What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-24 11:00:16 | La menace cachée des attaquants Phantom sur Github par Stargazers Ghost Network The Hidden Menace of Phantom Attackers on GitHub by Stargazers Ghost Network (lien direct) |
> Résumé des clés jamais vu avant la découverte: Check Point Research a découvert le Stargazers Ghost Network, une opération sophistiquée des comptes fantômes sur GitHub distribuant des logiciels malveillants via des référentiels de phishing, marquant la première fois qu'une telle opération a été identifiée sur cette plate-forme.Impact significatif des utilisateurs: Les référentiels malveillants ciblent un large éventail d'utilisateurs, y compris les amateurs de médias sociaux, les joueurs et les détenteurs de crypto-monnaie, qui pourraient éventuellement être exploités dans des attaques de conséquences graves telles que les infections des ransomwares, les informations d'identification et les portefeuilles de crypto-monnaie compromis.Implications communautaires plus larges: le modèle de distribution en tant que service (DAAS) du réseau fournit une plate-forme pour d'autres acteurs de menace, impactant [& # 8230;]
>Key Summary Never Seen Before Discovery: Check Point Research has uncovered the Stargazers Ghost Network, a sophisticated operation of ghost accounts on GitHub distributing malware through phishing repositories, marking the first time such an operation has been identified on this platform. Significant User Impact: The malicious repositories target a wide range of users, including social media enthusiasts, gamers, and cryptocurrency holders, which could possibly be leveraged in attacks of severe consequences such as ransomware infections, stolen credentials, and compromised cryptocurrency wallets. Broader Community Implications: The network’s Distribution as a Service (DaaS) model provides a platform for other threat actors, impacting […] |
Ransomware Malware Threat | ★★★ | |
 |
2024-07-24 10:15:00 | Les pirates nord-coréens ont ciblé la société de cybersécurité Knowbe4 avec un faux travailleur informatique North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker (lien direct) |
KnowBe4 a révélé qu'il avait été dupé dans l'embauche d'un faux travailleur informatique de la Corée du Nord, ce qui a entraîné une tentative d'activité de menace d'initiés
KnowBe4 revealed it was duped into hiring a fake IT worker from North Korea resulting in attempted insider threat activity |
Threat | ★★★ | |
 |
2024-07-24 10:00:00 | Navigation du champ de mines: cybersécurité pour les organisations à but non lucratif Navigating the Minefield: Cybersecurity for Non-Profit Organizations (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity threats cast an ominous shadow over organizations across all sectors. While the world often associates these risks with profit-driven businesses, non-profit organizations are equally vulnerable targets. And the stakes are alarmingly high. Recent data shows that about 6 cyber-attacks happen every 4 minutes and attacks like the 2022 one on the International Committee of the Red Cross (ICRC) send shivers across non-profits. To make things even worse, limited resources and backup resources mean a successful breach could prove catastrophic. Hence, non-profit cybersecurity is a particularly important issue. Understanding the Cybersecurity Risks for Nonprofits Non-profit organizations face unique cybersecurity risks that stem from their distinct operational models and resource constraints. They frequently handle sensitive information, including donor and beneficiary details, which makes them attractive targets for cybercriminals. Another significant factor is the general lack of robust cybersecurity measures within many nonprofit organizations. In fact, data shows that more than 84% of nonprofit organizations don’t have a cybersecurity plan. This makes them a prime target for many malicious players. Additionally, many nonprofit organizations struggle to allocate sufficient resources to cybersecurity due to limited budgets and competing priorities. Much like the security of small business savings accounts suffers from lower budgets, non-profits are also prone to thinking reactively, instead of taking a proactive stance towards their own cyber fortress. For example, some non-profits don’t have the resources to invest in identity theft protection, cybersecurity consultancy, and even pen-testing tools to use in-house. Cybercriminals are well aware of this vulnerability and are increasingly targeting nonprofits. Some charity organizations also often underestimate their risk level, falsely believing they are unlikely targets for cyberattacks. This complacency can lead to a lack of preparedness and awareness, further increasing their vulnerability. Common Cybersecurity Risks for Nonprofits There are many types of cyber threats and attacks that affect non-profit organizations. Here are some of the most common: Data Breaches Nonprofits are goldmines when it comes to data. A data breach typically occurs when cybercriminals exploit vulnerabilities in an organization’s cybersecurity defenses. This could be through hacking efforts, phishing scams, or even physical access to insecure storage locations. There have even been cases of scammers presenting themselves as SAP consultants, requiring n | Ransomware Data Breach Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-07-24 08:08:52 | Émulant et détection Emulating and Detecting Scattered Spider-like Attacks (lien direct) |
> Écrit par Mitigant (Kennedy Torkura) et Sekoia.io Detection and Research (TDR) Team (Erwan Chevalier et Guillaume Couchard).Introduction Les entreprises utilisent de plus en plus des infrastructures cloud pour profiter de ses avantages sous-jacents.Contrairement aux centres de données traditionnels, les infrastructures cloud offrent une agilité commerciale à un coût moins cher.Par conséquent, plusieurs organisations migrent les charges de travail vers le cloud.Cependant, [& # 8230;]
la publication Suivante émulant et détection des attaques de type araignée dispersées EstArticle de l'ONU de blog Sekoia.io .
>Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard). Introduction Enterprises are increasingly using cloud infrastructure to take advantage of its underlying benefits. Unlike traditional data centres, cloud infrastructure affords business agility at a cheaper cost. Consequently, several organisations are migrating workloads to the cloud. However, […] La publication suivante Emulating and Detecting Scattered Spider-like Attacks est un article de Sekoia.io Blog. |
Threat Cloud | ★★★ | |
 |
2024-07-24 07:31:39 | Proofpoint a nommé un leader global dans la compasse du leadership Kuppingercole 2023 pour la prévention des fuites de données Proofpoint Named an Overall Leader in the 2023 KuppingerCole Leadership Compass for Data Leakage Prevention (lien direct) |
Data leakage or loss prevention solutions are more relevant than ever. Research for the 2024 Data Loss Landscape Report from Proofpoint found that 85% of companies experienced one or more data loss incidents in the past year. The risk of data loss is increasing as more businesses embrace digital transformation, remote work, cloud computing and generative AI tools. Meanwhile, the number of data protection regulations continues to grow. At Proofpoint, we understand what it takes for companies to defend their data against these risks and navigate compliance challenges. And we are proud to announce that our Proofpoint Information Protection solution has been recognized by KuppingerCole Analysts AG, a major industry analyst firm. Here are just some of the reasons why Proofpoint stands out. Proofpoint receives top marks across all categories In the firm\'s report, KuppingerCole Leadership Compass for Data Leakage Prevention, Proofpoint Information Protection received “strong positive” or “positive” ratings in all categories, including: Security Functionality Deployment Interoperability Usability Here is what analysts said about Proofpoint Information Protection-and what makes it stand apart from the competition. “Proofpoint Information Protection is a mature and comprehensive DLP solution based on a cloud-native platform that focuses on user identity and how that identity interacts with sensitive data to guard against insider threats and prevent data loss across email, on-prem, and cloud-based applications as well as providing support for compliance with data protection regulations.” KuppingerCole positioned Proofpoint as a leader in all evaluation categories as well, which include product, technology, innovation and market. The report also highlighted several key findings and trends. Demand is rising for DLP solutions, including from small businesses as they face much of the same cyberthreats and compliance requirements that larger enterprises face Differentiators for DLP solutions include coverage across various data channels, ease of use, insider threat protection and incident support Innovation in the DLP space is focused on cloud DLP, user experience enhancement, and the use of AI and machine learning (ML) technologies While DLP solutions are traditionally on-premises, new cloud-based offerings allow for faster updates and scalability as well as managed services that cater to businesses that lack in-house security expertise Effective DLP solutions should support policy management, integration with existing security systems and compliance with data protection regulations; other capabilities include mobile workforce security, cloud data security and AI-driven anomaly detection The DLP market is expected to increase the use of AI and ML for data classification What makes Proofpoint stand out Here is a closer look at how we can help you to defend your data and modernize your DLP program. Identify sensitive data with accuracy and ensure compliance Our prebuilt DLP policies let you jumpstart your DLP program. It doesn\'t matter if you are a large enterprise or a small business. By combining our out-of-box data identifiers, Proofpoint-maintained dictionaries and AI-based classifiers, you can accurately detect sensitive content, including: Personally identifiable information (PII) Protected health information (PHI) and payment card industry (PCI) data Source code and other business critical documents You can enforce flexible data controls across email, cloud and endpoints, including managed and bring-your-own devices. This ensures you can easily meet compliance requirements. It also helps you prevent careless users from leaking sensitive content to generative AI sites. Defend data against careless and malicious insiders Proofpoint takes a human-centric | Tool Threat Mobile Cloud | ★★★ | |
 |
2024-07-24 00:55:09 | Intelbroker répertorie les données de crypto Europol présumées en ligne IntelBroker lists alleged Europol crypto data online (lien direct) |
## Instantané
Intelbroker, un infâme leaker et cyber-criminel, a énuméré des "documents liés à la crypto" appartenant à Europol sur BreachForums.
## Description
L'acteur de menace prétend avoir divulgué une petite quantité de données de l'environnement EPE d'Europol \\, y compris les fichiers "pour un usage officiel" (FOUO), les PDF et les documents de reconnaissance et de directives.La violation peut avoir compromis des informations personnelles telles que les noms, les adresses e-mail et les données commerciales confidentielles de divers organismes d'application de la loi.Europol a confirmé l'incident et enquête, déclarant qu'aucune donnée opérationnelle d'Europol n'a été compromise.Cet incident suit la prétention précédente d'Intelbroker \\ pour voler des "fichiers et documents critiques" de la plate-forme EPE d'Europol \\ en mai, affectant diverses agences d'Europol, notamment CCSE, crypto-monnaies & # 8211;EC3, Space & # 8211;EC3, formulaire d'application de la loi et Sirius.
### Analyse supplémentaire
Selon [les chercheurs en sécurité de Mphasis] (https://www.mphasis.com/content/dam/mphasis-com/global/en/home/services/cybersesecurity/june-21-12-the-intelbroker-data-leak-Arthat-Actor.pdf), Intelbroker est connu pour violer les organisations de haut niveau dans divers secteurs, notamment le gouvernement, les télécommunications, l'automobile et la technologie.Connu pour avoir fonctionné le ransomware d'endurance, Intelbroker a revendiqué la responsabilité de nombreuses attaques contre des entités telles que Autotrader, Volvo, AT&T et Verizon.En tant que courtier en renseignement, Intelbroker vend des données volées sur les forums souterrains et utilise souvent des ransomwares d'endurance, un malware C # conçu pour écraser et supprimer des fichiers.Selon [Socradar] (https://socradar.io/dark-web-profile-intelbroker/), Intelbroker a attiré une attention importante à la fin de 2022 et au début de 2023, avec des violations notables, notamment le service d'épicerie Weee, Europol et Hilton Hotels.En juin 2024, Intelbroker prétend avoir obtenu le code source interne de trois outils Apple couramment utilisés et publié les données d'AMD \\ à vendre, alléguant que le compromis comprenait les futurs produits AMD, les fiches de spécification et les informations sur les employés, selon [CyberNews] (https://cybernews.com/security/thereat-actor-intelbroker-claids-apple-amd/).
Bien que toutes les violations ne puissent pas être vérifiées dans la même mesure, de nombreux incidents causés par Intelbroker ont été confirmés.
## Les références
[Intelbroker énumère les données de crypto Europol présumées en ligne] (https://www.cyberdaily.au/security/10793-intelbroker-lists-alled-europol-crypto-data-online).Cyberdaily.au (consulté en 2024-07-23)
## Droits d'auteur
**&copie;Microsoft 2024 **.Tous droits réservés.La reproduction ou la distribution du contenu de ce site, ou de toute partie de celle-ci, sans l'autorisation écrite de Microsoft est interdite.
## Snapshot IntelBroker, an infamous leaker and cyber criminal, has listed "crypto-related documents" belonging to Europol on BreachForums. ## Description The threat actor claims to have leaked a small amount of data from Europol\'s EPE environment, including "For Official Use Only" (FOUO) files, PDFs, and documents for reconnaissance and guidelines. The breach may have compromised personal information such as names, email addresses, and confidential business data from various law enforcement agencies. Europol has confirmed the incident and is investigating, stating that no operational data from Europol has been compromised. This incident follows IntelBroker\'s previous claim of stealing "critical files and documents" from Europol\'s EPE platform in May, affecting various Europol agencies including CCSE, cryptocurrencies – EC3, Space – EC3, Law Enforcement Form, and SIRIUS. ### Additional Analysis According |
Ransomware Malware Tool Threat Legislation | ★★★ | |
|
2024-07-23 20:53:33 | (Déjà vu) UAC-0063 Attaque des institutions de recherche en Ukraine: Hatvibe + Cherryspy + CVE-2024-23692 UAC-0063 attacks research institutions in Ukraine: HATVIBE + CHERRYSPY + CVE-2024-23692 (lien direct) |
#### Targeted Geolocations - Ukraine ## Snapshot The Computer Emergency Response Team of Ukraine (CERT-UA) released reporting on an attack by UAC-0063 against a research institution in Ukraine perpetrated in July 2024. ## Description The attackers accessed an employee\'s email account and sent a compromised email with a macro-embedded document to multiple recipients. When opened, this document created and executed another document and scheduled a task to run the HATVIBE malware. The attackers then used remote control to download a Python interpreter and the CHERRYSPY malware to the victim\'s computer. UAC-0063, linked to the Russian APT28 group, was also detected using a similar attack vector in Armenia. In June 2024, the group exploited a vulnerability in the HFS HTTP File Server ([CVE-2024-23692](https://security.microsoft.com/intel-explorer/cves/CVE-2024-23692/)) to install the HATVIBE backdoor, demonstrating their use of varied initial compromise methods. The attack succeeded due to the institution\'s lack of two-factor authentication, admin privileges for user accounts, and insufficient security policies to block macros and specific executables. ## Additional Analysis Both CHERRYSPY and HATVIBE have previously been used by UAC-0063 to target Ukranian organizations. [In April 2023](https://cert.gov.ua/article/4697016?fbclid=IwAR1B5gj0v-Ve9Q5299ydM5lrInLuKVmvPRosQkUucq6YzcjuTgVnM_x3LjQ), the threat group sent spear-phishing emails to government organizations in Ukraine, likely from the previously compromised email of the Embassy of Tajikistan. ## Recommendations Microsoft recommends the implementation multifactor authentication (MFA) to reduce the impact of this threat and mitigate credential theft from phishing attacks. MFA can be complemented with the following solutions and best practices to protect organizations: - Activate [conditional access](https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview?ocid=magicti_ta_learndoc) policies. Conditional access policies are evaluated and enforced every time an attacker attempts to use a stolen session cookie. Organizations can protect themselves from attacks that leverage stolen credentials by activating policies regarding compliant devices or trusted IP address requirements. - Configure [continuous access evaluation](https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc) in your tenant. - Invest in advanced anti-phishing solutions that monitor incoming emails and visited websites. [Microsoft Defender for Office 365](https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-security-center-mdo?ocid=magicti_ta_learndoc) brings together incident and alert management across email, devices, and identities, centralizing investigations for threats in email. Organizations can also leverage web browsers that automatically identify and block malicious websites, including those used in this phishing campaign. To build resilience against phishing attacks in general, organizations can use [anti-phishing policies](https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-policies-about?view=o365-worldwide) to enable mailbox intelligence settings, as well as configure impersonation protection settings for specific messages and sender domains. Enabling [SafeLinks](https://learn.microsoft.com/en-us/defender-office-365/safe-links-about?view=o365-worldwide) ensures real-time protection by scanning at time of delivery and at time of click. - Monitor for suspicious or anomalous activities, and search for sign-in attempts with suspicious characteristics (for example location, internet service provider \[ISP\], user agent, and use of anonymizer services). Activity can be identified and investigated with [Microsoft Defender for Identity](https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-security-center-mdi?ocid=magicti_ta_learndoc), which contributes identity-focus | Malware Vulnerability Threat | APT 28 | ★★★ |
 |
2024-07-23 19:44:26 | L'acteur de menace distribue le voleur d'informations basé sur Python à l'aide d'un faux leurre de mise à jour du capteur Falcon Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure (lien direct) |
Résumé Le 23 juillet 2024, Crowdsstrike Intelligence a identifié un fichier zip malveillant contenant un voleur d'informations basé sur Python maintenant suivi comme Connecio.Un acteur de menace a distribué ce fichier quelques jours après la mise à jour du contenu unique du 19 juillet pour le capteur Falcon de CrowdStrike \\ - qui a eu un impact sur les systèmes d'exploitation Windows - a été identifié et un correctif a été déployé.Le [& # 8230;]
Summary On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike\'s Falcon sensor - which impacted Windows operating systems - was identified and a fix was deployed. The […] |
Threat | ||
 |
2024-07-23 18:41:55 | Les 250 millions de joueurs de Hamster Kombat \\ ciblés dans des attaques de logiciels malveillants Hamster Kombat\\'s 250 million players targeted in malware attacks (lien direct) |
Les acteurs de la menace profitent de la popularité massive du jeu Hamster Kombat, ciblant les joueurs avec de faux logiciels Android et Windows qui installent des logiciels espions et des logiciels malveillants de volée.[...]
Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...] |
Malware Threat Mobile | ★★★ | |
 |
2024-07-23 18:38:42 | Protéger contre la menace malveillante ics de Frostygoop avec les bases de la cybersécurité OT Protect Against the FrostyGoop ICS Malware Threat with OT Cybersecurity Basics (lien direct) |
> Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ...
Le post protéger contre la menace malveillante ics de glaçage avec les bases de la cybersécurité est apparu pour la première fois sur dragos .
>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Protect Against the FrostyGoop ICS Malware Threat with OT Cybersecurity Basics first appeared on Dragos. |
Malware Threat Industrial | ★★★★ | |
|
2024-07-23 17:58:57 | Daggerfly: Espionage Group fait une mise à jour majeure de l'ensemble d'outils Daggerfly: Espionage Group Makes Major Update to Toolset (lien direct) |
#### Géolocations ciblées - Taïwan ## Instantané Le groupe d'espionnage poignardé, également connu sous le nom de panda évasif ou de bronze, a considérablement amélioré son ensemble d'outils, introduisant de nouvelles versions de logiciels malveillants probablement en réponse à l'exposition de variantes plus anciennes. ## Description Cette boîte à outils mise à jour a été récemment déployée dans des attaques contre des organisations à Taïwan et une ONG américaine basée en Chine, suggérant des activités d'espionnage internes.Dans ces attaques, Daggerfly a exploité une vulnérabilité dans un serveur HTTP Apache pour livrer leur malware MGBOT. Arsenal mis à jour de Daggerfly \\ comprend une nouvelle famille de logiciels malveillants basée sur leur framework MGBOT et une nouvelle version de la porte arrière MacMA MacOS.La recherche de Symantec \\ relie Macma, précédemment d'une paternité inconnue, à Daggerfly.[MACMA] (https://security.microsoft.com/intel-explorer/articles/4b21b84f) est une porte dérobée modulaire avec des fonctionnalités comme l'empreinte digitale de l'appareil, l'exécution de la commande et le keylogging.Les variantes récentes affichent un développement continu avec des mises à jour telles que la nouvelle logique pour la liste des systèmes de fichiers et la journalisation de débogage supplémentaire. Symantec a également découvert une nouvelle porte dérobée Windows nommée Suzafk (également connue sous le nom de nuit), développée en utilisant la même bibliothèque partagée que MGBOT et MACMA.Suzafk peut utiliser TCP ou OneDrive pour la commande et le contrôle et comprend des fonctionnalités telles que le réglage de la persistance via des tâches planifiées et la détection des machines virtuelles. Les vastes mises à jour et nouveaux outils mettent en évidence la capacité de Daggerfly \\ pour cibler plusieurs systèmes d'exploitation, y compris Windows, MacOS, Linux, Android et Solaris.La capacité du groupe \\ à s'adapter et à améliorer rapidement son ensemble d'outils après l'exposition souligne leurs ressources sophistiquées et leurs efforts d'espionnage persistants. ## Détections / requêtes de chasse ### Microsoft Defender Antivirus Microsoft Defender Antivirus les composants de menace suivants comme malware: - [Trojan: macOS / macma] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=trojan:macos/macma.b) - [Backdoor: macOS / MacMA] (https://www.microsoft.com/en-us/wdsi/Thereats/Malware-encyClopedia-Description?name=backdoor:MacOS / macma) - [Trojan: Linux / Multiverze] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojan:linux/Multiverze) - [Trojan: macOS / Multiverze] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-Description? Name = Trojan: macOS / Multiverze) ## Recommandations Microsoft recommande les atténuations suivantes pour réduire l'impact de cette menace. - Allumez [Protection en livraison du cloud] (https://learn.microsoft.com/en-us/defender-endpoint/linux-preférences) dans Microsoft Defender Antivirus ou l'équivalent de votre produit antivirus pour couvrir rapidement les outils d'attaquant en évolution et et et les outils d'attaquant en évolution rapide ettechniques.Les protections d'apprentissage automatique basées sur le cloud bloquent la majorité des menaces nouvelles et inconnues. - Exécuter [EDR en mode bloc] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=Magicti_TA_LearnDoc)Le défenseur du point final peut bloquer les artefacts malveillants, même lorsque votre antivirus non microsoft ne détecte pas la menace ou lorsque Microsoft Defender Antivirus fonctionne en mode passif.EDR en mode bloc fonctionne dans les coulisses pour corriger les artefacts malveillants qui sont détectés post-abri. - Autoriser [Investigation and Remediation] (https://learn.m | Ransomware Malware Tool Vulnerability Threat Mobile | ★★★ | |
 |
2024-07-23 17:58:00 | Les pirates chinois ciblent Taiwan et les ONG américaines avec des logiciels malveillants MGBOT Chinese Hackers Target Taiwan and US NGO with MgBot Malware (lien direct) |
Les organisations de Taïwan et une organisation non gouvernementale américaine (ONG) basée en Chine ont été ciblées par un groupe de piratage parrainé par l'État affilié à Pékin appelé Daggerfly à l'aide d'un ensemble amélioré d'outils de logiciels malveillants.
La campagne est un signe que le groupe "s'engage également dans l'espionnage interne", a déclaré aujourd'hui un nouveau rapport publié aujourd'hui."Dans l'attaque de
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec\'s Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on |
Malware Tool Threat | ★★★ | |
 |
2024-07-23 16:21:16 | Les attaquants exploitent \\ 'Evilvideo \\' Telegram Zero-Day pour cacher des logiciels malveillants Attackers Exploit \\'EvilVideo\\' Telegram Zero-Day to Hide Malware (lien direct) |
Un exploit vendu sur un forum souterrain nécessite une action des utilisateurs pour télécharger une charge utile malveillante non spécifiée.
An exploit sold on an underground forum requires user action to download an unspecified malicious payload. |
Malware Vulnerability Threat | ★★★ | |
|
2024-07-23 15:42:00 | Sites Magento ciblés avec un skimmer de carte de crédit sournois via des fichiers d'échange Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files (lien direct) |
Les acteurs de la menace ont été observés à l'aide de fichiers d'échange dans des sites Web compromis pour cacher un skimmer de carte de crédit persistant et récolter les informations de paiement.
La technique sournoise, observée par SUCURI sur une page de caisse de Magento E-Commerce Site \\, a permis aux logiciels malveillants de survivre à plusieurs tentatives de nettoyage, a indiqué la société.
L'écumateur est conçu pour capturer toutes les données dans le formulaire de carte de crédit sur le
Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site\'s checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the |
Malware Threat | ★★★ | |
|
2024-07-23 15:24:41 | BreachForums v1 Hacking Forum Data Donak Expose les membres \\ 'Info BreachForums v1 hacking forum data leak exposes members\\' info (lien direct) |
Les informations sur les membres privés du forum de piratage de BreachForums V1 à partir de 2022 ont été divulguées en ligne, permettant aux acteurs et aux chercheurs de menacer de mieux comprendre ses utilisateurs.[...]
The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...] |
Threat | ★★★ | |
 |
2024-07-23 15:15:12 | Les cybercrooks émettent des problèmes avec les domaines de la typosquat au milieu de la crise de la crowdsstrike Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis (lien direct) |
La dernière tendance suit diverses campagnes de logiciels malveillants qui ont commencé quelques heures seulement après sa calamité Des milliers de domaines de typosquat sont désormais inscrits pour exploiter le désespoir des administrateurs informatiques qui ont encore du mal à se remettre de la semaine dernière de la semaine de la semaine dernière \\., les chercheurs disent.… | Malware Threat Prediction | ★★★ | |
|
2024-07-23 14:33:00 | Institutions ukrainiennes ciblées à l'aide de Hatvibe et de logiciels malveillants Cherryspy Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware (lien direct) |
L'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA) a alerté une campagne de phistes de lance ciblant une institution de recherche scientifique dans le pays avec des logiciels malveillants connus sous le nom de Hatvibe et Cherryspy.
L'agence a attribué l'attaque à un acteur de menace qu'il suit sous le nom de l'UAC-0063, qui était précédemment observé ciblant diverses entités gouvernementales pour recueillir des informations sensibles en utilisant
The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using |
Malware Threat | ★★★ | |
 |
2024-07-23 14:00:00 | De quelle voix est-ce de toute façon?Vocation à propulsion Ai pour les attaques de vision de nouvelle génération Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks (lien direct) |
Written by: Emily Astranova, Pascal Issa
Executive Summary AI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers have leveraged voice cloning and deepfakes to steal over HK$200 million from an organization. Attackers can use AI-powered voice cloning in various phases of the attack lifecycle, including initial access, and lateral movement and privilege escalation. Mandiant\'s Red Team uses AI-powered voice spoofing to test defenses, demonstrating the effectiveness of this increasingly sophisticated attack technique. Organizations can take steps to defend against this threat by educating employees, and using source verification such as code words. Introduction Last year, Mandiant published a blog post on threat actor use of generative AI, exploring how attackers were using generative AI (gen AI) in phishing campaigns and information operations (IO), notably to craft more convincing content such as images and videos. We also shared insights into attackers\' use of large language models (LLMs) to develop malware. In the post, we emphasized that while attackers are interested in gen AI, use has remained relatively limited. This post continues on that initial research, diving into some new AI tactics, techniques, and procedures (TTPs) and trends. We take a look at AI-powered voice spoofing, demonstrate how Mandiant red teams use it to test defenses, and provide security considerations to help stay ahead of the threat. Growing AI-Powered Voice Spoofing Threat Gone are the days of robotic scammers with barely decipherable scripts. AI-powered voice cloning can now mimic human speech with uncanny precision, injecting a potent dose of realism into phishing schemes. We are reading more stories on this threat in the news, such as the scammers that reportedly stole over HK$200 million from a company using voice cloning and deepfakes, and now the Mandiant Red Team has incorporated these TTPs when testing defenses. Brief Overview of Vishing Unlike its traditionally email-based counterpart, vishing (voice phishing) uses a voice-based approach. Rather than sending out an email with the hopes of garnering clicks, threat actors will instead place phone calls directly to individuals in order to earn trust and manipulate emotions, often by creating a sense of urgency. |
Malware Tool Vulnerability Threat Studies Mobile Cloud Technical | ★★★ | |
 |
2024-07-23 13:00:00 | Zimperium est nommé leader dans le Forrester Wave ™ pour MTD Zimperium is Named a Leader in the Forrester Wave™ for MTD (lien direct) |
> Nous sommes ravis de partager que Zimperium a été nommé chef de file dans le Forrester Wave ™: Mobile Threat Defence Solutions, Q3 2024.
>We are excited to share that Zimperium has been named a Leader in The Forrester Wave ™ : Mobile Threat Defense Solutions, Q3 2024. |
Threat Mobile Commercial | ★★ | |
 |
2024-07-23 12:00:07 | La suite de protection des utilisateurs sécurise contre les tendances d'attaque des ransomwares TALOS TOP TALOS User Protection Suite Secures Against Talos Top Ransomware Attack Trends (lien direct) |
Découvrez le premier épisode de Talo \\ de Talos Threat Perspective et comment la suite de protection des utilisateurs de Cisco \\ peut fournir une approche en couches de la sécurité. 
Discover Talo\'s first episode of Talos Threat Perspective and how Cisco\'s User Protection Suite can provide a layered approach to security.  |
Ransomware Threat | ★★ | |
 |
2024-07-23 11:43:09 | Naviguer dans le cyber paysage: comprendre l'intelligence des menaces Navigating the Cyber Landscape: Understanding Threat Intelligence (lien direct) |
Dans le monde numérique d'aujourd'hui, la cybersécurité est une préoccupation majeure pour les organisations de toutes tailles.À mesure que notre dépendance à l'égard de la technologie augmente, les risques associés aux cyber-menaces.De nombreuses organisations se tournent vers les renseignements sur les menaces en tant que composante essentielle de leur stratégie de sécurité pour relever ces défis.Cet article explique l'intelligence des menaces dans claire et simple [...]
In today’s digital world, cybersecurity is a top concern for organizations of all sizes. As our reliance on technology grows, so do the risks associated with cyber threats. Many organizations are turning to threat intelligence as a critical component of their security strategy to address these challenges. This article explains threat intelligence in clear, straightforward [...] |
Threat | ★★★ | |
 |
2024-07-23 11:21:00 | Symantec expose le jeu d'outils mis à jour Daggerfly au milieu des activités d'espionnage sur les plateformes mondiales Symantec exposes Daggerfly updated toolset amidst espionage activities across global platforms (lien direct) |
L'équipe Symantec Threat Hunter a rapporté mardi des mises à jour significatives de l'ensemble d'outils du groupe d'espionnage Daggerfly ...
The Symantec Threat Hunter Team reported on Tuesday significant updates to the toolset of the espionage group Daggerfly... |
Threat | ★★ | |
 |
2024-07-23 11:00:48 | CISA Issues AVERTISSEMENT: La panne de crowdsstrike peut entraîner des attaques de phishing et de logiciels malveillants CISA Issues Warning: CrowdStrike Outage May Lead to Phishing and Malware Attacks (lien direct) |
> L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a émis une alerte urgente concernant la récente panne de crowdsstrike, avertissant que les acteurs malveillants exploitent activement la situation pour mener le phishing et d'autres cyberattaques.Les principaux avertissements cisa de la CISA ont souligné plusieurs points critiques dans leur alerte: les acteurs de la menace profitent de la panne de crowdsstrike pour malveillance [& # 8230;]
Le post CISA Problèmes d'avertissement: la panne de crowdsstrike peut êtreConduire à des attaques de phishing et de logiciels malveillants C'est apparu pour la première fois sur slashnext .
>The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the recent CrowdStrike outage, warning that malicious actors are actively exploiting the situation to conduct phishing and other cyber attacks. CISA’s Key Warnings CISA emphasized several critical points in their alert: Threat actors are taking advantage of the CrowdStrike outage for malicious […] The post CISA Issues Warning: CrowdStrike Outage May Lead to Phishing and Malware Attacks first appeared on SlashNext. |
Malware Threat | ★★★ | |
 |
2024-07-23 10:40:35 | Télégramme de la livraison de logiciels malveillants activés par télégramme Telegram Zero-Day Enabled Malware Delivery (lien direct) |
> La vulnérabilité de l'ultervideo zéro-jour dans le télégramme pour Android a permis aux acteurs de menace d'envoyer des fichiers malveillants déguisés en vidéos.
>The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos. |
Malware Vulnerability Threat Mobile | ★★★ | |
 |
2024-07-23 10:34:25 | Escalade des privilèges: démêler une nouvelle technique de cyber-attaque Privilege escalation: unravelling a novel cyber-attack technique (lien direct) |
Les cybercriminels sont notoirement implacables et impitoyables dans leur quête pour exploiter les vulnérabilités à travers des tactiques en constante évolution.Les organisations peuvent croire que leurs cadres de sécurité sont robustes, mais lorsqu'ils sont confrontés à des méthodes d'attaque sans précédent, personne n'est entièrement à l'abri de l'infiltration.Plus tôt cette année, une société d'agriculture multinationale a appris cela à la dure lorsqu'elle a été victime de [& # 8230;]
Le post Escalade du privilège: démêler un nouveauTechnique de cyber-attaque est apparue pour la première fois sur gourou de la sécurité informatique .
Cyber criminals are notoriously relentless and unforgiving in their quest to exploit vulnerabilities through ever-evolving tactics. Organisations may believe that their security frameworks are robust, but when confronted with unprecedented attack methods, nobody is entirely immune to infiltration. Earlier this year, a multinational agriculture company learnt this the hard way when they fell victim to […] The post Privilege escalation: unravelling a novel cyber-attack technique first appeared on IT Security Guru. |
Vulnerability Threat | ★★★ | |
|
2024-07-23 10:00:00 | Ce que les prestataires de soins de santé devraient faire après une violation de données médicales What Healthcare Providers Should Do After A Medical Data Breach (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Healthcare data breaches are on the rise, with a total of 809 data violation cases across the industry in 2023, up from 343 in 2022. The cost of these breaches also soared to $10.93 million last year, an increase of over 53% over the past three years, IBM’s 2023 Cost of a Data Breach report reveals. But data breaches aren’t just expensive, they also harm patient privacy, damage organizational reputation, and erode patient trust in healthcare providers. As data breaches are now largely a matter of “when” not “if”, it’s important to devise a solid data breach response plan. By acting fast to prevent further damage and data loss, you can restore operations as quickly as possible with minimal harm done. Contain the Breach Once a breach has been detected, you need to act fast to contain it, so it doesn’t spread. That means disconnecting the affected system from the network, but not turning it off altogether as your forensic team still needs to investigate the situation. Simply unplug the network cable from the router to disconnect it from the internet. If your antivirus scanner has found malware or a virus on the system, quarantine it, so it can be analyzed later. Keep the firewall settings as they are and save all firewall and security logs. You can also take screenshots if needed. It’s also smart to change all access control login details. Strong complex passwords are a basic cybersecurity feature difficult for hackers and software to crack. It’s still important to record old passwords for future investigation. Also, remember to deactivate less-important accounts. Document the Breach You then need to document the breach, so forensic investigators can find out what caused it, as well as recommend accurate next steps to secure the network now and prevent future breaches. So, in your report, explain how you came to hear of the breach and relay exactly what was stated in the notification (including the date and time you were notified). Also, document every step you took in response to the breach. This includes the date and time you disconnected systems from the network and changed account credentials and passwords. If you use artificial intelligence (AI) tools, you’ll also need to consider whether they played a role in the breach, and document this if so. For example, ChatGPT, a popular chatbot and virtual assistant, can successfully exploit zero-day security vulnerabilities 87% of the time, a recent study by researchers at the University of Illinois Urbana-Champaign found. Although AI is increasingly used in healthcare to automate tasks, manage patient data, and even make tailored care recommendations, it does pose a serious risk to patient data integrity despite the other benefits it provides. So, assess whether AI influenced your breach at all, so your organization can make changes as needed to better prevent data breaches in the future. Report the Breach Although your first instinct may be to keep the breach under wraps, you’re actually legally required to report it. Under the | Data Breach Malware Tool Vulnerability Threat Studies Medical | ChatGPT | ★★★ |
|
2024-07-23 09:00:45 | Les logiciels malveillants de Frostygoop ont arrêté la chaleur à 600 immeubles d'appartements ukrainiens FrostyGoop malware shut off heat to 600 Ukraine apartment buildings (lien direct) |
d'abord méchant pour exploiter les modbus pour visser avec des appareils technologiques opérationnels un logiciel malveillant auparavant invisible, surnommé Frostygoop, capable de perturber les processus industriels a été utilisé dans une cyberattaque contre une entreprise d'énergie de district en Ukraine Last Northern Hiver,résultant en deux jours sans chaleur pour des centaines de personnes à des températures inférieures à zéro…
First nasty to exploit Modbus to screw with operational tech devices A previously unseen malware, dubbed FrostyGoop, able to disrupt industrial processes was used in a cyberattack against a district energy company in Ukraine last northern winter, resulting in two days without heat for hundreds of people during sub-zero temperatures.… |
Malware Threat Industrial | ★★★ | |
|
2024-07-23 08:01:46 | Dévoiler l'arnaque: comment les fraudeurs abusent des protocoles de blockchain légitimes pour voler votre portefeuille de crypto-monnaie Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet (lien direct) |
> Le système d'Intel Blockchain du point de contrôle a identifié et alerté que ces derniers temps, les fraudeurs ont évolué pour devenir de plus en plus sophistiqué, exploitant des protocoles légitimes de blockchain pour mener leurs escroqueries.Le protocole uniswap, lancé en 2018, est l'échange décentralisé le plus grand et le plus populaire pour l'échange de jetons de crypto-monnaie sur Ethereum et d'autres blockchains populaires, verrouillant plus de 1,8 $ [& # 8230;]
>Check Point\'s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens on Ethereum and other popular blockchains, locking over $1.8 […] |
Threat | ★★★ | |
|
2024-07-23 06:00:00 | ProofPoint ouvre la voie à la protection des personnes et à la défense des données avec un quartier central Proofpoint Leads the Way in Protecting People and Defending Data with a Pivotal Quarter (lien direct) |
Throughout my interactions with customers and prospects, CISOs unanimously point to one constant in the cybersecurity equation: the human element. Now research backs up this anecdotal top note: our 2024 Voice of the CISO report1 published in May found that 74% of CISOs rank human-centric cyber risks as their top concern. Proofpoint\'s human-centric security platform is the only modern security architecture that takes a comprehensive, adaptive, and effective approach to protect against the three critical human risks impacting organizations-human-targeted threats, data loss and human error. We are very pleased with Q2, continuing to drive strong business momentum, delivering first-to-market innovations and expanding our ecosystem partnerships. Business Momentum for Proofpoint Continues in Q2 Our ability to solve our customers\' most complex problems drove strong results in the second quarter of 2024, with notable highlights including: Revenues and Annual Recurring Revenue (ARR) up in the mid-teens. Over 500 new enterprise organizations are entrusting Proofpoint as their cybersecurity partner of choice in Q2 2024. Record business growth in information protection and insider risk management, clearly establishing Proofpoint as the leader in the market. Continued market validation of our offerings with a healthy customer retention rate of 92%. Market-first innovations: Redefining Email Security and Enabling Information Protection for AI This year\'s RSA Conference saw Proofpoint take to the stage to showcase why we are the undisputed leader in human-centric cybersecurity, with our AI-driven innovations recognized as “The 20 Coolest Cybersecurity Products At RSAC 2024” and “The 10 Hot AI Cybersecurity Tools At RSAC 2024”. We unveiled market-first innovations on two fronts. First, by delivering a single solution to protect against every type of threat, every time, every way a user may encounter it, using every form of detection with complete, adaptive, end-to-end protection across the entire email delivery chain-combining pre-delivery, click time, and post-delivery detection. Second, by announcing the general availability of Data Loss Prevention (DLP) Transform, making responsible Generative AI use a reality for our customers by modernizing DLP with our cross-channel capabilities so that CISOs can now embrace ChatGPT, co-pilots and other AI tools while preventing the exposure of IP. The Cybersecurity Revolution: Integration is Key With a cyber threat landscape that is forever evolving in sophistication and complexity, CISOs and CIOs are looking to consolidate their security architecture to span across multiple channels, infrastructures and people. Our “Better Together” strategy is to offer a unified human-centric security platform that integrates with other key solutions in the cyber architecture, namely SASE, EDR, SoC automation (SIEM/SOAR/XDR) and Identity & Access Management. These components of the cybersecurity architecture are powerful on their own, and their effectiveness compounds when they are well integrated. That is why we have partnered with an ecosystem of market-leading cybersecurity vendors-including Palo Alto Networks, CrowdStrike, Microsoft, CyberArk, Okta and many more. Our joint customers benefit from a defense-in-depth approach and security operations at scale: what all enterprises need to stay ahead of today\'s threats. Welcoming New Team Members We are delighted to welcome the newest members of our senior leadership team, who will all play a pivotal part in the growth of their respective regions and organizations. Seasoned global marketing leader Elia Mak joins us as SVP, Brand and Global Communications, and cybersecurity veteran George Lee takes the lead in a strategically-important region for Proofpoint as SVP, Asia Pacific & Japan. We also welcome Harry Labana as SVP & GM of archiving, compliance, and digital risk, to further our leadership position in the emerging category of digital communications governance, a key aspect of human-centric security. | Tool Threat Conference | ChatGPT | ★★★ |
|
2024-07-23 05:00:38 | 4 faux visages: comment génai transforme l'ingénierie sociale 4 Fake Faces: How GenAI Is Transforming Social Engineering (lien direct) |
Email is the biggest threat vector. But increasingly, we see the need to include social media, text messaging and voice calls in cybersecurity education. Why? Because generative AI (GenAI) is transforming social engineering and threat actors are using it to fake people or personalities. Attackers can use GenAI to create images, text, audio and video and drive powerful scams to steal personal, financial or sensitive data. They can automate their operations and increase the likelihood of success. And they can scale and distribute attacks through an array of channels, like messaging apps, social media platforms, phone calls and, of course, email. Research for the latest State of the Phish report from Proofpoint found that 58% of people who took a risky action in 2023 believed their behavior put them at risk. That leads us to a critical question: When you receive a message-IM, DM, VM or email-can you be 100% confident that the sender is who they claim to be? Not in a world where attackers use GenAI. In this post, we look at four ways that threat actors use this powerful technology to deceive people. Convincing conversational scams Realistic deepfake content Personalized business email compromise (BEC) attacks Automated fake profiles and posts 1: Convincing conversational scams Threat actors use GenAI to create highly convincing conversational scams that mimic human interactions. Natural language processing (NLP) models help them generate personalized messages. Popular NLP models include recurrent neural network (RNN), transformer-based (like GPT-3) and sequence-to-sequence. While the lures attackers use will vary, they all aim to start a conversation with the recipient and earn their trust. Threat actors might interact with a target for weeks or months to build a relationship with the goal of convincing that person to send money, invest in a fake crypto platform, share financial information or take some other action. How does it work? Threat actors collect large datasets of text-based conversations from sources like social media, messaging apps, chat logs, data breaches and customer service interactions. They use the datasets to train NLP models to understand and generate human-like text based on input prompts. The models learn to recognize patterns, understand context and generate responses that sound natural. Once they have trained an NLP model, threat actors might use the model to generate text-based messages for scamming their targets. The conversations can mimic specific personas or language patterns, or generate responses tailored to common scam scenarios. This makes it hard for people to distinguish between legitimate and fake communications on social platforms like Instagram, messaging apps like WhatsApp and dating websites like Tinder. How Proofpoint can help you address this risk Proofpoint Security Awareness delivers timely educational content about threat trends. This includes a two-week campaign with training like our “Attack Spotlight: Conversational Scams,” which helps users learn to recognize and avoid these scams. 2: Realistic deepfake content Threat actors can use GenAI to create deepfakes that falsely depict people saying or doing things they never did. Attackers use advanced machine learning (ML) models to create highly realistic fake content that resembles a person\'s appearance, voice or mannerisms. How does it work? Threat actors will gather a dataset of images, audio recordings or videos that feature the person whose likeness they want to mimic. They use the dataset to train the GenAI model to create fake content like images or videos. The model can evaluate the authenticity of its own content. One popular model is the Generative Adversarial Network (GAN). It can progressively produce more convincing deepfakes by refining and optimizing its methods. For example, it can adjust model parameters, increase the training dat | Tool Vulnerability Threat | ★★★ | |
|
2024-07-22 21:38:04 | RDGAS: Le chapitre suivant des algorithmes de génération de domaine RDGAS: The Next Chapter in Domain Generation Algorithms (lien direct) |
## Instantané
Des chercheurs d'InfoBlox ont publié un rapport plongeant dans la technique émergente des algorithmes de génération de domaines enregistrés (RDGAS), que les acteurs menaçants utilisent pour remodeler le paysage des menaces DNS avec des millions de nouveaux domaines.Le rapport analyse en détail Revolver Rabbit, un acteur de menace notable qui a exploité les RDG dans leur déploiement de Xloader.
## Description
Les RDGA diffèrent des algorithmes de génération de domaines traditionnels (DGA) car l'algorithme et le processus d'enregistrement sont contrôlés par l'acteur de menace, ce qui rend la détection plus difficile.Les RDG sont utilisés pour diverses activités malveillantes, y compris les logiciels malveillants, le phishing et les escroqueries.Ils peuvent prendre de nombreuses formes, des personnages apparemment aléatoires aux mots de dictionnaire structurés, ce qui les rend difficiles à reconnaître sans données DNS à grande échelle et expertise.
Les acteurs de menace, les entreprises criminelles et même les entreprises légitimes utilisent des RDGA.Certains registraires proposent des outils pour générer des variantes de domaine, qui peuvent être utilisées à mauvais escient par les acteurs de la menace.Le terme RDGA a été inventé pour les distinguer des DGA traditionnels, qui génèrent des domaines algorithmiques mais ne les enregistrent généralement pas.
InfoBlox évalue que Revolver Rabbit a enregistré plus de 500 000 domaines sur le domaine de haut niveau.Le motif RDGA Revolver Rabbit utilise est varié, en utilisant souvent des mots dictionnaires suivis d'une chaîne de nombres, ce qui rend le complexe de détection.Au cours de leurs recherches, les domaines de lapin de revolver déterminés InfoBlox étaient utilisés comme des domaines de commande et de contrôle actifs (C2) et de leurreDans [xloader] (https://security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) (formbook) Maleware Samples.
## Détections / requêtes de chasseMicrosoft Defender Antivirus détecte les composants de la menace comme le malware suivant:
- * [Trojandownloader: MSIL / Formbook] (https: // www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:MSIL/FormBook.KAN!MTB&threatId=-2147130651&ocid=magicti_ta_ency) *
## Droits d'auteur
**&copie;Microsoft 2024 **.Tous droits réservés.La reproduction ou la distribution du contenu de ce site, ou de toute partie de celle-ci, sans l'autorisation écrite de Microsoft est interdite.
## Snapshot Researchers at Infoblox released a report delving into the emerging technique of registered domain generation algorithms (RDGAs), which threat actors are using to reshape the DNS threat landscape with millions of new domains. The report further analyzes Revolver Rabbit, a notable threat actor who has leveraged RDGAs in their deployment of Xloader. ## Description RDGAs differ from traditional domain generation algorithms (DGAs) as the algorithm and registration process are controlled by the threat actor, making detection more challenging. RDGAs are used for various malicious activities, including malware, phishing, and scams. They can take many forms, from seemingly random characters to structured dictionary words, making them difficult to recognize without large-scale DNS data and expertise. Threat actors, criminal enterprises, and even legitimate businesses use RDGAs. Some registrars offer tools to generate domain variants, which can be misused by threat actors. The term RDGA was coined to distinguish these from traditional DGAs, which generate domains algorithmically but don\'t typically register them. Infoblox assesses that Revolver Rabbit has registered upwards of 500,000 domains on the .bond top-level domain alone, making them a significant threat actor. The RDGA pattern Revolver Rabbit uses is varied, often using dictionary words followed by a string of num |
Malware Tool Threat | ★★★★ | |
|
2024-07-22 20:20:43 | Fin7 Reboot |Le gang de cybercriminaux améliore les OP avec de nouveaux contournements EDR et des attaques automatisées FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks (lien direct) |
## Instantané Sentinélone a récemment découvert des développements importants concernant le célèbre gang de cybercriminalité FIN7.Le groupe, connu pour ses opérations sophistiquées, a amélioré ses capacités avec de nouvelles techniques de contournement de détection et de réponse (EDR) et de méthodes d'attaque automatisées.Cette évolution souligne la menace continue de Fin7 \\ pour la cybersécurité. Microsoft suit cet acteur de menace comme Sangria Tempest, [en savoir plus ici.] (Https://security.microsoft.com/intel-profiles/3e4a164ad64958b784649928499521808aea4d3565df70afc7c85eae69f74278) ## Description FIN7 est actif depuis au moins 2015, ciblant principalement les institutions financières par le biais de logiciels malveillants de point de vente (POS) et de campagnes de phisces de lance.Récemment, le groupe s'est concentré sur les ransomwares, liant à divers gangs de ransomware, notamment Maze, Ryuk et Darkside. Une révélation pivot de Sentinélone est la connexion entre Fin7 et le [Black Basta] (https://security.microsoft.com/intel-profiles/0146164ed5ffa131074fa7e985f79597d2522865baaa088f25cd80c3d8d726) Ransomware.Black Basta, qui a émergé en avril 2022, a déployé des outils d'évasion EDR personnalisés développés par FIN7.Cette connexion a été établie par la découverte d'adresses IP et de tactiques, de techniques et de procédures (TTP). Un outil notable identifié est «Windefcheck.exe», qui imite l'interface graphique de sécurité Windows, les utilisateurs trompeurs en pensant à leurs systèmes sont sécurisés tout en désactivant les défenses de sécurité en arrière-plan.Cet outil est exclusivement utilisé par Black Basta depuis la mi-2022, mettant en évidence le chevauchement opérationnel entre les deux groupes. De plus, Black Basta a utilisé des techniques sophistiquées telles que l'exploitation des vulnérabilités chez les moteurs légitimes pour échapper à la détection.Par exemple, ils ont utilisé l'exploit de printnightmare et des outils comme AdFind pour l'escalade des privilèges et le mouvement latéral dans les réseaux. Le lien entre Fin7 et Black Basta suggère une collaboration plus profonde ou des ressources partagées, en particulier dans le développement d'outils d'évasion.Ce partenariat améliore la menace posée par ces groupes, car ils peuvent combiner leur expertise pour lancer des cyberattaques plus efficaces et dommageables. ## Détections / requêtes de chasse Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: - [Trojan: win64 / diCeloader] (https://www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description?name=trojan:win64/diceloader.km!mtb) - [BEhavior: Win32 / Basta] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-description?name = comportement: win32 / basta.a) - [Hacktool: win64 / cobaltstrike] (https://www.microsoft.com/en-us/wdsi/therets/malware-senceclopedia-description? name = hacktool: win64 / cobaltstrike) - [Ransom: win32 / basta] (htTPS: //www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description? name = ransom: win32 / basta) - [Trojan: Win32 / Basta] (https: //www.microsoft.com/en-us/wdsi/therets/malware-encyclopedia-description?name=trojan:win32/basta!bv) - [Comportement: win32 / cobaltsstrike] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=behavior:win32/cobaltstrike) - [Backdoor: win64 / cobaltstrike] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=backDoor:win64/CobalTstrike) ## Recommandations Microsoft recommande les atténuations suivantes pour réduire l'impact de cette menace. - Encourager les utilisateurs à utiliser Microsoft Edge et d'autres navigateurs Web qui prennent en charge [Microsoft Defender SmartScreen] (HTTps: //learn.microsoft.com/en-us/deployedge/microsoft-edge-security-smartscreen? ocid = magicti_ta_learndoc), qui identifie et bloque des sites Web mal | Ransomware Malware Tool Vulnerability Threat | ★★★ | |
|
2024-07-22 18:18:55 | Swipe à droite pour les fuites de données: les applications de rencontres exposent l'emplacement, plus Swipe Right for Data Leaks: Dating Apps Expose Location, More (lien direct) |
Des applications comme Tinder, Bumble, Grindr, Badoo, OkCupid, MeetMe et Hinge ont toutes des vulnérabilités d'API qui exposent des données d'utilisateurs sensibles, et six permettent à un acteur de menace de déterminer exactement où quelqu'un est.
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is. |
Vulnerability Threat | ★★★ | |
 |
2024-07-22 18:13:14 | Télégramme zéro-jour pour Android a permis aux fichiers malveillants de se masquer sous forme de vidéos Telegram zero-day for Android allowed malicious files to masquerade as videos (lien direct) |
Pas de details / No more details | Vulnerability Threat Mobile | ★★ | |
|
2024-07-22 18:02:33 | Le marché de la chasse aux menaces d'une valeur de 6,9 milliards de dollars d'ici 2029 Threat Hunting Market Worth $6.9B by 2029 (lien direct) |
Pas de details / No more details | Threat | ★★★ | |
 |
2024-07-22 17:57:53 | Télégramme Android Vulnérabilité «Evilvideo» envoie des logiciels malveillants sous forme de vidéos Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos (lien direct) |
Evilvideo Exploit in Telegram pour Android permet aux attaquants d'envoyer des logiciels malveillants déguisés en vidéos.ESET a découvert cette vulnérabilité zéro-jour, & # 8230;
EvilVideo exploit in Telegram for Android lets attackers send malware disguised as videos. ESET discovered this zero-day vulnerability,… |
Malware Vulnerability Threat Mobile | ★★★ | |
|
2024-07-22 16:15:00 | Jouer au ransomware se développe pour cibler les environnements VMware ESXi Play Ransomware Expands to Target VMWare ESXi Environments (lien direct) |
Trend Micro a également révélé une connexion entre le groupe de ransomware de jeu et l'acteur de menace prolifique Puma
Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma |
Ransomware Threat Prediction | ★★★ | |
|
2024-07-22 15:53:56 | L'acteur de menace utilise un faux manuel de récupération de crowdsstrike pour livrer un voleur non identifié Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer (lien direct) |
Le 22 juillet 2024, Crowdsstrike Intelligence a identifié un document Word contenant des macros qui téléchargent un voleur non identifié maintenant suivi comme Daolpu.Le document imite un manuel de récupération de Microsoft.1 L'analyse initiale suggère que l'activité est probablement criminel.Document de leurre d'analyse technique Le fichier analysé, new_recovery_tool_to_help_with_crowdstrike_issue_impacting_windows.docm (Sha256 Hassi Macros malveillants.[& # 8230;]
On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal. Technical Analysis Lure Document The analyzed file, New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm (SHA256 hash: 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61 ), is a Word document containing malicious macros. […] |
Tool Threat Technical | ||
|
2024-07-22 15:43:33 | Rapport de l'IOCTA 2024: les forces de l'ordre s'occupent des coups majeurs contre les réseaux de ransomware de perturbation de l'UE, IOCTA 2024 report: Law enforcement deals major blows against EU cybercrime, disrupt ransomware networks (lien direct) |
Un nouveau rapport d'Internet Organized Crime Threat Assessment (IOCTA) souligne qu'en 2023, les organismes chargés de l'application des lois sont livrés ...
A new report by Internet Organised Crime Threat Assessment (IOCTA) highlights that in 2023, law enforcement agencies delivered... |
Ransomware Threat Legislation | ★★★ | |
 |
2024-07-22 15:18:35 | Infoblox dévoile Vigorish Viper (lien direct) | Infoblox dévoile Vigorish Viper, une organisation criminelle chinoise en lien avec des sponsors dans le milieu du football européen, le trafic d'êtres humains et une économie de jeux d'argent illégaux équivalant à plusieurs milliards de dollars • Infoblox dévoile Vigorish Viper, une organisation criminelle chinoise qui exploite des technologies avancées pour profiter de l'économie de jeux d'argent illégaux évaluée à 1 700 milliards de dollars. Ce réseau est également impliqué dans des opérations de blanchiment d'argent et de trafic d'êtres humains à travers l'Asie du Sud-Est. • Les recherches révèlent que Vigorish Viper a été au cœur de controverses liées au sponsoring de plusieurs clubs de football européens, notamment des clubs de la Premier League anglaise. • Vigorish Viper a été créé et est contrôlé par le groupe Yabo, une société tristement célèbre et insaisissable liée au trafic d'êtres humains et à des activités de cybercriminalité à grande échelle dans toute l'Asie du Sud-Est. • Grâce à son approche unique des renseignements sur les menaces basées sur la recherche DNS, Infoblox a réussi à découvrir et à exposer le fonctionnement de Vigorish Viper, révélant sa plateforme opérationnelle, ses systèmes de distribution du trafic, ses communications chiffrées et ses applications personnalisées. - Malwares | Threat | ★★★ | |
 |
2024-07-22 15:00:00 | Exploiter le CVE-2024-21412: une campagne de voleur s'est déchaînée Exploiting CVE-2024-21412: A Stealer Campaign Unleashed (lien direct) |
Fortiguard Labs a observé une campagne de voleurs répartissant plusieurs fichiers qui exploitent CVE-2024-21412 pour télécharger des fichiers exécutables malveillants.En savoir plus.
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more. |
Threat | ★★ | |
|
2024-07-22 13:02:14 | 22 juillet & # 8211;Rapport de renseignement sur les menaces 22nd July – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyber recherche pour la semaine du 22 juillet, veuillez télécharger notre bulletin de renseignement sur les menaces.Les principales attaques et violation de l'American Bassett Furniture Industries ont été victimes d'une attaque de ransomware qui a entraîné le chiffrement des fichiers de données et la fermeture de ses installations de fabrication.L'attaque a considérablement perturbé [& # 8230;]
>For the latest discoveries in cyber research for the week of 22nd July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American Bassett Furniture Industries has been a victim of a ransomware attack that resulted in the encryption of data files and the shutdown of its manufacturing facilities. The attack has significantly disrupted […] |
Ransomware Threat | ★★★ | |
|
2024-07-22 10:41:55 | Telegram Zero-Day autorisé à envoyer des APK Android malveillants comme vidéos Telegram zero-day allowed sending malicious Android APKs as videos (lien direct) |
Un télégramme pour la vulnérabilité Android Zero-Day surnommée \\ 'Evilvideo \' a permis aux attaquants de envoyer des charges utiles Android APK malveillantes déguisées en fichiers vidéo.[...]
A Telegram for Android zero-day vulnerability dubbed \'EvilVideo\' allowed attackers to send malicious Android APK payloads disguised as video files. [...] |
Vulnerability Threat Mobile | ★★★ | |
|
2024-07-22 10:33:31 | Faits saillants hebdomadaires, 22 juillet 2024 Weekly OSINT Highlights, 22 July 2024 (lien direct) |
## Instantané La semaine dernière, le rapport OSINT de \\ présente des groupes APT alignés par l'État et des cybercriminels motivés par l'État, tels que les ransomwares APT41 et Akira, exploitant des vulnérabilités zéro-jour et tirant parti des campagnes de phishing pour accéder au premier accès.Les attaques ciblaient principalement des secteurs comme le gouvernement, le monde universitaire et les institutions financières, ainsi que des régions géographiques spécifiques, notamment le Moyen-Orient, l'Amérique du Nord et l'Asie du Sud-Est.De plus, les réseaux sociaux et les menaces basés sur le téléphone étaient proéminents, avec des attaquants utilisant des plates-formes comme WhatsApp et des services cloud, et en tirant parti du contenu généré par l'IA.Les tactiques utilisées par ces acteurs de menace comprenaient l'utilisation d'homoglyphes, de tissage IL, de vulnérabilités de jour zéro et de techniques d'évasion sophistiquées, mettant en évidence la nature en constante évolution des cyber-menaces et la nécessité de mesures de cybersécurité robustes. ## Description 1. [APT41 cible les organisations mondiales] (https://sip.security.microsoft.com/intel-explorer/articles/3ecd0e46): mandiant et google \'s tag ont rapporté des organisations ciblant APT41 en Italie, en Espagne, Taiwan, Thaïlande, Turquie et Royaume-Uni.Le groupe a utilisé des compromis de la chaîne d'approvisionnement, des certificats numériques volés et des outils sophistiqués comme Dustpan et Dusttrap pour exécuter des charges utiles et des données d'exfiltrat. 2. [Play Ransomware cible les environnements VMware ESXi] (https://sip.security.microsoft.com/intel-explorer/articles/2435682e): Trend Micro a découvert une variante lineux de Play Ransomware ciblant les environnements VMware ESXi, marquant la première instance de Playd'une telle attaque.Le ransomware utilise des commandes ESXi spécifiques pour arrêter les machines virtuelles avant le chiffrement, montrant un élargissement potentiel des cibles à traversPlates-formes Linux. 3. [Campagne de Nuget malveillante] (https://sip.security.microsoft.com/intel-explorer/articles/186ac750): REVERSINGLABSLes chercheurs ont trouvé une campagne de Nuget malveillante où les acteurs de la menace ont utilisé des homoglyphes et un tissage pour tromper les développeurs.Ils ont inséré les téléchargeurs obscurcis dans des fichiers binaires PE légitimes et exploité les intégrations MSBuild de NuGet \\ pour exécuter du code malveillant lors des builds de projet. 4. [Attaques DDOS par des groupes hacktivistes russes] (https://sip.security.microsoft.com/intel-explorer/articles/e9fbb909): Des chercheurs de Cyble ont été signalés sur les attaques DDOHacknet, ciblant les sites Web français avant les Jeux olympiques de Paris.Ces groupes d'opération d'influence se concentrent souvent surCibles des membres ukrainiens et de l'OTAN. 5. [AndroxGh0st Maleware cible les applications Laravel] (https://sip.security.microsoft.com/intel-explorer/articles/753Beb5a): les chercheurs de Centre d'orage Internet ont identifié AndroxGh0st, un malware python-scriptCiblage des fichiers .env dans les applications Web Laravel, exploitant les vulnérabilités RCE.Le malware effectue une numérisation de vulnérabilité, déploie des shells Web et exfiltre des données sensibles. 6. [TAG-100 Activités de cyber-espionage] (https://sip.security.microsoft.com/intel-explorer/articles/7df80747): le groupe insikt de Future \\ a enregistré Future \\ découvert TAG-100 \\ s \\ 's Cyber Future.Activités ciblant les organisations gouvernementales, intergouvernementales et du secteur privé dans le monde, probablement pour l'espionnage.Le groupe utilise des outils open source et exploite les vulnérabilités nouvellement publiées dans les appareils orientés Internet. 7. [Dragonbridge Influence Operations] (https://sip.security.microsoft.com/intel-explorer/articles/3e4f73d5): le groupe d'analyse des menaces de Google \\ a été rapporté sur Dragonbridge | Ransomware Malware Tool Vulnerability Threat Mobile Prediction Cloud | APT 41 | ★★★ |
|
2024-07-22 10:00:27 | Les cybercriminels sont (aussi) prêts pour les Jeux Olympiques (lien direct) | Selon une nouvelle étude du FortiGuard Labs, basée sur les renseignements sur les menaces fournis par FortiRecon, les Jeux Olympiques 2024 sont la cible privilégiée des cybercriminels depuis plus d'un an. Alors que les Jeux de Londres en 2012 ont été la cible de 212 millions d'attaques, et ceux de Tokyo en 2020 de 4,4 milliards, la menace pour les Jeux de Paris devrait être encore plus forte. - Investigations | Threat | ★★★ | |
|
2024-07-22 10:00:00 | 4 menaces en ligne «à faible priorité» qui peuvent infliger de graves dommages à la marque 4 “Low-Priority” Online Threats That Can Inflict Serious Brand Damage (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Companies constantly face a multitude of threats online. Understandably, there is no way for them to deal with all of the attacks given their limited resources and the time-consuming nature of continuous threat detection and prevention. As such, some threats are prioritized over others, depending on their urgency. This leads to threats being classified as “low-priority”, especially when it comes to brand protection. Some are even ignored altogether, especially by organizations that do not consider themselves big enough to be targeted by a brand attack. To be clear, these “low-priority” threats are not necessarily petty or negligible attacks. Despite that, most companies pay little to no attention to them because they are perceived to have no serious impact on their economic and reputational well-being. But in reality, brand attacks have been surging in 2024. This article will dive into these threats and explain why companies should think to the contrary and take them more seriously. Website Impersonation Website impersonation attacks used to be primarily aimed at large and well-known organizations, but were not always limited to them. This is because it would take time and resources for malicious actors to create a spoofed version of a brand’s website, therefore making less sense to invest in attacking a relatively unknown and small target. In addition, the impact of a website impersonation attack on a small company would be minuscule if the brand being impersonated is virtually unknown. But this has all changed with the rise of generative AI, making cloning websites considerably faster, easier, and drastically cheaper. As such, organizations today cannot downplay the threat of website impersonation. A 2024 report from Memcyco titled the “State of Digital Impersonation Fraud Resilience” shows that 40% of customers who have become victims of scams that involve website impersonation stop doing business with the brand. This raises the question about company responsibility for their customers and what happens if customers get scammed using a third-party site disguising as their own. For many customers, it doesn’t matter if the business had nothing to do with the emergence of the spoofed site. If they fall for a scam associated with a brand, they are highly likely to walk away. The Memcyco report also says that around two-thirds of enterprises only discover the existence of sites impersonating their brands because of victim incident reports. Customers are frustrated that they serve as the “threat intel” and businesses are clueless about the problem unless customers inform them. To avoid the unwanted consequences of website impersonation, organizations need to implement solutions that do not rely entirely on customer feedback. It is important to have a proactive solution in place that continuously scans the internet for possible impersonation attempts and promptly alerts customers about these fake sites. Fabricated Product Reviews and Ratings The problem of fake product reviews and ratings is mostly addressed with a customer-centric approach. Proposed regulations, like the | Malware Threat | ★★★ | |
|
2024-07-22 09:42:00 | Les cybercriminels exploitent le chaos de la panne de crowdsstrike Cybercriminals Exploit CrowdStrike Outage Chaos (lien direct) |
Les cybercriminels ont lancé des campagnes de phishing censées soutenir les organisations touchées par la panne informatique mondiale, causée par un problème de falcon de Crowdsstrike
Cybercriminals have launched phishing campaigns purporting to support organizations impacted by the global IT outage, caused by a CrowdStrike Falcon issue |
Threat | ★★★ | |
|
2024-07-22 09:03:39 | Crowdsstrike incident les mots de fin de la livraison de logiciels malveillants, de phishing, d'escroqueries CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams (lien direct) |
> La grande panne informatique causée par CrowdStrike est en cours de mise à profit par les acteurs de la menace pour le phishing, les escroqueries et la livraison de logiciels malveillants.
>The major IT outage caused by CrowdStrike is being leveraged by threat actors for phishing, scams, and malware delivery. |
Malware Threat | ★★★ | |
 |
2024-07-22 09:00:00 | Capes maudits: exploiter la vulnérabilité du mal sur le télégramme pour Android Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android (lien direct) |
Les chercheurs de l'ESET ont découvert un télégramme à jour zéro pour l'exploit Android qui permet d'envoyer des fichiers malveillants déguisés en vidéos
ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos |
Vulnerability Threat Mobile | ★★★ | |
|
2024-07-22 06:00:01 | Une perspective de coup de pouce: 3 clés pour aligner les menaces avec les cadres comportementaux A Nudge Perspective: 3 Keys to Align Threats with Behavioral Frameworks (lien direct) |
As the saying goes, “If you fail to plan, then you plan to fail.” In the last few years, there have been a lot of discussions about how nudging is the missing link to fast-tracking behavioral change. The need to drive faster change is understandable with the ever-evolving threat landscape, which changes the skills that your employees need to acquire to help defend the business. Your teams are also constantly changing and growing. This raises an important question: Is it possible for end users to keep up with these changes? We believe so, and we think that nudging is a key part of the solution. In this blog post, we focus on three questions about frameworks that are key to enabling a nudging strategy that drives rapid behavioral change. We also look at a fourth approach that integrates across frameworks, taxonomies and models. Adaptive learning framework: Can the same nudge work for all your users? Threat taxonomy: How should you incorporate threat intelligence into a nudge? The Fogg Behavior Model: Are nudges alone good enough? An integrated model: We explore a business email compromise (BEC) scenario. 1: The adaptive learning framework Let\'s start this discussion with a focus on the information environment. A rigorous cybersecurity education must include content across multiple domains (or topics), where the material is presented in a way that matches the current understanding of the learner. The adaptive learning framework from Proofpoint breaks down cybersecurity into eight foundational domains, two role-based domains focused on security professionals, and four levels of mastery. The adaptive learning framework includes 10 domains and four levels of understanding. The benefit of organizing training content this way is twofold. First, it ensures broad coverage across a range of important cybersecurity topics. Second, it takes the learner\'s background knowledge into account and moves them to a deeper level of understanding. 2: The threat taxonomy Nested within the domains of the adaptive learning framework are specific types of attacks. They are separated into two broad categories: Identified threats, like BEC, which are either tracked by a Proofpoint product or a third-party integration General threats, like tailgating attacks, which are not tracked These threats comprise our threat taxonomy, which is a classification of threats by nature and source. A partial specification of the threat taxonomy from Proofpoint, with a special emphasis on BEC. Specific threats from the taxonomy are associated with training content as metadata. And some content is associated with one or more threats from the taxonomy. Training content associated with threat-driven metadata varies by levels, domains, roles and themes. Each terminal node is an identified threat, which can be described by a set of properties (domain, level, role and theme). By classifying threats systematically, businesses can educate employees effectively on how to recognize and respond to potential risks. Continuous refinement of our taxonomy helps ensure alignment with evolving threat landscapes, empowering companies to mitigate emerging threats proactively. 3: The Fogg Behavior Model The Fogg Behavior Model indicates that behavior is the combination of three factors: motivation, ability and prompts. To understand why an individual took an action (or did not), we need to ask questions in relation to these three factors. Motivation Do they have a high enough level of motivation? Do they care? Do they see it as their responsibility? Ability Does the individual have the ability to take the desired action? Do they have the right skills and knowledge? Prompts Is the environment structured to prompt the individual to engage in the desired behavior? | Tool Threat | ★★★ |
To see everything:
Our RSS (filtrered)
