What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-29 18:49:00 | ProofPoint Email Routing Flaw exploité pour envoyer des millions d'e-mails de phishing usurpés Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (lien direct) |
Un acteur de menace inconnue a été lié à une campagne d'arnaque massive qui a exploité une mauvaise configuration de la routage des e-mails dans les défenses du fournisseur de sécurité par courrier électronique \\ pour envoyer des millions de messages usurpant diverses entreprises légitimes.
"Ces e-mails ont fait écho à partir des relais de messagerie de point de preuve officiel avec des signatures SPF et DKIM authentifiées, contournant ainsi les principales protections de sécurité - tout cela à tromper
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint\'s defenses to send millions of messages spoofing various legitimate companies. "These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections - all to deceive |
Threat | ||
 |
2024-07-29 16:39:46 | Biden\'s cybersecurity legacy: \'a big shift\' to private sector responsibility (lien direct) | >Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism. | |||
|
2024-07-29 16:10:00 | How Searchable Encryption Changes the Data Security Game (lien direct) | Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere.
Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and |
|||
 |
2024-07-29 15:30:00 | Mandrake Spyware Infects 32,000 Devices Via Google Play Apps (lien direct) | Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics
Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics |
|||
 |
2024-07-29 15:21:53 | VPN Usage Increased 5016% in Bangladesh Amidst Online Censorship (lien direct) | La demande de VPN monte en marche au Bangladesh en raison des restrictions sur Internet.Découvrez l'impact mondial des VPN sur Internet & # 8230;
VPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet… |
|||
 |
2024-07-29 15:00:00 | Évitez ces cinq pièges du déploiement EDR Avoid These Five Pitfalls of EDR Deployment (lien direct) |
Le déploiement d'une solution EDR est crucial pour protéger votre organisation.Ici, comment profiter au maximum de votre solution choisie, ainsi que des pièges courants à éviter.
Deploying an EDR solution is crucial for protecting your organization. Here\'s how to make the most of your chosen solution, along with common pitfalls to avoid. |
|||
 |
2024-07-29 14:58:44 | 29 juillet & # 8211;Rapport de renseignement sur les menaces 29th July – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violation de la Cour supérieure de Los Angeles ont été contraints de fermer son réseau à la suite d'une attaque de ransomware.La Cour, la plus grande des États-Unis, a clôturé tous ses 36 palais de justice [& # 8230;]
>For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse […] |
Ransomware Threat | ||
 |
2024-07-29 14:48:47 | Le NoCode, le LowCode, et la Cybersécurité : Sensibilisation (lien direct) | Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag.
-
Interviews
Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag. - Interviews |
|||
 |
2024-07-29 14:45:12 | Les câbles Internet français sont réduits en sabotage qui ont provoqué des pannes à travers le pays French internet cables cut in act of sabotage that caused outages across country (lien direct) |
AXET ATTACE DES AXE SEUX quelques jours après que les incendiaires de réseau ferroviaire cible les câbles Internet à fibre optique à travers la France ont été coupés dans un acte apparent de sabotage, entraînant des pannes à travers le pays.…
Axe attack comes just days after arsonists target rail network Fiber optic internet cables across France have been cut in an apparent act of sabotage, resulting in outages across the country.… |
|||
 |
2024-07-29 14:41:49 | OAuth + XSS Attack menace des millions d'utilisateurs Web avec une prise de contrôle de compte OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover (lien direct) |
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites. |
|||
 |
2024-07-29 14:16:16 | Agir: comment lutter contre les répercussions financières d'un cyber-incident Taking action: how to combat the financial repercussions of a cyber incident (lien direct) |
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […]
The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru.
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […] The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru. |
Threat | ||
|
2024-07-29 14:00:00 | Walmart découvre la nouvelle porte dérobée PowerShell liée au malware Zloader Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware (lien direct) |
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant |
Malware | ||
|
2024-07-29 14:00:00 | 7 Sessions Not to Miss at Black Hat USA 2024 (lien direct) | This year\'s conference will be a treasure trove of insights for cybersecurity professionals.
This year\'s conference will be a treasure trove of insights for cybersecurity professionals. |
Conference | ||
 |
2024-07-29 14:00:00 | Unc4393 entre doucement dans la nuit silencieuse UNC4393 Goes Gently into the SILENTNIGHT (lien direct) |
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong
Overview In mid-2022, Mandiant\'s Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant\'s initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster\'s victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393\'s operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster\'s transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques. 
Figure 1: UNC4393 intrusion lifecycle
Attribution and Targeting
UNC4393 is a financially motivated threat cluster, and the primary user of BASTA ransomware, tracked since mid-2022 but likely active since early 2022 based on activity on the BASTA DLS. The group has overwhelmingly leveraged initial access gained via UNC2633 and UNC2500 QAKBOT botnet infections to deploy BASTA ransomware. QAKBOT is typically distributed via phishing emails containing malicious links or attachments. In some cases, HTML smuggling has also been used to distribute ZIP files containing IMG files that house LNK files and QAKBOT payloads.
Mandiant suspects BASTA operators maintain a private or small, closed-invitation affiliate model whereby only trusted third-party actors are provided with use of the BASTA encryptor. Unlike traditional ransomware-as-a-service (RaaS), BASTA is not publicly marketed and its operators do not appear to actively recruit affiliates to deploy the ransomware. Instead, they focus on acquiring initial access via partnerships or purchases in underground communities. This deviates from traditional RaaS models, which focus on the ransomware development and related services such as the data leak site (DLS) that are provided to affiliates in exchange for directly distributing the ransomware. While UNC4393 is the only currently active threat cluster deploying BASTA that Mandiant tracks, we cannot rule out the possibility that other, vetted threat actors may also be given access to the encrypter.
The hundreds of BASTA ransomware victims claimed on the DLS appear credible due to UNC4393\'s rapid operational tempo. With a median time to ransom of approximately 42 hours, UNC4393 has demonstrated p |
Ransomware Malware Tool Threat Prediction Medical Cloud | ||
|
2024-07-29 13:45:41 | Intruders at HealthEquity rifled through storage, stole 4.3M people\\'s data (lien direct) | No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.…
No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… |
Ransomware Malware Medical | ||
|
2024-07-29 13:01:07 | Google s'excuse d'avoir brisé le gestionnaire de mots de passe pour des millions d'utilisateurs de Windows avec une mise à jour de Chrome iffy Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update (lien direct) |
Happy Sysadmin Day Google Celebrated Sysadmin Day la semaine dernière en s'excusant d'avoir cassé son gestionnaire de mots de passe pour des millions d'utilisateurs de Windows & # 8211;Tout comme de nombreux administrateurs de Windows étaient encore difficiles à travailler pour atténuer l'impact de la mise à jour de la crowdsstrike défectueuse.…
Happy Sysadmin Day Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.… |
|||
|
2024-07-29 13:00:00 | Hotjar, Business Insider Vulnérabilités exposer les risques de données OAuth Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks (lien direct) |
Salt Labs a également déclaré que les XS combinés avec OAuth peuvent entraîner de graves violations
Salt Labs also said XSS combined with OAuth can lead to severe breaches |
Vulnerability | ||
 |
2024-07-29 12:59:05 | Sécuriser le déménagement de l'Inde au nuage Securing India\\'s Move To The Cloud (lien direct) |
> Cette semaine à Cybersecurity des éditeurs du magazine Cybercrime & # 8211; lisez l'histoire complète dans Youstory Sausalito, Californie & # 8211;29 juillet 2024 Alors que les entreprises migrent vers le cloud, elles doivent naviguer dans un paysage en évolution des cyber-menaces.Selon un rapport 2023 de Cybersecurity Ventures, & # 160; Global
>This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in YourStory Sausalito, Calif. – Jul. 29, 2024 As businesses migrate to the cloud, they must navigate an evolving landscape of cyber threats. According to a 2023 report by Cybersecurity Ventures, global |
Cloud | ||
 |
2024-07-29 12:58:06 | Are Mobile Devices Less Secure than PCs? (lien direct) | >
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
>
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
|
Mobile | ||
 |
2024-07-29 12:56:02 | Infrastructure de télécommunications française endommagée dans une autre attaque de sabotage French telecom infrastructure damaged in another sabotage attack (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 12:35:00 | \\ 'Stargazer Goblin \\' crée 3 000 faux comptes GitHub pour la diffusion de logiciels malveillants \\'Stargazer Goblin\\' Creates 3,000 Fake GitHub Accounts for Malware Spread (lien direct) |
Un acteur de menace connu sous le nom de Stargazer Goblin a mis en place un réseau de comptes GitHub inauthentiques pour alimenter une distribution en tant que service (DAAS) qui propage une variété de logiciels malveillants qui volent l'information et leur rapportent 100 000 $ en bénéfices illicites au cours de la dernière année.
Le réseau, qui comprend plus de 3 000 comptes sur la plate-forme d'hébergement de code basé sur le cloud, couvre des milliers de référentiels utilisés
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to |
Malware Threat | ||
 |
2024-07-29 12:31:37 | Après la SNCF, des sabotages visent des réseaux de fibres optiques (lien direct) | Après avoir perturbé des lignes TGV, des saboteurs visent les réseaux de fibres optiques. Une attaque massive qui a débuté début juillet.... | |||
|
2024-07-29 12:20:53 | Pour contrer les menaces graves à la sécurité de l\'information, Apacer fournit des solutions pour la récupération des systèmes d\'entreprise et la sécurité des données (lien direct) | Avec le développement rapide des applications de l'IA dans divers domaines, les entreprises s'appuient de plus en plus sur les données. Les questions de sécurité de l'information, telles que les mesures pour s'assurer que les données ne sont pas perdues ou utilisées de manière inappropriée, sont devenues cruciales. Apacer comprend parfaitement à quel point les données des entreprises peuvent être irremplaçables. Grâce à l'amélioration continue de sa technologie exclusive de sauvegarde et de restauration au fil des ans, Apacer (8271) s'efforce de répondre aux nombreux besoins générés par diverses applications industrielles. - Produits | Threat | ||
 |
2024-07-29 12:02:42 | L'administration américaine fait progresser les initiatives d'IA, reçoit un engagement volontaire supplémentaire US administration advances AI initiatives, receives further voluntary commitment (lien direct) |
> Neuf mois après la publication d'un décret pour hiérarchiser le rôle de l'Amérique dans la progression de l'intelligence artificielle (IA) tout en atténuant ...
>Nine months after issuing an Executive Order to prioritize America’s role in advancing artificial intelligence (AI) while mitigating... |
|||
 |
2024-07-29 12:00:00 | Des millions de sites Web attaquent XSS sensible via une implémentation OAuth Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw (lien direct) |
> Les chercheurs ont découvert et publié les détails d'une attaque XSS qui pourrait potentiellement avoir un impact sur des millions de sites Web à travers le monde.
>Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. |
|||
 |
2024-07-29 11:54:48 | HealthEquity says data breach impacts 4.3 million people (lien direct) | HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...]
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...] |
Data Breach | ||
|
2024-07-29 11:39:28 | Vulnérabilité du produit Acronis exploitée dans la nature Acronis Product Vulnerability Exploited in the Wild (lien direct) |
> Acronis met en garde contre une vulnérabilité de la cyber-infrastructure (ACI) à la sévérité critique en cours.
>Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks. |
Vulnerability | ||
|
2024-07-29 11:32:08 | L'enquête révèle que le gouvernement britannique a induit en erreur les députés sur le scandale informatique du bureau de poste Inquiry reveals UK government misled MPs over Post Office IT scandal (lien direct) |
L'ancien ministre des entreprises Vince Cable témoigne, soulignant les défaillances de désinformation et de surveillance Les fonctionnaires du ministère du gouvernement responsables de la poste ont envoyé des informations trompeuses aux députés sur les affaires judiciaires relatives au système informatique de l'horizon, une enquêtedans l'une des plus grandes erreurs de justice du Royaume-Uni a entendu.…
Former business minister Vince Cable testifies, highlighting misinformation and oversight failures Officials at the government department responsible for the Post Office sent out misleading information to MPs about court cases relating to the Horizon IT system, an inquiry into one of the UK\'s greatest miscarriage of justice has heard.… |
|||
 |
2024-07-29 11:30:00 | Comment les infostateurs ont pilé les mots de passe du monde \\ How Infostealers Pillaged the World\\'s Passwords (lien direct) |
Infostealer malware is swiping millions of passwords, cookies, and search histories. It\'s a gold mine for hackers-and a disaster for anyone who becomes a target.
Infostealer malware is swiping millions of passwords, cookies, and search histories. It\'s a gold mine for hackers-and a disaster for anyone who becomes a target. |
Malware | ||
 |
2024-07-29 11:20:29 | Ce que chaque entreprise doit savoir sur les ransomwares What Every Business Needs to Know About Ransomware (lien direct) |
Les entreprises d'aujourd'hui comptent fortement sur la technologie pour rationaliser les opérations, améliorer la productivité et se connecter avec les clients.Cependant, cette dépendance a également ouvert la porte à une menace croissante: les attaques du ransomware.D'ici 2031, le coût des attaques de ransomwares devrait atteindre 265 milliards de dollars (USD) par an.La croissance rapide des attaques de ransomwares a fait de cette cyber-menace [...]
Today\'s businesses rely heavily on technology to streamline operations, enhance productivity, and connect with customers. However, this dependency has also opened the door to a growing threat: ransomware attacks. By 2031, the cost of ransomware attacks is estimated to reach $265 billion (USD) annually. The rapid growth of ransomware attacks has made this cyber threat [...] |
Ransomware Threat | ||
|
2024-07-29 11:03:49 | ZATAZ découvre l\'équivalent de 798 DVD de données piratées (lien direct) | Un espace de stockage pirate de plus de 3 To découvert par ZATAZ contenait l'équivalent de 798 DVD de données piratées.... | |||
 |
2024-07-29 11:02:51 | Nouvelles recherches sur la détection des vidéos générées par l'IA New Research in Detecting AI-Generated Videos (lien direct) |
le Dernier dans ce qui sera une course d'armement continue entre la création et la détection des vidéos:
Le nouvel outil que le projet de recherche se déchaîne sur Deepfakes, appelé & # 8220; Mislnet & # 8221;, a évolué à partir d'années de données dérivées de la détection de fausses images et de la vidéo avec des outils qui ont des modifications apportées à la vidéo ou aux images numériques ou des images numériques.Ceux-ci peuvent inclure l'addition ou le mouvement des pixels entre les cadres, la manipulation de la vitesse du clip ou l'élimination des cadres.
De tels outils fonctionnent parce qu'un traitement algorithmique de l'appareil photo numérique crée des relations entre les valeurs de couleur pixel.Ces relations entre les valeurs sont très différentes dans les images générées par l'utilisateur ou éditées avec des applications comme Photoshop ...
The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames. Such tools work because a digital camera’s algorithmic processing creates relationships between pixel color values. Those relationships between values are very different in user-generated or images edited with apps like Photoshop... |
Tool | ||
 |
2024-07-29 11:00:00 | Plongeon profonde dans la chronologie du phishing: menaces et tendances Deep Dive into Phishing Chronology: Threats and Trends (lien direct) |
> Cet article se concentrera sur la chronologie du phishing.En analysant les URL de phishing 88014 collectées à partir de sources publiques et de données Zimperium, nous montrerons à quel point les menaces de phishing sont dynamiques et rapides.
>This article will focus on the Phishing Chronology. Analyzing 88014 phishing URLs collected from public sources and Zimperium data, we will show how dynamic and fast evolving are the phishing threats. |
|||
 |
2024-07-29 10:58:35 | Weekly OSINT Highlights, 29 July 2024 (lien direct) | ## Snapshot Key trends from last week\'s OSINT reporting include novel malware, such as Flame Stealer and FrostyGoop, the compromise of legitimate platforms like Discord and GitHub, and state-sponsored threat actors conducting espionage and destructive attacks. Notable threat actors, including Russian groups, Transparent Tribe, FIN7, and DPRK\'s Andariel, are targeting a wide range of sectors from defense and industrial control systems to financial institutions and research entities. These attacks exploit various vulnerabilities and employ advanced evasion techniques, leveraging both traditional methods and emerging technologies like AI-generated scripts and RDGAs, underscoring the evolving and persistent nature of the cyber threat landscape. ## Description 1. [Widespread Adoption of Flame Stealer](https://sip.security.microsoft.com/intel-explorer/articles/f610f18e): Cyfirma reports Flame Stealer\'s use in stealing Discord tokens and browser credentials. Distributed via Discord and Telegram, this malware targets various platforms, utilizing evasion techniques like DLL side-loading and data exfiltration through Discord webhooks. 2. [ExelaStealer Delivered via PowerShell](https://sip.security.microsoft.com/intel-explorer/articles/5b4a34b0): The SANS Technology Institute Internet Storm Center reported a threat involving ExelaStealer, downloaded from a Russian IP address using a PowerShell script. The script downloads two PE files: a self-extracting RAR archive communicating with "solararbx\[.\]online" and "service.exe," the ExelaStealer malware. The ExelaStealer, developed in Python, uses Discord for C2, conducting reconnaissance activities and gathering system and user details. Comments in Russian in the script and the origin of the IP address suggest a Russian origin. 3. [FrostyGoop Disrupts Heating in Ukraine](https://sip.security.microsoft.com/intel-explorer/articles/cf8f8199): Dragos identified FrostyGoop malware in a cyberattack disrupting heating in Lviv, Ukraine. Linked to Russian groups, the ICS-specific malware exploits vulnerabilities in industrial control systems and communicates using the Modbus TCP protocol. 4. [Rhysida Ransomware Attack on Private School](https://sip.security.microsoft.com/intel-explorer/articles/4cf89ad3): ThreatDown by Malwarebytes identified a Rhysida ransomware attack using a new variant of the Oyster backdoor. The attackers used SEO-poisoned search results to distribute malicious installers masquerading as legitimate software, deploying the Oyster backdoor. 5. [LLMs Used to Generate Malicious Code](https://sip.security.microsoft.com/intel-explorer/articles/96b66de0): Symantec highlights cyberattacks using Large Language Models (LLMs) to generate malware code. Phishing campaigns utilize LLM-generated PowerShell scripts to download payloads like Rhadamanthys and LokiBot, stressing the need for advanced detection against AI-facilitated attacks. 6. [Stargazers Ghost Network Distributes Malware](https://sip.security.microsoft.com/intel-explorer/articles/62a3aa28): Check Point Research uncovers a network of GitHub accounts distributing malware via phishing repositories. The Stargazer Goblin group\'s DaaS operation leverages over 3,000 accounts to spread malware such as Atlantida Stealer and RedLine, targeting both general users and other threat actors. 7. [Crimson RAT Targets Indian Election Results](https://sip.security.microsoft.com/intel-explorer/articles/dfae4887): K7 Labs identified Crimson RAT malware delivered through documents disguised as "Indian Election Results." Transparent Tribe APT, believed to be from Pakistan, targets Indian diplomatic and defense entities using macro-embedded documents to steal credentials. 8. [AsyncRAT Distributed via Weaponized eBooks](https://sip.security.microsoft.com/intel-explorer/articles/e84ee11d): ASEC discovered AsyncRAT malware distributed through weaponized eBooks. Hidden PowerShell scripts within these eBooks trigger the AsyncRAT payload, which uses obfuscation and anti-detection techniques to exfiltrate data. | Ransomware Data Breach Spam Malware Tool Vulnerability Threat Legislation Mobile Industrial Medical | APT 28 APT 36 | |
|
2024-07-29 10:49:56 | L'Ukraine affirme que la cyberattaque a perturbé les distributeurs automatiques de billets russes et le système bancaire Ukraine Claims Cyber Attack Disrupted Russian ATMs and Banking System (lien direct) |
L'Ukraine lance une cyberattaque massive contre la Russie, perturbant les services ATM, les banques en ligne et les institutions financières.Selon les affirmations, A & # 8230;
Ukraine launches a massive cyber attack on Russia, disrupting ATM services, online banking, and financial institutions. Reportedly, a… |
|||
|
2024-07-29 10:48:46 | Opération contre le Malware PlugX : la France clic sur le bouton OFF (lien direct) | Les autorités judiciaires françaises, en collaboration avec Europol, ont lancé une "opération de désinfection" visant à éliminer le malware connu sous le nom de PlugX.... | Malware | ||
|
2024-07-29 10:40:51 | 4,3 millions affectés par la violation des données de santé 4.3 Million Impacted by HealthEquity Data Breach (lien direct) |
> HealthEquity indique que les informations personnelles et de santé de 4,3 millions de personnes ont été compromises dans une violation de données.
>HealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach. |
Data Breach | ||
|
2024-07-29 10:32:01 | Tentative d\'assassinat de Trump : le FBI hack le téléphone du tireur en 40 minutes (lien direct) | Après la fusillade tragique lors d'un rassemblement de l'ancien président Donald Trump à Bethel Park, en Pennsylvanie, le FBI a réussi à déverrouiller le téléphone de Thomas Matthew Crooks, le tireur identifié.... | Hack | ||
|
2024-07-29 10:26:00 | Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site (lien direct) | Le Trojan à distance connu sous le nom de GH0ST RAT a été observé par un "compte-gouttes évasif" appelé GH0STGAMBIT dans le cadre d'un schéma de téléchargement au volant ciblant les utilisateurs de Windows chinois.
Ces infections proviennent d'un faux site Web ("chrome-web [.] Com") servant des packages d'installation malveillants se faisant passer pour le navigateur Chrome de Google \\, indiquant que les utilisateurs recherchent le logiciel du logiciel sur le logiciel
The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google\'s Chrome browser, indicating that users searching for the software on the |
|||
 |
2024-07-29 10:22:02 | [& how to block them] (lien direct) | […] | Spam | ||
 |
2024-07-29 10:16:13 | Les 5 premières alternatives 1 Passassword pour 2024 The Top 5 1Password Alternatives for 2024 (lien direct) |
Nordpass, Bitwarden et Dashlane font partie d'une poignée de gestionnaires de mots de passe sécurisés et remplis de fonctionnalités pour ceux qui recherchent des alternatives de qualité 1Password.
NordPass, Bitwarden and Dashlane are among a handful of secure and feature-packed password managers for those looking for quality 1Password alternatives. |
|||
|
2024-07-29 10:07:25 | Capgemini piratée par l\'un de ses employés (lien direct) | Insider threat : le pirate de l\'entreprise Capgemini n\'était autre qu\'un de ses employés....
Insider threat : le pirate de l\'entreprise Capgemini n\'était autre qu\'un de ses employés.... |
Threat | ||
 |
2024-07-29 10:00:05 | Mandrake Spyware se faufile à nouveau sur Google Play, volant sous le radar pendant deux ans Mandrake spyware sneaks onto Google Play again, flying under the radar for two years (lien direct) |
Les acteurs de menace spyware de Mandrake reprennent des attaques avec de nouvelles fonctionnalités ciblant les appareils Android tout en étant accessible au public sur Google Play.
Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play. |
Threat Mobile | ||
|
2024-07-29 10:00:00 | Moins de la moitié des entreprises européennes ont des contrôles en IA en place Less Than Half of European Firms Have AI Controls in Place (lien direct) |
SAPIO Research affirme que moins de 50% des entreprises européennes imposent l'utilisation et d'autres restrictions sur l'IA
Sapio Research claims that fewer than 50% of European companies place usage and other restrictions on AI |
|||
|
2024-07-29 09:00:00 | US Crypto Exchange Gemini révèle une violation US Crypto Exchange Gemini Reveals Breach (lien direct) |
Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised
Thousands of customers of cryptocurrency exchange Gemini have had personal data compromised |
|||
 |
2024-07-29 07:00:00 | Cloudzip – Montez un zip distant et accédez à ses fichiers sans tout télécharger (lien direct) | Cloudzip permet de monter un fichier zip distant en tant que répertoire local et d'accéder à des fichiers spécifiques sans avoir à télécharger l'intégralité de l'archive, ce qui optimise considérablement les performances et l'utilisation de la bande passante. | |||
|
2024-07-29 06:43:49 | Rubrik et Nutanix étendent leur partenariat pour accélérer la sécurité des Nutanix Cloud Clusters (lien direct) | Rubrik pour Nutanix Cloud Clusters (NC2) sur AWS et Azure est désormais disponible Rubrik, le spécialiste de la sécurité des données Zero Trust a annoncé une extension de son partenariat avec Nutanix, un leader du cloud hybride et du multicloud. Les deux sociétés ont élargi leur partenariat pour accélérer la protection des charges de travail de NC2, la plateforme hybride multicloud de Nutanix qui permet d'exécuter des applications sur AWS et Azure. Les entreprises peuvent désormais incorporer leurs charges de travail NC2 dans la plateforme SaaS de Rubrik, nommée Rubrik Security Cloud, et tirer parti des capacités de protection et de sécurité des données pour gérer et sécuriser les workloads fonctionnant dans NC2. - Marchés | Cloud | ||
 |
2024-07-29 06:00:58 | De réactif à proactif: identifier les utilisateurs risqués en temps réel pour arrêter les menaces d'initié From Reactive to Proactive: Identify Risky Users in Real Time to Stop Insider Threats (lien direct) |
Insider threats can come from anywhere at any time. Although there are well-known insider threat indicators and trigger events, one of the most challenging aspects of containing insider threats is identifying a user who may cause harm to the business-intentionally or not. This uncertainty can be daunting. And it is one of the reasons that insider threats are a leading challenge for CISOs globally. Insider threat investigations are typically reactive. Cybersecurity administrators focus on risky users like leavers, employees on a performance improvement plan, or contractors once they learn about their potential risk to the company. This is a valid way to manage known risks. But how can a business manage unknown risks? Proofpoint Insider Threat Management (ITM) has capabilities to help security teams do exactly that with dynamic policies on the endpoint. Reactive monitoring poses challenges The riskiest users in a business tend to fall into several categories. They include users who: Exhibit risky behavior, like downloading a high volume of sensitive files Belong to a predetermined risky user group; some examples include departing employees, privileged users with access to sensitive data and systems, and Very Attacked People™ Have a high-risk score based on a number of indicators Security teams typically build manual policies to monitor these users for unusual or risky behavior. When a user\'s activity violates corporate policy, their activity is detected by and visible to security teams. Security teams can continue to monitor the user and apply prevention controls when needed. This is a sound approach. But it relies on identifying the risky user ahead of time, monitoring their behavior and making manual changes to policies. For teams who may not have an approach to identify risky users, they may decide to monitor all users as “risky.” However, collecting data on all users is inefficient. It burdens the security team with too many alerts and false positives. Another challenge for security teams is protecting users\' privacy to meet compliance requirements. Capturing visuals like screenshots in an insider threat investigation is crucial. It can provide irrefutable evidence that can be used to prove a user\'s intentions. However, the collection of such information all the time poses privacy concerns, especially in regions with strict privacy regulations. Balancing security with privacy controls requires that data collection occur on a need-to-know basis. Identify risky users with dynamic policies Proofpoint ITM alleviates the challenge of knowing who your riskiest users are at all times. With dynamic policies for the endpoint, security teams do not need to write policies based on specific users or groups. Instead, they can dynamically and flexibly change a user\'s monitoring policy in real time if a user triggers an alert. Dynamic policies allow security teams to do the following: Change the endpoint agent policy from metadata-only to screenshot mode for a specified time frame before and after an alert Capture screenshots only when behavior is risky and an alert is generated, thereby protecting the privacy of the user Define when visibility and control policies are scaled up or down on the endpoint User scenario: a departing employee Let\'s walk through an example of a departing employee. Evan is a researcher at a global life sciences company. She has access to sensitive vaccine data due to the nature of her role. Evan is being monitored as a low-risk user. That means metadata is being captured when she moves data, such as uploading a PPT file with sensitive data to a partner\'s website or uploading a strategy document to the company\'s cloud sync folder. However, Evan\'s behavior, such as tampering with the Windows registry or any security controls, or downloading an unapproved application, are not captured. Evan is goin | Threat Cloud | ||
|
2024-07-29 03:30:00 | Target d'attaque de phishing soutenue en Chine Utilisateurs du système postal indien China-Backed Phishing Attack Targets India Postal System Users (lien direct) |
Une grande campagne d'attaque de phishing de texte de texte attribuée à la triade de smiming basée en Chine emploie des iessages malveillants.
A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages. |
★★★ | ||
 |
2024-07-29 02:54:08 | Navigating PCI DSS 4.0: Your Guide to Compliance Success (lien direct) | La transition vers PCI DSS 4.0 est là.La période de transition de PCI DSS 3.2 s'est terminée le 31 mars 2024, de sorte que les entreprises de tous les secteurs doivent se concentrer sur l'alignement de leurs pratiques sur les nouvelles exigences.Ce blog vous guidera à travers les points clés discutés par les experts PCI Steven Sletten et Jeff Hall dans un webinaire récent organisé par Fortra sur "PCI 4.0 est ici: votre guide pour naviguer sur le succès de la conformité".Les objectifs de haut niveau et la flexibilité PCI DSS 4.0 \'s principal sont de s'assurer que la norme continue de répondre aux besoins en évolution de l'industrie du paiement.Un objectif de la nouvelle norme est d'offrir ...
The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements. This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success." High-Level Goals and Flexibility PCI DSS 4.0\'s main aim is to ensure that the standard continues to meet the payment industry\'s evolving security needs. One focus of the new standard is to offer... |
To see everything:
