What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-14 12:36:32 | Fournisseur de pharmacie TruePill La violation de données atteint 2,3 millions de clients Pharmacy provider Truepill data breach hits 2.3 million customers (lien direct) |
PostMeds, faisant des affaires comme \\ 'truepill, \' envoie des notifications d'une violation de données informant les destinataires que les acteurs de menace ont accédé à leurs informations personnelles sensibles.[...]
Postmeds, doing business as \'Truepill,\' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. [...] |
Data Breach Threat | ★★ | |
 |
2023-11-14 12:02:03 | Cybercriminalité : le gang Molerats change de méthode pour cibler des entités gouvernementales basées au Moyen-Orient (lien direct) | Cybercriminalité : le gang Molerats change de méthode pour cibler des entités gouvernementales basées au Moyen-Orient dévoile Proofpoint - Malwares | Threat | ★★★ | |
|
2023-11-14 11:54:49 | Trois actions essentielles pour les équipes IT afin de faire face à l\'augmentation des menaces de sécurité sur leurs applications (lien direct) | Trois actions essentielles pour les équipes IT afin de faire face à l'augmentation des menaces de sécurité sur leurs applications par Eric Salviac, Senior Business Value Consultant , Cisco AppDynamics - Points de Vue | Threat | ★★ | |
 |
2023-11-14 11:37:35 | Un bref aperçu du rapport de paysage des menaces de la saoudie de Socradar \\ A Brief Look at SOCRadar\\'s Saudi Arabia Threat Landscape Report (lien direct) |
Arabie saoudite, un acteur majeur de la géopolitique du Moyen-Orient et de l'économie mondiale, fait face à une cybersécurité importante ...
Saudi Arabia, a major player in Middle Eastern geopolitics and global economics, faces significant cybersecurity... |
Threat | ★★ | |
 |
2023-11-14 11:00:06 | Le roman de la porte dérobée persiste même après la lutte contre la confluence critique Novel backdoor persists even after critical Confluence vulnerability is patched (lien direct) |
Vous avez un serveur Confluence?Écoutez.Les logiciels malveillants auraient des capacités de grande envergure Une nouvelle porte dérobée a été trouvée cette semaine implantée dans les environnements des organisations pour exploiter la vulnérabilité critique récemment divulguée dans le confluence atlasienne.…
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.… |
Malware Vulnerability Threat | ★★ | |
 |
2023-11-14 10:56:17 | 22 entreprises énergétiques piratées dans une plus grande attaque coordonnée contre l'infrastructure critique du Danemark 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark\\'s Critical Infrastructure (lien direct) |
La Sektorcert Association de Danemark partage les détails sur une attaque coordonnée contre le secteur de l'énergie du pays.
Denmark\'s SektorCERT association shares details on a coordinated attack against the country\'s energy sector. |
Threat Industrial | ★★★★★ | |
 |
2023-11-14 10:00:24 | Prédictions avancées des menaces pour 2024 Advanced threat predictions for 2024 (lien direct) |
Les chercheurs de Kaspersky examinent les prédictions APT pour 2023 et les tendances actuelles du paysage des menaces avancées et tentent de prédire comment elle se développera en 2024.
Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. |
Threat Prediction | ★★★ | |
|
2023-11-14 09:31:45 | Explorer les meilleures vulnérabilités exploitées par des acteurs de menace parrainés par l'État Exploring the Top Vulnerabilities Exploited by State-Sponsored Threat Actors (lien direct) |
Alors que les cyberattaques sont une préoccupation commune pour les individus et les organisations, le royaume sombre de ...
While cyberattacks are a common concern for individuals and organizations alike, the shadowy realm of... |
Vulnerability Threat | ★★ | |
|
2023-11-14 07:02:14 | NCSC affirme que la cyber-lecture de l'infrastructure critique du Royaume-Uni n'est pas à la hauteur NCSC says cyber-readiness of UK\\'s critical infrastructure isn\\'t up to scratch (lien direct) |
et le monde de plus en plus dangereux Le Centre national de cybersécurité du Royaume-Uni (NCSC) a de nouveau sonné à l'égard de la hausse du niveau de menace pour la nation \\ Infrastructure nationale critique (CNI).…
And the world\'s getting more and more dangerous The UK\'s National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation\'s critical national infrastructure (CNI).… |
Threat | ★★ | |
 |
2023-11-14 05:00:49 | TA402 utilise des chaînes d'infection Ironwind complexes pour cibler les entités gouvernementales à base de Moyen-Orient TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities (lien direct) |
Points clés à retenir De juillet à octobre 2023, des chercheurs de PROVELPOINT ont observé que TA402 s'engage dans des campagnes de phishing qui ont livré un nouveau téléchargeur d'accès initial surnommé Ironwind.Le téléchargeur a été suivi par des étapes supplémentaires qui consistaient à ShellCode téléchargé. Au cours de la même période, TA402 a ajusté ses méthodes de livraison, passant de l'utilisation de liens Dropbox à l'utilisation des pièces jointes XLL et RAR, susceptibles d'échapper aux efforts de détection. Cet acteur de menace s'est toujours engagé dans une activité extrêmement ciblée, poursuivant moins de cinq organisations avec une seule campagne.Ils ont également maintenu un fort accent sur les entités gouvernementales basées au Moyen-Orient et en Afrique du Nord. Proofpoint a suivi TA402 depuis 2020. Nos chercheurs évaluent l'acteur de menace est un groupe de menace persistante avancée (APT) du Moyen-Orient qui a historiquement opéré dans l'intérêt des territoires palestiniens et chevauche des rapports publics sur MoleratS, Gaza Cybergang, Frankenstein et Wirte. Aperçu À la mi-2023, les chercheurs de la preuve ont d'abord identifié TA402 (Molerats, Gaza CyberActivité Gang, Frankenstein, Wirte) Utilisant une chaîne d'infection labyrinthique pour cibler les gouvernements du Moyen-Orient avec un nouveau point de téléchargeur d'accès initial surnommé Ironwind.De juillet à octobre 2023, TA402 a utilisé trois variations de cette infection des liens de chair de chaîne, des pièces jointes de fichiers XLL et des pièces jointes RAR-avec chaque variante conduisant constamment au téléchargement d'une DLL contenant les logiciels malveillants multifonctionnels.Dans ces campagnes, TA402 a également été éloigné de son utilisation de services cloud comme l'API Dropbox, que les chercheurs à preuves ont observés dans l'activité de 2021 et 2022, à l'utilisation d'infrastructures contrôlées par acteur pour la communication C2. Fin octobre 2023, les chercheurs de PEOTPOINT n'avaient observé aucun changement dans le ciblage par TA402, un groupe APT qui a historiquement opéré dans l'intérêt des territoires palestiniens, ni identifié aucune indication d'un mandat modifié malgré le conflit actuel dans la région.Il reste possible que cet acteur de menace redirige ses ressources à mesure que les événements continuent de se dérouler. Détails de la campagne et Ironwind Activité de juillet 2023: En juillet 2023, des chercheurs de Pointpoint ont observé le premier de la nouvelle chaîne d'infection plus compliquée de TA402 \\ par rapport à l'activité de la campagne antérieure de 2021 et 2022 (figures 1 et 2). Figure 1. Chaîne d'infection TA402 utilisée de novembre 2021 à janvier 2022. Figure 2. Chaîne d'infection TA402 utilisée dans la campagne de juillet 2023. TA402 s'est engagé dans une campagne de phishing en utilisant un compte de messagerie compromis du ministère des Affaires étrangères pour cibler les entités gouvernementales du Moyen-Orient.Les e-mails ont utilisé un leurre d'ingénierie sociale sur le thème économique ("برنامج التعاون الإقتصاDE avec les pays du Golfe Cooperation Council 2023-2024ies of the Gulf Cooperation Council 2023-2024 "]) Pour livrer un lien drobox qui a téléchargé un fichier Microsoft Powerpoint Microsoft Powerpoint (PPAM)..exe, et GathernetworkInfo.vbs. timeout.exe a été utilisé pour la localisation de Sideload Ironwind.Au moment de l'analyse en août 2023. Les chercheurs de points de preuve ont observé TA402 en train de tirer parti de Dropbox pour la livraison de logiciels malveillants depuis au moins décembre 2021. Après avoir reçu la demande HTTP GET, le C2 a répondu avec Shellcode qui représentait la troisième étape de la chaîne d'infection.Pendant l'analyse de Proofpoint \\, le shellcode a utilisé des chargeurs .net réfléchissants pour mener des requêtes WMI.Le Shellcode a également servi de chargeur polyvalent, téléchargeant l'exécutable .NET de | Malware Threat Cloud | ★★ | |
 |
2023-11-14 00:00:00 | Les évaluations de la cybersécurité et la fortification des défenses numériques avec CRQ évaluant les cyber-risques sont essentielles pour développer des plans d'action basés sur les données pour stimuler les défenses numériques.Découvrez quelle évaluation vous soutient le mieux pour atteindre les objectifs de cybersécurité.En savoir plus Cybersecurity Assessments and Fortifying Digital Defenses With CRQ Assessing cyber risk is critical for developing data-driven action plans to boost digital defenses. Discover which assessment best supports you in reaching cybersecurity goals. Read More (lien direct) |
The Vital Role of Cyber Assessments and Fortifying Digital Defenses âAs cyber attacks become more sophisticated and complex and regulatory bodies impose stricter cybersecurity requirements, organizations worldwide are facing mounting pressure to adopt security solutions. Understandably, many executives have reacted by implementing a multitude of security tools that supposedly complement one another and better protect organization systems.  âHowever, this strategy often falls short, preventing stakeholders from comprehensively understanding their unique cyber environments. Instead of developing an intimate knowledge of the business units most vulnerable to threats, organizations risk exposing their assets due to their adopt-as-many-tools-as-possible approach. âAfter all, providing effective protection against what remains relatively unknown is impossible.âThis widespread ignorance about the cyber environment is precisely why cyber assessments are so crucial. These evaluations offer a structured approach to identifying, analyzing, and mitigating digital vulnerabilities and provide organizations with a detailed blueprint of their most susceptible business units.âNot All Assessments Are Created Equal âWhile all cyber assessments help businesses become more aware of their cyber risk levels, itâs essential to note that not all reveal the same insights. There are various types of assessments, each tailored to meet specific goals. Some analyze overall cybersecurity posture, while others dive deeper into specific areas, such as compliance and incident response planning. âEach of the available assessments offers organizations valuable data, security leaders can leverage to make informed decisions. Before choosing which IT environment evaluation to invest in, itâs important to discuss with key stakeholders and executives what youâd like to achieve with the new information youâll discover. âDefining a Goal: Risk, Governance, or Compliance âA great place to start when determining organizational goals for the assessment is cybersecurity risk, governance, and compliance (GRC). Cyber GRC is a commonly used industry framework and set of practices that businesses of all sizes harness to manage and secure their information systems, data, and assets. Each of these components serves a specific purpose.  âRisk âA cyber risk assessment aims to identify the factors that make a company vulnerable, generate conclusions regarding the vectors most likely to be the origin of an attack (due to those vulnerabilities), and offer insights about the level of damage a cyber event would cause. âCompanies can proactively address the relevant business units by revealing threat likelihood levels. This information also helps cyber teams determine which areas they want to devote the most resources to. It\'s important to note that both qualitative and quantitative risk assessments exist. âGovernance âThe role of cyber governance is to establish a framework of policies, procedures, and decision-making processes to ensure that cybersecurity efforts are embedded within the broader company culture and align with business goals. It likewise evaluates how well cyber strategies match overall objectives, offering cyber teams an opportunity to better coordinate with other executives and teams. âAn assessment focused on governance also determines if cybersecurity responsibilities are appropriately distributed throughout the organization, such as whether employees are required to use multi-factor authentication (MFA). Other included evaluation points are training programs, incident reporting mechanisms, and event response planning, all of which directly impact an organizationâs risk level. âCompliance âOne would conduct a compliance assessment to ensure an organization | Data Breach Tool Vulnerability Threat Technical | ★★★ | |
 |
2023-11-13 19:09:00 | Les logiciels malveillants à queue de canard ciblent l'industrie de la mode Ducktail Malware Targets the Fashion Industry (lien direct) |
Les acteurs de la menace ont distribué une archive contenant des images de nouveaux produits par de grandes sociétés de vêtements, ainsi qu'un exécutable malveillant déguisé avec une icône PDF.
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon. |
Malware Threat | ★★★ | |
 |
2023-11-13 19:01:00 | Les acteurs alignés par l'État voyou sont la cyber-menace la plus critique pour le Royaume-Uni Rogue state-aligned actors are most critical cyber threat to UK (lien direct) |
Pas de details / No more details | Threat | ★★ | |
 |
2023-11-13 17:42:00 | Un nouveau groupe de ransomwares émerge avec le code source et l'infrastructure de Hive \\ New Ransomware Group Emerges with Hive\\'s Source Code and Infrastructure (lien direct) |
Les acteurs de la menace derrière un nouveau groupe de ransomwares appelé Hunters International ont acquis le code source et l'infrastructure de l'opération de ruche désormais dissante pour lancer ses propres efforts dans le paysage des menaces.
"Il semble que le leadership du groupe Hive ait pris la décision stratégique de cesser leurs opérations et de transférer leurs actifs restants à un autre groupe, Hunters
The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters |
Ransomware Threat | ★★★ | |
 |
2023-11-13 16:30:00 | Python Malware pose une menace DDOS via la mauvaise configuration de l'API Docker Python Malware Poses DDoS Threat Via Docker API Misconfiguration (lien direct) |
CADO Security Labs a déclaré que l'agent BOT avait présenté diverses méthodes pour mener des attaques DDOS
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks |
Malware Threat | ★★ | |
 |
2023-11-13 13:51:02 | Modélisation des menaces et renseignement en temps réel - Partie 2 Threat Modeling and Real-Time Intelligence - Part 2 (lien direct) |
Levier Internet Telemetry & # 38;Intelligence des menaces pour les avantages au-delà du cadre d'attr & # 38; CK Le cadre de mitre ATT & # 38; CK est comme un ...
Leverage Internet Telemetry & Threat Intelligence for Benefits Beyond the MITRE ATT&CK Framework The MITRE ATT&CK framework is like a... |
Threat | ★★★★ | |
 |
2023-11-13 13:27:50 | Oracleiv DDOS BOTNET malware cible les instances API du moteur Docker OracleIV DDoS Botnet Malware Targets Docker Engine API Instances (lien direct) |
> Par waqas
Bien qu'Oracleiv ne soit pas une attaque de chaîne d'approvisionnement, il met en évidence la menace continue des déploiements API de moteur Docker mal configurés.
Ceci est un article de HackRead.com Lire la publication originale: Oracleiv DDOS BOTNET malware cible les instances API du moteur Docker
>By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances |
Malware Threat | ★★ | |
 |
2023-11-13 11:21:41 | 13 novembre & # 8211;Rapport de renseignement sur les menaces 13th November – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violation de la plus grande banque de l'Unité américaine de Chine, la Banque industrielle et commerciale de Chine (ICBC), ont subi une attaque de ransomware qui a perturbé certains de ses systèmes de services financiers, affectant apparemment la liquidité dans les bons du Trésor américain.[& # 8230;]
>For the latest discoveries in cyber research for the week of 13th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES US unit of China\'s largest bank, the Industrial and Commercial Bank of China (ICBC), has suffered a ransomware attack that disrupted some of its financial services systems, reportedly affecting liquidity in US Treasuries. […] |
Ransomware Threat Industrial Commercial | ★★ | |
|
2023-11-13 10:57:00 | Syndicat de phishing majeur en tant que service \\ 'Bulletprooflink \\' démantelé par les autorités malaisiennes Major Phishing-as-a-Service Syndicate \\'BulletProofLink\\' Dismantled by Malaysian Authorities (lien direct) |
Les autorités malaisiennes de l'application des lois ont annoncé le retrait d'une opération de phishing en tant que service (PHAAS) appelé Bulletprooflink.
La police royale malaisienne a déclaré que l'effort, qui avait été effectué avec l'aide de la Police fédérale australienne (AFP) et du Federal Bureau of Investigation (FBI) américain, le 6 novembre 2023, était basé sur des informations selon lesquelles les acteurs de la menace derrière la plateforme
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysian Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform |
Threat | ★★★ | |
|
2023-11-13 10:02:01 | Criminal IP & Cisco SecureX / XDR: Amélioration de l'analyse des cyber-menaces Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis (lien direct) |
Le moteur de recherche Criminal IP Threat Intelligence par AI Spera s'est récemment intégré à Cisco SecureX / XDR, permettant aux organisations de rester en avance sur des acteurs malveillants.En savoir plus sur cette intégration de Criminal IP dans cet article.[...]
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article. [...] |
Threat | ★★ | |
 |
2023-11-13 09:08:38 | Game Over: Communauté de jeu à risque avec des voleurs d'information Game Over: gaming community at risk with information stealers (lien direct) |
> Ce rapport a été initialement publié pour nos clients le 26 octobre 2023. Le monde des jeux en ligne, une communauté mondiale florissante de millions de millions, est devenue une cible séduisante pour les acteurs malveillants cherchant à exploiter des vulnérabilités connexes.Dans leur engagement avec des expériences virtuelles, les joueurs interagissent fréquemment et téléchargement, une vaste gamme de contenu numérique, de [& # 8230;]
la publication Suivante Jeu: communauté de jeux en danger avec des informationsStealers est un article de blog Sekoia.io .
>This report was originally published for our customers on 26 October 2023. The world of online gaming, a thriving global community of millions, has become an enticing target for malicious actors seeking to exploit related vulnerabilities. In their engagement with virtual experiences, gamers frequently interact with, and download, a vast array of digital content, from […] La publication suivante Game Over: gaming community at risk with information stealers est un article de Sekoia.io Blog. |
Vulnerability Threat | ★★ | |
|
2023-11-13 07:23:13 | ProofPoint reconnu en 2023 Gartner & Reg;Guide du marché pour la prévention de la perte de données Proofpoint Recognized in 2023 Gartner® Market Guide for Data Loss Prevention (lien direct) |
The risk of data loss increases as your business embraces digital transformation, remote work and cloud computing. Legacy data loss prevention (DLP) solutions weren\'t developed with these new dynamics in mind. In today\'s world, your DLP platform must provide visibility across multiple channels for data loss-email, cloud services, endpoint and web. It must scale with your needs while protecting data without interruption. And since data doesn\'t lose itself, it should be people centric. Part of that means providing insight into user behavior. The Gartner Market Guide for Data Loss Prevention explains that “DLP technology is mature, but today, organizations look for comprehensive solutions that go beyond traditional DLP measures.” It also notes that “Security and risk management leaders should focus on risk-based adaptive data protection techniques to strengthen the data security of their organization.” Let\'s take a look at some other insights from the report. Adaptive DLP: Enhanced with classification and converged with insider threat management The Gartner Market Guide states that “DLP vendors are increasingly converging with insider risk management platforms. This convergence enables better detection of data exfiltration as it enriches DLP events with anomalous user behaviors, improved risk scoring and real-time monitoring capabilities.” This, the report notes, enables an adaptive, risk based DLP approach. It also shares important insights such as: Enterprise DLP (EDLP) solutions offer centralized policy management and reporting functionality Enterprise DLP (EDLP) solutions generally incorporate advanced content inspection techniques to identify complex content and apply remediation Content inspection within IDLP solutions has improved considerably, and many of these solutions can recognize classification tags from more sophisticated classification tools DLP solutions use data classification labels and tags, content inspection techniques and contextual analysis to identify sensitive content and analyze actions related to the use of that content Gartner sees that DLP vendors are increasingly converging with insider risk management platforms. This convergence enables better detection of data exfiltration as it enriches DLP events with anomalous user behaviors, improved risk scoring and real-time monitoring capabilities. Gartner recommends in its Market Guide that a business use enterprise DLP if it has limited resources and its “users are transacting sensitive information through multiple channels.” The report also mentions that consulting and managed services can help “shorten the time to value and augment lean IT and security departments.” Proofpoint delivers adaptive DLP As a key player in the space, we think Proofpoint Enterprise DLP expands on the capabilities that Gartner shares in its report. The following is an overview of how we do that. People-centric insights and risk-based adaptive DLP Proofpoint Enterprise DLP protects against data loss across email, cloud, endpoint and web. Our solution combines content, behavior and threat telemetry from all these channels to address the full spectrum of people-centric data loss scenarios such as: Leavers who feel entitled to take intellectual property with them Compromised users whose data is stolen by threat actors Careless users who accidently email sensitive documents to your partners People-centric information protection is an adaptive, risk-based approach to DLP. Our Enterprise DLP solution uses people and application risk scoring and modeling for dynamic policies. Figure 1. Web security risk-based access rule. In Figure 1, “Leavers Policy 2” applies isolation as a data control when “Risky Leavers” access “Critical Business Cloud Apps.” One console, one agent, one cloud-native platform Proofpoint provides what administrators and analysts need to accurately detect DLP and insider threats: Policy management Workflows Alert management | Tool Threat Cloud | ★ | |
|
2023-11-13 07:14:17 | Informations exploitables: comprenez votre profil de risque global avec le rapport de résumé exécutif Actionable Insights: Understand Your Overall Risk Profile with the Executive Summary Report (lien direct) |
In this blog series we cover how to improve your company\'s security posture with actionable insights. Actionable insights are a critical tool to help you improve your security posture and stop initial compromise in the attack chain. You can use them to identify and respond to potential risks, enhance your incident response capabilities, and make more informed security decisions. In previous actionable insights blog posts, we covered these topics: People risk Origin risk Business email compromise (BEC) risk Ensuring proper risk context Risk efficacy Telephone-oriented attack delivery (TOAD) risk Threat intelligence In this post, we introduce the new TAP Executive Summary Report-which is available to all Proofpoint Targeted Attack Protection (TAP) customers who use the Proofpoint Aegis threat protection platform. We\'ll show you why the Executive Summary Report is so useful so you can use it effectively to enhance your company\'s security posture. Unlock powerful insights with the Executive Summary Report Email security is more crucial than ever in today\'s fast-evolving threat landscape. To protect your business and users from emerging threats, you need the right tools-like the TAP Dashboard Executive Summary Report. We designed this new report specifically to meet the high-level reporting needs of executives and other decision-makers. It empowers these users by providing quick, easy-to-consume insights on their email security, which helps to accelerate their decision-making. You can find it in the Reports section of the TAP Dashboard as the new first tab. Let\'s explore how this new feature can help your business. Insights: What you can learn from the Executive Summary This report gives you a comprehensive overview of your business\'s email threat landscape. It equips your teams and executives with actionable intelligence. End-to-end threat protection insights Integrating data from the Proofpoint email gateway, the Executive Summary Report offers a holistic view of your company\'s inbound email threat protection effectiveness. This end-to-end visibility helps you understand how your security measures perform across your email stack. Inbound email protection breakdown This new visualization in the TAP Threat Insight Dashboard provides an at-a-glance breakdown of the total number of messages received through your email protection stack. It reveals how and when Proofpoint identified and blocked malicious messages. With this detailed insight, you can identify threats and detect anomalies-and make data-driven decisions to enhance your email security. The inbound email protection breakdown. Exposure insights The Executive Summary Report also provides insight into potentially exposed messages. With drilldowns and actionable items, you can address these threats quickly to minimize the risk of a breach. Exposure insights in the Executive Summary Report. Messages protected This chart offers a trended view of messages protected by advanced threat detection capabilities in Proofpoint TAP. The information presented is broken down by threat type or category. It lets you see the evolving nature of threats over time, so you can conduct a more in-depth analysis of your company\'s email security. The messages protected trend chart-by threat type. Efficacy metrics There are two charts that report on Proofpoint TAP\'s efficacy. The first is the “threat landscape effectiveness” chart. It provides you with a clear understanding of where the most significant threats exist within your email landscape. It displays top objectives, malware families and threat actors by total message volume. The threat landscape effectiveness chart with a breakdown of threat objectives. The second chart is “inbound protection overview.” This donut-style chart combines traditional email security and advanced threat detection (TAP) metrics. This single statistic reflects the overall effectiveness of your Proofpoint inbound email prote | Malware Tool Threat Prediction | ★★ | |
 |
2023-11-13 03:04:29 | Un aperçu simplifié du cadre d'attr & ck mitre A Simplified Overview of the MITRE ATT&CK Framework (lien direct) |
Dans le monde de la cybersécurité, vous êtes-vous déjà interrogé sur le fonctionnement intérieur des acteurs de la menace alors qu'ils tentent de violer les systèmes, leurs méthodes, leurs tactiques et leurs stratégies, et comment ils convergent parfaitement pour exécuter une attaque réussie?Il ne s'agit pas seulement d'initier une attaque mais aussi des stratégies qu'ils utilisent pour rester cachées dans le système, ce qui leur permet de fonctionner de manière persistante et finalement d'atteindre leurs objectifs.Ces procédures apparemment perplexes des acteurs malveillants deviennent plus accessibles pour comprendre avec le cadre d'attr & amp; ck.Le mitre att & amp; ck framework mitre att & amp; ck ...
In the world of cybersecurity, have you ever wondered about the inner workings of threat actors as they attempt to breach systems, their methods, tactics, and strategies, and how they seamlessly converge to execute a successful attack? It\'s not merely about initiating an attack but also the strategies they utilize to remain concealed within the system, allowing them to persistently operate and ultimately achieve their goals. These seemingly perplexing procedures of malicious actors become more accessible to understand with the MITRE ATT&CK Framework . The MITRE ATT&CK Framework MITRE ATT&CK... |
Threat | ★★★★ | |
|
2023-11-13 01:42:44 | 2023 Sep & # 8211;Rapport de tendance des menaces sur les groupes APT 2023 Sep – Threat Trend Report on APT Groups (lien direct) |
Dans ce rapport, nous couvrons des groupes de menaces dirigés par la nation présumés de mener du cyber-espionnage ou du sabotage sous le soutien du soutiendes gouvernements de certains pays, appelés groupes de menace persistante avancés (APT) & # 8221;Pour des raisons pratiques.Par conséquent, ce rapport ne contient pas d'informations sur les groupes de cybercrimins visant à obtenir des bénéfices financiers.Nous avons organisé des analyses liées aux groupes APT divulgués par des sociétés de sécurité et des institutions, notamment AHNLAB au cours du mois précédent;Cependant, le contenu de certains groupes APT peut ne pas ...
In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions including AhnLab during the previous month; however, the content of some APT groups may not... |
Threat Prediction | ★★ | |
|
2023-11-13 01:42:17 | 2023 Sep & # 8211;Rapport de tendance des menaces sur les statistiques des ransomwares et les problèmes majeurs 2023 Sep – Threat Trend Report on Ransomware Statistics and Major Issues (lien direct) |
Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en septembre 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) diminution nette des entreprises ciblées liées aux ransomwares de CloP et à Moveit 2) Ransomware de Noescape et ses imitations 3) Ransomware Group utilisant le RGPD comme bluff (GDPR GAMBIT) 4) Autres SEP_Trente Rapport sur les statistiques de rançon et les principaux problèmes
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in September 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) Sharp Decrease in Targeted Businesses Related to CLOP Ransomware and MOVEit 2) NoEscape Ransomware and Its Imitations 3) Ransomware Group Using GDPR as a Bluff (GDPR Gambit) 4) Others Sep_Threat Trend Report on Ransomware Statistics and Major Issues |
Ransomware Threat Prediction | ★★★ | |
|
2023-11-13 01:41:52 | 2023 Sep & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky 2023 Sep – Threat Trend Report on Kimsuky Group (lien direct) |
Les activités de Kimsuky Group & # 8217; en septembre 2023 ont montré une augmentation notable du type RandomQuery, tandis que, tandis que, tandis que, tandis queLes activités d'autres types étaient relativement faibles ou inexistantes.& # 160;SEP_TRÉTERAT TREND RAPPORT SUR KIMSUKY GROUP
The Kimsuky group’s activities in September 2023 showed a notable surge in the RandomQuery type, while the activities of other types were relatively low or non-existent. Sep_Threat Trend Report on Kimsuky Group |
Threat Prediction | ★★★ | |
|
2023-11-13 01:41:34 | 2023 Sep & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Sep – Deep Web and Dark Web Threat Trend Report (lien direct) |
Ce rapport de tendance sur le Web Deep et le Web Dark de septembre 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.Ransomware & # 8211;Akira & # 8211;Alphv (Blackcat) & # 8211;Lockbit & # 8211;Forum Ransomedvc & # 38;Marché noir & # 8211;Violation de données affectant 7 millions d'utilisateurs & # 8211;Les informations personnelles des policiers ont divulgué l'acteur de menace & # 8211;Poursuite des individus associés au ...
This trend report on the deep web and dark web of September 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – Akira – ALPHV (BlackCat) – LockBit – RansomedVC Forum & Black Market – Data Breach Affecting 7 Million Users – Personal Information of Police Officers Leaked Threat Actor – Prosecution of Individuals Associated with the... |
Ransomware Data Breach Threat Prediction | ★★★ | |
 |
2023-11-12 22:55:15 | Sécuriser vos applications Web et vos API avec Veracode Dast Essentials Securing Your Web Applications and APIs with Veracode DAST Essentials (lien direct) |
Les applications Web sont l'un des vecteurs les plus courants pour les violations, représentant plus de 40% des violations selon le rapport de violation de données de Verizon \'s 2022.S'assurer que vos applications Web sont suffisamment protégées et continuent d'être surveillées une fois qu'elles sont en production est essentielle à la sécurité de vos clients et de votre organisation.
Rester en avance sur la menace
Les attaquants recherchent constamment de nouvelles façons d'exploiter les vulnérabilités et de violer les applications Web, ce qui signifie que à mesure que leurs méthodes mûrissent et deviennent plus agressives, même les applications les plus développées peuvent devenir vulnérables.Les organisations qui effectuent uniquement des tests de pénétration annuelle sur leurs applications Web peuvent se laisser ouvertes à une violation qui pourrait être facilement empêchée par une analyse de production régulière.
La sécurité des applications décrit une collection de processus et d'outils axés sur l'identification, la correction et la prévention des vulnérabilités au niveau des applications tout au long du développement logiciel…
Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon\'s 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization. Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their methods mature and they become more aggressive, even the most securely developed applications can become vulnerable. Organizations that only perform annual penetration tests on their web applications may be leaving themselves open to a breach that could be easily prevented with regular production scanning. Application security outlines a collection of processes and tools focused on identifying, remediating, and preventing application-level vulnerabilities throughout the entire software development… |
Data Breach Tool Vulnerability Threat | ★★ | |
|
2023-11-12 09:54:38 | Onapsis a dévoilé la plate-forme onapsis Onapsis unveiled the Onapsis Platform (lien direct) |
Onapsis dévoile de nouvelles améliorations à son conseiller en sécurité axé sur l'IA et à une plate-forme plus large, faisant progresser une plus grande visibilité SAP et une gestion de la surface d'attaque
Les nouvelles fonctionnalités offrent une approche améliorée pour aborder le paysage des menaces SAP en expansion, soutenue par des données propriétaires de centaines de clients SAP et 14 ans de meilleures pratiques de sécurité et de recherche sur les menaces
-
revues de produits
Onapsis Unveils New Enhancements to Its AI-Driven Security Advisor and Broader Platform, Advancing Greater SAP Visibility and Attack Surface Management New features offer an enhanced approach for addressing the expanding SAP threat landscape, backed by proprietary data from hundreds of SAP customers and 14 years of security best practices and threat research - Product Reviews |
Threat | ★★ | |
|
2023-11-11 19:03:00 | Microsoft met en garde contre les fausses portails d'évaluation des compétences ciblant les demandeurs d'emploi Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (lien direct) |
Un sous-cluster au sein du tristement célèbre groupe de Lazare a établi de nouvelles infrastructures qui imitent les portails d'évaluation des compétences dans le cadre de ses campagnes d'ingénierie sociale.
Microsoft a attribué l'activité à un acteur de menace qu'il appelle Sapphire Sleet, le décrivant comme un "changement dans les tactiques de l'acteur persistant \\\\".
Le saphir saphire, également appelé apt38, bluenoroff, cageychameleon et cryptocore, a un
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor\\\'s tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a |
Threat | APT 38 APT 38 | ★★★ |
 |
2023-11-10 19:10:55 | Malvertiser copie le site d'information PC pour livrer un infoster Malvertiser Copies PC News Site to Deliver Infostealer (lien direct) |
#### Description
Dans une nouvelle campagne, MalwareBytes a observé un acteur de menace copiant un portail d'information Windows légitime pour distribuer un installateur malveillant pour l'outil de processeur populaire CPU-Z.Cet incident fait partie d'une plus grande campagne de malvertising qui cible d'autres services publics comme Notepad ++, Citrix et VNC Viewer, comme le montre son infrastructure (noms de domaine) et les modèles de camouflage utilisés pour éviter la détection.MalwareBytes a informé Google des détails pertinents pour le retrait.
#### URL de référence (s)
1. https://www.malwarebytes.com/blog/thereat-intelligence/2023/11/malvertiste-copies-pc-news-site-to-deliver-infostealer
#### Date de publication
8 novembre 2023
#### Auteurs)
J & eacute; r & ocirc; moi segura
#### Description In a new campaign, Malwarebytes observed a threat actor copying a legitimate Windows news portal to distribute a malicious installer for the popular processor tool CPU-Z. This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection. Malwarebytes have informed Google with the relevant details for takedown. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer #### Publication Date November 8, 2023 #### Author(s) Jérôme Segura |
Tool Threat | ★★ | |
 |
2023-11-10 19:00:00 | Android Spyware livré via un site d'information infecté cible les haut-parleurs ourdou au Cachemire Android spyware delivered through infected news site targets Urdu speakers in Kashmir (lien direct) |
Les pirates ciblent des haut-parleurs en ourdou avec des logiciels espions livrés via un site d'information populaire infecté, selon un nouveau rapport.Des chercheurs de la société de cybersécurité ESET ont déclaré avoir découvert une marque de logiciels spymétriques Android appelés Kamran qui auraient été distribués grâce à une soi-disant attaque d'arrosage impliquant un site d'information compromis appelé Hunza News.Abreuvoir
Hackers are targeting Urdu speakers with spyware delivered through an infected popular news site, according to a new report. Researchers from cybersecurity firm ESET said they discovered a brand of Android spyware called Kamran that is allegedly being distributed through a so-called watering hole attack involving a compromised news website called Hunza News. Watering hole |
Threat Mobile | ★★ | |
|
2023-11-10 18:18:00 | Chatgpt: OpenAI attribue des pannes régulières aux attaques DDOS ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks (lien direct) |
Chatgpt et les API associés ont été affectés par des pannes régulières, citant les attaques DDOS comme raison - le groupe anonyme du Soudan a revendiqué la responsabilité.
ChatGPT and the associated APIs have been affected by regular outages, citing DDoS attacks as the reason - the Anonymous Sudan group claimed responsibility. |
Threat | ChatGPT | ★★ |
|
2023-11-10 16:20:18 | La société d'espionnage israélienne NSO exige une réunion «urgente» avec Blinken au milieu de l'effort de lobbying de la guerre de Gaza Israeli Spyware Firm NSO Demands “Urgent” Meeting With Blinken Amid Gaza War Lobbying Effort (lien direct) |
> NSO a poussé à être retiré d'une liste noire américaine depuis 2021. Maintenant, citant la menace du Hamas, il essaie de s'y détendre aux Américains.
>NSO has pushed to be taken off a U.S. blacklist since 2021. Now, citing the threat of Hamas, it\'s trying to cozy up to the Americans. |
Threat | ★★★ | |
|
2023-11-10 14:30:00 | La nouvelle règle 80/20 pour SECOPS: Personnaliser là où elle est importante, automatiser le reste The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (lien direct) |
Il existe une quête apparemment sans fin pour trouver les bons outils de sécurité qui offrent les bonnes capacités pour votre organisation.
Les équipes SOC ont tendance à passer environ un tiers de leur journée à des événements qui ne constituent pas une menace pour leur organisation, ce qui a accéléré l'adoption de solutions automatisées pour remplacer (ou augmenter) des siems inefficaces et encombrants.
Avec environ 80% de
There is a seemingly never-ending quest to find the right security tools that offer the right capabilities for your organization. SOC teams tend to spend about a third of their day on events that don\'t pose any threat to their organization, and this has accelerated the adoption of automated solutions to take the place of (or augment) inefficient and cumbersome SIEMs. With an estimated 80% of |
Tool Threat | ★★ | |
|
2023-11-10 13:00:34 | Gestion de la posture de données en action: Rencontrez le nouveau point de contrôle CloudGuard Data Posture Management in Action: Meet the New Check Point CloudGuard (lien direct) |
> Traditionnellement, la sécurisation des données sensibles commence par la numérisation de votre environnement et la classification des données, vous permettant de déterminer où réside les informations sensibles.Ce processus d'audit inculque la confiance en vous permettant d'établir des politiques pour prévenir les violations de données.Cependant, il est crucial de noter que les données sensibles ne sont pas le seul facteur de risque.La sécurité de votre stockage de données cloud joue un rôle central;S'il reste exempt de vulnérabilités et de erreurs de configuration, la probabilité d'une violation diminue considérablement.51% des organisations considèrent l'exfiltration des données comme une menace de cloud.Au contraire, lorsque vous rencontrez un actif de données cloud vulnérable [& # 8230;]
>Traditionally, securing sensitive data begins with scanning your environment and classifying the data, allowing you to pinpoint where sensitive information resides. This audit process instills confidence by enabling you to establish policies to prevent data breaches. However, it is crucial to note that sensitive data is not the sole risk factor. The security of your cloud data storage plays a pivotal role; if it remains free from vulnerabilities and misconfigurations, the likelihood of a breach decreases significantly. 51% of organizations consider data exfiltration to be a top cloud threat. On the contrary, when you encounter a vulnerable cloud data asset […] |
Vulnerability Threat Cloud | ★★ | |
|
2023-11-10 12:41:00 | Cyber Group de chaton impérial lié à l'Iran ciblant les secteurs technologiques du Moyen-Orient \\ Iran-Linked Imperial Kitten Cyber Group Targeting Middle East\\'s Tech Sectors (lien direct) |
Un groupe avec des liens avec l'Iran a ciblé les secteurs du transport, de la logistique et de la technologie au Moyen-Orient, y compris Israël, en octobre 2023 au milieu d'une vague de cyber-activité iranienne depuis l'apparition de la guerre d'Israël-Hamas.
Les attaques ont été attribuées par Crowdsstrike à un acteur de menace qu'il suit sous le nom d'Imperial Kitten, et qui est également connu sous le nom de Crimson Sandstorm (auparavant Curium),
A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name Imperial Kitten, and which is also known as Crimson Sandstorm (previously Curium), |
Threat | ★★★ | |
|
2023-11-10 11:21:23 | Maine Govt informe 1,3 million de personnes de violation de données Moveit Maine govt notifies 1.3 million people of MOVEit data breach (lien direct) |
L'État du Maine a annoncé que ses systèmes avaient été violés après que les acteurs de la menace ont exploité une vulnérabilité dans l'outil de transfert de fichiers Moveit et accédé à des informations personnelles d'environ 1,3 million, ce qui est proche de la population totale de l'État.[...]
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state\'s entire population. [...] |
Data Breach Vulnerability Threat | ★★ | |
 |
2023-11-10 11:00:00 | Ne vérifiez pas!& # 8211;Activité d'écrémage de la carte de crédit observée Don\\'t check out! – Credit card skimming activity observed (lien direct) |
Our friends at BlackBerry recently released an in-depth blog post on a campaign by threat actors targeting online payment businesses that discusses what happens from initial compromise to the skimmer scripts themselves. You can read their blog here. This blog is focused on what we found across the AT&T Cybersecurity customer base as we looked for the indicators of compromise (IOCs) identified in the BlackBerry blog and on the quick-follow up analysis we performed and provided to our customers.
As a part of the AT&T Managed Threat Detection and Response (MTDR) threat hunter team, we have the unique opportunity to perform threat hunting across our fleet of customers in a very fast and efficient manner. Leveraging the logs across hundreds of data sources, we can come up with our own hunt hypotheses and develop extremely complex searches to find potential prior incidents and compromises.
We can also work with the AT&T Alien Labs team to turn that search syntax into a correlation rule. The Alien Labs team uses this backend data that we gather to create thousands of rules and signatures within the USM Anywhere platform. Threat hunters can also search for specific known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) as we ingest and process cyber threat intelligence from both open sources (i.e., publicly available data) and closed sources (i.e., government or private data that is not publicly available).
When we looked for the TTPs that the attackers were using to deploy the credit card skimming scripts, our searches yielded no results, but when we searched for IOCs related to where the credit card data was exfiltrated during this campaign, we observed one domain come up across a few customers. Armed with key information such as time frames and which customers and users were impacted, we could now go deeper into USM Anywhere to investigate.
Figure 1 – Web request for credit card skimming exfiltration domain
Figure 1 shows that the request for the credit card skimming site referred from another website for a well-known food company with an online purchasing option. We observed this to be the case for all the other customers too, with the food site being either the direct referer or being the HTTP request right before the connection to the cdn[.]nightboxcdn[.]com site. One of the other observed impacted customers had a user’s credit information skimmed from a different compromised site (see Figure 2).
Figure 2 – Traffic going to shopping site (redacted) followed by traffic to the skim exfiltration and then a legitimate payment site
We can see that the user is on an online shopping site (redacted) followed by traffic to the exfiltration domain as well as to a legitimate payment portal service. We can conclude from the traffic flow that the user went to checkout and that after they input their payment details, this information went to both the exfiltration site and the legitimate payment service, ProPay.
By using the website scanning tool urlscan.io and by looking at a scan of the shopping site from May 23, 2023, we could see the skimming script appended to the jquery.hoverIntent.js file (legitimate script ends after });).
Figure 3 – Skimming script appended to legitimate script |
Tool Threat | ★★ | |
 |
2023-11-10 10:30:00 | Intelligence cyber-menace: se mettre sur le pied avant contre les adversaires Cyber threat intelligence: Getting on the front foot against adversaries (lien direct) |
En collectant, en analysant et en contextualiser les informations sur les cyber-threats possibles, y compris les plus avancées, la menace de renseignement offre une méthode critique pour identifier, évaluer et atténuer les cyber-risques
By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk |
Threat | ★★ | |
|
2023-11-10 08:39:45 | Yeswehack a dévoilé une gestion de la surface d'attaque (ASM) YesWeHack has unveiled an Attack Surface Management (ASM) (lien direct) |
Yeswehack lance un produit de gestion de l'exposition à la menace continue qui unifie les tests de sécurité offensive
-
revues de produits
YESWEHACK LAUNCHES CONTINUOUS THREAT EXPOSURE MANAGEMENT PRODUCT THAT UNIFIES OFFENSIVE SECURITY TESTING - Product Reviews |
Threat | ★★ | |
|
2023-11-10 08:04:20 | 2023 Prédictions de l'escroquerie de vacances, si ce que vous devez savoir 2023 Holiday Scam Predictions-Here\\'s What You Should Know (lien direct) |
\'Tis the season for cyberscams. As the holiday season nears, adversaries will try to take advantage of people\'s generosity and holiday spirit. That\'s why it\'s critical to be alert. While it\'s still early to detect and analyze seasonal trends, we anticipate to see several new and emerging techniques in attackers\' creativity and lures, along with tried-and-true tactics from previous holiday seasons. From generative AI that helps telephone-oriented attack delivery (TOAD) to multifactor authentication (MFA) bypass that leans on shipping alerts, here\'s a look at five holiday scam predictions. These are the tricks and trends that you might see evolve in this year\'s winter threat landscape. 1: Generative AI will make threat detection trickier What\'s blown up since last holiday season? A little thing called generative AI. This emerging technology might change the game of crafting emails that include those too-good-to-be-true offers. Phony shipping emails are always favorites for attackers, and they always become more frequent during the holidays. Nobody wants a problem with merchandise they\'ve ordered or packages they\'ve shipped. Last year, many holiday season shipping phishing attempts featured standard red flags, like grammatical errors and non-native language structure. These are easily detectable at a quick glance. But this year, we expect to see many attackers using generative AI to write their emails and texts, potentially reducing easy detection. So go a level deeper when you\'re trying to determine whether a holiday season shipping email is a scam. Take a closer look these emails and ask these questions: Is the message generic or personalized? Are you being asked for unnecessary sensitive information? Does the sender display name match the email address? (This is a safety checklist item that people learn in security awareness training.) Are you being asked to pay a fee to receive a package? (Note: In this case, it\'s best to refuse the delivery until you can confirm the shipment is legitimate.) 2: TOAD scams might get an AI boost TOAD has become part of the threat toolkit, as attackers push victims to take unsafe actions over the phone. Writing with generative AI could increase the believability of TOAD attacks that use a holiday playbook. Need to stop an expensive gift purchase on your credit card or accept a heavily discounted travel offer? Then, contact this (fake) call center! If an AI-generated email successfully imitates a legitimate company, it\'s more likely that the victim will dial the phone number they\'re directed to. Generative AI could also provide opportunities to expand holiday scams globally. For instance, every Christmas and New Year, we see English-language vacation scams that target a Western audience. But there is also a huge volume of travel and celebration for Lunar New Year in China, South Korea, Vietnam and Hong Kong. If attackers previously lacked cultural knowledge or language skills to target these populations, they might now use freely available AI tools to quickly research what experiences might feel meaningful and create holiday lures that are localized and enticing. Luckily, generative AI is unlikely to improve interaction with the fraudulent call center. If you call the TOAD number, red flags should still be detectable. For instance, be wary if the “operator” is: Clearly following a script. Pressuring you to take an action. Speaking in a regional accent that your security awareness training has taught you is where call center fraud often originates. 3: MFA bypass could surface more often MFA bypass surged in popularity last year, and we continue to see an increase in the number of lures that use this technique. The attacker steals account credentials in real time by intercepting the MFA short code when the victim types it into an account login page that is fake or compromised. Since MFA bypass is an ongoing threat trend, we expect to see the techniques applied this year to holiday- | Tool Threat Prediction | FedEx | ★★★ |
|
2023-11-10 07:55:46 | New Gartner & Reg;Rapport BEC: les recommandations sont entièrement prises en charge par Proofpoint New Gartner® BEC Report: Recommendations Are Fully Supported by Proofpoint (lien direct) |
Business email compromise (BEC) is costly. The latest Internet Crime Report from the FBI\'s Internet Crime Complaint Center notes that businesses lost more than $2.7 billion due to these scams in 2022. Another staggering statistic that is less reported: BEC losses were almost 80 times that of ransomware last year. The rate of BEC attacks and the average loss per incident are likely to keep climbing, which makes BEC an ongoing concern for businesses. A recent report by Gartner, How to Protect Organizations Against Business Email Compromise Phishing, offers companies several recommendations to help them reduce the risk of these attacks and minimize potential losses. Below, we share five top takeaways and key findings from this 2023 report. We also explain how Proofpoint can help protect your business against BEC attacks by linking what we do to Gartner\'s recommendations. 1. To combat BEC, businesses need to invest in email security rather than relying on endpoint protection Not all BEC scams contain a malicious payload like malware or malicious links. That\'s why endpoint protection and endpoint detection and response platforms are not effective defenses for these types of attacks. Gartner recommends: If you\'re a security and risk management leader who is responsible for infrastructure security, you can maximize your protection against BEC by seeking out and implementing artificial intelligence (AI)-based secure email gateway solutions. Look for solutions that offer: Advanced BEC phishing protection Behavioral analysis Impostor detection Internal email protection Proofpoint protects: Proofpoint believes that Gartner report\'s recommendation stems from the understanding that stopping BEC attacks before they reach a recipient\'s inbox is the best method to minimize risks. This strategy is at the heart of the Proofpoint Aegis threat protection platform. Proofpoint has used machine learning (ML) for more than two decades to detect email threats. We create the highest levels of BEC detection efficacy through our combination of AI/ML-driven behavioral analysis and rich threat intelligence. 2. Supplement email security with additional controls to reduce the risk of ATO Account takeover fraud (ATO) is often a feature in BEC attacks. It occurs when an adversary gains control of a legitimate account. To reduce the risk of ATO, businesses need to be able to recognize whether an email is from a genuine sender. Gartner recommends: Businesses should supplement their existing email security solutions with additional controls to further reduce the risk of BEC attacks like ATO and domain abuse. Proofpoint protects: To protect against account takeover, you need to identify accounts that might be compromised and automate remediation. If you rely solely on behavioral analytics to detect these accounts, you could end up with a high volume of false alerts. Proofpoint combines behavioral analysis with our rich threat intelligence to detect both compromised employee accounts and compromised third-party accounts. How Proofpoint helps when ATO occurs If an internal account has been compromised, a password reset isn\'t enough. Attackers in your environment can still manipulate third-party apps and gain persistent access to the account to wage attacks at will. Proofpoint TAP Account Takeover (TAP ATO) provides insights into what types of threats are targeting your users\' email accounts. And it provides you with the tools you need to take corrective action to protect a compromised account. TAP ATO correlates threat intelligence with artificial intelligence, ML and behavioral analytics to find malicious events across the email attack chain. It helps you see who is being attacked and how, and it provides automated remediation. How Proofpoint helps when supplier accounts are compromised Proofpoint Supplier Threat Protection gives you insight into which third-party and supplier accounts may be compromised. We combine AI/ML-driven behavioral analysis with threat in | Ransomware Malware Tool Threat | ★★ | |
|
2023-11-09 23:15:00 | \\ 'BLAZESTEALER \\' Python Malware permet une prise de contrôle complète des machines des développeurs \\'BlazeStealer\\' Python Malware Allows Complete Takeover of Developer Machines (lien direct) |
Les chercheurs de CheckMarx avertissent que BlazesEaler peut exfiltrer des informations, voler des mots de passe, désactiver les PC et reprendre les webcams.
Checkmarx researchers warn that BlazeStealer can exfiltrate information, steal passwords, disable PCs, and take over webcams. |
Malware Threat | ★★ | |
|
2023-11-09 22:24:00 | Alerte zéro-jour: Lace Tempest exploite Sysaid It Support Software Vulnérabilité Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability (lien direct) |
L'acteur de menace connu sous le nom de Lace Tempest a été lié à l'exploitation d'un défaut zéro-jour dans le logiciel de support informatique SYSAID dans des attaques limitées, selon de nouvelles conclusions de Microsoft.
Lace Tempest, connu pour la distribution du ransomware CL0P, a dans les défauts zéro-jour à effet de levier dans les serveurs de transfert Moveit et Papercut.
Le problème, suivi comme CVE-2023-47246, concerne une traversée de chemin
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-09 19:59:50 | Les adversaires exploitent la vulnérabilité de la confluence au déploiement des ransomwares Adversaries Exploit Confluence Vulnerability to Deploy Ransomware (lien direct) |
#### Description
Red Canary a détecté l'exploitation apparente de la confluence Atlassian CVE-2023-22518 dans une tentative de campagne de ransomware de cercle.
CVE-2023-22518 est une vulnérabilité d'autorisation inappropriée au sein du centre de données Confluence et du serveur Confluence qui permet aux utilisateurs non authentifiés d'effectuer une «restauration à partir de la sauvegarde» en soumettant leur propre fichier .zip arbitraire.Les adversaires peuvent exploiter la vulnérabilité pour détruire les instances de confluence, entraînant une perte de données.Alternativement, les adversaires peuvent également soumettre un fichier .zip contenant un shell Web pour réaliser l'exécution de code distant (RCE) sur des serveurs de confluence vulnérables et sur site.
#### URL de référence (s)
1. https://redcanary.com/blog/confluence-exploit-ransomware/
#### Date de publication
6 novembre 2023
#### Auteurs)
L'équipe Red Canary
#### Description Red Canary has detected apparent exploitation of Atlassian Confluence CVE-2023-22518 in an attempted Cerber ransomware campaign. CVE-2023-22518 is an improper authorization vulnerability within Confluence Data Center and Confluence Server that allows unauthenticated users to perform a “restore from backup” by submitting their own arbitrary .zip file. Adversaries can exploit the vulnerability to destroy Confluence instances, leading to data loss. Alternatively, adversaries may also submit a .zip file containing a web shell to achieve remote code execution (RCE) on vulnerable, on-premise Confluence servers. #### Reference URL(s) 1. https://redcanary.com/blog/confluence-exploit-ransomware/ #### Publication Date November 6, 2023 #### Author(s) The Red Canary Team |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-09 18:56:00 | La nouvelle campagne de malvertising utilise un faux portail d'information Windows pour distribuer des installateurs malveillants New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers (lien direct) |
Il a été constaté qu'une nouvelle campagne de malvertising utilise de faux sites qui se faisaient passer pour un portail d'information Windows légitime pour propager un installateur malveillant pour un outil de profilage système populaire appelé CPU-Z.
"Cet incident fait partie d'une plus grande campagne de malvertising qui cible d'autres services publics comme Notepad ++, Citrix et VNC Viewer comme le montre son infrastructure (noms de domaine) et les modèles de camouflage utilisés
A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used |
Tool Threat | ★★ | |
|
2023-11-09 18:00:00 | Les pirates de chaton charmant iranien ont ciblé les organisations israéliennes en octobre Iranian Charming Kitten hackers targeted Israeli organizations in October (lien direct) |
Un groupe de piratage iranien a ciblé les organisations dans les secteurs du transport, de la logistique et de la technologie d'Israël le mois dernier au milieu d'une augmentation de la cyber-activité iranienne depuis le début de la guerre d'Israël avec le Hamas.Des chercheurs de la société de cybersécurité Crowdstrike \'s Counter Adversary Operations ont attribué l'activité à Charming Kitten, un Group iranien avancé de menace persistante (APT) , dans un [rapport
An Iranian hacking group targeted organizations in Israel\'s transportation, logistics and technology sectors last month amid an uptick in Iranian cyber activity since the start of Israel\'s war with Hamas. Researchers at the cybersecurity company CrowdStrike\'s Counter Adversary Operations attributed the activity to Charming Kitten, an Iranian advanced persistent threat (APT) group, in a [report |
Threat | APT 35 | ★★ |
|
2023-11-09 15:50:00 | Les hacktivistes mondiaux prennent parti sur Gaza, avec peu de choses à montrer pour cela Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It (lien direct) |
Les guerriers de clavier prétendent contribuer à la guerre de Gaza avec des attaques OT.Vous devriez être sceptique.
Keyboard warriors are claiming to contribute to the Gaza war with OT attacks. You should be skeptical. |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
