What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-27 17:17:13 | P2pinfect malware évolue, ajoute des capacités de ransomware et de cryptomiminage P2Pinfect Malware Evolves, Adds Ransomware and Cryptomining Capabilities (lien direct) |
## Snapshot Cado Security researchers report new versions of rust-based malware P2Pinfect. ## Description The malware initially spread via Redis and a limited SSH spreader, with no clear objective other than spreading. P2Pinfect gains initial access by exploiting the replication features in Redis, turning discovered open Redis nodes into follower nodes of the attacker server. It also abuses Redis config commands to write a cron job to the cron directory. The main payload of P2Pinfect is a worm that scans the internet for more servers to infect and features a basic SSH password sprayer. The botnet, a notable feature of P2Pinfect, acts as a peer-to-peer network for pushing out updated binaries. The main binary of P2Pinfect has undergone a rewrite, now entirely written using tokio, an async framework for rust, and packed with UPX. Additionally, the malware now drops a secondary binary at /tmp/bash for health checking. The miner payload embedded in P2Pinfect becomes active after approximately five minutes, and the ransomware payload, called rsagen, is downloaded and executed upon joining the botnet. The ransomware encrypts files and appends .encrypted to the end of the file name, with a ransom note titled "Your data has been locked!.txt". The attacker has made around 71 XMR, equivalent to roughly £9,660, but the mining pool only shows 1 worker active at 22 KH/s, suggesting another wallet address may be in use. The command to start the ransomware was issued directly by the malware operator, and the download server may be an attacker-controlled server used to host additional payloads. P2Pinfect also includes a usermode rootkit that hides specific information and bypasses checks when a specific environment variable is set. There is speculation that P2Pinfect may be a botnet for hire, as evidenced by the delivery of the ransomware payload from a fixed URL and the separation of the miner and ransomware wallet addresses. However, the distribution of rsagen could also be evidence of initial access brokerage. Overall, P2Pinfect continues to evolve with updated payloads and defensive features, demonstrating the malware author\'s ongoing efforts to profit from illicit access and further spread the network. The ransomware\'s impact is limited due to its initial access vector being Redis, which has restricted permissions and limited data storage capabilities. ## Recommendations # Recommendations to protect against RaaS Microsoft recommends the following mitigations to reduce the impact of RaaS threats. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants. - Turn on [tamper protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?ocid=magicti_ta_learndoc) features to prevent attackers from stopping security services. - Run [endpoint detection and response (EDR) in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?ocid=magicti_ta_learndoc) , so that Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn\'t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts detected post-breach. - Enable [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?ocid=magicti_ta_learndoc) in full automated mode to allow Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - Microsoft Defender customers | Ransomware Malware Tool Threat Cloud | ||
 |
2024-06-27 17:10:00 | Les secrets de la formation d'IA cachée sur vos données The Secrets of Hidden AI Training on Your Data (lien direct) |
Bien que certaines menaces SaaS soient claires et visibles, d'autres sont cachées à la vue, tous deux constituant des risques importants pour votre organisation.Les recherches de Wing \\ indiquent qu'un étonnant 99,7% des organisations utilisent des applications intégrées aux fonctionnalités d'IA.Ces outils axés sur l'IA sont indispensables, offrant des expériences transparentes de la collaboration et de la communication à la gestion du travail et
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing\'s research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and |
Tool Cloud | ||
 |
2024-06-27 14:09:57 | Naviguer dans le paysage de la sécurité du cloud Navigating the cloud security landscape (lien direct) |
Découvrez les différences entre les fournisseurs de sécurité gérés et la détection et la réponse gérées pour la sécurité du cloud.Apprenez quelle solution répond aux besoins de votre organisation.
Discover the differences between Managed Security Providers and Managed Detection and Response for cloud security. Learn which solution meets your organization\'s needs best. |
Cloud | ||
 |
2024-06-27 14:02:14 | Action1 obtient la certification CSA Star Level 1 Action1 Achieves CSA STAR Level 1 Certification (lien direct) |
ACTION1 obtient la certification CSA Star Level 1 et signe des CISA \\ Sécurisée par la conception de la classe
S'engager dans les meilleures pratiques et normes de sécurité du cloud introduites par les principales organisations dans le domaine souligne une approche stricte de l'action1 \\ de la sécurité interne.
-
nouvelles commerciales
Action1 Achieves CSA STAR Level 1 Certification and Signs CISA\'s Secure by Design Pledge Committing to cloud security best practices and standards introduced by the leading organizations in the field underscores Action1\'s stringent approach to internal security. - Business News |
Cloud | ||
 |
2024-06-27 14:00:00 | Le renouveau mondial du hacktivisme nécessite une vigilance accrue des défenseurs Global Revival of Hacktivism Requires Increased Vigilance from Defenders (lien direct) |
Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario
Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors leveraging hacktivist tactics and techniques. This comes decades after hacktivism first emerged as a form of online activism and several years since many defenders last considered hacktivism to be a serious threat. However, this new generation of hacktivism has grown to encompass a more complex and often impactful fusion of tactics different actors leverage for their specific objectives. Today\'s hacktivists exhibit increased capabilities in both intrusion and information operations demonstrated by a range of activities such as executing massive disruptive attacks, compromising networks to leak information, conducting information operations, and even tampering with physical world processes. They have leveraged their skills to gain notoriety and reputation, promote political ideologies, and actively support the strategic interests of nation-states. The anonymity provided by hacktivist personas coupled with the range of objectives supported by hacktivist tactics have made them a top choice for both state and non-state actors seeking to exert influence through the cyber domain. This blog post presents Mandiant\'s analysis of the hacktivism threat landscape, and provides analytical tools to understand and assess the level of risk posed by these groups. Based on years of experience tracking hacktivist actors, their claims, and attacks, our insight is meant to help organizations understand and prioritize meaningful threat activity against their own networks and equities. 
Figure 1: Sample of imagery used by hacktivists to promote their threat activity
Proactive Monitoring of Hacktivist Threats Necessary for Defenders to Anticipate Cyberattacks
Mandiant considers activity to be hacktivism when actors claim to or conduct attacks with the publicly stated intent of engaging in political or social activism. The large scale of hacktivism\'s resurgence presents a critical challenge to defenders who need to proactively sift through the noise and assess the risk posed by a multitude of actors with ranging degrees of sophistication. While in many cases hacktivist activity represents a marginal threat, in the most significant hacktivist operations Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnified the others. In some cases, hacktivist tactics have been deliberately employed by nation-state actors to support hybrid operations that can seriously harm victims. As the volume and complexity of activity grows and new actors leverage hacktivist tactics, defenders must determine how to filter, assess, and neutralize a range of novel and evolving threats. The proactive moni |
Malware Tool Threat Legislation Industrial Cloud Commercial | APT 38 | |
|
2024-06-27 13:59:28 | Le rapport sur l'état de la sécurité de l'État 2024 révèle un passage vers des environnements multi-clouds, avec une augmentation de 47% de SD-WAN et une augmentation de 25% dans l'adoption de Sase The 2024 State of Network Security Report Reveals a Shift Towards Multi-Cloud Environments, with a 47% Increase in SD-WAN and 25% Uptick in SASE Adoption (lien direct) |
Le rapport sur l'état de la sécurité de l'état 2024 révèle une évolution vers les environnements multi-nuclouts, avec une augmentation de 47% de SD-WAN et une augmentation de 25% dans l'adoption du sase
La recherche a révélé que les organisations priorisent la sécurité, l'intégration transparente et la conformité dans les environnements cloud hybrides avec Cisco, Palo Alto Networks, AWS et Microsoft Azure parmi les leaders
-
rapports spéciaux
The 2024 State of Network Security Report Reveals a Shift Towards Multi-Cloud Environments, with a 47% Increase in SD-WAN and 25% Uptick in SASE Adoption Research found that organisations are prioritising security, seamless integration, and compliance in hybrid cloud environments with Cisco, Palo Alto Networks, AWS and Microsoft Azure among the leaders - Special Reports |
Cloud | ||
 |
2024-06-27 05:18:51 | CloudFlare: nous n'avons jamais autorisé PolyFill.io à utiliser notre nom Cloudflare: We never authorized polyfill.io to use our name (lien direct) |
Cloudflare, un fournisseur de responsable des services de réseau de livraison de contenu (CDN), la sécurité du cloud et la protection DDOS, a averti qu'il n'avait pas autorisé l'utilisation de son nom ou de son logo sur le site Web Polyfill.io, qui a récemment été capturé en injectant des logiciels malveillants plusà 100 000 sites Web dans une attaque de chaîne d'approvisionnement importante.[...]
Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. [...] |
Malware Cloud | ||
 |
2024-06-27 00:00:00 | Vers une plus grande transparence: dévoiler le service cloud cves Toward greater transparency: Unveiling Cloud Service CVEs (lien direct) |
Bienvenue dans le deuxième épisode de notre série sur la transparence au Microsoft Security Response Center (MSRC).Dans cette discussion en cours, nous discutons de notre engagement à fournir des informations complètes sur la vulnérabilité à nos clients.Au PDSFC, notre mission est de protéger nos clients, nos communautés et Microsoft, contre les menaces actuelles et émergentes pour la sécurité et la confidentialité.
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy. |
Vulnerability Cloud | ||
|
2024-06-26 14:30:56 | NetScout Systems, Inc. a annoncé qu'il a élargi son réseau d'atténuation d'attaque DDOS Cloud Arbor Cloud NETSCOUT SYSTEMS, INC. announced it expanded its Arbor Cloud DDoS attack mitigation network (lien direct) |
netscout élargit les capacités de nettoyage DDOS au Canada
Le nuage d'arbor réduit la latence pour les entreprises et les FAI avec 15 tbps de capacité dédiée globale
-
revues de produits
NETSCOUT EXPANDS DDOS SCRUBBING CAPABILITIES INTO CANADA Arbor Cloud reduces latency for enterprises and ISPs with 15 Tbps of global dedicated capacity - Product Reviews |
Cloud | ||
 |
2024-06-26 12:30:00 | Les cyberattaquants se tournent vers les services cloud pour déployer des logiciels malveillants Cyber Attackers Turn to Cloud Services to Deploy Malware (lien direct) |
Un nombre croissant d'opérateurs de logiciels malveillants se sont tournés vers des serveurs de commande et de contrôle basés sur le cloud pour déployer des campagnes malveillantes, ont trouvé les chercheurs de Fortinet
A growing number of malware operators have turned to cloud-based command and control servers to deploy malicious campaigns, Fortinet researchers found |
Malware Cloud | ||
|
2024-06-26 11:03:47 | Selon Thales, les ressources cloud sont devenues l'objectif principal des cyberattaques Cloud-Ressourcen sind laut Thales zum Hauptziel von Cyber-Angriffen geworden (lien direct) |
Thales annonce aujourd'hui le pertinent;Ce sont l'évaluation globale des dernières menaces, tendances et risques émergents dans le domaine de la sécurité du cloud, qui est basé sur une enquête auprès de près de 3 000 experts informatiques et de sécurité de 18 L & Auml;
-
rapports spéciaux
/ /
affiche ,
cloud
Thales gibt heute die Veröffentlichung des 2024 Thales Cloud Security Berichts bekannt. Dabei handelt es sich um die jährliche Bewertung der neuesten Bedrohungen, Trends und aufkommenden Risiken im Bereich der Cloud-Sicherheit, die auf einer Umfrage unter fast 3.000 IT- und Sicherheitsexperten aus 18 Ländern und 37 Branchen basiert. - Sonderberichte / affiche, Cloud |
Cloud | ||
 |
2024-06-26 10:00:00 | Les tenants et aboutissants de l'évaluation de la posture de cybersécurité en 2024 The Ins and Outs of Cybersecurity Posture Assessment in 2024 (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Whether you\'re working with on-premises infrastructure, fully embracing the cloud, or running a hybrid solution, one thing is certain: a robust security posture is essential to safeguarding the environment. This article will explore today’s fundamentals of security posture assessment in both on-premises and cloud environments while briefly touching on the added complexities a hybrid setup will entail. What Is Security Posture Assessment? Before going any further, it is good to understand what security posture assessment really is and why knowing your security posture is essential to every organization. In short, a security posture assessment is a comprehensive evaluation of the currently utilized security measures safeguarding essential organizational data, processes to prevent breaches, and decisions to maintain business continuity. Any company should have a comprehensive assessment of its environment conducted at least annually. These assessments are used to identify vulnerabilities in processes and systems, point out areas for improvement, and comprehensively assess the overall resiliency of the organization’s entire IT ecosystem. The main goal is to fully understand the current security level and be able to take the necessary steps to remediate possible issues. Assessing On-Premises Security With on-premises system management, all the responsibility falls on the local IT team, so they need to have a comprehensive view of the currently deployed hardware and software to be able to successfully secure both. Let’s go over the components of such an exercise: ● Asset inventory: It is imperative to know the total scope of the organization\'s assets, including workstations, mobile devices, servers, network equipment, and all the software applications in use. This helps pinpoint outdated assets that either need to be removed from the environment or brought up-to-date with hardware or software upgrades. ● Patch management: New software vulnerabilities are being constantly unearthed, so prompt software updating and comprehensive patch management are instrumental in every environment. While it is a good idea to verify the stability of new updates first, automated patch management tools can help streamline this process. ● Network segmentation: Adversaries are always looking for opportunities for lateral movement in a network, so the isolation of systems and processes through network segmentation is an important step in limiting the potential damage a breach can cause. All in all, the evaluation of on-premises security requires an all-around review of the physical and digital protections within the organization’s data centers. This additionally includes vetting firewalls, intrusion detection systems, and access controls to thwart unauthorized access. Regular security audits and penetration tests are crucial to identify and address vulnerabilities before they can be weaponized. Assessing Cloud Security Working with cloud-based solutions keeps growing in popularity, since it effectively outsources the underlying hardware management to the cloud service provider, lessening the burden on the local IT team. This isn\'t to say that there is n | Tool Vulnerability Threat Patching Mobile Cloud | ||
 |
2024-06-25 19:06:37 | L'ancien directeur du cyber-directeur adjoint Derusha atterrit sur Google Cloud Former deputy national cyber director DeRusha lands at Google Cloud (lien direct) |
Pas de details / No more details | Cloud | ||
 |
2024-06-25 15:00:00 | La menace croissante de logiciels malveillants cachés derrière les services cloud The Growing Threat of Malware Concealed Behind Cloud Services (lien direct) |
Les menaces de cybersécurité tirent de plus en plus des services cloud pour stocker, distribuer et établir des serveurs de commandement et de contrôle (C2).Au cours du dernier mois, Fortiguard Labs a suivi des botnets qui ont adopté cette stratégie.Apprendre encore plus.
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy. Learn more. |
Malware Threat Cloud | ||
|
2024-06-25 14:19:27 | Le développeur OutSystems Cloud aborde plus de charges de travail critiques avec une nouvelle attestation SOC 2 OutSystems Developer Cloud Tackles More Mission-Critical Workloads with New SOC 2 Attestation (lien direct) |
OutSystems Le développeur Cloud aborde plus de charges de travail critiques avec une nouvelle ATTTATTATION SOC 2
Plateforme de développement d'applications à faible code attesté pour une utilisation par des industries hautement réglementées, notamment la finance, la banque, le gouvernement, l'assurance et la fabrication
-
nouvelles commerciales
OutSystems Developer Cloud Tackles More Mission-Critical Workloads with New SOC 2 Attestation Low-code application development platform attested for use by highly regulated industries including finance, banking, government, insurance, and manufacturing - Business News |
Cloud | ||
|
2024-06-25 14:16:19 | Les ressources dans le cloud sont devenues les principales cibles des cyberattaques, selon Thales (lien direct) | Les ressources dans le cloud sont devenues les principales cibles des cyberattaques, selon Thales - Investigations | Cloud | ||
|
2024-06-25 13:00:00 | Les violations du cloud ont un impact sur près de la moitié des organisations Cloud Breaches Impact Nearly Half of Organizations (lien direct) |
Un rapport Thales a révélé que 44% des organisations ont connu une violation de données cloud, avec une erreur humaine et des erreurs de configuration les principales provoques
A Thales report found that 44% of organizations have experienced a cloud data breach, with human error and misconfigurations the leading root causes |
Data Breach Cloud | ||
 |
2024-06-25 00:00:00 | WatchGuard lance la solution ThreatSync+ NDR assistée par l\'IA, pour renforcer la détection et la réponse globales aux cybermenaces (lien direct) | Paris, le 25 juin 2024. WatchGuard® Technologies, l\'un des leaders mondiaux de la cybersécurité unifiée, annonce le lancement de ThreatSync+ NDR et de WatchGuard Compliance Reporting. ThreatSync+ NDR est une solution adaptée aux entreprises de toute taille, qui disposent d\'équipes informatiques réduites ou de ressources limitées en matière de cybersécurité. Premier produit de la nouvelle gamme ThreatSync+, ThreatSync+ NDR automatise et simplifie le monitoring continu, ainsi que la détection des menaces et la prise de mesures correctives à l\'aide d\'un moteur de détection avancé basé sur l\'IA. La solution se fraye un chemin à travers les milliards de flux du réseau pour mettre en évidence les risques et les menaces exploitables, avec rapidité et efficacité. Cette solution XDR ouverte offre une visibilité sur le trafic réseau est-ouest et nord-sud qui n\'était auparavant accessible qu\'aux grandes entreprises disposant des ressources nécessaires pour gérer leur propre SOC (centre d\'opérations de sécurité). L\'IA moderne pour une détection et une réponse améliorées aux menaces ThreatSync+ NDR utilise un moteur d\'IA avancé reposant sur une approche de réseau neuronal à double couche, une technologie clé issue de l\'acquisition de CyGlass par WatchGuard en 2023. Le moteur d\'IA de ThreatSync+ corrèle et présente les anomalies sous forme d\'incidents classés par risque et par ordre de priorité. Les fournisseurs de services managés (MSP) et les professionnels de la sécurité informatique disposent ainsi d\'un tableau de bord intuitif indiquant l\'emplacement de l\'incident, les appareils, les utilisateurs et la chronologie, ce qui leur permet de se concentrer sur les menaces les plus critiques, de passer en revue les directives de mitigation et, en fin de compte, de mieux protéger leurs organisations. Gilles Macchioni, Directeur Technique Régional d\'OCI Informatique et Digital. explique : " WatchGuard ThreatSync+ NDR fournit une couche de protection avancée supplémentaire qui était auparavant hors de portée. Auparavant, la mise en œuvre du NDR était difficile en raison de sa complexité et des coûts d\'exploitation élevés qu\'il entraînait. Étant donné que l\'architecture de WatchGuard basée dans le Cloud ne nous oblige pas à installer ou à gérer du matériel complémentaire, nous pouvons déployer ThreatSync+ NDR pour nos clients rapidement, aisément et de manière rentable. Grâce à la protection avancée et abordable basée sur l\'IA proposée par WatchGuard ThreatSync+NDR, nous pouvons désormais offrir à nos clients une protection accrue tout en créant des opportunités de croissance significatives pour notre entreprise ". ThreatSync+ NDR en action ThreatSync+ NDR surveille les attaques à mesure qu\'elles surviennent sur le réseau et excelle dans la détection des attaques qui ont échappé aux défenses périmétriques, notamment les ransomwares, les vulnérabilités et les attaques touchant la supply chain. Les attaquants ne peuvent pas déceler ThreatSync+ NDR car la solution utilise l\'IA pour rechercher les actions des attaquants dissimulées dans le trafic du réseau. Par ailleurs, les attaquants ne peuvent pas se cacher de ThreatSync+, car ils doivent utiliser le réseau pour étendre leur attaque. Cela signifie que le NDR est le seul à pouvoir détecter les différentes étapes d\'une attaque, notamment les appels de commande et de contrôle, les mo | Tool Threat Cloud | ||
 |
2024-06-24 21:57:20 | Attaque de CDK: Pourquoi la planification de la contingence est essentielle pour les clients SaaS CDK Attack: Why Contingency Planning Is Critical for SaaS Customers (lien direct) |
Les opérations quotidiennes chez quelque 15 000 concessionnaires automobiles restent affectées car CDK travaille pour restaurer son système de gestion des concessionnaires, après ce qui semble être une attaque de ransomware la semaine dernière.
Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week. |
Ransomware Cloud | ||
|
2024-06-24 19:22:00 | Vulnérabilité critique RCE découverte dans l'outil d'infrastructure de l'ICLAMA Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (lien direct) |
Les chercheurs en cybersécurité ont détaillé une faille de sécurité désormais paires affectant la plate-forme d'infrastructure de l'intelligence artificielle open-source (IA) d'Ollla qui pourrait être exploitée pour réaliser l'exécution du code distant.
Suivi sous le nom de CVE-2024-37032, la vulnérabilité a été nommée Problama par la société de sécurité cloud Wiz.Après la divulgation responsable le 5 mai 2024, le problème a été résolu en version
Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version |
Tool Vulnerability Cloud | ||
|
2024-06-24 16:34:50 | 30m potentiellement affecté dans la violation du nuage de Tickettek Australia 30M Potentially Affected in Tickettek Australia Cloud Breach (lien direct) |
Dans un incident avec des parallèles directs avec le récent compromis Ticketmaster, un géant des événements en direct australien dit qu'il a été violée via un fournisseur de cloud tiers, alors que Shinyhunters en prenait le crédit.
In an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a third-party cloud provider, as ShinyHunters takes credit. |
Cloud | ||
|
2024-06-24 14:29:07 | Sentinelone PR & Eacute; Sente Singularity ™ Cloud Workload Security SentinelOne présente Singularity™ Cloud Workload Security (lien direct) |
Sentineone PR & Eacute; Sente Singularity ™ Cloud Workload Security
-
produits
SentinelOne présente Singularity™ Cloud Workload Security - Produits |
Cloud | ||
 |
2024-06-24 14:16:35 | Sécurité centrée sur l'homme dans l'écosystème de cybersécurité et la stratégie Better Together de Pointpoint \\ Human Centric Security in the Cybersecurity Ecosystem and Proofpoint\\'s Better Together Strategy (lien direct) |
In my previous blog, I detailed how Proofpoint has redefined email security, a central pillar of what Gartner has termed Human-Centric Security, one of their three strategic priorities for CISOs in 2024 and 2025. Now I\'d like to give you an idea of how we think human-centric security fits with the rest of the modern security stack and how the current trend toward more comprehensive security solution architectures is influencing our strategic direction. The Third Era It\'s worthwhile to start with a bit of history. In our view, we\'ve entered the third major evolution of cybersecurity. In the earliest period, the perimeter was established, and basic controls were put in place. The technologies were fewer and less capable, but the consequences of security failures were nowhere near as severe as they are now. In the second era, the perimeter largely dissolved and the rapid adoption of new technologies during the heyday of digital transformation led to a massive proliferation of point security solutions, cropping up nearly as fast as the tools they were meant to secure. Unfortunately, the cost of the security engineering, operational integration, and alert response required for these tools to be effective often outweighed the risk mitigation they provided. Now we\'ve arrived a phase where the security architectures of the future are finally taking shape. They share several key characteristics: they\'re highly integrated, cloud-deployed, and align to what security teams really need to protect: their infrastructure, the apps that run on it, the data that powers those applications, and of course the humans that simultaneously constitute their organization\'s greatest asset and biggest risk. The Pillars of a Modern Security Architecture To protect the spectrum between infrastructure and people, five key control planes have emerged. The first of those components is the network, where controls have moved past the classic confines of the firewall, proxy, VPN, and other network devices to the cloud-based consolidated services that make up the modern Secure Access Services Edge (SASE). Secondly, endpoint and server protection evolved into first Endpoint Detection and Response (EDR) and then XDR as servers were increasingly replaced by cloud workloads. That of course leaves the human element, to which I\'ll return shortly, and the two cross-architecture layers: the operational processes, increasingly automated, that drive the controls and respond to the alerts they generate, and the identity fabric, both human and machine, that ties everything together. These architectures are powerful on their own, and their effectiveness compounds when they\'re well integrated. Attackers have often exploited the gaps between poorly implemented and monitored security controls to pass from a compromise of a person\'s credentials through the network to the administrative privileges that make ransomware so disruptive. Frustrating adversaries becomes much more achievable when well-integrated security controls reinforce each other, providing not just defense in depth but also defense in breadth. For example, an attacker\'s job is much harder when the malicious attachment they use to try and target a person is blocked and analyzed, with the resulting intelligence shared across SASE and XDR. Human-Centric Security and the Ecosystem With the rise of these modern security architectures, our controls for protecting networks, endpoints, and infrastructure have evolved, becoming more comprehensive, adaptive, and effective. With over 90% of breaches involving the human element, Proofpoint\'s human-centric security platform uniquely does the same for people and integrates with the key leaders across the other five components of the modern security stack. In pioneering human-centric security, we\'ve brought together previously disconnected functionality to accomplish two critical goals. The first is helping organizations protect their people from targeted attacks, impersonation, and supplier risk, along with making their people more resilien | Ransomware Tool Threat Prediction Cloud | ||
|
2024-06-24 13:20:50 | (Déjà vu) Vérifier Rapport de sécurité du cloud de Point \\: Navigation de l'intersection de la cybersécurité Check Point\\'s 2024 Cloud Security Report: Navigating the Intersection of Cyber Security (lien direct) |
Vérifier le point de la sécurité du cloud du point \\ de 2024: naviguer dans l'intersection de la cybersécurité
• 91% considèrent l'adoption de l'intelligence artificielle en priorité, mettant en évidence l'évaluation de la vulnérabilité et la détection des menaces comme avantages clés
• Néanmoins, seulement 61% des répondants ont reconnu que leur organisation était dans les phases de planification ou de développement de l'adoption de l'IA et de la ML pour la cybersécurité
• Les résultats de l'enquête révèlent un manque de sensibilisation au rôle crucial des contrôles internes et des politiques de gouvernance lorsque l'IA est impliquée
-
rapports spéciaux
Check Point\'s 2024 Cloud Security Report: Navigating the Intersection of Cyber Security • 91% view the adoption of artificial intelligence as a priority, highlighting vulnerability assessment and threat detection as key benefits • Nevertheless, only 61% of respondents acknowledged that their organization is in the planning or development phases of adopting AI and ML for cyber security • Survey results reveal a lack of awareness about the crucial role of internal controls and governance policies when AI is involved - Special Reports |
Vulnerability Threat Cloud | ||
 |
2024-06-24 13:12:32 | 24 juin & # 8211;Rapport de renseignement sur les menaces 24th June – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyber recherche pour la semaine du 24 juin, veuillez télécharger notre bulletin de renseignement sur les menaces.Les meilleures attaques et violations Le groupe de ransomware de NoirSuit a perturbé les opérations chez CDK Global, un fournisseur important de solutions de marketing informatique et numérique à l'industrie automobile, ciblant leurs plateformes SaaS aux États-Unis et [& # 8230;]
>For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and […] |
Ransomware Threat Cloud | ||
|
2024-06-24 12:48:47 | Faits saillants hebdomadaires OSINT, 24 juin 2024 Weekly OSINT Highlights, 24 June 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a persistent focus on sophisticated cyber espionage and ransomware campaigns by state-sponsored threat actors and advanced cybercriminal groups. Key trends include the exploitation of known vulnerabilities in network devices and hypervisors by Chinese groups like Velvet Ant and UNC3886, leveraging custom malware for long-term access and data theft. Meanwhile, actors active in the Middle Eastern and South Asian such as Arid Viper and UTA0137 continue to target adversaries with trojanized apps and Linux malware, respectively. Additionally, innovative social engineering techniques, like those used by TA571 and ClearFake, highlight the evolving methods threat actors employ to deliver diverse payloads, including ransomware and information stealers. The consistent targeting of critical infrastructure, government entities, and high-value enterprises underscores the need for robust, multi-layered cybersecurity defenses to mitigate these sophisticated and persistent threats. ## Description 1. **[Arid Viper Espionage Campaigns](https://sip.security.microsoft.com/intel-explorer/articles/19d9cd7d)**: ESET researchers uncovered Arid Viper\'s espionage campaigns targeting Android users in Egypt and Palestine. The campaigns distribute trojanized apps through dedicated websites, focusing on user data espionage with their AridSpy malware, a sophisticated multistage Android spyware. 2. **[Velvet Ant Exploits F5 BIG-IP](https://sip.security.microsoft.com/intel-explorer/articles/e232b93d)**: Sygnia analysts revealed that the Chinese cyberespionage group Velvet Ant exploited vulnerabilities in F5 BIG-IP appliances to deploy malware like PlugX, enabling long-term access and data theft. These incidents emphasize the threat posed by persistent threat groups exploiting network device vulnerabilities. 3. **[UNC3886 Targets Hypervisors](https://sip.security.microsoft.com/intel-explorer/articles/faed9cc0)**: Google Cloud reported that Mandiant investigated UNC3886, a suspected Chinese cyberespionage group, targeting hypervisors with sophisticated malware and exploiting vulnerabilities in FortiOS and VMware technologies. The group utilized rootkits and custom malware for persistence and command and control. 4. **[UTA0137 Cyber-Espionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/bc2b5c55)**: Volexity identified Pakistan-based UTA0137 targeting Indian government entities with DISGOMOJI malware, which uses Discord for command and control. The campaign targets Linux systems, employing various persistence mechanisms and exploiting vulnerabilities like DirtyPipe for privilege escalation. 5. **[Proofpoint Highlights Copy-Paste Attacks](https://sip.security.microsoft.com/intel-explorer/articles/c75089e9)**: Proofpoint researchers reported that threat actors, including TA571 and ClearFake, are using techniques that prompt users to copy and paste malicious PowerShell scripts. These campaigns deliver various malware, including DarkGate and NetSupport, through clever social engineering tactics that trick users into compromising their systems. 6. **[Shinra and Limpopo Ransomware](https://sip.security.microsoft.com/intel-explorer/articles/b7a96cbd)**: FortiGuard Labs identified the emergence of Shinra and Limpopo ransomware strains in early 2024. Shinra ransomware exfiltrates data before encryption, while Limpopo targets ESXi environments, affecting multiple countries and causing significant disruptions. 7. **[CVE-2024-4577 Vulnerability Exploits](https://sip.security.microsoft.com/intel-explorer/articles/8635c515)**: Cyble Global Sensor Intelligence detected multiple scanning attempts exploiting CVE-2024-4577, a vulnerability in Windows affecting PHP installations. Threat actors are using this flaw to deploy ransomware and malware, emphasizing the urgent need for organizations to upgrade PHP versions to mitigate risks. 8. **[SmallTiger Malware Targets South Korea](https://sip.security.microsoft.com/intel-explorer/articles/3f29a6c8)**: The AhnLab Securi | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | APT-C-23 | |
 |
2024-06-24 12:33:29 | Rocket, acquisition couleur RAG pour OpenAI (lien direct) | Avec le RAG en ligne de mire, OpenAI réalise sa première acquisition officielle, en l'objet de Rockset, éditeur américain d'une base de données cloud. | Cloud | ||
|
2024-06-24 10:08:02 | Christophe Charbonnier, DSI de MPSA : " Nous achevons la migration de nos VM et de nos conteneurs applicatifs dans le Cloud ". (lien direct) | Christophe Charbonnier, DSI de MPSA, retrace les évolutions de son système d'information aux défis de la logistique, du négoce de pneus et de pièces techniques automobiles avec les garagistes. | Cloud | ||
|
2024-06-21 16:15:26 | L'authentification multifactrice n'est pas suffisante pour protéger les données du cloud Multifactor Authentication Is Not Enough to Protect Cloud Data (lien direct) |
Ticketmaster, Santander Bank et d'autres grandes entreprises subissent des fuites de données à partir d'un grand service basé sur le cloud, soulignant que les entreprises doivent faire attention à l'authentification.
Ticketmaster, Santander Bank, and other large firms suffer data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication. |
Cloud | ||
|
2024-06-21 14:22:13 | FinOps : la spécification FOCUS dépassera-t-elle le IaaS ? (lien direct) | Premier stade de maturité atteint pour le projet FOCUS (FinOps Open Cost & Usage Specification), qui promet de s'ouvrir au SaaS. | Cloud | ||
 |
2024-06-21 12:00:31 | Contrôle du cloud de sécurité: pionnier de l'avenir de la gestion de la sécurité Security Cloud Control: Pioneering the Future of Security Management (lien direct) |
Les organisations sont confrontées à un défi critique aujourd'hui: les attaquants exploitent les liens les plus faibles de leurs réseaux, tels que les utilisateurs non garantis, les appareils et les charges de travail.Ce paysage de menace est compliqué par le passage des centres de données traditionnels à un environnement distribué, où la protection des données dispersées sur plusieurs points de contact devient complexe.Pour répondre à ces menaces, de nombreuses organisations recourent à [& # 8230;] 
Organizations face a critical challenge today: attackers are exploiting the weakest links in their networks, such as unsecured users, devices, and workloads. This threat landscape is complicated by the shift from traditional data centers to a distributed environment, where protecting dispersed data across multiple touchpoints becomes complex. To address these threats, many organizations resort to […] |
Threat Cloud | ||
 |
2024-06-20 21:48:11 | Les télécommunications frappent le plus durement par les logiciels malveillants cloud, le rapport trouve le rapport Telcos Hit Hardest by Cloud Malware, Report Finds (lien direct) |
Les sociétés de télécommunications sont ciblées par des acteurs malveillants à un rythme alarmant, selon un nouveau rapport de Netskope Threat Labs.Le rapport met en évidence une tendance préoccupante des attaquants exploitant des applications cloud populaires comme Microsoft Onedrive et Github pour livrer des logiciels malveillants aux victimes sans méfiance dans l'industrie des télécommunications.Cela suit une tendance tout aussi troublante découverte [& # 8230;]
Le post Telcos frappe le plus durement par Cloud Mahware, Le rapport trouve apparu pour la première fois sur gourou de la sécurité informatique .
Telecom companies are being targeted by malicious actors at an alarming rate, according to a new report by Netskope Threat Labs. The report highlights a concerning trend of attackers exploiting popular cloud apps like Microsoft OneDrive and GitHub to deliver malware to unsuspecting victims in the telecoms industry. This follows a similarly unsettling trend uncovered […] The post Telcos Hit Hardest by Cloud Malware, Report Finds first appeared on IT Security Guru. |
Malware Threat Prediction Cloud | ★★★ | |
|
2024-06-20 19:50:16 | Cloaked and Covert: Uncovering UNC3886 Espionage Operations (lien direct) | ## Instantané En septembre 2022, Google Cloud a rendu compte des enquêtes de Mandiant \\ sur "UNC3886", soupçonnées de mandiant d'être un groupe de cyber-espionnage lié au chinois, après la découverte de logiciels malveillants dans les hyperviseurs Esxi.UNC3886 ciblé globalOrganisations stratégiques, exploitation des vulnérabilités dans Fortios ([CVE-2022-41328] (https://security.microsoft.com/vulnerabilities/vulnerabilité/CVE-2022-41328/overview)) et VMware Technologies ([CVE-2022-22948](https://security.microsoft.com/vulnerabilities/vulnerability/cve-2022-22948/overview), [cve-2023-20867] (https://security.microsoft.com/vulnerabilities/vulnerabilité/CVE-2023-com20867 / Overview)), y compris une vulnérabilité zéro-jour dans VMware vcenter ([CVE-2023-34048] (https://security.microsoft.com/vulnerabilities/vulnerabilité/CVE-2023-34048/aperçu)). ## Description L'UNC3886 a utilisé des mécanismes de persistance sophistiqués à travers les dispositifs de réseau, les hyperviseurs et les machines virtuelles, en utilisant des rootkits comme Reptile et Medusa, avec Medusa installé via son composant d'installation, Sealfe, pour un accès à long terme.L'acteur de menace a également déployé des logiciels malveillants personnalisés tels que MopSled et Riflespine, tirant parti des services tiers de confiance pour la commande et le contrôle.Mandiant a également oberved partage C6) De plus, Mandiant rapporte que l'acteur de menace a tenté d'étendre son accès aux appareils réseau en ciblant un serveur TACACS + en utilisant le revers de renifleur.En outre, UNC3886 les délais exploités pour exploiter l'interface de communication virtuelle (VMCI), y compris des variantes comme VirtualShine, VirtualPie et VirtualSphere, pour faciliter l'exécution de la commande et le mouvement latéral dans des environnements ciblés. ## Détections / requêtes de chasse Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: - [Trojan: LiNux / Reptile] (https://www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description?name=trojan:linux/reptile.a& ;thered=-2147118004) - [Backdoor: Linux / Reptile] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-description? Name = Backdoor: Linux / Reptile! Mtb & menaceID = -2147058920) - [Trojan: Win32 / Medusa] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojan:win32/medusa.a& threattid=-2147462289) - [Trojandownloader: sh / medusa] (https: //www.miCrosost.com/nus/wds/threets/malwaore-encycription.metcrid - Salut: Py: PyThon / Medusa] (https://www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description?name=pua:pyTHON / MEDUSA.A & AMP; NOFENID = 314289) - [Trojandownloader: sh / medusa] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description? name = trojandownloader: sh / medusa.a! mtb & menaceid = -2147127030) - [Comportement: win32 / medusa] (https://www.microsoft.com/en-us/wdsi/thereats/malware-encycopedia-dercription?name=behavior:win32/medusa.a&theatid=-2147078674) - [Trojan: Msil / Medusa] (https://www.microsoft.com/en-us/wdsi/thREATS / MALWARE-ENCYCLOPEDIA-DESCRIPTION? Name = Trojan: MSIL / MEDUSA! - [Trojan: Python / Medusa] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojan:python/medusa.c& threattid=-2147066576) - [Trojan: Bat / Medusa] (https://www.microsoft.com/en-us/wdsi/thereats/malware-encycopedia-dercription?name=trojan:bat/medusa!mtb&theretid=-2147064383) ## Recommandations [CVE-2022-41328] (HTtps: //security.microsoft.com/vulnerabilities/vulnerabilité/CVE-2022-41328/overview) Mettez à niveau vers Fortinet Fortios version 7.2.4, 7.0.10 ou 6.4.11 pour atténuer cette vulnérabilité. [CVE-2022-22948] (https://security.microsoft.com/vulnerabilities/vulnerabilité/CVE-2022-22948/overview) Passez à la dernière version de VMware vCenter Server et Cloud Foundation. [CVE | Malware Vulnerability Threat Cloud | ★★ | |
 |
2024-06-20 18:20:02 | Les solutions Symantec de Broadcom \\ réalisent la certification IRAP, répondant aux normes du gouvernement australien Broadcom\\'s Symantec solutions achieve IRAP certification, meeting Australian government standards (lien direct) |
Broadcom Inc. a annoncé jeudi que Symantec Endpoint Security, Symantec Network Protection et Symantec DLP Cloud Solutions ont ...
Broadcom Inc. announced on Thursday that Symantec Endpoint Security, Symantec Network Protection and Symantec DLP Cloud solutions have... |
Cloud | ★★★ | |
|
2024-06-20 14:07:45 | Netskope Threat Labs : les acteurs de la menace se concentrent sur l\'utilisation des applications cloud dans le secteur des télécommunications (lien direct) | Netskope Threat Labs : les acteurs de la menace se concentrent sur l'utilisation des applications cloud dans le secteur des télécommunications - Investigations | Threat Cloud | ★★ | |
|
2024-06-20 13:00:33 | Vérifier Rapport de sécurité du cloud de Point \\: Navigation de l'intersection de la cybersécurité Check Point\\'s 2024 Cloud Security Report: Navigating the Intersection of Cyber security (lien direct) |
> 91% considèrent l'adoption de l'intelligence artificielle comme une priorité, mettant en évidence l'évaluation de la vulnérabilité et la détection des menaces comme des avantages clés, néanmoins, seulement 61% des répondants ont reconnu que leur organisation était dans les phases de planification ou de développement de l'adoption de l'IA et de la ML pour le cyber-cyberLes résultats de l'enquête sur la sécurité révèlent un manque de sensibilisation au rôle crucial des contrôles internes et des politiques de gouvernance lorsque l'IA est impliquée de l'intelligence artificielle et de l'apprentissage automatique (IA et ML) sont reconnues comme des parties importantes de l'avenir de la cybersécurité et de la sécurité du cloud.Mais dans quelle mesure ces technologies dans les fonctions de cybersécurité sont-elles intégrées actuellement?Une enquête récente [& # 8230;]
>91% view the adoption of artificial intelligence as a priority, highlighting vulnerability assessment and threat detection as key benefits Nevertheless, only 61% of respondents acknowledged that their organization is in the planning or development phases of adopting AI and ML for cyber security Survey results reveal a lack of awareness about the crucial role of internal controls and governance policies when AI is involved Artificial Intelligence and Machine Learning (AI and ML) are recognized as important parts of the future of cyber security and cloud security. But how integrated are these technologies in cyber security functions currently? A recent survey […] |
Vulnerability Threat Cloud | ★★★ | |
|
2024-06-20 11:32:08 | CDK Global a à nouveau piraté tout en se remettant de la première cyberattaque CDK Global hacked again while recovering from first cyberattack (lien direct) |
La plate-forme SAAS de voiture CDK Global a subi une violation supplémentaire mercredi soir alors qu'elle commençait à restaurer les systèmes fermés dans une cyberattaque précédente.[...]
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. [...] |
Cloud | ★★ | |
|
2024-06-19 12:40:16 | Tenable pour acquérir la sécurité Eureka Tenable to Acquire Eureka Security (lien direct) |
Tenable pour acquérir la sécurité Eureka pour ajouter la gestion de la posture de sécurité des données à sa plate-forme de sécurité cloud
Unified CNApp offrira une protection complète entre les infrastructures, les charges de travail, les identités et les données pour la clientèle de sécurité du cloud en croissance rapide
-
nouvelles commerciales
Tenable to Acquire Eureka Security to Add Data Security Posture Management to its Cloud Security Platform Unified CNAPP will provide comprehensive protection across infrastructure, workloads, identities and data for rapidly growing cloud security customer base - Business News |
Cloud | ★★ | |
|
2024-06-19 11:08:16 | CheckMarx et DXC Technology s'associent pour offrir une sécurité d'application holistique évolutive Checkmarx and DXC Technology Team Up to Deliver Scalable, Holistic Application Security (lien direct) |
Vérifiez la technologie et la technologie DXC s'associent pour offrir une sécurité d'évolution des applications holistique dans le monde
Une collaboration améliorée réduira les risques, améliorera la qualité des logiciels et accélérera la transformation numérique et la migration du cloud pour les entreprises mondiales
-
revues de produits
Checkmarx and DXC Technology Team Up to Deliver Scalable, Holistic Application Security Worldwide Enhanced collaboration will reduce risk, improve software quality and accelerate digital transformation and cloud migration for global enterprises - Product Reviews |
Cloud | ★★ | |
|
2024-06-19 08:45:21 | HPE dégaine son alternative à VMware (lien direct) | HPE compte agrémenter son offre Private Cloud d'une stack de virtualisation KVM d'ici à fin 2024. | Cloud | ★★ | |
|
2024-06-18 20:23:24 | Les bogues Critical VMware ouvrent les étendues de VMS à RCE, Vol de données Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft (lien direct) |
Un trio de bogues pourrait permettre aux pirates de dégénérer les privilèges et d'exécuter à distance du code sur les machines virtuelles déployées dans les environnements cloud.
A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments. |
Cloud | ★★ | |
|
2024-06-18 16:53:00 | Le rapport annuel de sécurité SaaS: 2025 Plans et priorités du CISO The Annual SaaS Security Report: 2025 CISO Plans and Priorities (lien direct) |
Selon une nouvelle enquête, soixante-dix pour cent des entreprises en établissant une priorité dans les investissements dans la sécurité du SaaS en établissant des équipes dédiées à sécuriser les applications SaaS, dans le cadre d'une tendance croissante de maturité dans ce domaine de la cybersécurité, selon une nouvelle enquête publiée ce mois-ci par la Cloud Security Alliance (CSA).
Malgré l'instabilité économique et les principales suppressions d'emploi en 2023, les organisations ont considérablement augmenté l'investissement dans
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in |
Prediction Cloud | ★★★ | |
|
2024-06-18 15:11:00 | De nouveaux cibles malwares cibles exposées Docker API pour l'exploitation de crypto-monnaie New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (lien direct) |
Les chercheurs en cybersécurité ont découvert une nouvelle campagne de logiciels malveillants qui cible les points de terminaison publiquement exposés de l'API dans le but de livrer des mineurs de crypto-monnaie et d'autres charges utiles.
Parmi les outils déployés est un outil d'accès à distance qui est capable de télécharger et d'exécuter plus de programmes malveillants ainsi qu'un utilitaire pour propager les logiciels malveillants via SSH, Cloud Analytics Platform Datadog
Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that\'s capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, cloud analytics platform Datadog |
Malware Tool Cloud | ★★★ | |
|
2024-06-18 14:00:00 | Couchée et secrète: Découvrir les opérations d'espionnage UNC3886 Cloaked and Covert: Uncovering UNC3886 Espionage Operations (lien direct) |
Written by: Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, Alex Marvi
Following the discovery of malware residing within ESXi hypervisors in September 2022, Mandiant began investigating numerous intrusions conducted by UNC3886, a suspected China-nexus cyber espionage actor that has targeted prominent strategic organizations on a global scale. In January 2023, Mandiant provided detailed analysis of the exploitation of a now-patched vulnerability in FortiOS employed by a threat actor suspected to be UNC3886. In March 2023, we provided details surrounding a custom malware ecosystem utilized on affected Fortinet devices. Furthermore, the investigation uncovered the compromise of VMware technologies, which facilitated access to guest virtual machines. Investigations into more recent operations in 2023 following fixes from the vendors involved in the investigation have corroborated Mandiant\'s initial observations that the actor operates in a sophisticated, cautious, and evasive nature. Mandiant has observed that UNC3886 employed several layers of organized persistence for redundancy to maintain access to compromised environments over time. Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available even if the primary layer is detected and eliminated. This blog post discusses UNC3886\'s intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including: The use of publicly available rootkits for long-term persistence Deployment of malware that leveraged trusted third-party services for command and control (C2 or C&C) Subverting access and collecting credentials with Secure Shell (SSH) backdoors Extracting credentials from TACACS+ authentication using custom malware Mandiant has published detection and hardening guidelines for ESXi hypervisors and attack techniques employed by UNC3886. For Google SecOps Enterprise+ customer |
Malware Tool Vulnerability Threat Cloud Technical | APT 41 | ★★★ |
|
2024-06-18 13:54:00 | VMware émet des correctifs pour la fondation cloud, VCenter Server et vSphere ESXi VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi (lien direct) |
VMware a publié des mises à jour pour aborder les défauts critiques ayant un impact sur Cloud Foundation, VCenter Server et vSphere ESXi qui pourraient être exploités pour réaliser l'escalade des privilèges et l'exécution du code distant.
La liste des vulnérabilités est la suivante -
CVE-2024-37079 &CVE-2024-37080 (scores CVSS: 9.8) - Vulnérabilités de dépassement multiples dans la mise en œuvre du protocole DCE / RPC qui pourrait
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could |
Vulnerability Cloud | ★★ | |
|
2024-06-18 13:00:00 | VMware révèle les vulnérabilités critiques, demande de l'assainissement immédiat VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation (lien direct) |
VMware a révélé des vulnérabilités critiques ayant un impact sur ses produits VMware vSphere et VMware Cloud Foundation, avec des correctifs disponibles pour les clients
VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, with patches available for customers |
Vulnerability Cloud | ★★★ | |
|
2024-06-18 12:56:24 | Les pivots d'araignée dispersés vers les attaques d'application SaaS Scattered Spider Pivots to SaaS Application Attacks (lien direct) |
L'année dernière, Microsoft a décrit l'acteur de menace - connu sous le nom de UNC3944, araignée dispersée, porcs dispersés, octo tempest et 0ktapus - comme l'un des adversaires actuels les plus dangereux.
Microsoft last year described the threat actor - known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus - as one of the most dangerous current adversaries. |
Threat Cloud | ★★ | |
|
2024-06-18 12:00:26 | L'état des plates-formes de sécurité cloud et de DevseCops The State of Cloud Security Platforms and DevSecOps (lien direct) |
Une nouvelle enquête de Cisco and Enterprise Strategy Group révèle les vrais contours du développement et de la sécurité des applications natives de cloud 
A new survey by Cisco and Enterprise Strategy Group reveals the true contours of cloud native application development and security |
Cloud | ★★★ | |
|
2024-06-18 10:59:16 | Migration Cloud : FM Logistic déploie son infra VMware sur AWS (lien direct) | Le groupe de logistique français a mené un projet de Move to Cloud dont l'objectif est de fermer à court terme son datacenter. La solution VMware Cloud on AWS a permis de déplacer ses serveurs virtuels tels quels, sans même devoir changer d'adresses IP. | Cloud | ★★ | |
|
2024-06-18 08:38:24 | Le Groupe Foliateam consolide ses activités et accélère sur le cloud et la cybersécurité (lien direct) | Le Groupe Foliateam consolide ses activités et accélère sur le cloud et la cybersécurité #cybersécurité #ESN #MSP #servicesmanagés #cloud - Business | Cloud | ★★ |
To see everything:
Our RSS (filtrered)
