What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-08-02 06:00:00 | Utilisez l'apprentissage ciblé pour réduire exponentiellement vos risques de cybersécurité Use Targeted Learning to Exponentially Reduce Your Cybersecurity Risks (lien direct) |
The days of a one-size fits all security awareness program are over. The State of the Phish report from Proofpoint notes that over 98% of businesses have a security awareness program. Yet a staggering 68% of users say they take risky actions despite knowing the risks. These statistics underscore the frustrations that we hear from prospective clients every day. They tell us that while they run a continuous educational program, they struggle to achieve the desired behavior improvements among their users. Some of the key challenges they face are: Not knowing who represents the greatest risk to the organization Not knowing what policies, threats and vulnerabilities to educate users about at any given moment Not being able to keep a program agile without exhausting resources, constantly updating user groups or continually tailoring curriculums These issues highlight the critical need to go beyond traditional security awareness and think holistically to build a human risk management program. A good place to start is focusing on highly targeted user groups. It\'s these users who are often the ones responsible for most of the security issues within a business. When you can tailor education to the specific needs of these users, you can mitigate individual vulnerabilities. You can also fortify your entire defense against potential attacks. A new workflow from Proofpoint focuses on these users to produce exponentially positive results in helping you reduce overall risk. In this blog, we\'ll explore why focusing on human risk management is so important. And we\'ll explain how Proofpoint can help you do just that. What is human risk management? Human risk management builds on existing security best practices to automate cyberattack prevention and response. What makes it different is that it places people at the center. Fundamental to a human risk management solution is an ability to ingest user event and identity activity across multiple security tools within a given environment. The solution will track: Attack risk. The likelihood a user will be attacked Vulnerability risk. The likelihood that the attack may be successful Privilege risk. The damage that a successful attack may cause the organization Then it quantifies an overall risk score for each individual. With this insight, companies and their security teams can: Gain visibility into which individuals or groups are prime targets and prioritize strategies to best protect them Intervene with technical controls to immediately prevent a risky action or provide contextual nudges that advise users about their risks and how to avoid them Automatically enroll risky users into tailored education curriculums, which empowers them to protect themselves and the company against future cyberattacks Easily track improvements in user behaviors and foster a positive security culture These are the issues that the new Adaptive Threat and User-Risk Response Workflow within Proofpoint Security Awareness is designed to address. In short, this new workflow lets you take advantage of everything that is great about Proofpoint. Our Adaptive Threat and User-Risk Response Workflow The new workflow integrates three core capabilities. It enables you to: Dynamically create and manage user groups based on the user risk profiles and groups derived from Proofpoint Nexus People Risk Explorer (NPRE) and Proofpoint Targeted Attack Protection (TAP) using Adaptive Groups Create a threat-driven educational curriculum based on the defined Threat Families tracked by our own Threat Research and reported via TAP Build an Adaptive Assignment to auto-enroll new users into the curriculum whenever a new user qualifies for the previously created Adaptive Group This adaptive learning approach prioritizes education for highly targeted groups. It helps to drive maximum user engagement, too, by enabling administrators to tailor | Tool Vulnerability Threat Cloud Technical | ||
 |
2024-07-31 23:02:08 | Pharma giant Cencora says personal health data leaked during February cyber incident (lien direct) | Pas de details / No more details | |||
 |
2024-07-31 23:00:00 | Australian Companies Will Soon Need to Report Ransom Payments (lien direct) | Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US. | |||
 |
2024-07-31 23:00:00 | EPISODE 39: Throwback Thursday! I\'m Only H.U.M.A.N(S): Hacking the Human OS to Master Cybersecurity Compliance (lien direct) | Welcome to Compromising Positions! The award-winning tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we're heading back into the vaults to bring you the unabridged version of our fantastic and extremely popular interview with Christian Hunt, the founder of Human Risk. He's a Behavioural Science expert and author of the award-winning book 'Humanizing Rules'.Key Takeaways:The Importance of Designing Things for how People Actually Behave (as opposed to how we would like them to behave!)Are Phishing Simulations Still Fit for Purpose? The ethics of phishing simulations and how to measure the success of cybersecurity awareness trainingF*ck Your Rules! We go into how people really feel about rules they don't respect and how you can stop them from rebelling against your cybersecurity controls! Stop Treating Everyone Like A Master Criminal! Why a one-size-fits-all approach to suspicion will be causing more harm than good for your cybersecurity postureI'm Only H.U.M.A.N(S) - Christian shares his H.U.M.A.N.S framework to use in your organisation today! Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don't forget to ask yourself, 'Am I the compromising position here?' Keywords: cybersecurity, phishing, behavioural science, rules, compliance, h.u.m.a.n.s frameworkShow NotesChristian's Book (highly recommended) - Humanizing Rules About Christian HuntChristian is the founder of Human Risk, a Behavioural Science (BeSci) led Consulting and Training Firm specialising in Ethics & Compliance and the author of a book, 'Humanizing Rules'. He was formerly Managing Director, Head of Behavioural Science at UBS. Christian joined the Firm in Compliance & Operational Risk Control, leading the function globally for UBS Asset Management. Before joining UBS, he was COO of the UK Prudential Regulation Authority, a subsidiary of the Bank of England responsible for regulating financial services.LINKS FOR Christian HuntChristian's WebsiteChristian's PodcastChristian's LinkedIn | |||
|
2024-07-31 21:21:59 | Les Nord-Coréens ciblent les développeurs du monde entier avec des logiciels espions, des offres d'emploi North Koreans Target Devs Worldwide With Spyware, Job Offers (lien direct) |
Dev # Popper est de retour, cherche à livrer un infostecteur complet et mis à jour pour coder les demandeurs d'emploi par le biais d'un gambit de génie social avisé.
DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit. |
|||
 |
2024-07-31 21:17:43 | (Déjà vu) «Echospoofing» - une campagne de phishing massive exploitant la protection par e-mail de Proofpoint \\ pour envoyer des millions de courriels parfaitement usurpés “EchoSpoofing” - A Massive Phishing Campaign Exploiting Proofpoint\\'s Email Protection to Dispatch Millions of Perfectly Spoofed Emails (lien direct) |
## Snapshot In a coordinated report, Guardio Labs and Proofpoint detailed spam campaigns, which exploited weak permissions in Proofpoint\'s email protection service to send millions of spoofed emails impersonating major entities like Disney, Nike, IBM, and Coca-Cola to Fortune 100 companies. ## Description The campaign, which began in January 2024, involved an average of 3 million spoofed emails per day, peaking at 14 million emails in early June. Threat actors utilized their own SMTP (Simple Mail Transfer Protocol) servers to create spoofed emails with manipulated headers and relayed them through compromised or rogue Microsoft Office 365 accounts via Proofpoint\'s relay servers. As of July 30th, Guardio Labs reported that a number of the Microsoft accounts have been removed. The attackers leveraged Virtual Private Servers (VPS) hosted by OVHCloud and Centrilogic, as well as various domains registered through Namecheap to conduct the campaign. Proofpoint assesses that this activity was likely conducted by one actor, who is currently unknown. The phishing emails were designed to steal sensitive personal information and incur unauthorized charges, and they passed SPF and DKIM checks, allowing them to bypass spam filters and reach recipients\' inboxes. Proofpoint, after being notified by Guardio Labs, tightened security measures and provided new settings and advice to mitigate these attacks. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender for Endpoint. - Enable [network protection](https://learn.microsoft.com/en-us/defender-endpoint/enable-network-protection) in Microsoft Defender for Endpoint. - Follow the credential hardening recommendations in the [on-premises credential theft overview](https://security.microsoft.com/threatanalytics3/9382203e-5155-4b5e-af74-21562b1004d5/analystreport) to defend against common credential theft techniques like LSASS access. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#block-credential-stealing-from-the-windows-local-security-authority-subsystem) LSA protection. - Microsoft Defender XDR customers can turn on the following [attack surface reduction rule](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction) to prevent common attack techniques used for ransomware. - - [Block](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#block-executable-content-from-email-client-and-webmai | Ransomware Spam Tool Threat | ||
|
2024-07-31 21:03:41 | CISA, le FBI met en garde contre les attaques potentielles du DDOS lors des élections 2024 CISA, FBI warn of potential DDoS attacks on 2024 elections (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:30:20 | ESET révèle la dernière solution d'authentification native du cloud ESET Reveals Latest Cloud-Native Authentication Solution (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:25:25 | Protect AI acquiert des sydelabs pour l'équipe rouge de grande langue des modèles de langue Protect AI Acquires SydeLabs to Red Team Large Language Models (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:17:42 | Les imitations des dirigeants dirigés par l'IA émergent comme une menace importante pour les processus de paiement commercial AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes (lien direct) |
Pas de details / No more details | Threat | ||
|
2024-07-31 20:02:49 | (Déjà vu) Socgholish malware attaquant les utilisateurs de Windows à l'aide d'une fausse mise à jour du navigateur SocGholish Malware Attacking Windows Users Using Fake Browser Update (lien direct) |
## Snapshot GData Software analysts found that the [SocGholish](https://security.microsoft.com/intel-profiles/7e30959d011aa33939afaa2477fd0cd097cee346fa3b646446a6b1e55f0c007f) malware, favored by threat groups like Evil Corp (tracked by Microsoft as [Manatee Tempest](https://security.microsoft.com/intel-profiles/1b66d1619b5365957ba8c785bfd7936bfa9cf8b58ad9f55b7987f7f3b390f4fc)) and TA569 (tracked by Microsft as [Mustard Tempest](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9)), is actively targeting Windows users with fake browser updates. ## Description This complex JavaScript downloader uses drive-by download techniques to silently install malware on user machines. It has evolved to exploit vulnerable WordPress plugins using the Keitaro traffic distribution system, with its infrastructure traced to Russian-hosted servers. The malware employs advanced techniques such as user profiling, browser fingerprinting, and fake browser update pages as lures. Potential payloads associated with SocGholish include backdoors, information stealers, remote access Trojans, and ransomware. Recent infections indicate the use of PowerShell scripts for persistence on compromised systems, enhancing its adaptability and evasion capabilities. ## Microsoft Analysis Microsoft researchers have investigated multiple incidents involving fake software updates served by the SocGholish malware distribution framework. [SocGholish](https://security.microsoft.com/intel-profiles/7e30959d011aa33939afaa2477fd0cd097cee346fa3b646446a6b1e55f0c007f) is an attack framework that malicious attackers have used since at least 2020. The attacker framework entices users to install fake software updates that eventually let attackers infiltrate target organizations. SocGholish can be tweaked to deliver any payload an attacker chooses. Threat actors [Mustard Tempest](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9?tab=tradeCraft) and [Manatee Tempest](https://security.microsoft.com/intel-profiles/1b66d1619b5365957ba8c785bfd7936bfa9cf8b58ad9f55b7987f7f3b390f4fc) use SocGholish/FakeUpdates as their primary technique to gain intial access. ## Detections/Hunting Queries Microsoft Defender Antivirus detects threat components as the following malware: - [TrojanDownloader:JS/FakeUpdates](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:JS/FakeUpdates.J&threatId=-2147133367?ocid=magicti_ta_ency) - [Behavior:Win32/FakeUpdates](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/FakeUpdates.A&threatId=-2147140656?ocid=magicti_ta_ency) - [Trojan:JS/FakeUpdate](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/FakeUpdate.C) - [Behavior:Win32/Socgolsh](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Socgolsh.SB&threatId=-2147152249?ocid=magicti_ta_ency) - [TrojanDownloader:JS/SocGholish](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:JS/SocGholish!MSR&threatId=-2147135220?ocid=magicti_ta_ency) - [Trojan:JS/Socgolsh.A](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/Socgolsh.A) - [Behavior:Win32/Socgolsh.SB](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Socgolsh.SB) - [Trojan:Win32/Blister](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Blister.A&threatId=-2147152044?ocid=magicti_ta_ency) - [Trojan:Win64/Blister](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Blister.A&threatId=-2147153518?ocid=magicti_ta_ency) - [Behavior:Win32/SuspRclone](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Sus | Ransomware Malware Tool Threat | ||
 |
2024-07-31 20:02:24 | Cyber Bills on Federal Regs, Health Security and Workforce Clear Sénat Panel Cyber bills on federal regs, health security and workforce clear Senate panel (lien direct) |
> Les membres du comité ont voté 10-1 pour faire avancer les trois lois bipartisanes, ouvrant le terrain pour une considération complète du Sénat.
>Committee members voted 10-1 to advance all three bipartisan pieces of legislation, setting the stage for full Senate consideration. |
Legislation | ||
 |
2024-07-31 19:50:19 | Bitgo signe la Cybersecurity and Infrastructure Security Agency (CISA) BitGo Signs the Cybersecurity and Infrastructure Security Agency (CISA) (lien direct) |
Bitgo Signe l'engagement de la Cybersecurity and Infrastructure Security Agency (CISA) pour améliorer la résilience de la cybersécurité
En tant que première entreprise de crypto à signer, Bitgo, le leader de la sécurité des actifs numériques, encourage les participants à l'industrie à s'engager dans les meilleures pratiques promues par CISA.
-
nouvelles commerciales
BitGo Signs the Cybersecurity and Infrastructure Security Agency (CISA) Pledge to Enhance Cybersecurity Resilience As the first crypto firm to sign, BitGo, the leader in digital asset security, encourages industry participants to commit to the best practices promoted by CISA. - Business News |
|||
 |
2024-07-31 19:43:00 | Digicert pour révoquer plus de 83 000 certificats SSL en raison de la surveillance de la validation du domaine DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight (lien direct) |
Certificate Authority (CA) DiGinert a averti qu'elle révoquerait un sous-ensemble de certificats SSL / TLS dans les 24 heures en raison d'une surveillance de la façon dont il a vérifié si un certificat numérique est délivré au propriétaire légitime d'un domaine.
La société a déclaré qu'elle prendrait la mesure de révocation des certificats qui ne disposaient pas de validation appropriée de contrôle du domaine (DCV).
"Avant de délivrer un certificat à un
Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a |
|||
|
2024-07-31 19:42:21 | Norton dévoile Norton Ultra VPN (lien direct) | La nouvelle offre VPN de Norton assure un très haut niveau de protection Une offre VPN performante désormais disponible en trois formules tout-en-un, s'appuyant sur les solutions primées de Norton Cyber Safety - Produits | |||
|
2024-07-31 19:25:10 | Les expériences des utilisateurs sans friction face à la croissance des cyber-états: la biométrie comportementale pourrait-elle être la réponse? Frictionless user experiences in the face of growing cyberthreats: Could behavioral biometrics be the answer? (lien direct) |
Les expériences des utilisateurs sans frottement face à la croissance des cyber-états: la biométrie comportementale pourrait-elle être la réponse?
par Anthony Eaton, directeur de la technologie, IDEX Biometrics
-
opinion
/ /
affiche
Frictionless user experiences in the face of growing cyberthreats: Could behavioral biometrics be the answer? By Anthony Eaton, Chief Technology Officer, IDEX Biometrics - Opinion / affiche |
|||
 |
2024-07-31 19:22:21 | Evil certifié: enquêter sur les binaires malveillants signés Certified evil: Investigating signed malicious binaries (lien direct) |
Les adversaires signent souvent des binaires malveillants pour créer une façade de validité, mais un binaire signé n'est pas nécessairement sûr
Adversaries often sign malicious binaries to create a facade of validity, but a signed binary isn\'t necessarily a safe one |
|||
|
2024-07-31 19:17:20 | Siri Bug permet le vol de données sur les appareils Apple verrouillés Siri Bug Enables Data Theft on Locked Apple Devices (lien direct) |
Les acteurs malveillants pourraient potentiellement exploiter cette vulnérabilité si elles ont un accès physique à un appareil utilisateur.
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user\'s device. |
Vulnerability Threat | ||
|
2024-07-31 19:11:50 | Microsoft: Azure DDOS Attaque amplifiée par erreur de cyber-défense Microsoft: Azure DDoS Attack Amplified by Cyber Defense Error (lien direct) |
La cyberattaque soutenue, probablement aggravée par un SNAFU d'atténuation, a perturbé plusieurs services cloud Azure pendant près de huit heures le 30 juillet.
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. |
Cloud | ||
|
2024-07-31 19:03:02 | Les voitures intelligentes partagent les données du conducteur, ce qui invite les appels à un examen fédéral Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny (lien direct) |
Deux sénateurs américains accusent les constructeurs automobiles de langage trompeur et de pratiques astucieuses dans le partage et la revente des données du conducteur.
Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data. |
|||
|
2024-07-31 19:00:02 | Stackhawk a annoncé une découverte d'API alimentée par Hawkai StackHawk announced API Discovery Powered by HawkAI (lien direct) |
Stackhawk améliore la découverte de l'API avec Hawkai pour révolutionner les tests de sécurité pour les applications modernes
La découverte d'API nouvellement introduite alimentée par Hawkai offre une visibilité complète pour rester en avance sur le développement des logiciels tout en prenant le contrôle total de votre surface d'attaque.
-
revues de produits
StackHawk Enhances API Discovery With HawkAI to Revolutionize Security Testing for Modern Applications Newly introduced API Discovery powered by HawkAI offers comprehensive visibility to stay ahead of software development while taking full control of your attack surface. - Product Reviews |
|||
|
2024-07-31 18:38:00 | Les logiciels malveillants liés à la Corée du Nord ciblent les développeurs sur Windows, Linux et MacOS North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS (lien direct) |
Les acteurs de la menace derrière une campagne de logiciels malveillants en cours ciblant les développeurs de logiciels ont démontré de nouveaux logiciels malveillants et tactiques, élargissant leur objectif pour inclure les systèmes Windows, Linux et MacOS.
Le groupe d'activités, surnommé Dev # Popper et lié à la Corée du Nord, s'est avéré avoir distingué les victimes en Corée du Sud, en Amérique du Nord, en Europe et au Moyen-Orient.
"Cette forme d'attaque est un
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an |
Malware Threat | ||
|
2024-07-31 18:17:54 | (Déjà vu) Donot APT GROUP ciblant le Pakistan Donot APT Group Targeting Pakistan (lien direct) |
#### Targeted Geolocations - United States - Eastern Europe - Northern Europe - Western Europe - Southern Europe - Central Asia - East Asia - South Asia - Southeast Asia #### Targeted Industries - Government Agencies & Services - Information Technology - Defense Industrial Base ## Snapshot Rewterz published a profile on APT-C-35, also known as the Donot APT group, a cyber espionage group active since at least 2013. ## Description The Donot APT group is known to target government and military organizations, as well as companies in the aerospace, defense, and high-tech industries. Their activities have been observed in several regions, including the United States, Europe, and Asia. The Donot group\'s motivations are information theft and espionage. The group is known for targeting Pakistani users with Android malware named StealJob, disguised under the name “Kashmiri Voice” to steal confidential information and intellectual property. In July 2022, they used Comodo\'s certificate to sign their spyware, demonstrating their high level of technical skill. The Donot APT group employs various tactics such as spear-phishing emails, malware, and custom-developed tools, often using third-party file-sharing websites for malware distribution. They are well-funded and use sophisticated techniques to evade detection, including encryption and file-less malware. ## Additional Analysis According to a number of additional sources, Donot group is likely [linked to the Indian government](https://socradar.io/apt-profile-apt-c-35-donot-team/). Initial access to victim environments is typically achieved through phishing campaigns and the group has been observed exploiting vulnerabilities in Microsoft Office, including [CVE-2018-0802](https://security.microsoft.com/intel-explorer/cves/CVE-2018-0802/), [CVE-2017-0199](https://security.microsoft.com/intel-explorer/cves/CVE-2017-0199/), and [CVE-2017-8570](https://security.microsoft.com/intel-explorer/cves/CVE-2017-8570/). Donot group is a persistent and consistent actor. [ESET researchers](https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/) note the group is known to repeatedly attacks the same target, even if they are removed fromt he victim environment. In some cases, the Donot group launched spearphishing campaigns against targets every two to four months. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender f | Ransomware Malware Tool Vulnerability Threat Mobile Industrial Technical | ||
|
2024-07-31 17:56:28 | La Russie légalise l'exploitation des crypto-monnaies alors que les sanctions mondiales servent les finances traditionnelles Russia legalizes cryptocurrency mining as global sanctions rattle traditional finances (lien direct) |
Pas de details / No more details | |||
 |
2024-07-31 17:52:40 | Microsoft dit que les groupes de ransomwares exploitent le défaut VMware ESXi nouvellement paralysé Microsoft Says Ransomware Groups Are Exploiting the Newly-Patched VMware ESXi Flaw (lien direct) |
La vulnérabilité CVE-2024-37085 est présente dans les hyperviseurs ESXi et peut être utilisée pour déployer des logiciels malveillants de données-exorsion.
The CVE-2024-37085 vulnerability is present in ESXi hypervisors and can be used to deploy data-extortion malware. |
Ransomware Malware Vulnerability | ||
 |
2024-07-31 17:31:00 | La première moitié de 2024 se traduit par plus d'un milliard de victimes de violation de données The First Half of 2024 Results in More Than 1 Billion Data Breach Victims (lien direct) |
|
Data Breach | ||
 |
2024-07-31 17:13:07 | L'attaque de ransomware frappe une banque de sang à un sang, perturbe les opérations médicales Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations (lien direct) |
> Oneblood, une banque de sang à but non lucratif desservant plus de 300 hôpitaux américains, a été frappée par une attaque de ransomware perturbatrice.
>OneBlood, a non-profit blood bank serving more than 300 U.S. hospitals, has been hit by a disruptive ransomware attack. |
Ransomware Medical | ||
 |
2024-07-31 17:07:08 | Global SMS Stealer ciblant les utilisateurs d'Android via des applications et des annonces malveillantes Global SMS Stealer Targeting Android Users via Malicious Apps and Ads (lien direct) |
Nouvelle alerte de voleur SMS!La campagne massive cible les utilisateurs d'Android dans le monde.La portée de cette campagne est stupéfiante & # 8230;
New SMS Stealer Alert! The massive campaign targets Android users globally. The scope of this campaign is staggering… |
Mobile | ||
|
2024-07-31 16:59:58 | Coût de la violation des données en 2024: 4,88 millions de dollars, indique la dernière étude IBM Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study (lien direct) |
> Le coût moyen d'une violation de données a atteint 4,88 millions de dollars, contre 4,45 millions de dollars en 2023, un pic de 10%.
>The average cost of a data breach jumped to $4.88 million from $4.45 million in 2023, a 10% spike. |
Data Breach Studies | ||
|
2024-07-31 16:49:35 | Équipe NetControl, Nozomi pour fournir des services de cybersécurité avancés pour les environnements IoT, IoT Netcontrol, Nozomi team to deliver advanced cybersecurity services for OT, IoT environments (lien direct) |
NetControl Group, un fournisseur de services de sécurité géré (MSSP) et Nozomi Networks Inc., un fournisseur d'OT et IoT ...
Netcontrol Group, a managed security service provider (MSSP), and Nozomi Networks Inc., a vendor of OT and IoT... |
Industrial | ||
|
2024-07-31 16:49:07 | Armexa fait ses débuts sur la plate-forme d'opérations d'Iris pour les opérateurs industriels avec un support OT limité Armexa debuts IRIS Operations Platform for industrial operators with limited OT support (lien direct) |
Armexa a révélé mercredi le lancement de sa nouvelle plate-forme d'opérations d'iris développé pour répondre aux besoins de ...
Armexa revealed on Wednesday the launch of its new IRIS Operations Platform developed to address the needs of... |
Industrial | ||
|
2024-07-31 16:40:35 | (Déjà vu) Phishing targeting Polish SMBs continues via ModiLoader (lien direct) | #### Géolocations ciblées - Pologne - Roumanie - Italie ## Instantané Des chercheurs de l'ESET ont détecté des campagnes de phishing généralisées ciblant les petites et moyennes entreprises (PME) en Pologne, en Roumanie et en Italie en mai 2024. ## Description Les campagnes visant à distribuer diverses familles de logiciels malveillants, y compris les remcos à distance à distance (rat), [agent Tesla] (https://security.microsoft.com/intel-profiles/0116783AB9DA099992EC014985D7C56BFE2D8C360C6E7DD6CD39C8D6555555538) et FormBook) et Forme Modiloader (également connu sous le nom de dbatloader).Cela marque un changement de tactique comme dans les campagnes précédentes, les acteurs de la menace ont exclusivement utilisé l'accryptor pour offrir des charges utiles de suivi. Dans les campagnes les plus récentes, les attaquants ont utilisé précédemment les comptes de messagerie et les serveurs d'entreprise pour diffuser des e-mails malveillants, héberger des logiciels malveillants et collecter des données volées.Les e-mails de phishing contenaient des pièces jointes avec des noms comme RFQ8219000045320004.TAR ou ZAM & OACUTE; WIENIE \ _NR.2405073.IMG, qui ont été utilisés pour livrer Modiloader.Une fois lancé, Modiloader a téléchargé et exécuté la charge utile finale, qui variait entre les différentes campagnes.Les attaquants ont exfiltré des données utilisant différentes techniques, y compris SMTP et des serveurs Web compromis. ## Détections / requêtes de chasse ** Microsoft Defender Antivirus ** Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: - [Trojan: Win32 / Modiloader] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojan:win32/modiloader) - [Backdoor: JS / REMCOS] (https://www.microsoft.com/en-us/wdsi/thereats/malware-encycopedia-dercription?name=backDoor:js/remcos) - [Backdoor: MSIL / REMCOS] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-description?name=backdoor: MSIL / REMCOS) - [Backdoor: Win32 / Remcos] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-dEscription? Name = Backdoor: Win32 / Remcos) - [Trojan: Win32 / Remcos] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-d-dEscription? Name = Trojan: Win32 / Remcos) - [Trojan: win32 / agenttesla] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=trojan:win32/agenttesla) - [Trojanspy: MSIL / AgentTesla] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojanspy:mil/agenttesla) - [Trojandownloader: MSIL / FormBook] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojandownher:mil/formBook.kan!mtb&agne ;Threatid=-2147130651&ocid = magicti_ta_ency) ## Recommandations Microsoft recommande les atténuations suivantes to Réduire l'impact de cette menace. - Allumez [Protection en livraison du cloud] (https://learn.microsoft.com/en-us/defender-endpoint/linux-preférences) dans Microsoft Defender Antivirus ou l'équivalent de votre produit antivirus pour couvrir rapidement les outils d'attaquant en évolution et et et les outils d'attaquant en évolution rapide ettechniques.Les protections d'apprentissage automatique basées sur le cloud bloquent la majorité des menaces nouvelles et inconnues. - Exécuter [EDR en mode bloc] (https: //learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-lock-mode?view=o365-worldwide?ocid=Magicti_TA_LearnDoc) So que Microsoft Defender pour le point final peut bloquer les artefacts malveillants, même lorsque votre antivirus non microsoft ne détecte pas la menace ou lorsque Microsoft Defender Antivirus fonctionne en mode passif.EDR en mode bloc fonctionne dans les coulisses pour corriger les artefacts malveillants qui sont détectés post-abri. - Autoriser [Investigation and Remediation] (https://learn.microsoft.com/microsoft-365/security/defen | Ransomware Malware Tool Threat | ||
 |
2024-07-31 16:35:06 | Chrome adopte le cryptage lié aux applications pour contrecarrer les logiciels malveillants de voler les biscuits Chrome adopts app-bound encryption to stymie cookie-stealing malware (lien direct) |
Les utilisateurs de Windows obtiennent désormais des cookins Secret Security Google, selon Google, il est amélioré la sécurité des données sensibles gérées par Chrome pour les utilisateurs de Windows pour lutter contre le fléau des logiciels malveillants d'infosaler ciblant les cookies.… | Malware | ||
|
2024-07-31 16:31:00 | Les pirates chinois ciblent les entreprises japonaises avec des logiciels malveillants Lodeinfo et Noopdoor Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware (lien direct) |
Les organisations japonaises sont la cible d'un acteur de menace nationale chinoise qui exploite les familles de logiciels malveillants comme Lodeinfo et Noopdoor pour récolter des informations sensibles auprès d'hôtes compromis tout en restant furtivement sous le radar dans certains cas pendant une période allant de deux à trois ans.
La société israélienne de cybersécurité Cybearason suit la campagne sous le nom de Cuckoo Spear,
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear, |
Malware Threat | ||
|
2024-07-31 16:12:00 | Comment tirer le meilleur parti du budget d'alerte par e-mail de votre équipe de sécurité \\ How To Get the Most From Your Security Team\\'s Email Alert Budget (lien direct) |
Nous \\ 'll tl; dr the Fuddy Introduction: nous savons tous que les attaques de phishing sont en hausse de l'échelle et de la complexité, que l'IA permet d'attaques plus sophistiquées qui échappent aux défenses traditionnelles, et l'écart de talent de cybersécurité sans fin signifie que nous \\ 'Re tous ont du mal à garder les équipes de sécurité entièrement dotées en personnel. & NBSP;
Compte tenu de cette réalité, les équipes de sécurité doivent être en mesure de surveiller et de répondre aux menaces
We\'ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we\'re all struggling to keep security teams fully staffed. Given that reality, security teams need to be able to monitor and respond to threats |
|||
|
2024-07-31 16:04:24 | Analyse des meilleurs infostelleurs: Redline, Vidar et Formbook Analysis of Top Infostealers: Redline, Vidar and Formbook (lien direct) |
Protégez vos données contre les cyber-menaces: découvrez les infostelleurs Redline, Vidar et Formbook, leurs tactiques et comment n'importe qui.
Protect your data from cyber threats: Learn about RedLine, Vidar, and FormBook infostealers, their tactics, and how ANY.RUN’s… |
|||
|
2024-07-31 16:02:56 | Campagne massive de logiciels malveillants Android massif découvert Massive OTP-Stealing Android Malware Campaign Discovered (lien direct) |
> Les logiciels malveillants Android peuvent intercepter et voler les OTP et les informations de connexion, conduisant à des prises de contrôle comptes.
>Android malware can intercept and steal OTPs and login credentials, leading to complete account takeovers. |
Malware Mobile | ||
 |
2024-07-31 15:55:47 | Près de 7% du trafic Internet est malveillant Nearly 7% of Internet Traffic Is Malicious (lien direct) |
cloudflare rapports sur l'état de sécurité des applications.Il affirme que 6,8% du trafic Internet est malveillant.Et que les CVE sont exploités aussi rapidement que 22 minutes après la publication de preuves de concepts.
news Articles .
Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles. |
|||
 |
2024-07-31 15:51:00 | Appel de sang urgent émis aux États-Unis après une attaque de ransomware Urgent Blood Appeal Issued in US After Ransomware Attack (lien direct) |
US à but non lucratif Oneblood a lancé un appel urgent aux dons après qu'une attaque de ransomware a considérablement réduit sa capacité à distribuer du sang aux hôpitaux
US non-profit OneBlood has issued an urgent appeal for donations after a ransomware attack has significantly reduced its capacity to distribute blood to hospitals |
Ransomware | ||
 |
2024-07-31 15:45:07 | Comment bien sécuriser sa boutique en ligne ? (lien direct) | Dans un monde où l'ecommerce est en pleine expansion, la cybersécurité des boutiques en ligne est devenue une priorité incontournable. Voici quelques étapes essentielles pour garantir la protection de votre site et des données de vos clients. | |||
 |
2024-07-31 15:31:06 | Naviguer dans le paysage évolutif de la cybersécurité Navigating the Evolving Landscape of Cybersecurity (lien direct) |
Un accent sur la gestion de la vulnérabilité ces dernières années, le paysage de la cybersécurité a subi des transformations importantes, en particulier ...
A Focus on Vulnerability Management In recent years, the cybersecurity landscape has undergone significant transformations, particularly... |
Vulnerability | ||
|
2024-07-31 15:31:00 | Les cybercriminels déploient des applications Android de logiciels malveillants 100K + pour voler les codes OTP Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes (lien direct) |
Une nouvelle campagne malveillante a été observée en utilisant des applications Android malveillantes pour voler des messages SMS des utilisateurs depuis au moins février 2022 dans le cadre d'une campagne à grande échelle.
Les applications malveillantes, couvrant plus de 107 000 échantillons uniques, sont conçues pour intercepter les mots de passe ponctuels (OTP) utilisés pour la vérification des comptes en ligne pour commettre une fraude à l'identité.
"Sur ces 107 000 échantillons de logiciels malveillants, plus de 99 000
A new malicious campaign has been observed making use of malicious Android apps to steal users\' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud. "Of those 107,000 malware samples, over 99,000 of |
Malware Mobile | ||
|
2024-07-31 15:30:00 | Les nouveaux logiciels malveillants de voleur SMS ciblent plus de 600 marques mondiales New SMS Stealer Malware Targets Over 600 Global Brands (lien direct) |
Découvert par l'équipe ZLABS de Zimperium \\, le malware SMS Stealer a été trouvé dans plus de 105 000 échantillons
Discovered by Zimperium\'s zLabs team, the SMS Stealer malware was found in over 105,000 samples |
Malware | ||
 |
2024-07-31 15:27:27 | Podcast de vie malveillante: les chiffres secrètes de la reine condamnés Malicious Life Podcast: The Doomed Queen\\'s Secret Ciphers (lien direct) |
||||
|
2024-07-31 15:07:00 | Cyber Espionage Group XDSPY cible les entreprises en Russie et en Moldavie Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova (lien direct) |
Les entreprises de Russie et de Moldavie ont été la cible d'une campagne de phishing orchestrée par un groupe de cyber-espionnage peu connu connu sous le nom de XDSPY.
Les résultats proviennent de la société de cybersécurité F.A.C.T., qui a déclaré que les chaînes d'infection conduisaient au déploiement d'un logiciel malveillant appelé DSDownloader.L'activité a été observée ce mois-ci, a-t-il ajouté.
XDSPY est un acteur de menace d'origine indéterminée qui était le premier
Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was observed this month, it added. XDSpy is a threat actor of indeterminate origin that was first |
Malware Threat | ||
|
2024-07-31 15:03:11 | Les fausses mises à jour du navigateur déploient un logiciel Asyncrat et malveillant BOINC Fake Browser Updates Deploy AsyncRAT and Malicious BOINC Software (lien direct) |
## Snapshot Researches at Huntress identified new behaviors associated with SocGholish, or FakeUpdates, malware. Typically, infections start when a user visits a compromised website and downloads a fake browser update, which executes malicious code to download further malware. . ## Description Initial access involves a malicious JavaScript file that downloads subsequent stages of the attack. In this case, two separate chains were identified: one leading to a fileless AsyncRAT installation and the other to a malicious BOINC (Berkeley Open Infrastructure Network Computing Client) installation. The AsyncRAT chain involved several stages with obfuscated PowerShell scripts and anti-VM techniques, eventually leading to a connection to a command and control (C2) server. The BOINC chain involved dropping multiple files, creating directories and scheduled tasks, and renaming executables to disguise their malicious intent. The BOINC software, typically used for legitimate distributed computing projects, was configured to connect to malicious servers, enabling threat actors to collect data and execute tasks on infected hosts. Persistence was maintained through scheduled tasks, and the use of BOINC in this context is relatively unusual. Both chains showed similarities with previous SocGholish activities, such as using fake browser updates and PowerShell scripts. The new campaigns utilized recently registered domains and shared infrastructure noted by other security researchers. ## Microsoft Analysis Microsoft researchers have investigated multiple incidents involving fake software updates served by the SocGholish malware distribution framework. [SocGholish](https://security.microsoft.com/intel-profiles/7e30959d011aa33939afaa2477fd0cd097cee346fa3b646446a6b1e55f0c007f) is an attack framework that malicious attackers have used since at least 2020. The attacker framework entices users to install fake software updates that eventually let attackers infiltrate target organizations. SocGholish can be tweaked to deliver any payload an attacker chooses. Threat actor, [Mustard Tempest](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9?tab=tradeCraft), uses SocGholish/FakeUpdates as their primary technique to gain intial access. Find out more about Mustard Tempest including indicators [here](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9?tab=description). [AsyncRAT](https://sip.security.microsoft.com/intel-profiles/e9216610feb409dfb620b28e510f2ae2582439dfc7c7e265815ff1a776016776) is a remote access tool (RAT) that allows a user to control a remote computer. It is designed to evade detection and is often used by attackers to gain unauthorized access to a victim\'s system. AsyncRAT is written in .NET and is capable of running on Windows machines. It can perform various malicious activities such as keylogging, file stealing, and ransomware deployment. Its name comes from its use of asynchronous programming techniques, which allow it to carry out multiple tasks simultaneously without blocking the program\'s main thread. Mirosoft researchers track the AsyncRAT portion of this attack to threat actor, [Storm-0426](https://security.microsoft.com/intel-profiles/2ef8bd6a2aa00638707e7eba5e86040ba0d88c4c0da6ad7bb0c95a8999e2af83). ## Detections/Hunting Queries #### Microsoft Defender Antivirus Microsoft Defender Antivirus detects threat components as the following malware: - [Trojan:JS/Socgolsh.A](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/Socgolsh.A) - Trojan:JS/FakeUpdate.C - Trojan:JS/FakeUpdate.B - Behavior:Win32/Socgolsh.SB #### Microsoft Defender for Endpoint Alerts with the following titles in the security center can indicate threat activity on your network: - SocGholish command-and-control - Suspicious \'Socgolsh\' behavior was blocked The following aler | Ransomware Malware Tool Threat | ||
|
2024-07-31 14:55:34 | Le procureur grec dit que le gouvernement n'a joué aucun rôle dans les infections de logiciels espions de la société civile Greek prosecutor says government played no role in civil society spyware infections (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 14:55:18 | L'attaque des ransomwares contre le major US Blood Center incite des centaines d'hôpitaux à mettre en œuvre des protocoles de pénurie Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (lien direct) |
Pas de details / No more details | Ransomware | ||
|
2024-07-31 14:54:59 | (Déjà vu) Zimperium découvre la campagne sophistiquée du voleur SMS: les logiciels malveillants ciblés Android permettent un réseau d'entreprise et une infiltration d'application Zimperium Uncovers Sophisticated SMS Stealer Campaign: Android-Targeted Malware Enables Corporate Network and Application Infiltration (lien direct) |
Plus de 105 000 échantillons de logiciels malveillants ont identifié
Résultats clés:
Plus de 95% sont / étaient inconnus et des échantillons de logiciels malveillants indisponibles
Les logiciels malveillants ont détourné des messages texte OTP sur plus de 600 marques mondiales
Environ.4 000 échantillons contenaient des numéros de téléphone pré-inclus dans Android Kit
13 serveurs C & c utilisés pour communiquer et potentiellement recevoir des messages SMS volés
Plus de 2 600 robots télégrammes liés à la campagne, servant de canal de distribution
-
mise à jour malveillant
Over 105,000 Malware Samples Identified Key Findings: Over 95% are/were unknown and unavailable malware samples Malware hijacked OTP text messages across more than 600 global brands Approx. 4,000 samples contained phone numbers pre-embedded within Android kit 13 C&C servers used to communicate and potentially receive stolen SMS messages Over 2,600 Telegram bots linked to campaign, serving as a distribution channel - Malware Update |
Malware Mobile | ||
|
2024-07-31 14:42:52 | Cohesity renforce la cyber-résilience des entreprises grâce à de nouvelles capacités d\'IA générative (lien direct) | Les mises à jour de la plateforme Cohesity Data Cloud simplifient l'identification et la remédiation des menaces, pour une reprise après incident plus rapide. Cohesity a annoncé l'extension de ses capacités en matière d'Intelligence Artificielle Générative (GenAI) pour la détection et la restauration avec le déploiement d'améliorations sur sa plateforme Cohesity Data Cloud. - Produits | Threat Cloud |
To see everything:
