What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-07 16:21:00 | Construire une renseignement de menaces robuste avec Wazuh Building a Robust Threat Intelligence with Wazuh (lien direct) |
Le renseignement des menaces fait référence à la collecte, au traitement et à l'analyse des cybermenaces, ainsi que des mesures défensives proactives visant à renforcer la sécurité.Il permet aux organisations d'acquérir un aperçu complet des menaces historiques, présentes et anticipées, fournissant un contexte sur le paysage des menaces en constante évolution.
Importance de l'intelligence des menaces dans l'écosystème de cybersécurité
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem |
Threat | ★★ | |
|
2023-12-07 15:54:00 | Les gouvernements peuvent vous espionner en demandant des notifications push à Apple et Google Governments May Spy on You by Requesting Push Notifications from Apple and Google (lien direct) |
Les gouvernements non spécifiés ont exigé les enregistrements de notification de push mobile des utilisateurs d'Apple et de Google pour poursuivre des personnes d'intérêt, selon le sénateur américain Ron Wyden.
"Les notifications push sont des alertes envoyées par les applications téléphoniques aux smartphones des utilisateurs", a déclaré Wyden & NBSP;
"Ces alertes passent par un bureau de poste numérique géré par le fournisseur de systèmes d'exploitation téléphonique - à une Apple ou à Google.
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users\' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of |
Threat Mobile | ★★★★ | |
 |
2023-12-07 15:30:00 | Le gouvernement britannique met en garde contre les cyber campagnes russes contre la démocratie UK Government Warns of Russian Cyber Campaigns Against Democracy (lien direct) |
Le NCSC a identifié le groupe de menaces responsable comme Star Blizzard, lié au Centre FSB de Russie 18
The NCSC identified the threat group responsible as Star Blizzard, linked to Russia\'s FSB Center 18 |
Threat | ★★ | |
 |
2023-12-07 15:00:00 | Dragos étend le programme de défense pour les petits services publics Dragos Expands Defense Program for Small Utilities (lien direct) |
Le programme de défense communautaire de Dragos offre aux petits services publics d'eau, de gaz et d'électricité avec accès à la plate-forme Dragos, aux ressources de formation et aux renseignements sur les menaces.
The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence. |
Threat | ★★★ | |
 |
2023-12-07 14:29:12 | Gen révèle ses prédictions en cybersécurité pour 2024 (lien direct) | Gen révèle ses prédictions en cybersécurité pour 2024 Avec une IA de plus en plus sophistiquée, les menaces deviendront plus personnalisées aussi bien pour les personnes que les petites entreprises. - Points de Vue | Threat Prediction | ★★★ | |
 |
2023-12-07 13:23:31 | État des vulnérabilités log4j: combien Log4Shell a-t-il changé? State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (lien direct) |
Le 9 décembre, deux ans depuis que le monde a été très alerte en raison de ce qui a été considéré comme l'une des vulnérabilités les plus critiques de tous les temps: log4shell.La vulnérabilité qui a porté la cote de gravité la plus élevée possible (10,0) était dans Apache Log4J, un cadre de journalisation Java omniprésent que Veracode a estimé à l'époque a été utilisé dans 88% des organisations.
Si exploité, la vulnérabilité du jour zéro (CVE-2021-44228) dans les versions log4j log4j2 2.0-beta9 à 2.15.0 (excluant les versions de sécurité 2.12.2, 2.12.3 et 2.3.1) permettrait aux attaquants une télécommande une télécommande 2.12.2, 2.12.3 et 2.3.1) permettrait aux attaquants une télécommande une distance à distanceExécution de code (RCE) Attaquez et compromettez le serveur affecté.
Il a déclenché un effort massif pour corriger les systèmes affectés, estimés à des centaines de millions.L'apocalypse que beaucoup craignait ne se produisait pas, mais compte tenu de son omniprésence, le comité d'examen du cyber-sécurité du département américain de la sécurité intérieure \\ a déterminé que la correction de Log4Shell prendrait une décennie.
L'anniversaire de deux ans de Log4Shell est un bon…
December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations. If exploited, the zero-day vulnerability (CVE-2021-44228) in Log4j versions Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) would allow attackers to perform a remote code execution (RCE) attack and compromise the affected server. It triggered a massive effort to patch affected systems, estimated to be in the hundreds of millions. The apocalypse that many feared didn\'t happen, but given its pervasiveness, the U.S. Department of Homeland Security\'s Cyber Safety Review Board determined that fully remediating Log4Shell would take a decade. The two-year anniversary of Log4Shell is a good… |
Vulnerability Threat | ★★ | |
|
2023-12-07 11:45:00 | Nouveau furtif \\ 'Krasue \\' Linux Trojan ciblant les entreprises de télécommunications en Thaïlande New Stealthy \\'Krasue\\' Linux Trojan Targeting Telecom Firms in Thailand (lien direct) |
Un cheval de Troie à distance à distance auparavant inconnu appelé Krasue a été observé ciblant les sociétés de télécommunications en Thaïlande par des acteurs de menace de l'accès secret principal aux réseaux de victimes au bail depuis 2021.
Nommé d'après A & NBSP; Esprit féminin nocturne & NBSP; du folklore d'Asie du Sud-Est, le malware est "capable de cacher sa propre présence pendant la phase d'initialisation", groupe-ib & nbsp; dit & nbsp; dans un rapport
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report |
Malware Threat | ★★ | |
 |
2023-12-07 11:00:21 | Securonix Threat Labs Monthly Intelligence Insights & # 8211;Novembre 2023 Securonix Threat Labs Monthly Intelligence Insights – November 2023 (lien direct) |
Les informations de renseignement mensuelles fournissent un résumé des principales menaces organisées, surveillées et analysées par Securonix Threat Labs en novembre.
The Monthly Intelligence Insights provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in November. |
Threat | ★★ | |
 |
2023-12-07 11:00:00 | Casinos de Las Vegas ciblés par des attaques de ransomwares Las Vegas casinos targeted by ransomware attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Introduction: Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the Worldwide Web, cybercriminals have a variety of different methodologies and toolkits that they use on a daily basis to leverage vulnerabilities and commit crime. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks. Las Vegas hacks: In mid-September 2023, two of the biggest Las Vegas casino and hotel chains found themselves to be victims of ransomware attacks. The two organizations that were targeted were Caesars Entertainment and MGM Resorts International. MGM Resorts International: The attack against MGM was first reported on September 11, 2023, when MGM personnel put out a public statement stating that a “cyber security incident” had affected some of its systems. On the days following this statement many guests reported numerous problems with the casino and the hotel operations of the company. On the casino side, many guests reported problems with slot machines and payout receipts. The slot machines in some of the MGM casinos were completely inoperable and, in the casinos, where they were operational, the machines were not able to print out the cash-out vouchers. On the hotel side, many of the organization\'s websites were inaccessible for a while after the attack. Guests across multiple MGM hotels reported issues with their mobile room keys not functioning, and new arrivals reported wait times of up to six hours to check in. A hacking group known as Scattered Spider has taken credit for the ransomware attack against MGM Resorts International. Scattered Spider first appeared in the cyber threat landscape in May 2022 and is thought to be individuals ages 19-22 and based out of the UK and USA. The attackers carried this attack out in three phases. The first phase was reconnaissance, in which they stalked the company’s LinkedIn Page and the employees that work there. The second phase of the attack was a vishing attack against MGM’s IT help desk. A vishing attack is when someone uses phone calls or voice communication to trick the victim into sharing personal information, credit card numbers, or credentials. Using the information they gathered on LinkedIn; the attackers were able to impersonate an MGM employee and tricked the help desk into giving them credentials into MGM systems. The attack\'s third phase was launching ransomware developed by another hacker group, ALPHAV. Scattered Spider rendered multiple systems throughout the organization useless unless the ransom is paid. Currently it is not known if MGM paid the ransom, but all casinos are once again fully operational. Caesars Entertainment: Days after MGM reported it had been hacked, Caesars Entertainment group disclosed to the SEC that they were also victims of a cyberattack around the same time as MGM. In a statement to the SEC, Caesar’s reported that confidential information about members of its customer loyalty program was stolen. Caesar’s representatives stated that the hackers were able to break into computer systems through a social engineering attack on an IT support contractor. Not much information is available about the execution of this attack. The use of a social engineering attack has led many people to believe that Scattered Spider was also behind this attack. The hackers demanded that Caesar’s pay a ransom of $30 million. It is reported that the organization paid $15million to the hackers and the company has “taken steps to ensure the stolen information is deleted by the hacker but canno | Ransomware Vulnerability Threat Mobile Technical | ★★★ | |
|
2023-12-07 08:52:37 | France Verif déploie une bulle de sécurité (lien direct) | France Verif déploie une bulle de sécurité unique au monde avec un taux d'efficacité à 99,86% 53% de ces attaques sont indirectes... Votre pharmacien, vos commerçants et vos réseaux sociaux se font régulièrement hacker. Les cybercriminels mettent la main sur vos emails, mot de passe, numéros de cartes bleues ou encore RIBs, et attendent le moment opportun pour vous causer le maximum de dommages. Sécuriser ses appareils avec un simple antivirus ne suffit plus. Seule une bulle de protection globale assure une protection vraiment fiable. Parce qu'il faut identifier toutes les menaces (piratages indirects, vol de données, malwares, virus, vols de données, arnaques, faux SMS...) d'où qu'elles viennent afin de les bloquer. France Verif lance la 1ère protection globale grâce à son IA fruit de 5 ans de R&D, au soutien de la Banque Publique d'Investissement et la collaboration entre plus de 43 chercheurs issus de Polytechnique, Corps des Mines et Pierre-Et-Marie-Curie. - Produits | Threat | ★★ | |
 |
2023-12-07 03:15:27 | Comment éviter et prévenir le vol d'identité How to Avoid and Prevent Identity Theft (lien direct) |
Le vol d'identité est comme un voleur dans la nuit;Cela peut arriver à n'importe qui, n'importe où, à tout moment.C'est une véritable menace pour tout le monde.Nous vivons à une époque où tant d'informations personnelles sont stockées en ligne, ce qui permet aux cybercriminels de le voler et de l'utiliser pour leur gain.Un rapport de la Federal Trade Commission montre que plus d'un million de personnes ont été victimes de vol d'identité en 2022. Les types de vol d'identité les plus courants sont la fraude par carte de crédit, la fraude bancaire et la fraude de prêt ou de location.Mais, la bonne nouvelle est que vous pouvez éviter le vol d'identité.Laissez \\ découvrir les meilleures pratiques à suivre pour éloigner les voleurs d'identité ...
Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows cybercriminals to steal it and use it for their gain. A Federal Trade Commission report shows that over 1 million people fell victim to identity theft in 2022. The most common types of identity theft are credit card fraud, bank fraud, and loan or lease fraud. But, the good news is that you can avoid identity theft. Let\'s discover the best practices to follow to keep identity thieves away... |
Threat | ★★★ | |
 |
2023-12-07 00:00:00 | Épisode 11: Êtes-vous expérimenté par utilisateur?Appliquer les principes d'Ux & Ur au parcours de cybersécurité EPISODE 11: Are You User Experienced? Applying The Principles of UX & UR To The Cybersecurity Journey (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants. In this episode, we explore the fascinating topic of UX and cybersecurity.We\'re going to learn from the UX function to see how we can create a better user experience for people on their security journey, learn how to get buy-in from the business about implementing controls such as MFA, and how to \'sell\' our security value offering as a positive user experience. And of course, crucially, how to take those first few steps to engage with the UX team! Key Takeaways for this episode are:UX and Cybersecurity share the same challenge of educating and getting buy-in from the organization to elevate their importance on the business agenda.Understanding the user journey is crucial for both UX and Cybersecurity teams to build a better usable security journey.Empathy mapping helps build a picture of a person and understand their needs and expectations.Leveraging user expectations and their ease of use thresholds can help create appropriate security controls.Collaboration between UX/UR and Cybersecurity teams can lead to innovation in the security space and improve the user experience.This is the first of our two part conversation with Helena, next week we will be talking about her other specialism in AI, which kicks off our Christmas miniseries on AI Links to everything Helena discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, like Helena, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Show NotesWhat is a Persona Non Grata? Developed at DePaul University, the Persona non-grata approach makes threat modelling more tractable by asking users to focus on attackers, their motivations, and their abilities. Once this step is completed, users are asked to brainstorm about targets and likely attack mechanisms that the attackers would deploy. Read more: Cyber Threat Modelling: An Evaluation of Three Methods by FORREST SHULL AND NANCY R. MEAD | Threat Studies | ★★ | |
|
2023-12-06 22:26:00 | CISA: L'acteur de menace a violé les systèmes fédéraux via Adobe Coldfusion Flaw CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw (lien direct) |
Adobe a corrigé CVE-2023-26360 en mars au milieu d'une activité d'exploit active ciblant la faille.
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw. |
Threat | ★★ | |
|
2023-12-06 19:08:00 | Alerte: les acteurs de la menace peuvent tirer parti des AWS ST pour infiltrer les comptes de cloud Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (lien direct) |
Les acteurs de la menace peuvent profiter du service de token de sécurité des services Web d'Amazon (AWS STS) afin d'infiltrer les comptes cloud et d'effectuer des attaques de suivi.
Le service permet aux acteurs de la menace d'identifier les identités et les rôles des utilisateurs dans les environnements cloud, les chercheurs de canaries rouges Thomas Gardner et Cody Betsworth & NBSP; Said & NBSP; dans une analyse mardi.
AWS STS est a & nbsp; Web Service & nbsp; qui permet
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables |
Threat Cloud | ★★★ | |
|
2023-12-06 17:14:00 | Nouveau rapport: dévoiler la menace des extensions de navigateur malveillant New Report: Unveiling the Threat of Malicious Browser Extensions (lien direct) |
Compromettre le navigateur est une cible à rendement élevé pour les adversaires.Les extensions du navigateur, qui sont de petits modules logiciels qui sont ajoutés au navigateur et peuvent améliorer les expériences de navigation, sont devenus un vecteur d'attaque de navigateur populaire.En effet, ils sont largement adoptés parmi les utilisateurs et peuvent facilement devenir malveillants grâce à des actions de développeur ou à des attaques contre des extensions légitimes.
Incidents récents comme
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like |
Threat | ★★★ | |
 |
2023-12-06 16:31:55 | Flaw Coldfusion Adobe Utilisé par les pirates pour accéder aux serveurs Govt Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers (lien direct) |
> Par deeba ahmed
CISA met en garde contre la vulnérabilité critique de l'adobe froide exploitée activement par les acteurs de la menace.
Ceci est un article de HackRead.com Lire le post original: flaw Coldfusion Adobe utilisé par les pirates pour accéder aux serveurs Govt
>By Deeba Ahmed CISA Warns of Critical Adobe ColdFusion Vulnerability Actively Exploited by Threat Actors. This is a post from HackRead.com Read the original post: Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers |
Vulnerability Threat | ★★★ | |
|
2023-12-06 16:30:00 | La menace de Troie-Proxy se développe à travers MacOS, Android et Windows Trojan-Proxy Threat Expands Across macOS, Android and Windows (lien direct) |
Kaspersky a trouvé plusieurs variantes, mais aucune n'est marquée comme malveillante par des fournisseurs anti-malware
Kaspersky found multiple variants, but none are being marked as malicious by anti-malware vendors |
Threat Mobile | ★★ | |
|
2023-12-06 15:40:00 | Les pirates ont exploité la vulnérabilité de Coldfusion à la violation des serveurs d'agence fédéraux Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a mis en garde contre l'exploitation active de A & NBSP; vulnérabilité à haute sévérité d'Adobe Coldfusion et NBSP; par des acteurs de menace non identifiés pour accéder initial aux serveurs gouvernementaux.
"La vulnérabilité dans Coldfusion (CVE-2023-26360) se présente comme un problème de contrôle d'accès inapproprié et l'exploitation de ce CVE peut entraîner une exécution de code arbitraire" "
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution," |
Vulnerability Threat | ★★★ | |
 |
2023-12-06 15:20:30 | Trail of Bits Spinout iVify s'attaque Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat (lien direct) |
> IVERIFY, une startup au stade de graine sorti de la piste de bits, expédie une plate-forme de chasse aux menaces mobiles pour neutraliser iOS et Android Zero-Days.
>iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days. |
Threat Mobile | ★★ | |
 |
2023-12-06 13:48:02 | Nouveau avis de la CISA: les acteurs de la menace ont exploité la vulnérabilité Adobe Coldfusion (CVE-2023-26360) pour cibler les serveurs gouvernementaux New CISA Advisory: Threat Actors Exploited Adobe ColdFusion Vulnerability (CVE-2023-26360) to Target Government Servers (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a émis un avis de cybersécurité (CSA), concernant l'exploitation ...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Cybersecurity Advisory (CSA), regarding exploitation... |
Vulnerability Threat | ★★★ | |
|
2023-12-06 12:16:11 | Phishing dans le commerce électronique: comprendre efficacement les menaces numériques Phishing in E-commerce: Understanding Digital Threats Effectively (lien direct) |
> Sur le marché numérique en évolution rapide, la menace de phishing dans le commerce électronique est devenue un ...
>In the rapidly evolving digital marketplace, the threat of phishing in e-commerce has become a... |
Threat | ★★★ | |
|
2023-12-06 11:30:00 | Lockbit reste une menace de ransomware mondiale supérieure LockBit Remains Top Global Ransomware Threat (lien direct) |
La tension était responsable de plus d'un quart des attaques mondiales de ransomware entre janvier 2022 et septembre 2023
The strain was responsible for over a quarter of global ransomware attacks between January 2022 and September 2023 |
Ransomware Threat | ★★★ | |
|
2023-12-06 09:50:39 | Les cybercriminels ont libéré 411 000 fichiers malveillants par jour en 2023 (lien direct) | Les systèmes de détection de Kaspersky ont identifié en moyenne 411 000 fichiers malveillants par jour, soit une augmentation de près de 3 % par rapport à 2022. Certains types de menaces ont également connu une véritable montée en puissance : les experts ont observé une hausse considérable - 53 % - des attaques impliquant des fichiers malveillants, notamment des fichiers Microsoft Office. - Malwares | Threat | ★★★ | |
|
2023-12-06 08:57:28 | Veeam® Software lance la nouvelle mise à jour de Veeam Data Platform 23H2 (lien direct) | Veeam annonce l'extension de ses capacités de cyberprotection et intègre l'assistance par l'IA à la nouvelle mise à jour Veeam Data Platform 23H2 disponible immédiatement La mise à jour et l'extension des capacités de cyberprotection, qui intègrent le nouveau Threat Center, la sauvegarde du stockage objet et l'assistance par l'intelligence artificielle à Veeam Backup & Replication v12.1, permettront aux entreprises de préserver leur continuité d'activité face aux cyberattaques telles que les ransomwares. - Produits | Threat | ★★★ | |
|
2023-12-06 08:21:09 | Cyber Threat Alliance ajoute l'OT-ISAC comme un partenaire allié contribuant Cyber Threat Alliance adds OT-ISAC as a contributing ally partner (lien direct) |
> L'organisation à but non lucratif Cyber Threat Alliance (CTA) a annoncé que l'OT-ISAC rejoigne l'alliance en tant qu'allié contribuant ...
>Non-profit organization Cyber Threat Alliance (CTA) announced that the OT-ISAC is joining the alliance as a Contributing Ally... |
Threat Industrial | ★★★ | |
 |
2023-12-06 08:01:35 | Conscience de sécurité et renseignement sur la sécurité: le jumelage parfait Proofpoint Security Awareness and Threat Intelligence: The Perfect Pairing (lien direct) |
Just like peanut butter and chocolate, when you add threat intelligence to a security awareness program, it\'s the perfect pairing. Together, they can help you efficiently train one of your most important yet most attacked lines of defense-your people. A robust security awareness program that is tailored, defined and driven by real-world threat insights and context is one of the strongest defenses you can implement. Every week, the Proofpoint Security Awareness team gets regular updates about new and emerging threats and social engineering trends from the Proofpoint Threat Intelligence Services team. This helps drive the development of our security awareness platform. Likewise, our customers can generate daily, weekly, monthly and ad-hoc threat intelligence reports to boost the efficacy of their security awareness programs. In this blog, we will discuss some ways that security awareness teams (SATs) can use threat intelligence from Proofpoint to supercharge their awareness programs. Tailor your program to defend against the latest threats Not all people within a company see the same threats. And the response to threats differs greatly across teams-even within the same business. That\'s why security awareness programs shouldn\'t a take one-size-fits-all approach. Here\'s where Proofpoint Threat Intelligence Services can help. Our team regularly briefs customers about which threat actors are targeting their business and industry, who within their company is clicking, which users and departments are attacked most, and what threats they\'re being targeted with. Proofpoint gives SAT teams the data they need so they can tailor the modules, training and phishing simulations to match those that their users face. Threats in the wild are converted to valuable, tailored awareness materials. Use cases Our threat intelligence services team analyzes exactly what threat actors are targeting when they go after a customer-both in terms of volume, but also at a granular department level. We regularly observe that it\'s more common for specific actors to target users within a specific department. Are threat actors targeting a specific department? This is a good example of how SAT teams can use threat intelligence to identify departments that are at risk and help keep them safe. In this case study, Proofpoint Threat Intelligence Services revealed that TA578-an initial access broker-was frequently targeting marketing and corporate communications departments with a standard copyright violation message lure. We highlighted this trend for a particular customer as we reviewed their TAP data. This Proofpoint threat actor victimology report shows that TA578 is targeting a marketing address. Proofpoint Threat Intelligence Services identified what was happening and also provided additional context about the threat actor, including: Tactics, techniques and procedures (TTPs) Malware payloads Attack chains Specific examples of message lures and landing pages Plus, Proofpoint offered recommendations for remediation and proactive, layered protection. Proofpoint Threat Intelligence Services report on TA578. The SAT team used this information in its Proofpoint Security Awareness program to train the marketing department about specific message lures. The team also created a phishing simulation that used a similar-style lure and content to educate those users about this unique threat. Are threat actors targeting specific people? Another use case for Proofpoint Threat Intelligence Services is that it can help SAT teams understand who at their company is clicking-and what types of message themes they are clicking on. Proofpoint Threat Intelligence Services report for a large healthcare customer. Proofpoint Threat Intelligence Services report shows which users are repeat clickers. This data is compiled from real threats that users have clicked on. SAT teams can use it to prioritize these users for additional awareness training. They can also pi | Tool Threat Studies Prediction | ★★★ | |
|
2023-12-06 02:42:43 | 10 conseils essentiels de cybersécurité pour votre organisation en cette saison des fêtes 10 Essential Cybersecurity Tips For Your Organization This Holiday Season (lien direct) |
La saison des fêtes approche à grands pas;un temps de joie et de célébration.Cependant, les acteurs de la menace anticipent cette saison joyeuse autant que par de nombreux fêtards festifs.En fait, les cybercriminels ont tendance à être particulièrement actifs pendant la saison des fêtes, profitant des distractions qui en découlent.La saison des fêtes a tendance à assister à une augmentation des attaques réussies affectant les entreprises et les consommateurs.Selon une étude récente de Ceedence Security, l'année dernière, il y a eu une augmentation de 550% des méthodes uniques employées par les acteurs de la menace vers la fin de 2022. De plus, lorsque ...
The holiday season is just around the corner; a time of joy and celebration. However, threat actors anticipate this joyous season as much as it is by many festive revelers. In fact, cybercriminals tend to be particularly active during the holiday season, taking advantage of the distractions that come with it. The holiday season tends to witness an increase in successful attacks affecting both businesses and consumers. According to a recent study by Cequence Security, last year, there was a 550% increase in unique methods employed by threat actors towards the end of 2022. Additionally, when the... |
Threat Studies | ★★★ | |
 |
2023-12-06 00:00:00 | Le rapport du Threat Lab de WatchGuard révèle une augmentation du nombre d\'acteurs malveillants exploitant les logiciels d\'accès à distance (lien direct) | PARIS – 6 décembre 2023 – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, publie les conclusions de son dernier rapport sur la sécurité Internet, détaillant les principales tendances en matière de malwares et de menaces pour la sécurité des réseaux et des endpoints, analysées par les chercheurs du Threat Lab de WatchGuard. Les principales conclusions tirées des données révèlent une augmentation des cas d'utilisation abusive des logiciels d'accès à distance, la montée en puissance des cyberattaquants qui utilisent des voleurs de mots de passe et de données pour s'emparer d'informations d'identification précieuses, et le recours par les acteurs malveillants non plus à des scripts, mais à des techniques de type " living off the land " pour lancer une attaque sur les endpoints. " Les acteurs malveillants emploient sans cesse de nouveaux outils et méthodes pour mener leurs campagnes d'attaque. Il est donc essentiel que les entreprises se tiennent au courant des dernières tactiques afin de renforcer leur stratégie de sécurité ", souligne Corey Nachreiner, Chief Security Officer chez WatchGuard. " Les plateformes de sécurité modernes, qui intègrent des pare-feux et des logiciels de protection des endpoints, peuvent renforcer la protection des réseaux et des appareils. En revanche, lorsque les attaques font appel à des tactiques d'ingénierie sociale, l'utilisateur final représente la dernière ligne de défense pour empêcher les acteurs malveillants de s'infiltrer dans les entreprises. Il est important que celles-ci dispensent une formation sur l'ingénierie sociale et adoptent une approche de sécurité unifiée mettant en place des couches de défense pouvant être administrées efficacement par des fournisseurs de services managés. " Parmi les principales conclusions, le dernier rapport sur la sécurité Internet basé sur des données du troisième trimestre 2023 révèle les éléments suivants : Les acteurs malveillants utilisent de plus en plus d'outils et de logiciels de gestion à distance pour contourner la détection des malwares, ce que le FBI et la CISA ont tous deux reconnu. En étudiant les principaux domaines du phishing, le Threat Lab a par exemple observé une escroquerie à l'assistance technique qui conduisait la victime à télécharger une version préconfigurée et non autorisée de TeamViewer, ce qui permettait au pirate d'accéder à distance à l'intégralité de son ordinateur. Une variante du ransomware Medusa fait son apparition au troisième trimestre, entraînant une augmentation de 89 % du nombre d'attaques de ransomwares sur les endpoints. De prime abord, les détections de ransomwares sur les endpoints semblent avoir diminué au cours du troisième trimestre. Pourtant, la variante du ransomware Medusa, qui figure pour la première fois dans le Top 10 des menaces liées aux malwares, a été détectée à l'aide d'une signature générique provenant du moteur de signatures automatisé du Threat Lab. Si l'on tient compte des détections de Medusa, les attaques par ransomware ont augmenté de 89 % d'un trimestre par rapport à l'autre. Les acteurs malveillants cessent d'utiliser des attaques basées sur des scripts et recourent de plus en plus à d'autres techniques de type " living off the land ". Le vecteur d'attaque que constituent les scripts malveillants a connu une baisse de 11 % au troisième trimestre, après avoir chut&eacut | Ransomware Malware Tool Threat | ★★ | |
|
2023-12-05 21:19:00 | Paiements Géant Tipalti: pas de violation de ransomware, pas de menace pour Roblox Payments Giant Tipalti: No Ransomware Breach, No Threat to Roblox (lien direct) |
BlackCat / AlphV affirme qu'il a eu accès aux systèmes du fournisseur de la technologie des paiements depuis septembre et menace des attaques de suivi contre son client Roblox.
BlackCat/ALPHV claims it has had access to the payments technology vendor\'s systems since September, and threatens follow-on attacks on its customer Roblox. |
Ransomware Threat | ★★ | |
 |
2023-12-05 21:04:25 | Les acteurs de la menace exploitent Adobe Coldfusion CVE-2023-26360 pour l'accès initial aux serveurs gouvernementaux Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (lien direct) |
#### Description
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) publie un avis de cybersécurité (CSA) en réponse à l'exploitation confirmée de CVE-2023-26360 par des acteurs de menace non identifiés dans une agence fédérale de direction civile (FCEB).Cette vulnérabilité se présente comme un problème de contrôle d'accès incorrect impactant Adobe Coldfusion Versions 2018 Update 15 (et plus tôt) et 2021 Update 5 (et plus tôt).CVE-2023-26360 affecte également les installations Coldfusion 2016 et Coldfusion 11;Cependant, ils ne sont plus soutenus car ils ont atteint la fin de vie.L'exploitation de ce CVE peut entraîner une exécution arbitraire de code.À la suite de l'enquête de la FCEB Agency \\, l'analyse des journaux de réseau a confirmé le compromis d'au moins deux serveurs orientés publics dans l'environnement entre juin et juillet 2023.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
#### Date de publication
4 décembre 2023
#### Auteurs)
Cisa
#### Description The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). CVE-2023-26360 also affects ColdFusion 2016 and ColdFusion 11 installations; however, they are no longer supported since they reached end of life. Exploitation of this CVE can result in arbitrary code execution. Following the FCEB agency\'s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a #### Publication Date December 4, 2023 #### Author(s) CISA |
Vulnerability Threat | ★★★ | |
|
2023-12-05 20:28:00 | AVERTISSEMENT pour les utilisateurs d'iPhone: les experts mettent en garde contre l'attaque de mode de verrouillage sournois Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack (lien direct) |
Une nouvelle "technique de falsification post-exploitation" peut être maltraitée par des acteurs malveillants pour tromper visuellement une cible en croyant que leur iPhone Apple fonctionne en mode verrouillage quand il n'est pas en fait et effectue des attaques secrètes.
Le roman, détaillé par Jamf Threat Labs dans A & NBSP; Report & NBSP; partagé avec les actualités du piratage, "montre que si un pirate a déjà infiltré votre appareil, il peut provoquer
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it\'s actually not and carry out covert attacks. The novel, detailed by Jamf Threat Labs in a report shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause |
Threat Mobile | ★★★ | |
 |
2023-12-05 15:15:00 | La CISA tente directement aux services d'eau sur les dispositifs unitroniques exposés CISA reaching out directly to water utilities about exposed Unitronics devices (lien direct) |
Un haut responsable de la Cybersecurity and Infrastructure Security Agency (CISA) a déclaré que l'agence s'efforçait d'identifier les opérateurs de services publics d'eau en utilisant des appareils de la société israélienne Unitronics et en informer les organisations si elles sont à risque de cyberattaque.La sensibilisation de l'agence \\ survient alors que les responsables de la cybersécurité au sein du gouvernement américain ont soulevé des alarmes après un groupe
A top official at the Cybersecurity and Infrastructure Security Agency (CISA) said the agency is working to identify water utility operators using devices from Israeli company Unitronics and notifying those organizations if they are at risk of cyberattack. The agency\'s outreach comes as cybersecurity officials within the U.S. government have raised alarms after a group |
Threat | ★★★ | |
|
2023-12-05 14:32:05 | Le sondage de la sécurité des gardiens révèle que 82% des leaders informatiques souhaitent déplacer leur solution de gestion de l'accès privilégié sur site (PAM) au cloud Keeper Security Survey Finds 82% of IT Leaders Want To Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud (lien direct) |
Le sondage de sécurité des gardiens révèle que 82% des dirigeants informatiques souhaitent déplacer leur solution de gestion de l'accès privilégié (PAM) sur site à la cloud
Soixante pour cent des organisations ayant des solutions sur site révèlent que Pam étant sur site les empêche d'atteindre leurs objectifs
-
rapports spéciaux
Keeper Security Survey Finds 82% of IT Leaders Want To Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud Sixty percent of organizations with on-premises solutions reveal that PAM being on-prem prevents them from reaching their goals - Special Reports |
Threat Cloud | ★★★★ | |
|
2023-12-05 13:25:00 | Nouvel acteur de menace \\ 'Aeroblade \\' émerge dans l'attaque d'espionnage contre U.S. Aerospace New Threat Actor \\'AeroBlade\\' Emerges in Espionage Attack on U.S. Aerospace (lien direct) |
Un acteur de menace sans papiers auparavant a été lié à une cyberattaque ciblant une organisation aérospatiale aux États-Unis dans le cadre de ce qui est soupçonné d'être une mission de cyber-espionnage.
L'équipe de recherche et de renseignement BlackBerry Threat suit le cluster d'activités comme & nbsp; aeroblade.Son origine est actuellement inconnue et il n'est pas clair si l'attaque a réussi.
"L'acteur a utilisé la lance
A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what\'s suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is currently unknown and it\'s not clear if the attack was successful. "The actor used spear-phishing |
Threat | ★★★ | |
 |
2023-12-05 13:00:37 | (Déjà vu) Crypto Deception dévoilé: Vérifier les rapports de recherche sur les points Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000% (lien direct) |
> par Oded Vanunu, Dikla Barda, Roman Zaikin Démasking Tactics Tactics: une enquête récente de la recherche sur le point de contrôle expose unTendance troublante dans le paysage des crypto-monnaies.Les acteurs trompeurs manipulent la liquidité de la piscine, envoyant des prix en jetons en flèche de 22 000% choquants.80 000 $ qui ont dévoilé: la manipulation de la liquidité de la piscine a entraîné un vol rapide et calculé de 80 000 $ de détenteurs de jetons sans méfiance.Cet incident met en lumière les stratégies évolutives que les escrocs utilisés pour exploiter les plateformes de financement décentralisées.Paysage de la menace continue: Cet incident suit à chaud dans les talons d'une arnaque à un million de dollars précédemment signalée.Vérifier la recherche sur les points récemment plongés dans les subtilités de [& # 8230;]
>By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. Deceptive actors are manipulating pool liquidity, sending token prices soaring by a shocking 22,000%. $80,000 Heist Unveiled: The manipulation of pool liquidity resulted in a swift and calculated theft of $80,000 from unsuspecting token holders. This incident sheds light on the evolving strategies scammers employ to exploit decentralized finance platforms. Continued Threat Landscape: This incident follows hot on the heels of a previously reported million-dollar scam. Check Point Research recently delved into the intricacies of […] |
Threat Prediction | ★ | |
 |
2023-12-05 13:00:02 | Comment les mauvais acteurs exploitent la tragédie mondiale How Bad Actors Exploit World Tragedy (lien direct) |
Le monde n'est pas étranger à la tragédie.Des catastrophes naturelles aux pandémies mondiales et aux conflits géopolitiques, nous avons tous été témoins [& # 8230;]
The world is no stranger to tragedy. From natural disasters to global pandemics and geopolitical conflicts, we have all witnessed […] |
Threat | ★★★ | |
|
2023-12-05 12:29:00 | Microsoft met en garde contre APT28 soutenu par le Kremlin exploitabilité de la vulnérabilité des perspectives critiques Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability (lien direct) |
Microsoft a déclaré lundi avoir détecté des activités d'État-nation soutenues par Kremlin exploitant un défaut de sécurité critique dans son service de messagerie Outlook pour obtenir un accès non autorisé aux comptes des victimes dans les serveurs d'échange.
Le géant de la technologie & nbsp; attribué & nbsp; les intrusions à un acteur de menace qu'il a appelé & nbsp; Forest Blizzard & nbsp; (anciennement Strontium), qui est également largement suivi sous les surnoms APT28,
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims\' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28, |
Vulnerability Threat | APT 28 | ★★★★ |
 |
2023-12-05 12:07:17 | Les pirates nous frappent les agences Govt à l'aide d'Adobe Coldfusion Exploit Hackers breach US govt agencies using Adobe ColdFusion exploit (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) met en garde contre les pirates qui exploitent activement une vulnérabilité critique dans Adobe Coldfusion identifiée comme CVE-2023-26360 pour obtenir l'accès initial aux serveurs gouvernementaux.[...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...] |
Vulnerability Threat | ★★ | |
|
2023-12-05 11:00:00 | Aperçu des systèmes de détection de fraude modernes Insights into modern fraud detection systems (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Information security requirements and standards are in a constant state of evolution. Recent issues, such as COVID-19 and the growing global reliance on mobile devices and remote work solutions, have played important roles in this ongoing transformation. At the same time, the increasing sophistication of cyber attackers has added new layers of complexity to the cybersecurity landscape. In this article, I will explore the importance of implementing fraud detection systems as a crucial measure to mitigate the impact of both traditional and emerging fraudulent schemes. Challenges faced by financial institutions The landscape of user behavior has undergone significant shifts, primarily driven by external factors such as the COVID-19 pandemic. This factor led to an increase in online transactions, coupled with reduced income streams for many individuals, resulting in decreased spending in specific user categories. Additionally, local conflicts, like the war in Ukraine and Israel, influence spending patterns in particular regions. The implementation of restrictive measures and the resulting increase in stress levels have provided cyber crooks with more opportunities to exploit social engineering techniques through acts of intimidation. One prevalent scam involves fraudsters posing as bank security officials to deceive unsuspecting individuals. Another concerning trend is the rise of legitimate channels that drive people to scam schemes via mainstream advertising platforms like Google and Facebook. Furthermore, the economic hardships some people face have led them to seek alternative income sources, driving them to engage in various forms of online criminal activities. Some individuals become involved in schemes where they act as money mules or work in illegal call centers. It is challenging for financial institutions to guarantee absolute safety. Malicious individuals can present counterfeit identification to authorize transactions that were initially denied by the anti-fraud system. While financial institutions strive to know as much as possible about their clients and run transactions carefully, they are constrained by data retention limitations (typically several months) and the need to respond within seconds, as stipulated by Service Level Agreements. So, again, achieving complete certainty about every transaction remains a huge problem. Detecting suspicious activities becomes even more challenging when malicious employees request details about a specific client or transaction, as this falls within their routine work tasks. Some fraud detection systems use computer webcams or video surveillance cameras to monitor employee behavior. Modern surveillance systems have become more intelligent, leveraging artificial intelligence and historical data to perform comprehensive risk assessments and take action when unusual employee behavior is detected. However, these cameras may not always be effective in identifying deceitful behavior when employees remain almost motionless. Understanding fraud detection systems Fraud detection systems are designed to detect and prevent various forms of fraudulent activities, ranging from account hijacking and | Tool Threat Mobile Prediction Technical | ★★★ | |
|
2023-12-05 05:00:40 | TA422 \\ Soule d'exploitation dédiée - la même semaine après semaine TA422\\'s Dedicated Exploitation Loop-the Same Week After Week (lien direct) |
Key takeaways Since March 2023, Proofpoint researchers have observed regular TA422 (APT28) phishing activity, in which the threat actor leveraged patched vulnerabilities to send, at times, high-volume campaigns to targets in Europe and North America. TA422 used the vulnerabilities as initial access against government, aerospace, education, finance, manufacturing, and technology sector targets likely to either disclose user credentials or initiate follow-on activity. The vulnerabilities included CVE-2023-23397-a Microsoft Outlook elevation of privilege flaw that allows a threat actor to exploit TNEF files and initiate NTLM negotiation, obtaining a hash of a target\'s NTLM password-and CVE-2023-38831-a WinRAR remote code execution flaw that allows execution of “arbitrary code when a user attempts to view a benign file within a ZIP archive,” according to the NIST disclosure. Overview Starting in March 2023, Proofpoint researchers have observed the Russian advanced persistent threat (APT) TA422 readily use patched vulnerabilities to target a variety of organizations in Europe and North America. TA422 overlaps with the aliases APT28, Forest Blizzard, Pawn Storm, Fancy Bear, and BlueDelta, and is attributed by the United States Intelligence Community to the Russian General Staff Main Intelligence Directorate (GRU). While TA422 conducted traditional targeted activity during this period, leveraging Mockbin and InfinityFree for URL redirection, Proofpoint observed a significant deviation from expected volumes of emails sent in campaigns exploiting CVE-2023-23397-a Microsoft Outlook elevation of privilege vulnerability. This included over 10,000 emails sent from the adversary, from a single email provider, to defense, aerospace, technology, government, and manufacturing entities, and, occasionally, included smaller volumes at higher education, construction, and consulting entities. Proofpoint researchers also identified TA422 campaigns leveraging a WinRAR remote execution vulnerability, CVE-2023-38831. Bar chart showing the breakdown of TA422 phishing activity from March 2023 to November 2023. Please attend: CVE-2023-23397-test meeting In late March 2023, TA422 started to launch high volume campaigns exploiting CVE-2023-23397 targeting higher education, government, manufacturing, and aerospace technology entities in Europe and North America. TA422 previously used an exploit for CVE-2023-23397 to target Ukrainian entities as early as April 2022, according to open-source reporting by CERT-EU. In the Proofpoint-identified campaigns, our researchers initially observed small numbers of emails attempting to exploit this vulnerability. The first surge in activity caught our attention partly due to all the emails pointing to the same listener server, but mostly due to the volume. This campaign was very large compared to typical state-aligned espionage campaign activity Proofpoint tracks. Proofpoint observed over 10,000 repeated attempts to exploit the Microsoft Outlook vulnerability, targeting the same accounts daily during the late summer of 2023. It is unclear if this was operator error or an informed effort to collect target credentials. TA422 re-targeted many of the higher education and manufacturing users previously targeted in March 2023. It is unclear why TA422 re-targeted these entities with the same exploit. Based upon the available campaign data, Proofpoint suspects that these entities are priority targets and as a result, the threat actor attempted broad, lower effort campaigns regularly to try and gain access. Like the high-volume TA422 campaign Proofpoint researchers identified in March 2023, the late summer 2023 messages contained an appointment attachment, using the Transport Neutral Encapsulation Format (TNEF) file. The TNEF file used a fake file extension to masquerade as a CSV, Excel file, or Word document, and contained an UNC path directing traffic to an SMB listener being hosted on a likely compromised Ubiquiti router. TA422 has previously used compromised routers to host the gr | Malware Vulnerability Threat | APT 28 | ★★★ |
|
2023-12-05 02:56:29 | Regardez rapidement le nouveau guide d'atténuation des soins de santé CISA Quick Look at the New CISA Healthcare Mitigation Guide (lien direct) |
C'est les petites vignes, pas les grandes branches, qui nous font trébucher dans la forêt.Apparemment, ce n'est pas différent dans les soins de santé.En novembre, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un guide d'atténuation destiné au secteur de la santé et de la santé publique (HPH).Au milieu des défis actuels de la sécurité du cloud hybride, des considérations environnementales hyper-distribuées, un paysage de menaces alimentaires et alimentés par AI et des menaces émergentes immédiates, ce que le tout nouveau guide était, étonnamment, sur les petites choses.Ou, peut-être, pas si surprenant après tout.Atténuation...
It\'s the small vines, not the large branches, that trip us up in the forest. Apparently, it\'s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security challenges, hyper-distributed environment considerations, an AI-empowered threat landscape, and immediate nation-state emerging threats, the focus of this brand-new guide was, surprisingly, on the little things. Or, perhaps, not so surprisingly after all. Mitigation... |
Threat Medical Cloud | ★★★ | |
|
2023-12-04 22:06:59 | Les cyber-acteurs affiliés à l'IRGC exploitent les PLC dans plusieurs secteurs, y compris les installations américaines de systèmes d'eau et d'eaux usées IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (lien direct) |
#### Description
Le Federal Bureau of Investigation (FBI), la Cybersecurity and Infrastructure Security Agency (CISA), la National Security Agency (NSA), l'Environmental Protection Agency (EPA) et l'Israel National Cyber Directorate (Incd) - sont appelés «les agences de rédaction"La diffusion de cet avis conjoint de cybersécurité (CSA) pour mettre en évidence la cyber-activité malveillante continue contre les dispositifs de technologie opérationnelle par le gouvernement iranien de la révolutionnaire islamique du Corps (IRGC) - les cyber-acteurs avancés de menace persistante (APT).
L'IRGC est une organisation militaire iranienne que les États-Unis ont désignée comme une organisation terroriste étrangère en 2019. Cyber-acteurs affiliés à l'IRGC utilisant le Persona «CyberAV3NGERS» ciblent activement et compromettent les contrôleurs logiques programmables de la série Unitronics Vision.Ces PLC sont couramment utilisés dans le secteur des systèmes d'eau et des eaux usées (WWS) et sont également utilisés dans d'autres industries, mais sans s'y limiter, la fabrication de l'énergie, des aliments et des boissons et des soins de santé.Les PLC peuvent être rebaptisés et apparaître comme différents fabricants et entreprises.
Depuis au moins le 22 novembre 2023, ces cyber-acteurs affiliés à l'IRGC ont continué de compromettre les informations d'identification par défaut dans les dispositifs unitroniques.Les cyber-acteurs affiliés à l'IRGC ont quitté une image de dégradation.Les victimes s'étendent sur plusieurs États américains.Les agences de création exhortent toutes les organisations, en particulier les organisations d'infrastructures critiques, à appliquer les recommandations énumérées dans la section des atténuations de ce conseil pour atténuer le risque de compromis de ces cyber-acteurs affiliés à l'IRGC.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
#### Date de publication
1er décembre 2023
#### Auteurs)
Cisa
#### Description The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)-hereafter referred to as "the authoring agencies"-are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices. The IRGC-affiliated cyber actors left a defacement image. The victims span multiple U.S. states. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a #### Publication Date December 1, 2023 #### Author(s) CISA |
Threat | ★★★ | |
|
2023-12-04 18:00:26 | 15ème édition des GSDAYS 30 JANVIER 2025 (lien direct) | Les " GS Days, Journées Francophones de la Sécurité de l'information et de la cyber " ont pour objectif d'informer et de démontrer à la communauté SSI : la réalité des menaces actuelles, leur simplicité de mise en oeuvre et leurs impacts sur la SI. Ce Colloque, exclusivement en français, souhaite également se tourner vers l'avenir en faisant la démonstration de nouveaux " Proof of Concept " qui pourraient menacer les SI. - Les événements de Global Security Mag / evenement_home | Threat Conference | ★★★ | |
|
2023-12-04 15:16:00 | Des pirates soutenus au Kremlin attaquant les systèmes d'Outlook non corrigées, dit Microsoft Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says (lien direct) |
Les pirates associés aux renseignements militaires de la Russie exploitent toujours activement une vulnérabilité dans les logiciels Microsoft pour accéder aux e-mails des victimes, a annoncé lundi la société.L'acteur de menace, suivi par Microsoft sous le nom de Forest Blizzard mais également connu sous le nom de Fancy Bear ou APT28, a tenté d'utiliser le bogue pour obtenir un accès non autorisé à l'e-mail
Hackers associated with Russia\'s military intelligence are still actively exploiting a vulnerability in Microsoft software to gain access to victims\' emails, the company said Monday. The threat actor, tracked by Microsoft as Forest Blizzard but also known as Fancy Bear or APT28, has been attempting to use the bug to gain unauthorized access to email |
Vulnerability Threat | APT 28 | ★★ |
|
2023-12-04 12:23:00 | Logofail: les vulnérabilités UEFI exposent des appareils aux attaques de logiciels malveillants furtifs LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks (lien direct) |
Le code d'interface de firmware extensible unifié (UEFI) de divers fournisseurs de micrologiciels / bios indépendants (IBV) s'est révélé vulnérable aux attaques potentielles par des défauts à fort impact dans les bibliothèques d'analyse d'image intégrées dans le firmware.
Les lacunes, collectivement étiquetées & nbsp; Logofail & nbsp; par binarly, «peuvent être utilisées par les acteurs de la menace pour livrer une charge utile malveillante et contourner le coffre sécurisé, Intel
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel |
Malware Vulnerability Threat | ★★★ | |
 |
2023-12-04 11:49:08 | Applications de santé mentale: peuvent-ils faire confiance? Mental Health Apps: Can They Be Trusted? (lien direct) |
In the past few years, mental health apps have witnessed massive growth thanks to their potential to fix a multitude of mental health-related problems.
That said, they are not the best when it comes to managing and securing highly sensitive personal data.
Mental health apps with millions of downloads have been found guilty of selling, misusing, and leaking sensitive data of their users.
In this article, we have shared everything you need to know about the countless privacy concerns associated with mental health apps.
Let’s see if you can trust any mainstream mental health app or if they are all the same.
What Are Mental Health Apps? The name says it all, mental health apps offer tools, activities, and support to help cure serious problems like anxiety, depression, ADHD, Bipolar Disorder, substance abuse, and many more. While mental health apps can’t replace an actual doctor, they have been found to be quite effective in multiple instances. 
On the surface, mental health apps seem to be quite useful for the well-being of users, but you will be surprised to know that the research from Private Internet Access revealed that many mainstream apps fail to protect the privacy and security of their users.
Let’s get into details and discuss all of the problems associated with mental health apps and see how they have become the biggest data-harvesting machines.
Are Mental Health Apps Spying on You? Unlike other mainstream apps, mental health apps require substantially more information about their users for the app to function properly. |
Data Breach Tool Threat Medical | ★★★ | |
 |
2023-12-04 11:00:17 | Kaspersky Security Bulletin 2023. Statistiques Kaspersky Security Bulletin 2023. Statistics (lien direct) |
Statistiques clés pour 2023: ransomware, banquiers de Troie, mineurs et autres logiciels malveillants financiers, vulnérabilités et exploits zéro jour, attaques Web, menaces pour MacOS et IoT.
Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. |
Ransomware Malware Vulnerability Threat Studies | ★★ | |
|
2023-12-04 11:00:00 | Comment les outils de collaboration d'équipe et la cybersécurité peuvent protéger les effectifs hybrides How team collaboration tools and Cybersecurity can safeguard hybrid workforces (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Hybrid operations are becoming an increasingly prevalent part of the business landscape. Certainly, this offers some fantastic opportunities for companies to reduce overhead costs and gain access to international talent. Yet, there are some distinct challenges hybrid workforces face, too. Key among these is the potential for cybersecurity issues to arise. When you have some employees working from the office and others operating remotely, a range of vulnerabilities may arise — not to mention that there may be hurdles to staff interacting effectively. So, let’s take a look at how team collaboration tools and cybersecurity measures can safeguard your hybrid workforce. Identifying and addressing relevant threats There are few businesses today that aren’t vulnerable to some form of cyber threat. However, the risks tend to depend on the specific business model. As a result, it’s important to first gain an understanding of the prevalent risks related to hybrid workplaces. This enables you to more effectively collaborate and develop safeguards. For hybrid businesses, a range of network security threats have the potential to disrupt operations and cause data breaches. These include: Malware. These malicious software or firmware programs usually enter a network when a person unintentionally downloads them after clicking a link or attachment. Depending on the type of malware, this can give hackers remote access to networks or capture data about network activity, alongside infecting other devices on the network. It’s important to ensure hybrid staff have malware detection software on both business and personal devices that they use to connect to company networks. In addition, you must give them training on how to avoid triggering malware downloads. Phishing. Social engineering attacks, like phishing, can be a challenging issue. These tactics are designed to skirt your security software by getting information or network access directly from your human workers. This may involve criminals posing as legitimate businesses or official entities and directing workers to cloned websites where they’ll be requested to enter sensitive information. You can mitigate this type of issue by monitoring network traffic to spot unusual activity, as well as educating staff on the details of these methods. Even if criminals gain passwords by these methods, setting up multi-factor authentication can limit how useful they are to hackers. That said, alongside the common threats, it’s important to get to know and address the issues with your specific hybrid business. Talk to your staff about their day-to-day working practices and the potential points of vulnerability. Discuss remote workers’ home network setups to establish whether there are end-to-end safeguards in place to prevent unauthorized access to networks. You can then collaborate on arranging additional equipment or protocols — such as access to an encrypted virtual private network (VPN) — that protect both the business and workers’ home equipment. Utilizing collaborative tools Effective collaboration is essential for all hybrid businesses. This isn’t just a matter of maintaining productivity. When employees have the right tools in place to wo | Malware Tool Vulnerability Threat Cloud | ★★ | |
|
2023-12-04 10:39:37 | Comment l'analyse dynamique vous aide à améliorer l'automatisation des DevSecops How Dynamic Analysis Helps You Enhance Automation for DevSecOps (lien direct) |
DevSecops, également connu sous le nom de DevOps sécurisé, représente un état d'esprit dans le développement de logiciels qui maintient tout le monde responsable de la sécurité des applications.En favorisant la collaboration entre les développeurs et les opérations informatiques et en dirigeant les efforts collectifs vers une meilleure prise de décision de sécurité, les équipes de développement peuvent fournir des logiciels plus sûrs avec une plus grande vitesse et une plus grande efficacité.
Malgré ses avantages, la mise en œuvre de DevSecops peut introduire des frictions dans le processus de développement.Les outils traditionnels pour tester le code et évaluer le risque de sécurité des applications n'ont tout simplement pas été conçu pour la vitesse dont les tests DevOps ont besoin.
Pour naviguer dans ces défis, les équipes de développement doivent commencer avec des outils de test automatisés, car le fait de s'appuyer sur les processus manuels ne peut pas suivre le rythme des délais de développement accélérés.L'automatisation est considérée comme clé pour l'intégration continue de l'analyse de la sécurité et l'atténuation des menaces des flux de travail dynamiques.En tant qu'extension des principes DevOps, DevSecops Automation aide à intégrer les tests de sécurité…
DevSecOps, also known as secure DevOps, represents a mindset in software development that holds everyone accountable for application security. By fostering collaboration between developers and IT operations and directing collective efforts towards better security decision-making, development teams can deliver safer software with greater speed and efficiency. Despite its merits, implementing DevSecOps can introduce friction into the development process. Traditional tools for testing code and assessing application security risk simply weren\'t built for the speed that DevOps testing requires. To navigate these challenges, development teams need to start with automated testing tools, as relying on manual processes can\'t possibly keep pace with accelerated development timelines. Automation is considered key to continuous integration of security analysis and threat mitigation of dynamic workflows. As an extension of DevOps principles, DevSecOps automation helps integrate security testing… |
Tool Threat | ★★★ | |
|
2023-12-04 09:50:00 | Microsoft met en garde contre le schéma de malvertisation répartir les ransomwares du cactus Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (lien direct) |
Microsoft a mis en garde contre une nouvelle vague d'attaques de ransomwares de cactus qui tirent parti des leurres malvertising pour déployer Danabot en tant que vecteur d'accès initial.
Les infections à Danabot ont conduit à "l'activité pratique du clavier par l'opérateur de ransomware Storm-0216 (Twisted Spider, UNC2198), culminant dans le déploiement de Cactus Ransomware", l'équipe Microsoft Threat Intelligence & NBSP; Said & Nbsp; dans une série de messages sur x (
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware," the Microsoft Threat Intelligence team said in a series of posts on X ( |
Ransomware Threat | ★★ |
To see everything:
Our RSS (filtrered)
