted a successor "Reaction" Read his overview of the problem area and solution here: https://blog.ppom.me/en-reaction/
"Reaction, on my server, on which a lot more logs are analyzed that only the SSH service, reaction (and all the commands it launches) consumes approximately 5 min of CPU a week and 25 MB of RAM. With equal task work, fail2ban used to consume 1 hour and 300 MB, namely 30 times more and 10 times more resources." https://framagit.org/ppom/reaction reaction A daemon that scans program outputs for repeated patterns, and takes action. A common usage is to scan ssh and webserver logs, and to ban hosts that cause multiple authentication errors. 🚧 This program hasn't received external audit. however, it already works well on my servers 🚧 RationaleI was using the honorable fail2ban since quite a long time, but i was a bit frustrated by its cpu consumption and all its heavy default configuration. In my view, a security-oriented program should be simple to configure and an always-running daemon should be implemented in a faster language. reaction does not have all the features of the honorable fail2ban, but it's ~10x faster and has more manageable configuration. 📽️ quick french name explanation 😉 🇬🇧 in-depth blog article / 🇫🇷 french version ConfigurationYAML and JSONnet (more powerful) are supported. both are extensions of JSON, so JSON is transitively supported.
Lastly, while this is v1 v2 is already in the works. As the audience forthis tool picks up, and audit of it should also be completed (but no target date at this point). It's not often that one organization has two tools mentioned here in as many months, but CISA has pulled it off. We think that their CSET tool will be the basis for cyber-security insurance issuance as early as next year. Probably the most exciting thing is that CISA also offer training for you to learn the detail of the current tool offering.
It's not quite at commercial product levels of refinement, but it certainly is good, and worth your time to get to know. So what are you waiting for? Time to get going! https://www.cisa.gov/downloading-and-installing-cset Arsenal is just a quick inventory, reminder and launcher for pentest commands. This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands. As a note, do this on a Linux endpoint, a quick test on a windows machine indicated a number of missing libraries. find it here In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.
You have to enter arguments if needed, but arsenal supports global variables. For example, during a pentest we can set the variable ip to prefill all commands using an ip with the right one. To do that you just have to enter the following command in arsenal: >set ip=10.10.10.10 Authors:
https://github.com/cisagov/LME/tree/main
Here's an idea: Initially created by NCSC and now maintained by CISA, Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple free and open software platforms, where LME helps the reader integrate them together to produce an end-to-end logging capability. Logging Made Easy can:
Who is Logging Made Easy for?From single IT administrators with a handful of devices in their network to larger organizations. LME is for you if:
LME could also be useful for:
If you want to run AI models like Mistral-7B on your laptop this is the easiest way to do it.
https://twitter.com/mckaywrigley/status/1708917863925629320 PS Windows still to come... Have you ever wondered how much of your personal information is available online? Here’s your chance to find out. We’ve all heard about high-profile data breaches, but there are thousands more of them that we don’t hear about. That’s why Australian online security expert Troy Hunt created Have I Been Pwned? — a service that tracks stolen data across the internet, and is used by numerous national governments, security services and law enforcement. Now, we’ve used Hunt’s database to help you:
https://www.abc.net.au/news/2023-05-18/data-breaches-your-identity-interactive/102175688 This is a great, yet simple site, that will walk you through a number of examples of phishing emails. You and your friends learn how to identify phishing mails through the URLs within them.
Give it a try here https://phishingquiz.withgoogle.com/ |
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |