What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-29 21:47:00 | Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild (lien direct) | Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) - & | |||
|
2024-07-29 18:49:00 | ProofPoint Email Routing Flaw exploité pour envoyer des millions d'e-mails de phishing usurpés Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (lien direct) |
Un acteur de menace inconnue a été lié à une campagne d'arnaque massive qui a exploité une mauvaise configuration de la routage des e-mails dans les défenses du fournisseur de sécurité par courrier électronique \\ pour envoyer des millions de messages usurpant diverses entreprises légitimes.
"Ces e-mails ont fait écho à partir des relais de messagerie de point de preuve officiel avec des signatures SPF et DKIM authentifiées, contournant ainsi les principales protections de sécurité - tout cela à tromper
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint\'s defenses to send millions of messages spoofing various legitimate companies. "These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections - all to deceive |
Threat | ||
 |
2024-07-29 18:12:42 | Bipartisan Senate bill would promote cybersecurity apprenticeship programs (lien direct) | >The legislation aims to grow the cyber workforce under a Department of Labor-managed grants program for apprentices. | |||
 |
2024-07-29 18:04:05 | \'Zeus\' Hacker Group Strikes Israeli Olympic Athletes in Data Leak (lien direct) | Security presence has been heightened in Paris to ensure that the Games are safe, and Israeli athletes have been provided with even more protection. | |||
 |
2024-07-29 18:01:57 | Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website (lien direct) | #### Targeted Geolocations - Germany ## Snapshot CrowdStrike Intelligence identified a spearphishing attempt delivering a fake CrowdStrike Crash Reporter installer via a website impersonating a German entity. ## Description The site was registered on July 20, 2024, shortly after a CrowdStrike Falcon sensor update issue, and used JavaScript disguised as JQuery to download and deobfuscate the installer. This installer, branded with CrowdStrike content and localized in German, required a password for installation. The phishing page linked to a ZIP file containing a malicious InnoSetup installer and displayed CrowdStrike's branding to appear legitimate. The JavaScript masked its malicious code within genuine JQuery code to evade detection. When the user clicked the download button, the site executed a function to download a disguised Portable Executable file. The installer, which appeared on July 20, 2024, had a timestamp aligning with the sensor update, suggesting the use of timestomping to avoid detection. The installer prompted users to input a specific "Backend-Server" password, likely known only to the targets, indicating a highly targeted attack. CrowdStrike Intelligence assessed with high confidence that the attackers focused on German-speaking customers affected by the Falcon sensor issue and employed advanced anti-forensic techniques, including registering subdomains under a legitimate registrar and encrypting installer contents. ## Additional Analysis Cyber threat actors exploit current events to perpetrate malicious activity as these situations often create confusion and urgency, making individuals and organizations more vulnerable to deception. They capitalize on the heightened interest and attention surrounding such events to increase the likelihood of their phishing attempts and other attacks being successful. By aligning their malicious campaigns with well-known incidents or updates, threat actors can more easily disguise their intentions and lure victims into unwittingly compromising their security. This phishing campaign targeting German-speaking customers is the lastest example of cyberattacks exploiting the chaos from CrowdStrike's Falcon update. Earlier reports of malicious activity during the outages include [data wipers spread by the pro-Iranian hacktivist group Handala](https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/), [HijackLoader dropping Remcos Remote Access Trojan](https://x.com/anyrun_app/status/1814567576858427410) disguised as a CrowdStrike hotfix, and information stealer [Daolpu](https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/) being spread through phishing emails masquerading as a Recovery Tool. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly r | |||
 |
2024-07-29 17:53:16 | Influence actors expected to adjust tactics amid chaotic election cycle, intel official says (lien direct) | Pas de details / No more details | |||
 |
2024-07-29 17:51:50 | XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw (lien direct) | Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of… | |||
 |
2024-07-29 17:42:58 | Le chiffre cybersécurité du jour : 1228 vulnérabilités Microsoft (lien direct) | Chaque été, BeyondTrust, l'expert en cybersécurité, revient sur des chiffres qui ont marqué le secteur au cours des derniers mois. Cette année, l'éditeur vous partage des chiffres issus de sa dernière étude (rapport 2024) sur les vulnérabilités Microsoft. Chaque semaine, un chiffre... - Points de Vue | |||
 |
2024-07-29 17:40:47 | DHS adopts AI pilot programs, widens efforts to leverage AI to secure nation\'s critical infrastructure (lien direct) | Apart from the White House announcement on artificial intelligence (AI), the U.S. Department of Homeland Security (DHS) revealed... | |||
|
2024-07-29 17:34:34 | US DOE\'s OT Defender Fellowship invites applications from cyber defenders for 2025 cohort (lien direct) | The U.S. Department of Energy (DOE) announced that applications are now open for its Operational Technology (OT) Defender... | |||
|
2024-07-29 17:23:22 | To Combat Severe Information Security Threats, Apacer Injects New Strength into Enterprise System Recovery and Data Security (lien direct) | To Combat Severe Information Security Threats, Apacer Injects New Strength into Enterprise System Recovery and Data Security - Product Reviews | |||
|
2024-07-29 17:15:38 | State Department: UN cybercrime treaty must include human rights protections (lien direct) | Pas de details / No more details | |||
|
2024-07-29 16:39:46 | Biden \\ 's Cybersecurity Legacy: \\' un grand changement \\ 'vers la responsabilité du secteur privé Biden\\'s cybersecurity legacy: \\'a big shift\\' to private sector responsibility (lien direct) |
> Au cours de son mandat, Joe Biden a présidé un programme ambitieux sur la réglementation et plus, à la fois à la louange et à la critique.
>Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism. |
|||
|
2024-07-29 16:26:20 | Pro-Ukrainian hackers claim attack on Russian cyber company (lien direct) | Pas de details / No more details | |||
|
2024-07-29 16:10:00 | How Searchable Encryption Changes the Data Security Game (lien direct) | Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere.
Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and |
|||
 |
2024-07-29 15:30:00 | Mandrake Spyware Infects 32,000 Devices Via Google Play Apps (lien direct) | Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics
Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics |
|||
|
2024-07-29 15:21:53 | VPN Usage Increased 5016% in Bangladesh Amidst Online Censorship (lien direct) | La demande de VPN monte en marche au Bangladesh en raison des restrictions sur Internet.Découvrez l'impact mondial des VPN sur Internet & # 8230;
VPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet… |
|||
 |
2024-07-29 15:00:00 | Évitez ces cinq pièges du déploiement EDR Avoid These Five Pitfalls of EDR Deployment (lien direct) |
Le déploiement d'une solution EDR est crucial pour protéger votre organisation.Ici, comment profiter au maximum de votre solution choisie, ainsi que des pièges courants à éviter.
Deploying an EDR solution is crucial for protecting your organization. Here\'s how to make the most of your chosen solution, along with common pitfalls to avoid. |
|||
 |
2024-07-29 14:58:44 | 29 juillet & # 8211;Rapport de renseignement sur les menaces 29th July – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violation de la Cour supérieure de Los Angeles ont été contraints de fermer son réseau à la suite d'une attaque de ransomware.La Cour, la plus grande des États-Unis, a clôturé tous ses 36 palais de justice [& # 8230;]
>For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse […] |
Ransomware Threat | ||
|
2024-07-29 14:48:47 | Le NoCode, le LowCode, et la Cybersécurité : Sensibilisation (lien direct) | Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag.
-
Interviews
Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag. - Interviews |
|||
 |
2024-07-29 14:45:12 | Les câbles Internet français sont réduits en sabotage qui ont provoqué des pannes à travers le pays French internet cables cut in act of sabotage that caused outages across country (lien direct) |
AXET ATTACE DES AXE SEUX quelques jours après que les incendiaires de réseau ferroviaire cible les câbles Internet à fibre optique à travers la France ont été coupés dans un acte apparent de sabotage, entraînant des pannes à travers le pays.…
Axe attack comes just days after arsonists target rail network Fiber optic internet cables across France have been cut in an apparent act of sabotage, resulting in outages across the country.… |
|||
|
2024-07-29 14:41:49 | OAuth + XSS Attack menace des millions d'utilisateurs Web avec une prise de contrôle de compte OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover (lien direct) |
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites. |
|||
 |
2024-07-29 14:16:16 | Agir: comment lutter contre les répercussions financières d'un cyber-incident Taking action: how to combat the financial repercussions of a cyber incident (lien direct) |
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […]
The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru.
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […] The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru. |
Threat | ||
|
2024-07-29 14:00:00 | Walmart découvre la nouvelle porte dérobée PowerShell liée au malware Zloader Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware (lien direct) |
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant |
Malware | ||
|
2024-07-29 14:00:00 | 7 Sessions Not to Miss at Black Hat USA 2024 (lien direct) | This year\'s conference will be a treasure trove of insights for cybersecurity professionals.
This year\'s conference will be a treasure trove of insights for cybersecurity professionals. |
Conference | ||
 |
2024-07-29 14:00:00 | Unc4393 entre doucement dans la nuit silencieuse UNC4393 Goes Gently into the SILENTNIGHT (lien direct) |
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong
Overview In mid-2022, Mandiant\'s Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant\'s initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster\'s victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393\'s operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster\'s transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques. 
Figure 1: UNC4393 intrusion lifecycle
Attribution and Targeting
UNC4393 is a financially motivated threat cluster, and the primary user of BASTA ransomware, tracked since mid-2022 but likely active since early 2022 based on activity on the BASTA DLS. The group has overwhelmingly leveraged initial access gained via UNC2633 and UNC2500 QAKBOT botnet infections to deploy BASTA ransomware. QAKBOT is typically distributed via phishing emails containing malicious links or attachments. In some cases, HTML smuggling has also been used to distribute ZIP files containing IMG files that house LNK files and QAKBOT payloads.
Mandiant suspects BASTA operators maintain a private or small, closed-invitation affiliate model whereby only trusted third-party actors are provided with use of the BASTA encryptor. Unlike traditional ransomware-as-a-service (RaaS), BASTA is not publicly marketed and its operators do not appear to actively recruit affiliates to deploy the ransomware. Instead, they focus on acquiring initial access via partnerships or purchases in underground communities. This deviates from traditional RaaS models, which focus on the ransomware development and related services such as the data leak site (DLS) that are provided to affiliates in exchange for directly distributing the ransomware. While UNC4393 is the only currently active threat cluster deploying BASTA that Mandiant tracks, we cannot rule out the possibility that other, vetted threat actors may also be given access to the encrypter.
The hundreds of BASTA ransomware victims claimed on the DLS appear credible due to UNC4393\'s rapid operational tempo. With a median time to ransom of approximately 42 hours, UNC4393 has demonstrated p |
Ransomware Malware Tool Threat Prediction Medical Cloud | ||
|
2024-07-29 13:45:41 | Intruders at HealthEquity rifled through storage, stole 4.3M people\\'s data (lien direct) | No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.…
No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… |
Ransomware Malware Medical | ||
|
2024-07-29 13:01:07 | Google s'excuse d'avoir brisé le gestionnaire de mots de passe pour des millions d'utilisateurs de Windows avec une mise à jour de Chrome iffy Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update (lien direct) |
Happy Sysadmin Day Google Celebrated Sysadmin Day la semaine dernière en s'excusant d'avoir cassé son gestionnaire de mots de passe pour des millions d'utilisateurs de Windows & # 8211;Tout comme de nombreux administrateurs de Windows étaient encore difficiles à travailler pour atténuer l'impact de la mise à jour de la crowdsstrike défectueuse.…
Happy Sysadmin Day Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.… |
|||
|
2024-07-29 13:00:00 | Hotjar, Business Insider Vulnérabilités exposer les risques de données OAuth Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks (lien direct) |
Salt Labs a également déclaré que les XS combinés avec OAuth peuvent entraîner de graves violations
Salt Labs also said XSS combined with OAuth can lead to severe breaches |
Vulnerability | ||
 |
2024-07-29 12:59:05 | Sécuriser le déménagement de l'Inde au nuage Securing India\\'s Move To The Cloud (lien direct) |
> Cette semaine à Cybersecurity des éditeurs du magazine Cybercrime & # 8211; lisez l'histoire complète dans Youstory Sausalito, Californie & # 8211;29 juillet 2024 Alors que les entreprises migrent vers le cloud, elles doivent naviguer dans un paysage en évolution des cyber-menaces.Selon un rapport 2023 de Cybersecurity Ventures, & # 160; Global
>This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in YourStory Sausalito, Calif. – Jul. 29, 2024 As businesses migrate to the cloud, they must navigate an evolving landscape of cyber threats. According to a 2023 report by Cybersecurity Ventures, global |
Cloud | ||
 |
2024-07-29 12:58:06 | Are Mobile Devices Less Secure than PCs? (lien direct) | >
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
>
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
|
Mobile | ||
|
2024-07-29 12:56:02 | Infrastructure de télécommunications française endommagée dans une autre attaque de sabotage French telecom infrastructure damaged in another sabotage attack (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 12:35:00 | \\ 'Stargazer Goblin \\' crée 3 000 faux comptes GitHub pour la diffusion de logiciels malveillants \\'Stargazer Goblin\\' Creates 3,000 Fake GitHub Accounts for Malware Spread (lien direct) |
Un acteur de menace connu sous le nom de Stargazer Goblin a mis en place un réseau de comptes GitHub inauthentiques pour alimenter une distribution en tant que service (DAAS) qui propage une variété de logiciels malveillants qui volent l'information et leur rapportent 100 000 $ en bénéfices illicites au cours de la dernière année.
Le réseau, qui comprend plus de 3 000 comptes sur la plate-forme d'hébergement de code basé sur le cloud, couvre des milliers de référentiels utilisés
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to |
Malware Threat | ||
 |
2024-07-29 12:31:37 | Après la SNCF, des sabotages visent des réseaux de fibres optiques (lien direct) | Après avoir perturbé des lignes TGV, des saboteurs visent les réseaux de fibres optiques. Une attaque massive qui a débuté début juillet.... | |||
|
2024-07-29 12:20:53 | Pour contrer les menaces graves à la sécurité de l\'information, Apacer fournit des solutions pour la récupération des systèmes d\'entreprise et la sécurité des données (lien direct) | Avec le développement rapide des applications de l'IA dans divers domaines, les entreprises s'appuient de plus en plus sur les données. Les questions de sécurité de l'information, telles que les mesures pour s'assurer que les données ne sont pas perdues ou utilisées de manière inappropriée, sont devenues cruciales. Apacer comprend parfaitement à quel point les données des entreprises peuvent être irremplaçables. Grâce à l'amélioration continue de sa technologie exclusive de sauvegarde et de restauration au fil des ans, Apacer (8271) s'efforce de répondre aux nombreux besoins générés par diverses applications industrielles. - Produits | Threat | ||
|
2024-07-29 12:02:42 | L'administration américaine fait progresser les initiatives d'IA, reçoit un engagement volontaire supplémentaire US administration advances AI initiatives, receives further voluntary commitment (lien direct) |
> Neuf mois après la publication d'un décret pour hiérarchiser le rôle de l'Amérique dans la progression de l'intelligence artificielle (IA) tout en atténuant ...
>Nine months after issuing an Executive Order to prioritize America’s role in advancing artificial intelligence (AI) while mitigating... |
|||
 |
2024-07-29 12:00:00 | Des millions de sites Web attaquent XSS sensible via une implémentation OAuth Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw (lien direct) |
> Les chercheurs ont découvert et publié les détails d'une attaque XSS qui pourrait potentiellement avoir un impact sur des millions de sites Web à travers le monde.
>Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. |
|||
 |
2024-07-29 11:54:48 | HealthEquity says data breach impacts 4.3 million people (lien direct) | HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...]
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...] |
Data Breach | ||
|
2024-07-29 11:39:28 | Vulnérabilité du produit Acronis exploitée dans la nature Acronis Product Vulnerability Exploited in the Wild (lien direct) |
> Acronis met en garde contre une vulnérabilité de la cyber-infrastructure (ACI) à la sévérité critique en cours.
>Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks. |
Vulnerability | ||
|
2024-07-29 11:32:08 | L'enquête révèle que le gouvernement britannique a induit en erreur les députés sur le scandale informatique du bureau de poste Inquiry reveals UK government misled MPs over Post Office IT scandal (lien direct) |
L'ancien ministre des entreprises Vince Cable témoigne, soulignant les défaillances de désinformation et de surveillance Les fonctionnaires du ministère du gouvernement responsables de la poste ont envoyé des informations trompeuses aux députés sur les affaires judiciaires relatives au système informatique de l'horizon, une enquêtedans l'une des plus grandes erreurs de justice du Royaume-Uni a entendu.…
Former business minister Vince Cable testifies, highlighting misinformation and oversight failures Officials at the government department responsible for the Post Office sent out misleading information to MPs about court cases relating to the Horizon IT system, an inquiry into one of the UK\'s greatest miscarriage of justice has heard.… |
|||
 |
2024-07-29 11:30:00 | Comment les infostateurs ont pilé les mots de passe du monde \\ How Infostealers Pillaged the World\\'s Passwords (lien direct) |
Infostealer malware is swiping millions of passwords, cookies, and search histories. It\'s a gold mine for hackers-and a disaster for anyone who becomes a target.
Infostealer malware is swiping millions of passwords, cookies, and search histories. It\'s a gold mine for hackers-and a disaster for anyone who becomes a target. |
Malware | ||
 |
2024-07-29 11:20:29 | Ce que chaque entreprise doit savoir sur les ransomwares What Every Business Needs to Know About Ransomware (lien direct) |
Les entreprises d'aujourd'hui comptent fortement sur la technologie pour rationaliser les opérations, améliorer la productivité et se connecter avec les clients.Cependant, cette dépendance a également ouvert la porte à une menace croissante: les attaques du ransomware.D'ici 2031, le coût des attaques de ransomwares devrait atteindre 265 milliards de dollars (USD) par an.La croissance rapide des attaques de ransomwares a fait de cette cyber-menace [...]
Today\'s businesses rely heavily on technology to streamline operations, enhance productivity, and connect with customers. However, this dependency has also opened the door to a growing threat: ransomware attacks. By 2031, the cost of ransomware attacks is estimated to reach $265 billion (USD) annually. The rapid growth of ransomware attacks has made this cyber threat [...] |
Ransomware Threat | ||
|
2024-07-29 11:03:49 | ZATAZ découvre l\'équivalent de 798 DVD de données piratées (lien direct) | Un espace de stockage pirate de plus de 3 To découvert par ZATAZ contenait l'équivalent de 798 DVD de données piratées.... | |||
 |
2024-07-29 11:02:51 | Nouvelles recherches sur la détection des vidéos générées par l'IA New Research in Detecting AI-Generated Videos (lien direct) |
le Dernier dans ce qui sera une course d'armement continue entre la création et la détection des vidéos:
Le nouvel outil que le projet de recherche se déchaîne sur Deepfakes, appelé & # 8220; Mislnet & # 8221;, a évolué à partir d'années de données dérivées de la détection de fausses images et de la vidéo avec des outils qui ont des modifications apportées à la vidéo ou aux images numériques ou des images numériques.Ceux-ci peuvent inclure l'addition ou le mouvement des pixels entre les cadres, la manipulation de la vitesse du clip ou l'élimination des cadres.
De tels outils fonctionnent parce qu'un traitement algorithmique de l'appareil photo numérique crée des relations entre les valeurs de couleur pixel.Ces relations entre les valeurs sont très différentes dans les images générées par l'utilisateur ou éditées avec des applications comme Photoshop ...
The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames. Such tools work because a digital camera’s algorithmic processing creates relationships between pixel color values. Those relationships between values are very different in user-generated or images edited with apps like Photoshop... |
Tool | ||
 |
2024-07-29 11:00:00 | Plongeon profonde dans la chronologie du phishing: menaces et tendances Deep Dive into Phishing Chronology: Threats and Trends (lien direct) |
> Cet article se concentrera sur la chronologie du phishing.En analysant les URL de phishing 88014 collectées à partir de sources publiques et de données Zimperium, nous montrerons à quel point les menaces de phishing sont dynamiques et rapides.
>This article will focus on the Phishing Chronology. Analyzing 88014 phishing URLs collected from public sources and Zimperium data, we will show how dynamic and fast evolving are the phishing threats. |
|||
|
2024-07-29 10:58:35 | Weekly OSINT Highlights, 29 July 2024 (lien direct) | ## Snapshot Key trends from last week\'s OSINT reporting include novel malware, such as Flame Stealer and FrostyGoop, the compromise of legitimate platforms like Discord and GitHub, and state-sponsored threat actors conducting espionage and destructive attacks. Notable threat actors, including Russian groups, Transparent Tribe, FIN7, and DPRK\'s Andariel, are targeting a wide range of sectors from defense and industrial control systems to financial institutions and research entities. These attacks exploit various vulnerabilities and employ advanced evasion techniques, leveraging both traditional methods and emerging technologies like AI-generated scripts and RDGAs, underscoring the evolving and persistent nature of the cyber threat landscape. ## Description 1. [Widespread Adoption of Flame Stealer](https://sip.security.microsoft.com/intel-explorer/articles/f610f18e): Cyfirma reports Flame Stealer\'s use in stealing Discord tokens and browser credentials. Distributed via Discord and Telegram, this malware targets various platforms, utilizing evasion techniques like DLL side-loading and data exfiltration through Discord webhooks. 2. [ExelaStealer Delivered via PowerShell](https://sip.security.microsoft.com/intel-explorer/articles/5b4a34b0): The SANS Technology Institute Internet Storm Center reported a threat involving ExelaStealer, downloaded from a Russian IP address using a PowerShell script. The script downloads two PE files: a self-extracting RAR archive communicating with "solararbx\[.\]online" and "service.exe," the ExelaStealer malware. The ExelaStealer, developed in Python, uses Discord for C2, conducting reconnaissance activities and gathering system and user details. Comments in Russian in the script and the origin of the IP address suggest a Russian origin. 3. [FrostyGoop Disrupts Heating in Ukraine](https://sip.security.microsoft.com/intel-explorer/articles/cf8f8199): Dragos identified FrostyGoop malware in a cyberattack disrupting heating in Lviv, Ukraine. Linked to Russian groups, the ICS-specific malware exploits vulnerabilities in industrial control systems and communicates using the Modbus TCP protocol. 4. [Rhysida Ransomware Attack on Private School](https://sip.security.microsoft.com/intel-explorer/articles/4cf89ad3): ThreatDown by Malwarebytes identified a Rhysida ransomware attack using a new variant of the Oyster backdoor. The attackers used SEO-poisoned search results to distribute malicious installers masquerading as legitimate software, deploying the Oyster backdoor. 5. [LLMs Used to Generate Malicious Code](https://sip.security.microsoft.com/intel-explorer/articles/96b66de0): Symantec highlights cyberattacks using Large Language Models (LLMs) to generate malware code. Phishing campaigns utilize LLM-generated PowerShell scripts to download payloads like Rhadamanthys and LokiBot, stressing the need for advanced detection against AI-facilitated attacks. 6. [Stargazers Ghost Network Distributes Malware](https://sip.security.microsoft.com/intel-explorer/articles/62a3aa28): Check Point Research uncovers a network of GitHub accounts distributing malware via phishing repositories. The Stargazer Goblin group\'s DaaS operation leverages over 3,000 accounts to spread malware such as Atlantida Stealer and RedLine, targeting both general users and other threat actors. 7. [Crimson RAT Targets Indian Election Results](https://sip.security.microsoft.com/intel-explorer/articles/dfae4887): K7 Labs identified Crimson RAT malware delivered through documents disguised as "Indian Election Results." Transparent Tribe APT, believed to be from Pakistan, targets Indian diplomatic and defense entities using macro-embedded documents to steal credentials. 8. [AsyncRAT Distributed via Weaponized eBooks](https://sip.security.microsoft.com/intel-explorer/articles/e84ee11d): ASEC discovered AsyncRAT malware distributed through weaponized eBooks. Hidden PowerShell scripts within these eBooks trigger the AsyncRAT payload, which uses obfuscation and anti-detection techniques to exfiltrate data. | Ransomware Data Breach Spam Malware Tool Vulnerability Threat Legislation Mobile Industrial Medical | APT 28 APT 36 | |
|
2024-07-29 10:49:56 | L'Ukraine affirme que la cyberattaque a perturbé les distributeurs automatiques de billets russes et le système bancaire Ukraine Claims Cyber Attack Disrupted Russian ATMs and Banking System (lien direct) |
L'Ukraine lance une cyberattaque massive contre la Russie, perturbant les services ATM, les banques en ligne et les institutions financières.Selon les affirmations, A & # 8230;
Ukraine launches a massive cyber attack on Russia, disrupting ATM services, online banking, and financial institutions. Reportedly, a… |
|||
|
2024-07-29 10:48:46 | Opération contre le Malware PlugX : la France clic sur le bouton OFF (lien direct) | Les autorités judiciaires françaises, en collaboration avec Europol, ont lancé une "opération de désinfection" visant à éliminer le malware connu sous le nom de PlugX.... | Malware | ||
|
2024-07-29 10:40:51 | 4,3 millions affectés par la violation des données de santé 4.3 Million Impacted by HealthEquity Data Breach (lien direct) |
> HealthEquity indique que les informations personnelles et de santé de 4,3 millions de personnes ont été compromises dans une violation de données.
>HealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach. |
Data Breach | ||
|
2024-07-29 10:32:01 | Tentative d\'assassinat de Trump : le FBI hack le téléphone du tireur en 40 minutes (lien direct) | Après la fusillade tragique lors d'un rassemblement de l'ancien président Donald Trump à Bethel Park, en Pennsylvanie, le FBI a réussi à déverrouiller le téléphone de Thomas Matthew Crooks, le tireur identifié.... | Hack |
To see everything:
