Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-23 17:00:00 |
L'escroquerie de phishing SharePoint cible 1600 à travers les États-Unis, l'Europe [SharePoint Phishing Scam Targets 1600 Across US, Europe] (lien direct) |
Les cybercriminels ont utilisé l'arnaque pour voler les informations d'identification pour divers comptes de messagerie
Cyber-criminals used the scam to steal the credentials for various email accounts |
Threat
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-23 16:00:00 |
Nouvelle méthode d'attaque post-exploitation trouvée affectant les mots de passe OKTA [New Post-Exploitation Attack Method Found Affecting Okta Passwords] (lien direct) |
Le défaut découle de la façon dont le système OKTA enregistre les échecs de connexion tente des instances
The flaw derives from the way the Okta system records failed login attempts to instances |
General Information
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-23 10:40:00 |
Le gouvernement britannique définit la vision de la cybersécurité du NHS [UK Government Sets Out Vision for NHS Cybersecurity] (lien direct) |
Prévoit de stimuler la cyber-résilience dans le service de santé d'ici 2030
Plans to boost cyber-resilience in the health service by 2030 |
General Information
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-23 10:00:00 |
Malivents Chatgpt Chrome Extension détourne les comptes Facebook [Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts] (lien direct) |
Le logiciel a été téléchargé involontairement des milliers de fois
Software was unwittingly downloaded thousands of times |
General Information
|
ChatGPT
ChatGPT
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-23 09:30:00 |
Le géant de l'alimentation irlandaise Dole admet la violation des données des employés [Irish Food Giant Dole Admits Employee Data Breach] (lien direct) |
L'incident était lié à une attaque de ransomware divulguée précédemment
Incident was linked to previously disclosed ransomware attack |
Ransomware
Ransomware
Data Breach
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 17:30:00 |
BreachForums s'arrête après l'arrestation d'Admin \\ [BreachForums Shuts Down After Admin\\'s Arrest] (lien direct) |
L'administrateur du Forum \\ a déclaré que cette décision pourrait être temporaire et qu'ils mettront en place un nouveau groupe télégramme
The forum\'s admin said the move might be temporary and that they will set up a new Telegram group |
Legislation
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 17:00:00 |
New Android Banking Trojan \\ 'Nexus \\' promu comme Maas [New Android Banking Trojan \\'Nexus\\' Promoted As MaaS] (lien direct) |
Nexus propose des attaques de superposition et des activités de keylogging conçues pour voler les références des victimes
Nexus offers overlay attacks and keylogging activities designed to steal victims\' credentials |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 16:30:00 |
CISA et NSA Améliorent le cadre de sécurité avec un nouveau guide IAM [CISA and NSA Enhance Security Framework With New IAM Guide] (lien direct) |
Les conseils comprennent les meilleures pratiques pour la gouvernance de l'identité, le durcissement environnemental, le SSO, le MFA et l'audit IAM
Guidance includes best practices for identity governance, environmental hardening, SSO, MFA and IAM auditing |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 10:40:00 |
Les chercheurs en sécurité repérer 36 millions de dollars Bec Attaque [Security Researchers Spot $36m BEC Attack] (lien direct) |
Les acteurs de la menace ont issu l'identité du vendeur de la société cible \\
Threat actors impersonated target company\'s vendor |
Threat
General Information
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 10:00:00 |
Seulement 1% des domaines DOT-ORG sont entièrement protégés par DMARC [Just 1% of Dot-Org Domains Are Fully DMARC Protected] (lien direct) |
Les organisations échouent avec leurs mesures anti-phishing
Organizations are failing with their anti-phishing measures |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-22 09:30:00 |
Les attaques de ransomware sont doubles dans le secteur des transports en Europe \\ [Ransomware Attacks Double in Europe\\'s Transport Sector] (lien direct) |
Enisa affirme que la plupart des menaces sont opportunistes
ENISA claims most threats are opportunistic |
Ransomware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 17:30:00 |
Plus de 2400 fausses pages ont trouvé des chercheurs d'emploi à cibler au Moyen-Orient, en Afrique [Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa] (lien direct) |
L'escroquerie a ciblé plus de 40 marques bien connues de 13 pays de la région de la MEA
The scam targeted more than 40 well-known brands from 13 countries in the MEA region |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 17:00:00 |
Common Magic cible les entités de la zone de conflit Russo-Ukrainien [CommonMagic Targets Entities in Russo-Ukrainian Conflict Zone] (lien direct) |
Des sociétés administratives, d'agriculture et de transport ciblées à Donetsk, Luhansk et Crimée
Administrative, agriculture and transportation firms targeted in Donetsk, Luhansk and Crimea |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 16:30:00 |
Les pirates utilisent des packages NuGet pour cibler les développeurs .NET [Hackers Use NuGet Packages to Target .NET Developers] (lien direct) |
JFrog a déclaré que c'était la première instance de packages avec du code malveillant à Nuget
JFrog said this is the first instance of packages with malicious code in NuGet |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 10:30:00 |
NCSC lance deux nouveaux outils pour les petites entreprises [NCSC Launches Two New Tools for Small Businesses] (lien direct) |
Les offres sont conçues pour améliorer la sécurité pour des millions d'entreprises
Offerings are designed to improve security for millions of firms |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 10:05:00 |
General octets Bitcoin ATMs piratés pour voler des fonds (lien direct) |
L'entreprise exhorte les opérateurs à patcher maintenant
Company urges operators to patch now |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-21 09:40:00 |
Ferrari révèle une attaque de rançon de violation de données (lien direct) |
Le constructeur automobile dit qu'il n'a pas payé ses extorteurs
Carmaker says it didn\'t pay its extorters |
Data Breach
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 17:30:00 |
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims (lien direct) |
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 17:00:00 |
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps (lien direct) |
Microsoft said it saw between 40 and 60 daily attacks in February |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 16:30:00 |
BreachForums Admin Arrested in New York (lien direct) |
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation |
|
|
★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 10:40:00 |
UK Ransomware Incident Volumes Surge 17% in 2022 (lien direct) |
Jumpsec report identified Karakurt, Lockbit and Vice Society among groups responsible |
Ransomware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 10:00:00 |
"Hinata" Botnet Could Launch Massive DDoS Attacks (lien direct) |
Akamai warns of new Mirai-like botnet written in Go |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-20 09:30:00 |
Scam Robocalls Forecast to Cost $58bn This Year (lien direct) |
Juniper Research says most of the pain will be felt in the US |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 17:30:00 |
Telegram, WhatsApp Trojanized to Target Cryptocurrency Wallets (lien direct) |
Most of these apps rely on clipper malware to steal the contents of the Android clipboard |
Malware
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 17:00:00 |
Google Exposes 18 Zero-Day Flaws in Samsung Exynos Chips (lien direct) |
Four of these vulnerabilities enabled potential attackers to perform remote code execution |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 16:30:00 |
Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm (lien direct) |
SentinelOne shared details about the new campaign in an advisory published on Thursday |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 10:30:00 |
ICO Reprimands Metropolitan Police for Data Snafu (lien direct) |
Negligence could have caused "significant damage" |
Legislation
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 10:00:00 |
Russian Military Preparing New Destructive Attacks: Microsoft (lien direct) |
Organizations outside Ukraine could be targeted |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-17 09:30:00 |
Vishing Campaign Targets Social Security Administration (lien direct) |
Tens of thousands of mailboxes targeted |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 17:00:00 |
US Government IIS Server Breached via Telerik Software Flaw (lien direct) |
The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8 |
Vulnerability
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 16:30:00 |
ChipMixer Crypto Laundromat Shut Down By German, US Authorities (lien direct) |
The operation seized four servers, 7TB of data and 1909.4 Bitcoins (roughly $47.3m) |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 16:00:00 |
UK Joins US, Canada, Others in Banning TikTok From Government Devices (lien direct) |
The Chancellor of the Duchy of Lancaster, Oliver Dowden, confirmed the plans earlier today |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 10:30:00 |
NCSC Calms Fears Over ChatGPT Threat (lien direct) |
Tool won't democratize cybercrime, agency argues |
Tool
Threat
|
ChatGPT
ChatGPT
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 10:10:00 |
BEC Volumes Double on Phishing Surge (lien direct) |
Business email compromise overtakes ransomware |
Ransomware
Studies
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-16 09:30:00 |
Chinese SilkLoader Malware Sold to Russian Cyber-Criminals (lien direct) |
Cobalt Strike beacon loader migrates across criminal ecosystems |
Malware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 17:30:00 |
Tick APT Group Hacked East Asian DLP Software Firm (lien direct) |
The hacker breached the DLP company's internal update servers to deliver malware within its network |
Malware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 17:00:00 |
"FakeCalls" Android Malware Targets Financial Firms in South Korea (lien direct) |
CPR discovered 2500 samples of the malware, impersonating 20 financial institutions in the region |
Malware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 16:30:00 |
Humans Still More Effective Than ChatGPT at Phishing (lien direct) |
The research paper by HoxHunt analyzed 53,127 emails sent to users in over 100 countries |
|
ChatGPT
ChatGPT
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 10:30:00 |
UK Bank Limits Crypto Payments to Smother Fraud (lien direct) |
NatWest warns of "life-changing" customer losses |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 10:00:00 |
Phishing Campaigns Use SVB Collapse to Harvest Crypto (lien direct) |
Experts warn users to be on their guard |
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-15 09:30:00 |
Microsoft Patches Two Zero Days This Month (lien direct) |
They include one likely exploited by Russian-linked threat actors |
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 17:30:00 |
YoroTrooper Espionage Campaigns Target CIS, EU Countries (lien direct) |
The threat actors mainly targeted organizations across Azerbaijan, Tajikistan and Kyrgyzstan |
Threat
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 17:00:00 |
DEV-1101 Updates Open Source Phishing Kit (lien direct) |
The kit is written in NodeJS and has automated setup and detection evasion capabilities |
Threat
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 16:30:00 |
CISA Creates New Ransomware Vulnerability Warning Program (lien direct) |
The Agency will warn critical infrastructure entities to enable mitigation before an incident |
Ransomware
Vulnerability
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 10:30:00 |
LA Housing Authority Suffers Year-Long Breach (lien direct) |
LockBit ransomware group stole data and encrypted files |
Ransomware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 10:00:00 |
UK Crypto Firm Loses $200m in Cyber-Attack (lien direct) |
Euler Finance suffered "flash loan" attack |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-14 09:30:00 |
MI5 Launches New Agency to Tackle State-Backed Attacks (lien direct) |
National Protective Security Authority begins its work |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-13 17:30:00 |
Remote Code Execution and Camera Access Flaws Found in Smart Intercoms (lien direct) |
13 vulnerabilities were found in the E11 smart intercom devices by Chinese manufacturer Akuvox |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-13 17:00:00 |
Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities (lien direct) |
The relationship between Europe and ASEAN countries is being exploited with social engineering lures |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2023-03-13 16:30:00 |
Infostealers Spread Via AI-Generated YouTube Videos (lien direct) |
Infostealers observed to be delivered via these videos included Vidar, RedLine and Raccoon |
Threat
|
|
★★
|