What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-29 22:17:20 | Mandrake spyware sneaks onto Google Play again, flying under the radar for two years (lien direct) | ## Snapshot Kaspersky analysts found that the Mandrake Android spyware, previously analyzed by Bitdefender in May 2020, resurfaced in April 2024 on Google Play with new evasion techniques and obfuscation layers. ## Description The spyware was distributed through multiple applications, accumulating over 32,000 downloads, and exhibited advanced sandbox evasion, anti-analysis methods, and certificate pinning for C2 communications. The core malicious functionality was concealed within obfuscated native libraries, and the threat actors added [Frida detection](https://www.appdome.com/how-to/mobile-malware-prevention/binary-instrumentation-detection/detecting-frida-and-frida-methods-in-android-ios-apps/) to prevent analysis, checks for rooted devices, and analyst tools. C2 communications were maintained via the native part of the applications, using encrypted certificates, with C2 domains registered in Russia. The malicious applications were available in various countries, with most downloads from Canada, Germany, Italy, Mexico, Spain, Peru, and the United Kingdom. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Only install apps from trusted sources and official stores, like the Google Play Store and Apple App Store. - Never click on unknown links received through ads, SMS messages, emails, or similar untrusted sources. - Use mobile solutions such as [Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-worldwide) on Android to detect malicious applications - Always keep Install unknown apps disabled on the Android device to prevent apps from being installed from unknown sources. - Avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it. These are powerful permissions that are not commonly needed. - If a device is no longer receiving updates, strongly consider replacing it with a new device. ## References [Mandrake spyware sneaks onto Google Play again, flying under the radar for two years](https://securelist.com/mandrake-apps-return-to-google-play/113147/). Kapersky (accessed 2024-07-29) ## Copyright **© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited. | |||
 |
2024-07-29 21:47:00 | Flaw critique dans Acronis Cyber Infrastructure exploitée dans la nature Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild (lien direct) |
La société de cybersécurité Acronis avertit qu'un défaut de sécurité critique désormais réglé impactant son produit de cyber-infrastructure (ACI) a été exploité dans la nature.
La vulnérabilité, suivie sous forme de CVE-2023-45249 (score CVSS: 9.8), concerne un cas d'exécution de code distant qui découle de l'utilisation de mots de passe par défaut.
La faille a un impact sur les versions suivantes d'Acronis Cyber Infrastructure (ACI) -
&
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords. The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) - & |
Vulnerability | ||
 |
2024-07-29 21:36:25 | Cowbell obtient un financement de la série C de 60 millions de dollars auprès de Zurich Insurance Group Cowbell Secures $60 million Series C Funding From Zurich Insurance Group (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 21:31:23 | Lakera Raises $20M Series A to Secure Generative AI Applications (lien direct) | Pas de details / No more details | |||
|
2024-07-29 21:18:35 | Heimdal Security présente son dernier rapport sur les cyberattaques brutes-force Heimdal Security Presents its Latest Report on Brute-Force Cyberattacks (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 20:46:51 | PatchNow: ServiceNow Critical RCE Bugs sous Exploit actif PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit (lien direct) |
Un acteur de menace prétend avoir déjà rassemblé des adresses e-mail et associé des hachages à partir de plus de 110 bases de données de gestion informatique à distance.
One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases. |
Threat | ||
|
2024-07-29 20:27:11 | Microsoft Lowballs CrowdStrike Outage Impact (lien direct) | Microsoft says that its initial estimate of 8.5 million PCs affected was only a subset of the affected number of machines in the crash.
Microsoft says that its initial estimate of 8.5 million PCs affected was only a subset of the affected number of machines in the crash. |
|||
|
2024-07-29 20:27:03 | Fake CrowdStrike fixes target companies with malware, data wipers (lien direct) | ## Snapshot
CrowdStrike\'s recent update glitch has been exploited by threat actors who use phishing emails to deliver data wipers and remote access tools. A campaign targeting BBVA bank customers distributed the Remcos RAT under the guise of a CrowdStrike Hotfix, while the pro-Iranian hacktivist group Handala used similar tactics against Israeli companies. These attacks, stemming from a logic error in a channel file update, have significantly impacted millions of Windows systems across various sectors.
## Description
AnyRun has identified the exploitation of CrowdStrike\'s update issue by threat actors, including phishing emails and malware campaigns targeting organizations with data wipers and remote access tools. Phishing emails have been observed attempting to take advantage of the disruption, with a malware campaign targeting BBVA bank customers offering a fake CrowdStrike Hotfix update that installs the Remcos RAT. The pro-Iranian hacktivist group Handala has also leveraged the situation by sending phishing emails that impersonate CrowdStrike to Israeli companies to distribute the data wiper. Additionally, attackers are distributing a data wiper under the pretense of delivering an update from CrowdStrike, decimating systems by overwriting files with zero bytes and reporting it over Telegram.
The defect in CrowdStrike\'s software update had a massive impact on Windows systems at numerous organizations, making it too good an opportunity for cybercriminals to pass. The cause of the outage was identified as a channel file update to Windows hosts triggering a logic error, leading to a crash. The impact on Windows systems at numerous organizations was significant, with millions of devices affected and disruptions across various sectors.
## Detections/Hunting Queries
Microsoft Defender Antivirus detects threat components as the following malware:
- [Backdoor:JS/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:JS/Remcos)
- [Trojan:Win32/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Remcos)
- [PWS:Win32/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PWS:Win32/Remcos)
- [Backdoor:MSIL/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:MSIL/Remcos)
- [Backdoor:Win32/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Remcos)
- [TrojanDownloader:AutoIt/Remcos](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:AutoIt/Remcos)
- [Trojan:Win32/HijackLoader](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/HijackLoader.AHJ!MTB&threatId=-2147058662)
## References
[Fake CrowdStrike fixes target companies with malware, data wipers.](https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/) Bleeping Computer (accessed 2024-07-22)
[Find Threats Exploiting CrowdStrike Outage with TI Lookup.](https://any.run/cybersecurity-blog/crowdstrike-outage-abuse/?utm_source=twitter&utm_medium=post&utm_campaign=outageabuse&utm_content=blog&utm_term=230724) Any Run (accessed 2024-07-24)
[HijackLoader Updates](https://security.microsoft.com/intel-explorer/articles/8c997d7c). Microsoft (accessed 2024-07-23)
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
## Snapshot CrowdStrike\'s recent update glitch has been exploited by threat actors who use phishing emails to deliver data wipers and remote access tools. A campaign targeting BBVA bank customers distributed the Remcos RAT under the guise of a CrowdStrike Hotfix, while the pro-Iranian hacktivist group Handala used |
Malware Tool Threat | ||
|
2024-07-29 20:15:06 | SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining (lien direct) | ## Snapshot
Wiz researchers identified a threat campaign, referred to as "SeleniumGreed," exploiting a misconfiguration in Selenium Grid, a widely used web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency.
## Description
The attackers leverage the lack of default authentication in Selenium Grid to access app-testing instances, download files, and execute commands. By manipulating the Selenium WebDriver API, threat actors establish a reverse shell, drop a custom XMRig miner, and use compromised Selenium node workloads as intermediate command and control servers (C2) for subsequent infections and mining pool proxies. The campaign targets older versions of Selenium but is also possible on more recent versions, potentially evading detection by targeting less maintained and monitored instances.
## Additional Analysis
[XMRig miner](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/xmrig-malware/) is a popular open-source software designed for mining cryptocurrencies, particularly Monero (XMR). Developed in C++, XMRig is efficient and versatile, supporting various algorithms, mining pools, and running on multiple platforms like Windows, Linux, and macOS. However, it has been widely misused by cybercriminals who deploy it through malware to hijack the computing resources of unsuspecting victims, a practice known as cryptojacking. This unauthorized use of systems significantly degrades performance, increases energy consumption, and can cause hardware damage over time. Due to its frequent abuse in malicious campaigns, XMRig miner has become a focal point in discussions about cybersecurity threats related to resource hijacking and cryptomining.
## References
[SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining](https://www.wiz.io/blog/seleniumgreed-cryptomining-exploit-attack-flow-remediation-steps). Wiz (accessed 2024-07-29)
[XMRig Malware](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/xmrig-malware/). Check Point (accessed 2024-07-29)
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
## Snapshot Wiz researchers identified a threat campaign, referred to as "SeleniumGreed," exploiting a misconfiguration in Selenium Grid, a widely used web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. ## Description The attackers leverage the lack of default authentication in Selenium Grid to access app-testing instances, download files, and execute commands. By manipulating the Selenium WebDriver API, threat actors establish a reverse shell, drop a custom XMRig miner, and use compromised Selenium node workloads as intermediate command and control servers (C2) for subsequent infections and mining pool proxies. The campaign targets older versions of Selenium but is also possible on more recent versions, potentially evading detection by targeting less maintained and monitored instances. ## Additional Analysis [XMRig miner](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/xmrig-malware/) is a popular open-source software designed for mining cryptocurrencies, particularly Monero (XMR). Developed in C++, XMRig is efficient and versatile, supporting various algorithms, mining pools, and running on multiple platforms like Windows, Linux, and macOS. However, it has been widely misused by cybercriminals who deploy it through malware to hijack the computing resources of unsuspecting victims, a practice known as cryptojacking. This unauthorized use of systems significantly degrades performance, increases energy consumption, and can cause hardware damage over time. Due to its frequent abuse in malicious campaigns, XMRig miner has become a focal point in discussions about cybersecurity threats related to resource hijacking and cryp |
Malware Tool Threat | ||
|
2024-07-29 20:07:18 | Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure (lien direct) | ## Snapshot CrowdStrike Intelligence identified a phishing domain which impersonates CrowdStrike and delivers malicious ZIP and RAR files that ultimately executes Lumma Stealer packed with CypherIt. Read more about [Lumma Stealer here.](https://security.microsoft.com/intel-profiles/33933578825488511c30b0728dd3c4f8b5ca20e41c285a56f796eb39f57531ad) ## Description The campaign is likely linked to a June 2024 Lumma Stealer distribution campaign in which a threat actor leveraged advanced social-engineering techniques, such as using spam floods and voice phishing (vishing), to deliver malicious binaries. The MSI loader displays a decoy installation and upon execution, it extracts and executes a self-extracting RAR (SFX) file, plenrco.exe, with the command line plenrco.exe -pqwerty2023 -s1. This extracts another RAR SFX archive file stored in the PE overlay plenrco.exe. The RAR archive contains a Nullsoft Scriptable Install System (NSIS) installer with the filename SymposiumTaiwan.exe. The NSIS installer contains fragments of a legitimate AutoIt executable and a compiled AutoIt script. The NSIS also contains a batch script loader named Open.cmd, which includes useless code to hide the actual functionality. The final payload is RC4-encrypted and LZNT1-compressed, resulting in a Lumma Stealer sample. The decompiled AutoIt script is a CypherIt loader that is heavily obfuscated to hinder static analysis. The loader implements string obfuscation and terminates if certain checks are met, such as specific hostnames or antivirus processes running. The AutoIt loader contains two shellcodes for 32-bit and 64-bit systems that implement the RC4 algorithm to decrypt the final payload, which is also hardcoded within the AutoIt loader. The final payload is a Lumma Stealer executable that contacts the command-and-control (C2) server included in IOCs at the time of analysis. Additionally, the same C2 domain identified in this activity was observed in a recent widespread opportunistic spam flood and voice phishing (vishing) campaign in June 2024. Based on the shared infrastructure between the campaigns and apparent targeting of corporate networks, CrowdStrike Intelligence assesses with moderate confidence that the activity is likely attributable to the same unnamed threat actor. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enable [network protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide?ocid=magicti_ta_learndoc). - Run endpoint detection and response [(EDR) in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Configure [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block- | Spam Tool Threat | ||
|
2024-07-29 18:49:00 | ProofPoint Email Routing Flaw exploité pour envoyer des millions d'e-mails de phishing usurpés Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (lien direct) |
Un acteur de menace inconnue a été lié à une campagne d'arnaque massive qui a exploité une mauvaise configuration de la routage des e-mails dans les défenses du fournisseur de sécurité par courrier électronique \\ pour envoyer des millions de messages usurpant diverses entreprises légitimes.
"Ces e-mails ont fait écho à partir des relais de messagerie de point de preuve officiel avec des signatures SPF et DKIM authentifiées, contournant ainsi les principales protections de sécurité - tout cela à tromper
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint\'s defenses to send millions of messages spoofing various legitimate companies. "These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections - all to deceive |
Threat | ||
 |
2024-07-29 18:29:08 | Android spyware \'Mandrake\' hidden in apps on Google Play since 2022 (lien direct) | A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [...] | |||
 |
2024-07-29 18:12:42 | Le projet de loi sur le Sénat bipartisan promouvoirait les programmes d'apprentissage de la cybersécurité Bipartisan Senate bill would promote cybersecurity apprenticeship programs (lien direct) |
> La législation vise à développer le cyber-travail dans le cadre d'un programme de subventions géré par le Département du travail pour les apprentis.
>The legislation aims to grow the cyber workforce under a Department of Labor-managed grants program for apprentices. |
Legislation | ||
|
2024-07-29 18:04:05 | \\ 'Zeus \\' Le groupe de pirates frappe les athlètes olympiques israéliens en fuite de données \\'Zeus\\' Hacker Group Strikes Israeli Olympic Athletes in Data Leak (lien direct) |
La présence de sécurité a été renforcée à Paris pour s'assurer que les jeux sont sûrs et que les athlètes israéliens ont reçu encore plus de protection.
Security presence has been heightened in Paris to ensure that the Games are safe, and Israeli athletes have been provided with even more protection. |
|||
|
2024-07-29 18:01:57 | Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website (lien direct) | #### Géolocations ciblées - Allemagne ## Instantané Crowdsstrike Intelligence a identifié une tentative de sportinging offrant un faux installateur de reporter crash cowdsstrike via un site Web imitant une entité allemande. ## Description Le site a été enregistré le 20 juillet 2024, peu de temps après un problème de mise à jour du capteur Falcon CrowdStrike, et a utilisé JavaScript déguisé en jQuery pour télécharger et désobfusquer le programme d'installation.Ce programme d'installation, marqué de contenu Crowdsstrike et localisé en allemand, a nécessité un mot de passe pour l'installation.La page de phishing liée à un fichier zip contenant un installateur innosetup malveillant et affiché la marque de Crowdstrike \\ semble légitime. Le JavaScript a masqué son code malveillant dans un véritable code jQuery pour échapper à la détection.Lorsque l'utilisateur a cliqué sur le bouton de téléchargement, le site a exécuté une fonction pour télécharger un fichier exécutable portable déguisé.Le programme d'installation, qui est apparu le 20 juillet 2024, avait un horodatage aligné avec la mise à jour du capteur, suggérant l'utilisation de l'horodatage pour éviter la détection. Le programme d'installation a incité les utilisateurs à saisir un mot de passe spécifique "serveur backend", probablement connu uniquement des cibles, indiquant une attaque très ciblée.Crowdstrike Intelligence a évalué avec une grande confiance que les attaquants se sont concentrés sur les clients germanophones touchés par le problème du capteur Falcon et ont utilisé des techniques avancées antiformes, notamment l'enregistrement des sous-domaines sous un registraire légitime et le contenu des installateurs. ## Analyse supplémentaire Les acteurs du cybermenace exploitent les événements actuels pour perpétrer une activité malveillante car ces situations créent souvent de la confusion et de l'urgence, rendant les individus et les organisations plus vulnérables à la tromperie.Ils capitalisent sur l'intérêt accru et l'attention entourant de tels événements pour augmenter la probabilité que leurs tentatives de phishing et d'autres attaques réussissent.En alignant leurs campagnes malveillantes avec des incidents ou des mises à jour bien connues, les acteurs de la menace peuvent plus facilement masquer leurs intentions et attirer les victimes pour compromettre involontairement leur sécurité. Cette campagne de phishing ciblant les clients germanophones est le dernier exemple de cyberattaques exploitant le chaos de la mise à jour de Falcon de Crowdsstrike.Les rapports antérieurs d'activité malveillante lors des pannes incluent [les essuie-glaces de données réparties par le groupe hacktiviste pro-iranien handala] (https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/), [HijackLoader dropping Remcos Remote Access Trojan](https://x.com/anyrun_app/status/1814567576858427410) disguised as a CrowdStrike hotfix, and information stealer[Daolpu] (https://www.crowdstrike.com/blog/fake-recovery-manUAL-UND-TO-DIVER-UNDENDIFIED SECELER /) Se propager par des e-mails de phishing se faisant passer pour un outil de récupération. ## Recommandations Microsoft recommande les atténuations suivantes pour réduire l'impact de cette menace. - Allumez [Protection en livraison du cloud] (https://learn.microsoft.com/en-us/defender-endpoint/linux-preférences) dans Microsoft Defender Antivirus ou l'équivalent de votre produit antivirus pour couvrir rapidement les outils d'attaquant en évolution et et et les outils d'attaquant en évolution rapide ettechniques.Les protections d'apprentissage automatique basées sur le cloud bloquent la majorité des menaces nouvelles et inconnues. - Exécuter [EDR en mode bloc] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=Magicti_TA_LearnDoc)Le défenseur du point f | Ransomware Malware Tool Threat | ||
 |
2024-07-29 17:53:16 | Influencer les acteurs qui devraient ajuster les tactiques au milieu du cycle électoral chaotique, dit le responsable d'Intel Influence actors expected to adjust tactics amid chaotic election cycle, intel official says (lien direct) |
Pas de details / No more details | |||
 |
2024-07-29 17:51:50 | Le combo XSS et OAuth menace des millions d'utilisateurs en raison de Hotjar Flaw XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw (lien direct) |
Les experts en cybersécurité découvrent les vulnérabilités critiques dans la plate-forme d'analyse Web de premier plan Hotjar, exposant potentiellement des données sensibles de millions de & # 8230;
Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of… |
Vulnerability | ||
 |
2024-07-29 17:42:58 | Le chiffre cybersécurité du jour : 1228 vulnérabilités Microsoft (lien direct) | Chaque été, BeyondTrust, l'expert en cybersécurité, revient sur des chiffres qui ont marqué le secteur au cours des derniers mois. Cette année, l'éditeur vous partage des chiffres issus de sa dernière étude (rapport 2024) sur les vulnérabilités Microsoft. Chaque semaine, un chiffre... - Points de Vue | |||
 |
2024-07-29 17:40:47 | Le DHS adopte les programmes pilotes de l'IA, élargit les efforts pour tirer parti de l'IA pour sécuriser l'infrastructure critique de la nation \\ DHS adopts AI pilot programs, widens efforts to leverage AI to secure nation\\'s critical infrastructure (lien direct) |
En dehors de l'annonce de la Maison Blanche sur l'intelligence artificielle (AI), le Département américain de la sécurité intérieure (DHS) a révélé ...
Apart from the White House announcement on artificial intelligence (AI), the U.S. Department of Homeland Security (DHS) revealed... |
|||
|
2024-07-29 17:34:34 | L'OT Defender Fellowship de l'US Doe \\ invite les demandes de Cyber Defenders pour la cohorte 2025 US DOE\\'s OT Defender Fellowship invites applications from cyber defenders for 2025 cohort (lien direct) |
Le Département américain de l'Énergie (DOE) a annoncé que les applications sont désormais ouvertes à son défenseur de technologie opérationnelle (OT) ...
The U.S. Department of Energy (DOE) announced that applications are now open for its Operational Technology (OT) Defender... |
Industrial | ||
|
2024-07-29 17:23:22 | Pour lutter contre les menaces de sécurité de l'information sévères, Apacer injecte une nouvelle force dans la récupération du système d'entreprise et la sécurité des données To Combat Severe Information Security Threats, Apacer Injects New Strength into Enterprise System Recovery and Data Security (lien direct) |
Pour lutter contre les menaces de sécurité de l'information sévères, Apacer injecte une nouvelle force dans la récupération du système d'entreprise et la sécurité des données
-
revues de produits
To Combat Severe Information Security Threats, Apacer Injects New Strength into Enterprise System Recovery and Data Security - Product Reviews |
|||
|
2024-07-29 17:15:38 | Département d'État: le traité de cybercriminalité des Nations Unies doit inclure la protection des droits de l'homme State Department: UN cybercrime treaty must include human rights protections (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 16:39:46 | Biden \\ 's Cybersecurity Legacy: \\' un grand changement \\ 'vers la responsabilité du secteur privé Biden\\'s cybersecurity legacy: \\'a big shift\\' to private sector responsibility (lien direct) |
> Au cours de son mandat, Joe Biden a présidé un programme ambitieux sur la réglementation et plus, à la fois à la louange et à la critique.
>Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism. |
|||
|
2024-07-29 16:26:20 | Pro-Ukrainian hackers claim attack on Russian cyber company (lien direct) | Pas de details / No more details | |||
|
2024-07-29 16:10:00 | How Searchable Encryption Changes the Data Security Game (lien direct) | Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere.
Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and |
|||
 |
2024-07-29 15:30:00 | Mandrake Spyware Infects 32,000 Devices Via Google Play Apps (lien direct) | Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics
Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics |
|||
|
2024-07-29 15:21:53 | VPN Usage Increased 5016% in Bangladesh Amidst Online Censorship (lien direct) | La demande de VPN monte en marche au Bangladesh en raison des restrictions sur Internet.Découvrez l'impact mondial des VPN sur Internet & # 8230;
VPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet… |
|||
 |
2024-07-29 15:00:00 | Évitez ces cinq pièges du déploiement EDR Avoid These Five Pitfalls of EDR Deployment (lien direct) |
Le déploiement d'une solution EDR est crucial pour protéger votre organisation.Ici, comment profiter au maximum de votre solution choisie, ainsi que des pièges courants à éviter.
Deploying an EDR solution is crucial for protecting your organization. Here\'s how to make the most of your chosen solution, along with common pitfalls to avoid. |
|||
 |
2024-07-29 14:58:44 | 29 juillet & # 8211;Rapport de renseignement sur les menaces 29th July – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violation de la Cour supérieure de Los Angeles ont été contraints de fermer son réseau à la suite d'une attaque de ransomware.La Cour, la plus grande des États-Unis, a clôturé tous ses 36 palais de justice [& # 8230;]
>For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse […] |
Ransomware Threat | ||
|
2024-07-29 14:48:47 | Le NoCode, le LowCode, et la Cybersécurité : Sensibilisation (lien direct) | Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag.
-
Interviews
Après la présentation par l\'AFNOR des spécifications du NoCode et du LowCode en Juillet 2024, Pierre LAUNAY, Président du Syndicat Français des Professionnels du NoCode (SFPN), s\'est entretenu avec Global Security Mag. - Interviews |
|||
 |
2024-07-29 14:45:12 | Les câbles Internet français sont réduits en sabotage qui ont provoqué des pannes à travers le pays French internet cables cut in act of sabotage that caused outages across country (lien direct) |
AXET ATTACE DES AXE SEUX quelques jours après que les incendiaires de réseau ferroviaire cible les câbles Internet à fibre optique à travers la France ont été coupés dans un acte apparent de sabotage, entraînant des pannes à travers le pays.…
Axe attack comes just days after arsonists target rail network Fiber optic internet cables across France have been cut in an apparent act of sabotage, resulting in outages across the country.… |
|||
|
2024-07-29 14:41:49 | OAuth + XSS Attack menace des millions d'utilisateurs Web avec une prise de contrôle de compte OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover (lien direct) |
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites. |
|||
 |
2024-07-29 14:16:16 | Agir: comment lutter contre les répercussions financières d'un cyber-incident Taking action: how to combat the financial repercussions of a cyber incident (lien direct) |
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […]
The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru.
Paying hackers not to release the data they have stolen from you is not the best way to manage the financial repercussions of a cyber-attack. Nor is trying hide the attack from the authorities…. Even the most vigilant companies can\'t escape the possibility of having to handle a cyber threat - and the cost of […] The post Taking action: how to combat the financial repercussions of a cyber incident first appeared on IT Security Guru. |
Threat | ||
|
2024-07-29 14:00:00 | 7 Sessions Not to Miss at Black Hat USA 2024 (lien direct) | This year\'s conference will be a treasure trove of insights for cybersecurity professionals.
This year\'s conference will be a treasure trove of insights for cybersecurity professionals. |
Conference | ||
|
2024-07-29 14:00:00 | Walmart découvre la nouvelle porte dérobée PowerShell liée au malware Zloader Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware (lien direct) |
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant
Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant |
Malware | ||
 |
2024-07-29 14:00:00 | Unc4393 entre doucement dans la nuit silencieuse UNC4393 Goes Gently into the SILENTNIGHT (lien direct) |
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong
Overview In mid-2022, Mandiant\'s Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant\'s initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster\'s victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393\'s operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster\'s transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques. 
Figure 1: UNC4393 intrusion lifecycle
Attribution and Targeting
UNC4393 is a financially motivated threat cluster, and the primary user of BASTA ransomware, tracked since mid-2022 but likely active since early 2022 based on activity on the BASTA DLS. The group has overwhelmingly leveraged initial access gained via UNC2633 and UNC2500 QAKBOT botnet infections to deploy BASTA ransomware. QAKBOT is typically distributed via phishing emails containing malicious links or attachments. In some cases, HTML smuggling has also been used to distribute ZIP files containing IMG files that house LNK files and QAKBOT payloads.
Mandiant suspects BASTA operators maintain a private or small, closed-invitation affiliate model whereby only trusted third-party actors are provided with use of the BASTA encryptor. Unlike traditional ransomware-as-a-service (RaaS), BASTA is not publicly marketed and its operators do not appear to actively recruit affiliates to deploy the ransomware. Instead, they focus on acquiring initial access via partnerships or purchases in underground communities. This deviates from traditional RaaS models, which focus on the ransomware development and related services such as the data leak site (DLS) that are provided to affiliates in exchange for directly distributing the ransomware. While UNC4393 is the only currently active threat cluster deploying BASTA that Mandiant tracks, we cannot rule out the possibility that other, vetted threat actors may also be given access to the encrypter.
The hundreds of BASTA ransomware victims claimed on the DLS appear credible due to UNC4393\'s rapid operational tempo. With a median time to ransom of approximately 42 hours, UNC4393 has demonstrated p |
Ransomware Malware Tool Threat Prediction Medical Cloud | ||
|
2024-07-29 13:45:41 | Intruders at HealthEquity rifled through storage, stole 4.3M people\\'s data (lien direct) | No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.…
No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… |
Ransomware Malware Medical | ||
|
2024-07-29 13:01:07 | Google s'excuse d'avoir brisé le gestionnaire de mots de passe pour des millions d'utilisateurs de Windows avec une mise à jour de Chrome iffy Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update (lien direct) |
Happy Sysadmin Day Google Celebrated Sysadmin Day la semaine dernière en s'excusant d'avoir cassé son gestionnaire de mots de passe pour des millions d'utilisateurs de Windows & # 8211;Tout comme de nombreux administrateurs de Windows étaient encore difficiles à travailler pour atténuer l'impact de la mise à jour de la crowdsstrike défectueuse.…
Happy Sysadmin Day Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.… |
|||
|
2024-07-29 13:00:00 | Hotjar, Business Insider Vulnérabilités exposer les risques de données OAuth Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks (lien direct) |
Salt Labs a également déclaré que les XS combinés avec OAuth peuvent entraîner de graves violations
Salt Labs also said XSS combined with OAuth can lead to severe breaches |
Vulnerability | ||
 |
2024-07-29 12:59:05 | Sécuriser le déménagement de l'Inde au nuage Securing India\\'s Move To The Cloud (lien direct) |
> Cette semaine à Cybersecurity des éditeurs du magazine Cybercrime & # 8211; lisez l'histoire complète dans Youstory Sausalito, Californie & # 8211;29 juillet 2024 Alors que les entreprises migrent vers le cloud, elles doivent naviguer dans un paysage en évolution des cyber-menaces.Selon un rapport 2023 de Cybersecurity Ventures, & # 160; Global
>This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in YourStory Sausalito, Calif. – Jul. 29, 2024 As businesses migrate to the cloud, they must navigate an evolving landscape of cyber threats. According to a 2023 report by Cybersecurity Ventures, global |
Cloud | ||
 |
2024-07-29 12:58:06 | Are Mobile Devices Less Secure than PCs? (lien direct) | >
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
>
Are smartphones less secure than PCs? The answer to that is, they\'re different. They face different security threats. Yet they...
|
Mobile | ||
|
2024-07-29 12:56:02 | Infrastructure de télécommunications française endommagée dans une autre attaque de sabotage French telecom infrastructure damaged in another sabotage attack (lien direct) |
Pas de details / No more details | |||
|
2024-07-29 12:35:00 | \\ 'Stargazer Goblin \\' crée 3 000 faux comptes GitHub pour la diffusion de logiciels malveillants \\'Stargazer Goblin\\' Creates 3,000 Fake GitHub Accounts for Malware Spread (lien direct) |
Un acteur de menace connu sous le nom de Stargazer Goblin a mis en place un réseau de comptes GitHub inauthentiques pour alimenter une distribution en tant que service (DAAS) qui propage une variété de logiciels malveillants qui volent l'information et leur rapportent 100 000 $ en bénéfices illicites au cours de la dernière année.
Le réseau, qui comprend plus de 3 000 comptes sur la plate-forme d'hébergement de code basé sur le cloud, couvre des milliers de référentiels utilisés
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to |
Malware Threat | ||
 |
2024-07-29 12:31:37 | Après la SNCF, des sabotages visent des réseaux de fibres optiques (lien direct) | Après avoir perturbé des lignes TGV, des saboteurs visent les réseaux de fibres optiques. Une attaque massive qui a débuté début juillet.... | |||
|
2024-07-29 12:20:53 | Pour contrer les menaces graves à la sécurité de l\'information, Apacer fournit des solutions pour la récupération des systèmes d\'entreprise et la sécurité des données (lien direct) | Avec le développement rapide des applications de l'IA dans divers domaines, les entreprises s'appuient de plus en plus sur les données. Les questions de sécurité de l'information, telles que les mesures pour s'assurer que les données ne sont pas perdues ou utilisées de manière inappropriée, sont devenues cruciales. Apacer comprend parfaitement à quel point les données des entreprises peuvent être irremplaçables. Grâce à l'amélioration continue de sa technologie exclusive de sauvegarde et de restauration au fil des ans, Apacer (8271) s'efforce de répondre aux nombreux besoins générés par diverses applications industrielles. - Produits | Threat | ||
|
2024-07-29 12:02:42 | L'administration américaine fait progresser les initiatives d'IA, reçoit un engagement volontaire supplémentaire US administration advances AI initiatives, receives further voluntary commitment (lien direct) |
> Neuf mois après la publication d'un décret pour hiérarchiser le rôle de l'Amérique dans la progression de l'intelligence artificielle (IA) tout en atténuant ...
>Nine months after issuing an Executive Order to prioritize America’s role in advancing artificial intelligence (AI) while mitigating... |
|||
 |
2024-07-29 12:00:00 | Des millions de sites Web attaquent XSS sensible via une implémentation OAuth Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw (lien direct) |
> Les chercheurs ont découvert et publié les détails d'une attaque XSS qui pourrait potentiellement avoir un impact sur des millions de sites Web à travers le monde.
>Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. |
|||
|
2024-07-29 11:54:48 | HealthEquity says data breach impacts 4.3 million people (lien direct) | HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...]
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...] |
Data Breach | ||
|
2024-07-29 11:39:28 | Vulnérabilité du produit Acronis exploitée dans la nature Acronis Product Vulnerability Exploited in the Wild (lien direct) |
> Acronis met en garde contre une vulnérabilité de la cyber-infrastructure (ACI) à la sévérité critique en cours.
>Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks. |
Vulnerability | ||
|
2024-07-29 11:32:08 | L'enquête révèle que le gouvernement britannique a induit en erreur les députés sur le scandale informatique du bureau de poste Inquiry reveals UK government misled MPs over Post Office IT scandal (lien direct) |
L'ancien ministre des entreprises Vince Cable témoigne, soulignant les défaillances de désinformation et de surveillance Les fonctionnaires du ministère du gouvernement responsables de la poste ont envoyé des informations trompeuses aux députés sur les affaires judiciaires relatives au système informatique de l'horizon, une enquêtedans l'une des plus grandes erreurs de justice du Royaume-Uni a entendu.…
Former business minister Vince Cable testifies, highlighting misinformation and oversight failures Officials at the government department responsible for the Post Office sent out misleading information to MPs about court cases relating to the Horizon IT system, an inquiry into one of the UK\'s greatest miscarriage of justice has heard.… |
To see everything:
