What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-10 10:00:00 | La législation numérique à l'ère de la crypto-monnaie: enquêter sur la blockchain et les crimes cryptographiques Digital Forensics in the Age of Cryptocurrency: Investigating Blockchain and Crypto Crimes (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. The rise of cryptocurrencies has introduced a new frontier for criminals, presenting unique challenges for investigators. Unlike traditional financial transactions, cryptocurrency transactions are pseudonymous, meaning identities are obscured by cryptographic addresses. This, coupled with the decentralized nature of blockchain technology, necessitates specialized techniques and tools for digital forensics in the age of cryptocurrency. Understanding Cryptocurrency and Blockchain Before diving into forensic techniques, let\'s establish some foundational knowledge: Blockchain: A decentralized, public ledger that records transactions across a network of computers. Each transaction is cryptographically linked to the previous one, forming a secure and tamper-proof chain. Cryptocurrency: A digital or virtual currency secured by cryptography. Bitcoin, Ethereum, and Litecoin are popular examples. The pseudonymous nature of blockchain transactions means that while all transactions are publicly visible, the identities of the parties involved are obscured by cryptographic addresses. Key Challenges in Crypto Forensics Pseudonymity: Unlike traditional bank accounts, cryptocurrency transactions do not directly link to real-world identities. Decentralization: The absence of a central authority complicates efforts to track and freeze illicit funds. Multiple Cryptocurrencies: The diverse landscape of cryptocurrencies, each with unique characteristics, requires adaptable forensic techniques. Forensic Techniques for Investigating Crypto Crimes Blockchain Analysis Transaction Tracing: By analyzing the flow of transactions on the blockchain, investigators can track the movement of funds. Tools like Chainalysis, Elliptic, and CipherTrace offer visualizations of transaction flows, highlighting suspicious patterns. Example Scenario: An investigator traces a series of Bitcoin transactions from a ransomware payment to multiple addresses. Using address clustering, they identify a cluster linked to a known exchange, leading to the suspect\'s identification. Address Clustering: Grouping addresses controlled by the same entity helps link pseudonymous transactions. Techniques like "co-spending" (using multiple addresses in one transaction) aid in clustering. Crypto Wallet Analysis Wallet Extraction: Digital wallets store private keys needed for cryptocurrency transactions. Extracting wallet data from devices involves locating wallet files or using memory forensics to recover private keys. Example Scenario: During a raid, law enforcement seizes a suspect\'s laptop. Forensic imaging and subsequent analysis reveal a Bitcoin wallet file. The extracted private keys allow investigators to access and trace illicit funds. Forensic Imaging Creating forensic images of suspect devices ensures data integrity and enables detailed analysis. Tools like FTK Imager and EnCase are used for imaging and analyzing digital evidence. Address Attribution KYC Data: Know Your Customer (KYC) regulations require exchanges to collect user identification information. By subpoenaing exchange records, investigators can link blockchain addresses to real-world identities. Example Sce | Ransomware Tool Studies Legislation | ||
 |
2024-07-10 02:51:40 | Navigation de la conformité: un guide de base de la configuration du gouvernement américain Navigating Compliance: A Guide to the U.S. Government Configuration Baseline (lien direct) |
Pour les professionnels de la cybersécurité chargés de défendre le secteur public, la lutte contre la ligne de base de la configuration du gouvernement américain (USGCB) n'est qu'un autre obstacle à un fédéral plus sûr demain.Faisant partie d'une large collection d'exigences de conformité au gouvernement fédéral nécessaires, elle a accroché les configurations de sécurité de base nécessaires aux produits informatiques déployés par le gouvernement fédéral.Bien qu'il ne s'agisse pas d'une législation autonome, la conformité de l'USGCB est une exigence fondamentale du FISMA (Federal Information Security Modernization Act).Voici les 10 meilleures FAQ liées à USGCB et comment vous pouvez sortir en tête.1. Qu'est-ce que ...
For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products. While not a standalone piece of legislation, USGCB compliance is a core requirement of FISMA (Federal Information Security Modernization Act). Here\'s the top 10 FAQs related to USGCB and how you can come out on top. 1. What is... |
Legislation | ★★★ | |
 |
2024-07-09 19:47:09 | République de Chine du peuple (PRC) Ministère de sécurité d'État APT40 Tradecraft en action People\\'s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action (lien direct) |
#### Géolocations ciblées - États-Unis - Australie - Japon - Corée - Nouvelle-Zélande - Allemagne - Royaume-Uni ## Instantané La Cybersecurity and Infrsatructure Security Agency (CISA) a publié un avis rédigé par un certain nombre d'organisations de cybersécurité d'État sur APT40, suivis par Microsoft comme [Gingham Typhoon] (https://security.microsoft.com C04BA1F56F4F603268AAB6). ## Description APT40, également connu sous le nom de Kryptonite Panda, Leviathan et Bronze Mohawk, mène des cyber opérations pour la République de Chine du peuple (PRC) du ministère de la Sécurité des États (MSS).Le groupe a une histoire de ciblage des organisations dans divers pays, dont les États-Unis et l'Australie. APT40 mène régulièrement la reconnaissance contre les réseaux d'intérêt, notamment ceux en Allemagne, en Nouvelle-Zélande, en Corée du Sud, au Japon, en Australie, au Royaume-Uni et aux États-Unis.Cela leur permet d'identifier les appareils vulnérables, de fin de vie ou non maintenus sur les réseaux et de déployer rapidement des exploits.APT40 est apte à exploiter les vulnérabilités dès 2017. De plus, l'APT40 est en mesure de profiter rapidement des vulnérabilités nouvellement publiques dans des logiciels communs tels que Log4J ([CVE-2021-44228] (https://security.microsoft.com/Intel-Explorer / Cves / CVE-2021-44228 /)), Atlassian Confluence ([CVE-2021-26084] (https://security.microsoft.com/intel-profiles/cve-2021-26084), et MicrosoftExchange ([CVE-2021-31207] (https: //sip.security.microsoft.com/intel-profiles/cve-2021-31207?tid=72f988bf-86f1-41af-91ab-2d7cd011db47), [cve-2021-34523] (https://security.microsoft.com/intel-expleror/cves://security.microsoft.com/intel-expleror/cves://security.microsoft.com/intel-expleror/cves://security.microsoft.com/intel-expleror/cves:/ CVE-2021-34523 /), [CVE-2021-34473] (https: // security.microsoft.com/intel-profiles/cve-2021-34473)). La CISA et les autres agences de déclaration évaluent que l'APT40 continuera d'exploiter les vulnérabilités nouvellement découvertes dans les heures ou les jours suivant la libération publique. APT40 exploite généralement une infrastructure vulnérable et orientée vers le public plutôt que d'employer des méthodes qui nécessitent une interaction victime, telles que les campagnes de phishing, en outre, le groupe utilise généralement des coquilles Web afin d'établir de la persistance. ## Analyse Microsoft L'acteur Microsoft suit comme [Typhoon Gingham] (https://security.microsoft.com/intel-profiles/a2fc1302354083f4e693158effdbc17987818a2433c04ba1f56f4f603268aab6) est un groupe de chinois à la base de Chine.Le Typhoon Gingham est connu pour cibler principalement les industries maritimes et de la santé, mais a également été observée ciblant un certain nombre de secteurs verticaux de l'industrie, notamment le monde universitaire, le gouvernement, l'aérospatiale / l'aviation, la base industrielle de la défense, la fabrication et le transport.La plupart des organisations ciblées par Typhoon enrichies se trouvent dans la région de la mer de Chine méridionale, mais le groupe cible également les organisations aux États-Unis, en Europe, au Moyen-Orient et en Asie du Sud-Est.Gingham Typoon se concentre généralement sur l'espionnage et le vol de données.Le groupe utilise des logiciels malveillants personnalisés (Moktik, Nuveridap et Fusionblaze), Derusbi et des outils disponibles dans le commerce tels que Cobalt Strike. ## Détections / requêtes de chasse Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: [Backdoor: JS / MOKTIK] (https://www.microsoft.com/en-us/wdsi/Thereats/Malware-encyClopedia-Description?name=bacKDOOR: JS / MOKTIK & AMP; NOFENID = -2147086029) [HackTool: Win32 / Nuveridap] (https://www.microsoft.com/en-us/wdsi/atherets/malWare-SencyClopedia-Description? Name = HackTool: Win32 / Nuveridap & menaceID = -2147276557) [Trojan | Malware Tool Vulnerability Threat Patching Legislation Industrial | APT 40 | ★★★ |
|
2024-07-09 10:00:00 | Construire une solide architecture de défense en profondeur pour la transformation numérique Building a Robust Defense-in-Depth Architecture for Digital Transformation (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Exploring Defense-in-Depth Architecture security strategy for ICS in the digital transformation era. Today\'s businesses are transforming through integrating IT and OT environments, a shift that\'s enhancing efficiency and unlocking new operational capabilities. Key functionalities like remote access and telemetry collection are becoming increasingly central in this digitally integrated landscape. However, this merger also brings heightened cybersecurity risks, exposing sensitive systems to new threats. To address these vulnerabilities, a defense-in-depth architecture approach is vital. This method layers multiple security mechanisms, ensuring robust protection. Each layer is designed to intercept threats, providing a comprehensive shield against complex cyberattacks and fortifying the organization\'s digital backbone. What is Defense-in-Depth Architecture? Defense-in-Depth Architecture is a strategic approach to cybersecurity that employs multiple layers of defense to protect an organization\'s IT and OT environment. This architecture is designed to provide a comprehensive security solution by layering different types of controls and measures. Here are the five layers within this architecture: Layer 1 – Security Management This layer serves as the foundation of the defense-in-depth strategy. It involves the establishment of a cybersecurity program tailored to support the OT environment. This includes program and risk management considerations, guiding the cybersecurity strategy and influencing decisions across all other layers. It\'s essential for organizations to establish a strong security management layer before implementing other layers. Layer 2 – Physical Security Physical security measures aim to prevent accidental or deliberate damage to an organization\'s assets. This layer includes the protection of control systems, equipment, and intellectual property. It encompasses a range of measures like access control, surveillance systems, and physical barriers, ensuring the safety of both the assets and the surrounding environment. Layer 3 – Network Security Building on the foundation of physical security, this layer focuses on protecting network communications within the OT environment. It involves applying principles of network segmentation and isolation, centralizing logging, and implementing measures for malicious code protection. This layer also considers the adoption of zero trust architecture (ZTA), enhancing security by continuously evaluating authorization close to the requested resources. Layer 4 – Hardware Security Hardware security involves embedding protection mechanisms directly into the devices used within an organization. This layer establishes and maintains trust in these devices through technologies like Trusted Platform Modules (TPM) and hardware-based encryption. It ensures the integrity and security of the hardware, forming a crucial part of the overall defense strategy. Layer 5 – Software Security The final layer focuses on the security of software applications and services that support OT. It includes practices such as application allowlisting, regular patching, secure code development, and configuration management. This layer is vital for ensuring that the software used in the organization is resilient against security threats and vulnerabilities. How to Implement Defense-in-Depth Architecture | Ransomware Malware Tool Vulnerability Threat Patching Legislation Mobile Industrial | ★★ | |
 |
2024-07-09 02:33:07 | Le gang APT40 de la Chine est prêt à attaquer les vulns dans les heures ou les jours suivant la libération publique. China\\'s APT40 gang is ready to attack vulns within hours or days of public release. (lien direct) |
Les correctifs laxistes et les petits kit de biz vulnérables facilitent la vie pour les voleurs secrètes de Pékin \\ les organismes d'application de la loi de huit nations, dirigés par l'Australie, ont émis un avis qui détaille le métier utilisé parL'acteur de menace aligné par la Chine APT40 & # 8211;AKA Kryptonite Panda, Typhoon Gingham, Léviathan et Bronze Mohawk & # 8211;et il l'a trouvé privilégie les exploits en développement pour les vulnérabilités nouvellement trouvées et peut les cibler en quelques heures…
Lax patching and vulnerable small biz kit make life easy for Beijing\'s secret-stealers Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours.… |
Vulnerability Threat Patching Legislation | APT 40 | |
 |
2024-07-08 14:00:00 | Enhardi et évolutif: un instantané des cyber-menaces auxquelles l'OTAN est confrontée à l'OTAN Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO (lien direct) |
Written by: John Hultquist
As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges-the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable. In addition to military targets, NATO must consider the risks that hybrid threats like malicious cyber activity pose to hospitals, civil society, and other targets, which could impact resilience in a contingency. The war in Ukraine is undoubtedly linked to escalating cyber threat activity, but many of these threats will continue to grow separately and in parallel. NATO must contend with covert, aggressive malicious cyber actors that are seeking to gather intelligence, preparing to or currently attacking critical infrastructure, and working to undermine the Alliance with elaborate disinformation schemes. In order to protect its customers and clients, Google is closely tracking cyber threats, including those highlighted in this report; however, this is just a glimpse at a much larger and evolving landscape. Cyber Espionage NATO\'s adversaries have long sought to leverage cyber espionage to develop insight into the political, diplomatic, and military disposition of the Alliance and to steal its defense technologies and economic secrets. However, intelligence on the Alliance in the coming months will be of heightened importance. This year\'s summit is a transition period, with the appointment of Mark Rutte as the new Secretary General and a number of adaptations expected to be rolled out to shore up the Alliance\'s defense posture and its long-term support for Ukraine. Successful cyber espionage from threat actors could potentially undermine the Alliance\'s strategic advantage and inform adversary leadership on how to anticipate and counteract NATO\'s initiatives and investments. NATO is targeted by cyber espionage activity from actors around the world with varying capabilities. Many still rely on technically simple but operationally effective methods, like social engineering. Others have evolved and elevated their tradecraft to levels that distinguish themselves as formidable adversaries for even the most experienced defenders. APT29 (ICECAP) Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states. APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and poli |
Ransomware Malware Tool Vulnerability Threat Legislation Medical Cloud Technical | APT 29 APT 28 | ★★★ |
 |
2024-07-08 12:47:52 | La décision de la Cour suprême menace le cadre du règlement de la cybersécurité Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation (lien direct) |
> La réduction de la Doctrine de la Cour suprême aura un effet majeur sur la détermination et l'application de la cyber réglementation aux États-Unis.
>The Supreme Court\'s striking down of the Chevron Doctrine will have a major effect on the determination and enforcement of cyber regulation in the US. |
Legislation | ★★★ | |
 |
2024-07-08 12:06:12 | Comment empêcher l'usurpation par e-mail avec DMARC How to Prevent Email Spoofing with DMARC (lien direct) |
Email-based attacks are the number one attack vector for cybercriminals. These attacks do not always require a high level of technical sophistication to carry out. And because the human factor is involved, there is almost no doubt they will endure as a favored tactic. One way bad actors can greatly increase their chances of a successful attack is when they can make a recipient believe that they are interacting with a person or a brand that they know or trust. “Email spoofing” plays a critical role in helping to create this illusion. In this blog post, we\'ll explain how email spoofing works, why it causes havoc, and how DMARC can protect your business. How bad actors use email spoofing When an attacker uses email spoofing, they are forging the sending address so that the message appears to come from a legitimate company, institution or person. Bad actors use spoofed domains to initiate attacks like phishing, malware and ransomware, and business email compromise (BEC). Here is a closer look at these strategies. Phishing attacks. A bad actor sends a spoofed email, pretending to be from a legitimate source like a bank, government agency or a known company. Their aim is to get the recipient to reveal sensitive information, like login credentials, financial information or personal data. Malware. Spoofed email can contain malicious attachments or links. When a user clicks on them, they trigger the delivery of viruses, ransomware, spyware or other types of malicious software. These tools help attackers to steal data, disrupt operations or take control of systems. Business email compromise (BEC). Many threat actors use spoofed email to trick employees, partners or customers into transferring money or giving up sensitive information. It can be a lucrative endeavor. Consider a recent report from the FBI\'s Internet Crime Complaint Center, which notes that losses from BEC attacks in 2023 alone were about $2.9 billion. Negative effects of email spoofing When an attacker spoofs legitimate domains and uses them in attacks, the negative repercussions for companies can be significant. Imagine if your best customer believed that they were communicating with you, but instead, they were interacting with an attacker and suffered a significant financial loss. Unfortunately, these scenarios play out daily. And they can lead to the following issues, among others. The loss of trust If attackers succeed in their efforts to spoof a company\'s domain and use it to send phishing emails or other malicious communications, recipients may lose trust in that business. When users receive spoofed emails that appear to come from a brand they trust, they may become wary of future communications from that brand. They will lose confidence in the company\'s ability to protect their information. Damage to brand image As noted earlier, a spoofed domain can tarnish a company\'s brand image and reputation. If recipients fall victim to phishing or other scams that involve spoofed domains, they may associate the business or brand with fraudulent or unethical behavior. Financial losses Spoofed domain attacks can result in financial losses for companies in two main ways. Direct financial losses. Such losses can occur when attackers use spoofed domains to carry out fraudulent activities like the theft of sensitive data or unauthorized transactions. Indirect financial losses. These losses take the form of costs associated with attack mitigation. They can stem from incident investigation, the implementation of security improvements, and efforts designed to help repair the company\'s damaged reputation. Customer dissatisfaction Customers who are victims of spoofed domain attacks may experience frustration and anger. They may be motivated to write negative reviews of a company or issue complaints. Certainly, their level of customer satisfaction will take a hit. Over time, repeated incidents of spoofing attacks | Ransomware Spam Malware Tool Threat Legislation Technical | ★★ | |
 |
2024-07-04 16:15:00 | Europol met en garde contre les défis de routage à domicile pour une interception légale Europol Warns of Home Routing Challenges For Lawful Interception (lien direct) |
Les organismes chargés de l'application des lois ne peuvent pas intercepter les communications sans un accord désactivant l'animal de compagnie dans le routage à domicile
Law Enforcement Agencies can\'t intercept communications without an agreement disabling PET in home routing |
Legislation | ★★★ | |
 |
2024-07-04 15:51:48 | Opération Morpheus perturbe 593 serveurs de frappe de cobalt utilisés pour les ransomwares Operation Morpheus Disrupts 593 Cobalt Strike Servers Used for Ransomware (lien direct) |
L'opération mondiale Morpheus démantèle le réseau de grève de Cobalt: les forces de l'ordre suppriment l'infrastructure criminelle utilisée pour les ransomwares et les données & # 8230;
Global Operation Morpheus dismantles Cobalt Strike network: Law enforcement takes down criminal infrastructure used for ransomware and data… |
Ransomware Legislation | ★★★★ | |
 |
2024-07-04 09:29:00 | L'opération de police mondiale ferme 600 serveurs de cybercriminaux liés à la grève de Cobalt Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike (lien direct) |
Une opération coordonnée des forces de l'ordre Codeda nommé Morpheus a perdu près de 600 serveurs qui ont été utilisés par les groupes cybercriminaux et faisaient partie d'une infrastructure d'attaque associée à la grève du cobalt. & Nbsp;
La répression ciblait des versions plus anciennes et non licenciées du cadre d'équipe RED Strike Red entre le 24 et 28 juin, selon Europol.
Des 690 adresses IP qui ont été signalées à
A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged to |
Legislation | ★★★★ | |
 |
2024-07-03 15:24:52 | Strike de Cobalt: l'opération internationale de l'application des lois s'attaque aux utilisations illégales de \\ 'Swiss Army Knife \\' Pentest Tool Cobalt Strike: International law enforcement operation tackles illegal uses of \\'Swiss army knife\\' pentesting tool (lien direct) |
Pas de details / No more details | Tool Legislation | ★★★ | |
 |
2024-07-03 11:52:36 | Journaux malveillants de l'infosaler utilisé pour identifier les membres du site Web de maltraitance des enfants Infostealer malware logs used to identify child abuse website members (lien direct) |
Des milliers de pédophiles qui téléchargent et partagent du matériel d'abus sexuel d'enfants (CSAM) ont été identifiés grâce à des journaux de logiciels malveillants de volée d'informations divulgués sur le Web Dark, mettant en évidence une nouvelle dimension de l'utilisation des informations d'identification volées dans les enquêtes sur l'application de la loi.[...]
Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. [...] |
Malware Legislation | ★★★ | |
|
2024-07-03 08:30:00 | Des dizaines d'arrestations perturbés et euro; 2,5 m de gang de vis Dozens of Arrests Disrupt €2.5m Vishing Gang (lien direct) |
La police a arrêté 54 membres présumés d'un groupe Vishing qui a volé la vie des dizaines de victimes
Police have arrested 54 suspected members of a vishing group who stole the life savings of scores of victims |
Legislation | ★★★ | |
|
2024-07-03 02:49:29 | Meilleures pratiques de cybersécurité pour la conformité des Sox Cybersecurity Best Practices for SOX Compliance (lien direct) |
The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate scandals, such as those involving Enron, WorldCom, and Tyco International, which shook investor confidence and underscored the need for regulatory reforms to prevent corporate fraud and protect investor interests. Compliance with the SOX Act is mandatory for publicly listed companies in the U.S. Failure to comply with SOX...
The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate scandals, such as those involving Enron, WorldCom, and Tyco International, which shook investor confidence and underscored the need for regulatory reforms to prevent corporate fraud and protect investor interests. Compliance with the SOX Act is mandatory for publicly listed companies in the U.S. Failure to comply with SOX... |
Legislation | ★★★ | |
 |
2024-07-02 16:29:14 | Arrestation d\'un pirate informatique : création d\'un ransomware par IA (lien direct) | La police a arrêté un jeune homme de 25 ans pour avoir créé un logiciel malveillant utilisant l'intelligence artificielle (IA).... | Ransomware Legislation | ★★ | |
|
2024-07-02 16:18:05 | Des scientifiques développent une IA pour prédire les crimes des tueurs en série (lien direct) | Police prédictive : comme dans le film de science ficion 'Minority Report', des scientifiques ont entrepris de développer un programme informatique basé sur l'intelligence artificielle (IA) capable de prédire le lieu et l'heure des prochains crimes de tueurs en série.... | Legislation | ★★★ | |
|
2024-07-02 15:43:54 | Arrestation d\'un étudiant pour triche à l\'aide de l\'IA (lien direct) | La police a arrêté un futur étudiant universitaire accusé d'avoir élaboré un plan sophistiqué utilisant l'intelligence artificielle (IA) et des dispositifs cachés pour tricher lors d'un examen.... | Legislation | ★★★ | |
|
2024-07-02 09:59:00 | Australien Chargé pour de fausses arnaques Wi-Fi sur les vols intérieurs Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights (lien direct) |
Un homme australien a été accusé d'avoir géré un faux point d'accès Wi-Fi lors d'un vol intérieur dans le but de voler des informations d'identification et des données des utilisateurs.
L'homme de 42 ans sans nom "prétendument établi de faux points d'accès Wi-Fi gratuits, qui a imité les réseaux légitimes, pour capturer des données personnelles de victimes sans méfiance qui leur ont été connectées", a déclaré la police fédérale australienne (AFP) dans une presse
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press |
Legislation | ★★★ | |
|
2024-07-01 14:28:19 | Australien Chargé pour \\ 'Evil Twin \\' WiFi Attaque sur l'avion Australian charged for \\'Evil Twin\\' WiFi attack on plane (lien direct) |
Un Australien a été inculpé par la police fédérale de l'Australie (AFP) pour avoir prétendument mené une attaque twin \\ 'maléfique \' avec divers vols et aéroports intérieurs à Perth, Melbourne et Adélaïde pour voler d'autres personnes \\ ''S Courriel ou références sur les réseaux sociaux.[...]
An Australian man was charged by Australia\'s Federal Police (AFP) for allegedly conducting an \'evil twin\' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people\'s email or social media credentials. [...] |
Legislation | ★★★ | |
|
2024-07-01 10:00:00 | Arrêt de la police australienne suspecte de fausses arnaques Wi-Fi ciblant les passagers de l'aéroport Australian Police Arrest Suspect in Fake Wi-Fi Scam Targeting Airport Passengers (lien direct) |
Les points d'accès au Wi-Fi twin malélisé ont imité les réseaux légitimes pour capturer des données personnelles de victimes sans méfiance qui leur ont été connectées par erreur
Evil twin Wi-Fi access points mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them |
Legislation | ★★★ | |
|
2024-06-28 15:43:58 | Près de 4 000 arrêts dans la répression de la police mondiale sur les réseaux d'escroquerie en ligne Nearly 4,000 arrested in global police crackdown on online scam networks (lien direct) |
Pas de details / No more details | Legislation | ★★★ | |
|
2024-06-27 18:00:33 | Les perquisitions d'application de la loi de la reconnaissance faciale de Clearview AI ont doublé l'année dernière Law enforcement searches of Clearview AI facial recognition doubled in past year (lien direct) |
Pas de details / No more details | Legislation | ★★★ | |
|
2024-06-27 14:00:00 | Le renouveau mondial du hacktivisme nécessite une vigilance accrue des défenseurs Global Revival of Hacktivism Requires Increased Vigilance from Defenders (lien direct) |
Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario
Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors leveraging hacktivist tactics and techniques. This comes decades after hacktivism first emerged as a form of online activism and several years since many defenders last considered hacktivism to be a serious threat. However, this new generation of hacktivism has grown to encompass a more complex and often impactful fusion of tactics different actors leverage for their specific objectives. Today\'s hacktivists exhibit increased capabilities in both intrusion and information operations demonstrated by a range of activities such as executing massive disruptive attacks, compromising networks to leak information, conducting information operations, and even tampering with physical world processes. They have leveraged their skills to gain notoriety and reputation, promote political ideologies, and actively support the strategic interests of nation-states. The anonymity provided by hacktivist personas coupled with the range of objectives supported by hacktivist tactics have made them a top choice for both state and non-state actors seeking to exert influence through the cyber domain. This blog post presents Mandiant\'s analysis of the hacktivism threat landscape, and provides analytical tools to understand and assess the level of risk posed by these groups. Based on years of experience tracking hacktivist actors, their claims, and attacks, our insight is meant to help organizations understand and prioritize meaningful threat activity against their own networks and equities. 
Figure 1: Sample of imagery used by hacktivists to promote their threat activity
Proactive Monitoring of Hacktivist Threats Necessary for Defenders to Anticipate Cyberattacks
Mandiant considers activity to be hacktivism when actors claim to or conduct attacks with the publicly stated intent of engaging in political or social activism. The large scale of hacktivism\'s resurgence presents a critical challenge to defenders who need to proactively sift through the noise and assess the risk posed by a multitude of actors with ranging degrees of sophistication. While in many cases hacktivist activity represents a marginal threat, in the most significant hacktivist operations Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnified the others. In some cases, hacktivist tactics have been deliberately employed by nation-state actors to support hybrid operations that can seriously harm victims. As the volume and complexity of activity grows and new actors leverage hacktivist tactics, defenders must determine how to filter, assess, and neutralize a range of novel and evolving threats. The proactive moni |
Malware Tool Threat Legislation Industrial Cloud Commercial | APT 38 | ★★★ |
 |
2024-06-27 13:16:13 | Souciation du certificat numérique Soutenir - Défixation du certificat de configuration Sustaining Digital Certificate Security - Entrust Certificate Distrust (lien direct) |
Posted by Chrome Root Program, Chrome Security Team The Chrome Security Team prioritizes the security and privacy of Chrome\'s users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don\'t go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement. Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner. In response to the above concerns and to preserve the integrity of the Web PKI ecosystem, Chrome will take the following actions. Upcoming change in Chrome 127 and higher: TLS server authentication certificates validating to the following Entrust roots whose earliest Signed Certificate Timestamp (SCT) is dated after October 31, 2024, will no longer be trusted by default. CN=Entrust Root Certification Authority - EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust, Inc. - for authorized use only,O=Entrust, Inc.,C=US CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust, Inc. - for authorized use only,O=Entrust, Inc.,C=US CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust, Inc.,O=Entrust, Inc.,C=US CN=Entrust Root Certification Authority - G4,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust, Inc. - for authorized use only,O=Entrust, Inc.,C=US CN=AffirmTrust Comm | Legislation Mobile Commercial | ★★★ | |
 |
2024-06-27 10:13:20 | Selon une étude publiée par Sophos, 76 % des entreprises ont amélioré leur cybersécurité dans le but de souscrire à une police de cyberassurance (lien direct) | Selon une étude publiée par Sophos, 76 % des entreprises ont amélioré leur cybersécurité dans le but de souscrire à une police de cyberassurance En cas d'attaque, le coût de récupération est supérieur au montant de l'indemnisation - Investigations | Legislation | ★★★ | |
 |
2024-06-26 21:25:08 | La loi fédérale sur la vie privée fait face à de nouveaux obstacles avant le balisage Federal privacy law faces new hurdles ahead of markup (lien direct) |
> Les groupes d'entreprises et les militants des droits civiques ont soulevé des objections à la dernière version de la législation, en raison de la considération des comités jeudi.
>Business groups and civil rights activists have raised objections to the latest version of the legislation, due for committee consideration Thursday. |
Legislation | ★★★ | |
 |
2024-06-26 12:11:03 | US House Bill cherche à évaluer les opérations manuelles des infrastructures critiques pendant les cyberattaques US House bill seeks to assess manual operations of critical infrastructure during cyber attacks (lien direct) |
La législation bipartite a été introduite à la Chambre des représentants des États-Unis qui vise à établir un rapport public ...
Bipartisan legislation has been introduced in the U.S. House of Representatives that aims to establish a public report... |
Legislation | ★★★ | |
|
2024-06-26 03:09:20 | Défendre de l'or: protéger les Jeux olympiques de 2024 contre les cyber-menaces Defending Gold: Protecting the 2024 Olympics from Cyber Threats (lien direct) |
À l'approche des Jeux Olympiques de 2024, les organisateurs intensifient les mesures de cybersécurité en réponse aux avertissements d'experts et d'organismes d'application de la loi sur une augmentation probable des cyberattaques.Les Jeux, qui devraient commencer le 26 juillet de cette année, devraient vendre plus de 13 millions de billets et attirer plus de 15 millions de visiteurs à Paris, générant environ 11 milliards d'euros d'activité économique.Les grands événements attirent également une mauvaise attention et parce que les cybercriminels sont comme les pickpockets, toujours en suivant la foule, cet afflux massif de commerce et de données fait de l'événement une cible attrayante pour ...
As the 2024 Olympic Games in Paris approach, organizers are intensifying cybersecurity measures in response to warnings from experts and law enforcement agencies about a likely surge in cyberattacks. The Games, set to start on 26 July this year, are projected to sell over 13 million tickets and attract more than 15 million visitors to Paris, generating around 11 billion euros in economic activity. Big Events Attract Bad Attention, Too And because cybercriminals are like pickpockets, always following the crowds, this massive influx of commerce and data makes the event an attractive target for... |
Legislation | ★★★ | |
|
2024-06-25 15:01:17 | La police française a fermé le site Web de chat insulté en tant que \\ 'den de prédateurs \\' French police shut down chat website reviled as \\'den of predators\\' (lien direct) |
Pas de details / No more details | Legislation | ★★★ | |
|
2024-06-25 10:33:00 | Wikileaks \\ 'Julian Assange libéré de la prison du Royaume-Uni, se dirige vers l'Australie Wikileaks\\' Julian Assange Released from U.K. Prison, Heads to Australia (lien direct) |
Le fondateur de WikiLeaks, Julian Assange, a été libéré au Royaume-Uni et a quitté le pays après avoir purgé plus de cinq ans dans une prison de sécurité maximale à Belmarsh pour ce qui a été décrit par le gouvernement américain comme le "plus grand compromis des informations classifiées de l'histoire" de lapays.
Caping d'une saga juridique de 14 ans, Assange, 52
WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information in the history" of the country. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to |
Legislation | ★★★ | |
|
2024-06-25 08:45:14 | Piratage : mourir ou être jugé ! (lien direct) | Les pirates informatiques arrêtés en Russie ont désormais un choix proposé par la police : partir sur le front ukrainien ou être jugé pour leurs actions numériques malveillantes.... | Legislation | ★★★ | |
|
2024-06-25 07:56:44 | Une policière assassinée après un contrat passé sur le darknet ! (lien direct) | Le fondateur d'un groupe de "hackers de billets" condamné à 14 ans de prison. L'enquêtrice sur cette affaire victime d'un "meurtre commandité sur le darknet".... | Legislation | ★★★ | |
|
2024-06-21 16:35:24 | La cyber police française carbure au super (lien direct) | Plusieurs opérations d'envergures menées par les services de l'Office anti-cybercriminalité et de l'Office central de répression de la grande délinquance financière a démantelé un réseau d'escrocs à l'origine de plusieurs faux sites de vente en ligne et de pirates basés à l'étranger.... | Legislation | ★★★ | |
|
2024-06-21 16:18:10 | Un ancien employé garde ses accès et efface les données de son ex patron (lien direct) | Un ancien employé informatique condamné à 2 ans de prison pour avoir effacé 180 serveurs virtuels.... | Legislation | ★★★ | |
|
2024-06-20 17:03:25 | Les opérateurs d'infrastructures critiques \ `` La résilience obtiendrait une évaluation fédérale dans le cadre d'un nouveau projet de loi Critical infrastructure operators\\' resilience would get federal assessment under new bill (lien direct) |
> La législation de la Chambre bipartite appelle la CISA et la FEMA à rendre compte de la façon dont les opérateurs gèrent le passage en mode manuel pendant les cyber-incidents.
>The bipartisan House legislation calls on CISA and FEMA to report on how operators handle the switch to manual mode during cyber incidents. |
Legislation | ★★★ | |
|
2024-06-20 13:30:00 | Lockbit le plus éminent acteur de ransomware en mai 2024 LockBit Most Prominent Ransomware Actor in May 2024 (lien direct) |
Le groupe Ransomware Lockbit a renvoyé le pli pour lancer 176 attaques en mai 2024 à la suite d'un démontage des forces de l'ordre, le groupe NCC a trouvé
The LockBit ransomware group returned the fold to launch 176 attacks in May 2024 following a law enforcement takedown, NCC Group found |
Ransomware Legislation | ★★ | |
|
2024-06-19 17:38:39 | Les membres du groupe de cybercriminalité vil ViLe Cybercrime Group Members Plead Guilty to Hacking DEA Portal (lien direct) |
Les pirates "Vile" ont éclaté!Deux hommes plaident coupables d'avoir enfreint un portail fédéral d'application de la loi.Découvrez les dangers de la cybercriminalité, du doxxing et de la façon dont les autorités travaillent pour lutter contre ces menaces.Cette affaire met en évidence l'importance de la cybersécurité pour l'application des lois et les conséquences pour les criminels en ligne.
"ViLe" Hackers Busted! Two men plead guilty to breaching a federal law enforcement portal. Learn about the dangers of cybercrime, doxxing, and how authorities are working to combat these threats. This case highlights the importance of cybersecurity for law enforcement and the consequences for online criminals. |
Legislation | ★★ | |
|
2024-06-19 16:30:33 | Un Américain jugé pour un achat de 100 dollars sur Genesis Market (lien direct) | Il achète pour 105 dollars de contenus illicites dans un blackmarket dans le darkweb. Il risque 10 ans de prison !... | Legislation | ★★★ | |
 |
2024-06-19 15:37:48 | Europol : le minage est utilisé pour le blanchiment de revenus illicites (lien direct) | Selon les données récentes fournies par Europol, le service de police de l'Union européenne, les criminels exploitent les opérations de minage de cryptomonnaies pour dissimuler l'origine de leurs revenus illicites. | Legislation | ★★★ | |
|
2024-06-18 16:41:56 | Le ransomware de la combinaison noire divulgue les données de la police de Kansas City dans un tracé de rançon raté BlackSuit Ransomware Leaks Kansas City Police Data in Failed Ransom Plot (lien direct) |
Le ransomware de la combinaison noire, connu sous le nom de changement de marque du gang de ransomwares continu, a divulgué une mine de données de la police de Kansas City, y compris des dossiers de preuves, des dossiers d'enquête, des téléphones de scène de crime et bien plus encore, après que le ministère a refusé de payer la rançon.
BlackSuit Ransomware, known as the rebrand of the Conti ransomware gang, has leaked a trove of Kansas City Police data, including evidence records, investigation files, crime scene phones, and much more, after the department refused to pay the ransom. |
Ransomware Legislation | ★★★ | |
|
2024-06-18 13:08:00 | La police de Singapour extradite les Malaisiens liés à la fraude malveillante Android Singapore Police Extradites Malaysians Linked to Android Malware Fraud (lien direct) |
Les forces de police de Singapour (SPF) ont annoncé l'extradition de deux hommes de Malaisie pour leur implication présumée dans une campagne de logiciels malveillants mobile ciblant les citoyens du pays depuis juin 2023.
Les individus anonymes, âgés de 26 et 47 ans, se sont engagés dans des escroqueries qui ont incité les utilisateurs sans méfiance à télécharger des applications malveillantes sur leurs appareils Android via des campagnes de phishing dans le but de voler
The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing |
Malware Legislation Mobile | ★★★ | |
|
2024-06-18 11:42:15 | L'Estonie condamne le professeur russe à six ans de prison pour espionnage Estonia sentences Russian professor to six years in prison for espionage (lien direct) |
Pas de details / No more details | Legislation | ★★ | |
 |
2024-06-17 21:19:28 | Un boss d'araignée dispersé à l'Espagne à bord d'un vol vers l'Italie Scattered Spider Boss Cuffed in Spain Boarding a Flight to Italy (lien direct) |
Accusé d'avoir piraté plus de 45 entreprises aux États-Unis, un Britannique de 22 ans a été arrêté par la police espagnole et a été jugé de plus de 27 millions de dollars en Bitcoin.
Accused of hacking into more than 45 companies in the US, a 22-year-old British man was arrested by Spanish police and found to be in control of more than $27 million in Bitcoin. |
Legislation | ★★ | |
|
2024-06-17 18:19:52 | Les suspects du marché de l'Empire sont potentiellement risqués pour la prison à vie pour 430 millions de dollars de ventes Web sombres Empire Market suspects potentially face life in prison for $430 million in dark web sales (lien direct) |
Pas de details / No more details | Legislation | ★★ | |
|
2024-06-17 10:00:00 | Battre la chaleur et les cyber-menaces cet été Beat the Heat and Cyber Threats This Summer (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summer is a time for relaxation, travel, and spending quality moments with family and friends. However, it is also peak season for cybercriminals who exploit the vulnerabilities that arise during this period. Cyberattacks surge during the summer holiday season as businesses and individuals let their guard down. Many companies operate with reduced staff as employees take time off, leaving fewer eyes on critical systems and security measures. Cybersecurity teams, often stretched thin, may not be able to respond as swiftly to threats. Additionally, individuals on vacation might be more inclined to use unsecured networks, fall for enticing travel deals, or overlook phishing attempts amidst their holiday activities. The importance of staying vigilant and informed about common summer scams cannot be overstated. By understanding these threats and taking proactive steps to protect ourselves, we can enjoy our summer holidays without falling victim to these opportunistic attacks. The Surge in Summer Cyberattacks Summer sees a marked increase in cyberattacks, with statistics indicating a significant rise in incidents during this period. For instance, in June alone, cyberattacks globally surged by an alarming 60%. This increase can be attributed to several factors that make the summer season particularly attractive to cybercriminals. One primary reason is the reduction in staff across businesses as employees take their vacations. This often results in Security Operations Centers (SOCs) operating with minimal personnel, reducing the ability to monitor and respond to threats effectively. Additionally, with key cybersecurity professionals out of the office, the remaining team may struggle to maintain the same level of protection. Increased travel also plays an important role. Individuals on vacation are more likely to use unsecured networks, such as public Wi-Fi in airports, hotels, and cafes, which can expose them to cyber threats. Moreover, the general relaxation mindset that accompanies holiday activities often leads to a decrease in caution, making individuals more susceptible to scams and phishing attacks. The impact of this surge in cyberattacks is significant for both individuals and businesses. For individuals, it can mean the loss of personal information and financial assets. For businesses, these attacks can lead to data breaches, financial losses, and reputational damage. Therefore, it is crucial to remain vigilant and take preventive measures during the summer season to mitigate these risks. How to Recognize and Avoid Seasonal Cyber Threats As summer rolls around, cybercriminals ramp up their efforts to expose the relaxed and often less vigilant attitudes of individuals and businesses. Here are some of the most prevalent scams to watch out for during the summer season. Fake Travel Deals One of the most common summer scams involves fake travel deals. Cybercriminals create enticing offers for vacation packages, flights, and accommodations that seem too good to be true. These offers are often promoted through fake websites, social media ads, and phishing emails. Once victims enter their personal and financial information to book these deals, they quickly realize that the offers were fraudulent, and their information is compromised, leading to issues such as identity theft. | Malware Tool Vulnerability Threat Legislation | ★★ | |
|
2024-06-17 03:19:20 | Une plongée profonde dans Sellinux A Deep Dive into SELinux (lien direct) |
Linux amélioré par la sécurité (Selinux), initialement connu pour sa complexité perçue dans la configuration et la maintenance, est devenu une architecture de sécurité indispensable dans la plupart des distributions Linux.Il permet aux administrateurs de contrôler finement les actions autorisées aux utilisateurs, aux processus et aux démons du système, renforçant ainsi la défense contre les violations de sécurité potentielles.Grâce à l'application de paramètres de sécurité précis, SELINUX fonctionne dans le noyau pour partitionner les politiques de sécurité et superviser leur mise en œuvre, accordant aux administrateurs une autorité accrue sur le système ...
Security-Enhanced Linux (SELinux), initially known for its perceived complexity in configuration and maintenance, has evolved into an indispensable security architecture across most Linux distributions. It empowers administrators to finely control the actions permitted to individual users, processes, and system daemons, thereby bolstering defense against potential security breaches. Through the enforcement of precise security parameters, SELinux functions within the kernel to partition security policies and oversee their implementation, granting administrators heightened authority over system... |
Legislation | ★★★ | |
|
2024-06-16 10:01:00 | Hacker au Royaume-Uni lié à un groupe d'araignée dispersé notoire arrêté en Espagne U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain (lien direct) |
Les autorités chargées de l'application des lois auraient arrêté un membre clé du célèbre groupe de cybercriminalité appelé Sported Spider.
L'individu, un homme de 22 ans du Royaume-Uni, a été arrêté cette semaine dans la ville espagnole de Palma de Majorque alors qu'il tentait de monter à bord d'un vol vers l'Italie.Cette décision serait un effort conjoint entre le Federal Bureau of Investigation (FBI) et le
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the |
Legislation | ★★★ | |
|
2024-06-14 14:03:41 | La police européenne s'attaque à l'État islamique et aux sites Web de propagande et de recrutement d'al-Qaida European police tackle Islamic State and al-Qaida propaganda and recruitment websites (lien direct) |
Pas de details / No more details | Legislation | ★★ | |
|
2024-06-14 13:57:18 | L'effort de vision répandu usurpe l'identité du personnel de la CISA Widespread Vishing Effort Impersonates CISA Staff (lien direct) |
L'agence de cybersécurité a émis un avertissement de ne pas accepter de demandes de paiement et d'alerter les forces de l'ordre ou la CISA après avoir été contactée.
The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted. |
Legislation | ★★ |
To see everything:
