DarkReading.webp 2024-02-29 22:36:31 Exploits de développement chinois pour vaincre les utilisateurs d'Ivanti déjà corrigés
Chinese APT Developing Exploits to Defeat Already Patched Ivanti Users
(lien direct)
Plus de mauvaises nouvelles pour les clients d'Ivanti: Bientôt, même si vous avez corrigé, vous pourriez toujours ne pas être à l'abri des attaques incessantes des acteurs de menace chinois de haut niveau.
More bad news for Ivanti customers: soon, even if you\'ve patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.
Threat ★★★
RecordedFuture.webp 2024-02-29 21:04:18 Changer Healthcare confirme Blackcat / AlphV derrière Ransomware Attack
Change Healthcare confirms Blackcat/AlphV behind ransomware attack
(lien direct)
Le géant de l'assurance médicale UnitedHealth Group a confirmé jeudi que la cyberattaque affectant les opérations de sa filiale Change Healthcare avait été effectuée par le BlackCat / AlphV Ransomware Group.Après des jours de publication de la même mises à jour en ligne sur un «problème de cybersécurité», modifiez les soins de santéa déclaré jeudi que l'attaque a été «perpétrée par un acteur de menace de cybercriminalité qui a
Medical insurance giant UnitedHealth Group confirmed Thursday that the cyberattack affecting the operations of its subsidiary Change Healthcare was carried out by the Blackcat/AlphV ransomware group. After days of posting the same updates online about a “cyber security issue,” Change Healthcare said on Thursday the attack was “perpetrated by a cybercrime threat actor who has
Ransomware Threat Medical ★★
RiskIQ.webp 2024-02-29 20:16:44 #Hundredprees: Phobos tient
#StopRansomware: Phobos Ransomware
(lien direct)
#### Description Phobos est structuré comme un modèle ransomware en tant que service (RAAS).Depuis mai 2019, des incidents de ransomware de phobos ayant un impact sur les gouvernements de l'État, du local, des tribus et territoriaux (SLTT) ont été régulièrement signalés au MS-ISAC.Phobos Ransomware fonctionne en conjonction avec divers outils open source tels que SmokeLoader, Cobalt Strike et Bloodhound.Ces outils sont tous largement accessibles et faciles à utiliser dans divers environnements d'exploitation, ce qui en fait (et les variantes associées) un choix populaire pour de nombreux acteurs de menace. #### URL de référence (s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a #### Date de publication 26 février 2024 #### Auteurs) Cisa
#### Description Phobos is structured as a ransomware-as-a-service (RaaS) model. Since May 2019, Phobos ransomware incidents impacting state, local, tribal, and territorial (SLTT) governments have been regularly reported to the MS-ISAC. Phobos ransomware operates in conjunction with various open source tools such as Smokeloader, Cobalt Strike, and Bloodhound. These tools are all widely accessible and easy to use in various operating environments, making it (and associated variants) a popular choice for many threat actors. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a #### Publication Date February 26, 2024 #### Author(s) CISA
Ransomware Tool Threat ★★
RecordedFuture.webp 2024-02-29 18:33:17 Les pirates nord-coréens exploitent Windows Flaw Zero-Day
North Korean hackers exploit Windows zero-day flaw
(lien direct)
Les pirates nord-coréens ont exploité une vulnérabilité auparavant inconnue dans une fonctionnalité de sécurité Windows, leur permettant d'obtenir le plus haut niveau d'accès aux systèmes ciblés.Un défaut zéro-jour dans Applocker - un service qui aide les administrateurs à contrôler les applications autorisées à s'exécuter sur un système - était découvert par des chercheurs à la cybersécurité tchèque
North Korean hackers exploited a previously unknown vulnerability in a Windows security feature, allowing them to gain the highest level of access to targeted systems. A zero-day flaw in AppLocker - a service that helps administrators control which applications are allowed to run on a system - was discovered by researchers at the Czech cybersecurity
Vulnerability Threat ★★
The_Hackers_News.webp 2024-02-29 17:03:00 GTPDOOOR Linux MALWare cible les télécommunications, exploitant les réseaux d'itinérance GPRS
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
(lien direct)
Les chasseurs de menaces ont découvert un nouveau logiciel malveillant Linux appelé & nbsp; gtpdoor & nbsp; qui \\ est conçu pour être déployé dans des réseaux de télécommunications qui sont adjacents aux échanges d'itinérance GPRS (GRX) Le & nbsp; malware & nbsp; est nouveau dans le fait qu'il exploite le protocole de tunneling GPRS (GTP) pour les communications de commandement et de contrôle (C2). GPRS Roaming permet aux abonnés d'accéder à leurs services GPRS pendant qu'ils sont
Threat hunters have discovered a new Linux malware called GTPDOOR that\'s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are
Malware Threat ★★
The_Hackers_News.webp 2024-02-29 16:49:00 Les pirates de Lazarus ont exploité la faille du noyau Windows comme zéro-jour lors d'attaques récentes
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
(lien direct)
Les célèbres acteurs du groupe Lazare ont exploité un défaut d'escalade de privilèges récemment corrigé dans le noyau Windows comme un jour zéro pour obtenir l'accès au niveau du noyau et désactiver les logiciels de sécurité sur les hôtes compromis. La vulnérabilité en question est & NBSP; CVE-2024-21338 & NBSP; (Score CVSS: 7.8), qui peut permettre à un attaquant d'obtenir des privilèges système.Il a été résolu par Microsoft plus tôt ce mois-ci dans le cadre
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part
Vulnerability Threat APT 38 ★★★
SonarSource.webp 2024-02-29 16:00:00 Vulnérabilités OpenNM
OpenNMS Vulnerabilities: Securing Code against Attackers\\' Unexpected Ways
(lien direct)
Apprenez quelles façons inattendues les attaquants peuvent prendre pour exploiter les vulnérabilités de code et comment s'assurer contre eux.
Learn which unexpected ways attackers may take to exploit code vulnerabilities and how to secure against them.
Vulnerability Threat ★★
DarkReading.webp 2024-02-29 15:58:35 Plateforme AI face étreinte criblée de 100 modèles de code de code malveillant
Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models
(lien direct)
La constatation souligne le risque croissant d'armement des modèles d'IA accessibles au public et la nécessité d'une meilleure sécurité pour lutter contre la menace imminente.
The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.
Threat ★★
silicon.fr.webp 2024-02-29 14:59:23 Cybersécurité open source : Filigran lève 15 millions € (lien direct) Filigran, cybertech spécialisée dans les solutions open source de Threat Intelligence, boucle un tour de série A de 15 millions €. Threat ★★
The_Hackers_News.webp 2024-02-29 13:49:00 Nouvelle porte dérobée ciblant les responsables européens liés aux événements diplomatiques indiens
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
(lien direct)
Un acteur de menace sans papiers auparavant surnommé & nbsp; Spikedwine & nbsp; a été observé ciblant des responsables dans les pays européens avec des missions diplomatiques indiennes utilisant une nouvelle porte dérobée appelée Wineloader. L'adversaire, selon A & NBSP; Report & NBSP; de Zscaler ThreatLabz, a utilisé un dossier PDF dans des e-mails qui prétendaient provenir de l'ambassadeur de l'Inde, invitant le personnel diplomatique à un dégustation de vin
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting
Threat ★★
InfoSecurityMag.webp 2024-02-29 13:00:00 Le gouvernement américain avertit les soins de santé est la plus grande cible pour les affiliés BlackCat
US Government Warns Healthcare is Biggest Target for BlackCat Affiliates
(lien direct)
Le gouvernement américain avertit que les organisations de soins de santé sont ciblées par Blackcat au milieu d'un cyber-incident en cours affectant les soins de santé du changement
The US government advisory warns healthcare organizations are being targeted by BlackCat amid an ongoing cyber-incident affecting Change Healthcare
Threat Medical ★★
SecurityWeek.webp 2024-02-29 10:28:36 Windows Zero-Day exploité par des pirates nord-coréens dans Rootkit Attack
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
(lien direct)
> Le groupe nord-coréen Lazarus a exploité le conducteur Applocker Zero-Day CVE-2024-21338 pour l'escalade des privilèges dans les attaques impliquant Fudmodule Rootkit.
>North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.
Vulnerability Threat APT 38 ★★★
ComputerWeekly.webp 2024-02-29 10:28:00 Okta double le cyber dans le sillage de violations de haut niveau
Okta doubles down on cyber in wake of high-profile breaches
(lien direct)
Pas de details / No more details Threat ★★★★
globalsecuritymag.webp 2024-02-29 08:21:37 La CyberTech Filigran annonce une nouvelle levée de fonds de 15 millions (lien direct) La CyberTech Filigran annonce une nouvelle levée de fonds de 15 millions et s'implante aux Etats-Unis et en Australie Forte de plus de 4 200 organisations utilisatrices de leurs solutions, dans le monde entier, Filigran, la cybertech européenne spécialisée dans les solutions de traitement des cybermenaces, annonce avoir levé 15 millions d'euros en Série A. Filigran propose des logiciels de cybersécurité open source couvrant la gestion du renseignement sur les menaces (Threat Intelligence), la simulation d'attaques (Breach & Attack Simulation) et le management des risques cyber. - Business Threat ★★
ProofPoint.webp 2024-02-29 06:00:13 Briser la chaîne d'attaque: des mouvements décisifs
Break the Attack Chain: Decisive Moves
(lien direct)
In our “Break the Attack Chain” blog series, we have looked at how threat actors compromise our defenses and move laterally within our networks to escalate privileges and prepare for their endgame. Now, we come to the final stage of the attack chain where it\'s necessary to broaden our outlook a little. While most external threat actors will follow the same playbook, they aren\'t our only adversaries. The modern reality is that data often just walks out of the door because our employees take it with them. More than 40% of employees admit to taking data when they leave. At the same time, careless employees who make security mistakes are responsible for more than half of insider-led data loss incidents. So, while it\'s important to detect and deter cybercriminals who want to exfiltrate our data, we must also watch out for our users. Whether they are malicious or careless, our users are just as capable of exposing sensitive data.  In this third and final installment, we discuss how companies tend to lose data-and how we can better protect it from all manner of risks.  Understanding data loss As with every stage in the attack chain, we must first understand threats before we can put protections in place. Let\'s start with the case of a cybercriminal following the typical attack chain. While this may not sound like a traditional insider attack, it\'s often aided by careless or reckless employees.  Users expose data and open themselves and your business up to compromise in a multitude of ways, like using weak passwords, reusing credentials, forgoing security best practices and clicking on malicious links or attachments. Any of these risky moves give cybercriminals a way into your networks where they can embark on lateral movement and escalation. Incidents like these are so common that careless or compromised users cause over 80% of insider-led data loss. Malicious insiders make up the remainder. Insider threats could be a disgruntled employee looking to cause disruption, a user compromised by cybercriminals, or, increasingly, an employee who will soon leave your organization.  In most cases, data exfiltration follows a three-stage pattern:  Access. Users, whether malicious or compromised, will attempt to take as much information as possible. This could mean excessive downloading or copying from corporate drives or exporting data from web interfaces or client apps. Obfuscation. Both cybercriminals and malicious insiders will be aware of the kinds of activity likely to trigger alarms and will take steps to avoid them. Changing file names and extensions, deleting logs and browsing history, and encrypting files are typical strategies. Exfiltration. With targets acquired and tracks covered, data exfiltration is then carried out by copying files to a personal cloud or removable storage device and sharing files with personal or burner email accounts.  Defending from the inside out As we explained in our webinar series, while the initial stage of the attack chain focuses on keeping malicious actors outside our organization, the final two stages are far more concerned with what\'s happening inside it.  Therefore, any effective defense must work from the inside out. It must detect and deter suspicious activity before data can slip past internal protections and be exposed to the outside world. Of course, data can do many things-but it cannot leave an organization on its own.  Whether compromised, careless or malicious, a human is integral to any data loss incident. That\'s why traditional data loss prevention (DLP) tools are not as effective as they used to be. By focusing on the content of an incident, they only address a third of the problem.  Instead, a comprehensive defense against data loss must merge content classification with threat telemetry and user behavior. Proofpoint Information Protection is the only solution that uses all three across channels in a unified, cloud-native interface. With this information, security teams can identify who is accessing and moving data-when, where and why. And Tool Threat Cloud ★★★
mcafee.webp 2024-02-29 03:02:12 Guloader Unmasked: Décricteur de la menace des fichiers SVG malveillants
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files
(lien direct)
> Rédigé par: Vignesh Dhatchanamoorthy dans le paysage en constante évolution des menaces de cybersécurité, rester en avance sur les acteurs malveillants nécessite une compréhension approfondie ...
>Authored by: Vignesh Dhatchanamoorthy In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding...
Threat ★★
The_Hackers_News.webp 2024-02-28 20:38:00 Les pirates UNC1549 liés à l'Iran ciblent les secteurs de l'aérospatiale et de la défense du Moyen-Orient
Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors
(lien direct)
Un acteur de menace Iran-Nexus connu sous le nom de & NBSP; UNC1549 & NBSP; a été attribué à une confiance moyenne à un nouvel ensemble d'attaques ciblant l'aérospatiale, l'aviation et la défense au Moyen-Orient, notamment Israël et les États-Unis. Les autres cibles de l'activité de cyber-espionnage comprennent probablement la Turquie, l'Inde et l'Albanie, a déclaré Mandiant appartenant à Google dans une nouvelle analyse. Unc1549 se chevaucherait avec & nbsp
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with 
Threat ★★
DarkReading.webp 2024-02-28 18:07:30 Les cyberattaques attirent les diplomates de l'UE avec des offres de dégustation de vin
Cyberattackers Lure EU Diplomats With Wine-Tasting Offers
(lien direct)
Une attaque ciblée visant à exploiter les relations géopolitiques entre l'Inde et l'Europe fournit des logiciels de porte dérobée sans papiers sans papiers auparavant sans papiers.
A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware.
Malware Threat ★★★★
RecordedFuture.webp 2024-02-28 16:48:24 L'Australie confrontée à sa menace la plus élevée de l'espionnage et des interférences étrangères
Australia facing its highest-ever threat from espionage and foreign interference
(lien direct)
De plus en plus d'Australiens «sont destinés à l'espionnage et aux interférences étrangères que jamais», a averti le chef de la responsabilité de la sécurité intérieure du pays.«Les Australiens doivent savoir que la menace est réelle.La menace est maintenant.Et la menace est plus profonde et plus large que vous ne le pensez », a déclaré Mike Burgess, livrant la menace annuelle de l'agence \\
More Australians are “being targeted for espionage and foreign interference than ever before,” the head of the country\'s domestic security agency has warned. “Australians need to know that the threat is real. The threat is now. And the threat is deeper and broader than you might think,” said Mike Burgess, delivering the agency\'s [annual threat
Threat ★★★
SecurityWeek.webp 2024-02-28 15:38:05 Cyber Insights 2024: API & # 8211;Un danger clair, présent et futur
Cyber Insights 2024: APIs – A Clear, Present, and Future Danger
(lien direct)
> La surface d'attaque de l'API se développe et les vulnérabilités de l'API augmentent.L'IA aidera les attaquants à trouver et à exploiter les vulnérabilités d'API à grande échelle.
>The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.
Vulnerability Threat ★★★
Checkpoint.webp 2024-02-28 13:44:31 Une menace ombragée: l'escalade des cyberattaques API Web en 2024
A Shadowed Menace : The Escalation of Web API Cyber Attacks in 2024
(lien direct)
> Faits saillants: augmentation significative des attaques: au cours du premier mois de 2024, les tentatives d'attaquer les API Web ont eu un impact sur 1 sur 4,6 organisations dans le monde chaque semaine, marquant une augmentation de 20% par rapport à janvier 2023, mettant en évidence le risque croissant associé aux vulnérabilités d'API.Impact à l'échelle de l'industrie: l'éducation mène le secteur le plus touché, la plupart des secteurs ayant une augmentation à deux chiffres des attaques de l'année dernière.Pendant ce temps, les réseaux organisationnels basés sur le cloud connaissent une augmentation de 34% des attaques par rapport à la même période l'année dernière, et dépassent les réseaux organisationnels sur site dans l'impact global des attaques d'API, soulignant l'évolution du paysage des menaces du cloud.Vulnérabilités et incidents notables: exploits comme le [& # 8230;]
>Highlights: Significant Increase in Attacks: In the first month of 2024, attempts to attack Web APIs impacted 1 in 4.6 organizations worldwide every week, marking a 20% increase compared to January 2023, highlighting the growing risk associated with API vulnerabilities. Industry-Wide Impact: Education leads as the most impacted sector, with most sectors having a double-digit surge in attacks from last year. Meanwhile, cloud-based organizational networks experience a 34% rise in attacks compared to the same period last year, and overtake on-prem organizational networks in the overall impact of API attacks, underscoring the evolving cloud threat landscape. Notable Vulnerabilities and Incidents: Exploits like the […]
Vulnerability Threat Cloud ★★★
Checkpoint.webp 2024-02-28 13:00:12 Virustotal Threat Intelligence désormais parfaitement intégré dans Infinity XDR / XPR
VirusTotal Threat Intelligence Now Seamlessly Integrated in Infinity XDR/XPR
(lien direct)
> Check Point Technologies annonce que Virustotal Threat Intelligence fait désormais partie intégrante de la plate-forme d'opérations de sécurité de la prévention de l'infini XDR / XPR.Les équipes de sécurité et les analystes SOC dépendent de l'intelligence des menaces de haute qualité de plusieurs sources pour étudier les indicateurs de compromis (CIO) et déterminer rapidement une image complète des cyberattaques.Virustotal, une base de données de renseignement sur les menaces open source, est l'une des ressources de renseignement des cyber-menaces les plus importantes utilisées aujourd'hui.«Les renseignements sur les menaces nécessitent de rechercher et de rassembler de grandes quantités d'informations sur les CIO de diverses sources», explique Eyal Manor, vice-président de la gestion des produits chez Check Point Software Technologies.«Intégration de Virustotal dans l'infini XDR / XPR [& # 8230;]
>Check Point Technologies announces VirusTotal threat intelligence is now an integral part of Infinity XDR/XPR prevention-first security operations platform. Security teams and SOC analysts depend on high quality threat intelligence from multiple sources to investigate indicators of compromise (IOCs) and quickly ascertain a complete picture of cyberattacks. VirusTotal, an open-source threat intelligence database, is one of the most important cyber threat intelligence resources used today. “Threat intelligence requires seeking out and pulling together large amounts of information about IOCs from various sources,” explains Eyal Manor, VP of Product Management at Check Point Software Technologies. “Integrating VirusTotal into the Infinity XDR/XPR […]
Threat ★★
SecurityWeek.webp 2024-02-28 12:24:15 XDR est-il suffisant?Les lacunes cachées dans votre filet de sécurité
Is XDR Enough? The Hidden Gaps in Your Security Net
(lien direct)
> Lors de l'évaluation de XDR, considérez sa valeur en fonction de sa capacité à réduire la complexité et à améliorer la détection des menaces et les temps de réponse.
>When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times.
Threat ★★★
SecurityWeek.webp 2024-02-28 12:21:28 Les cyberespaces chinoises utilisent de nouveaux logiciels malveillants dans les attaques VPN ivanti
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
(lien direct)
> Les acteurs de la menace chinoise ciblent les appareils VPN Ivanti avec de nouveaux logiciels malveillants conçus pour persister des mises à niveau du système.
>Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.
Malware Threat ★★★
The_Hackers_News.webp 2024-02-28 11:17:00 Les agences de cybersécurité avertissent les utilisateurs d'Ubiquiti Edgerouter de la menace moobot d'APT28 \\
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28\\'s MooBot Threat
(lien direct)
Dans un nouvel avis conjoint, les agences de cybersécurité et de renseignement des États-Unis et d'autres pays exhortent les utilisateurs d'Ubiquiti Edgerouter à prendre des mesures de protection, des semaines après un botnet comprenant des routeurs infectés a été & NBSP; abattu par les forces de la loi et NBSP; dans le cadre d'une opération de codé nommée Dying Ember. Le botnet, nommé Moobot, aurait été utilisé par un acteur de menace lié à la Russie connue sous le nom
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as
Threat APT 28 ★★
AlienVault.webp 2024-02-28 11:00:00 AT & amp; T Cybersecurity annonce 2024 \\ 'Partner of the Year Award \\' Winners
AT&T Cybersecurity announces 2024 \\'Partner of the Year Award\\' winners
(lien direct)
We’re pleased to announce our 2024 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform. AT&T Cybersecurity’s 2024 Global Partner of the Year award goes to Cybersafe Solutions for the second year in a row! Cybersafe Solutions experienced incredible growth in 2023 and we’re thrilled to be partnering with their team to help customers orchestrate and automate their security. In addition to Cybersafe Solutions as our Global Partner of the Year, we’re proud to recognize six other partners who demonstrated excellence in 2023. See below for the full list of winners and their feedback regarding their partnership with AT&T Cybersecurity.  Global Awards: Global Partner of the Year: Cybersafe Solutions Threat ★★
Securonix.webp 2024-02-28 10:30:36 Securonix Threat Research Knowledge Sharing Series: Lot (DOS) Obfuscation ou Dosfusccation: pourquoi il est en augmentation, et comment les attaquants se cachent dans l'obscurité
Securonix Threat Research Knowledge Sharing Series: Batch (DOS) Obfuscation or DOSfuscation: Why It\\'s on the Rise, and How Attackers are Hiding in Obscurity
(lien direct)
La recherche sur les menaces de Securonix a surveillé une tendance connue sous le nom de fusccation ou dosfuscation par lots (DOS) où un nombre accru d'échantillons de logiciels malveillants utilise le code obscurci contenu dans des scripts par lots ou DOS.Cette tendance a probablement été provoquée lorsque Microsoft a pris la décision de désactiver l'exécution des macro dans les produits de bureau par défaut.Depuis lors, il y a eu une augmentation de l'exécution basée sur les raccourcis (.LNK Fichier) provenant des pièces jointes archivées.Naturellement, l'obscuscation CMD est le chemin naturel car tout ce qui est passé en ligne de commande dans un fichier de raccourci sera probablement principalement exécuté à l'aide de CMD.exe comme processus initial
Securonix Threat Research has been monitoring a trend known as batch (DOS) fuscation or DOSfuscation where an increased number of malware samples use obfuscated code contained within batch or DOS-based scripts. This trend was likely brought about when Microsoft made the decision to disable macro execution in Office products by default. Since then, there has been a rise in shortcut-based (.lnk file) execution coming from archived email attachments. Naturally, CMD obfuscation is the natural path as any passed in command line into a shortcut file will likely be primarily executed using cmd.exe as the initial process
Malware Threat Prediction ★★★
InfoSecurityMag.webp 2024-02-28 09:45:00 Annonces pour les ventes d'exploitation zéro-jours surfait 70% par an
Ads for Zero-Day Exploit Sales Surge 70% Annually
(lien direct)
La recherche en groupe-IB avertit une utilisation croissante des menaces zéro-jours dans les attaques ciblées
Group-IB research warns of rising use of zero-day threats in targeted attacks
Vulnerability Threat ★★★
ProofPoint.webp 2024-02-28 06:00:52 Briser la chaîne d'attaque: développer la position pour détecter les attaques de mouvement latérales
Break the Attack Chain: Developing the Position to Detect Lateral Movement Attacks
(lien direct)
In this three-part “Break the Attack Chain” blog series, we look at how threat actors compromise our defenses and move laterally within our networks to escalate privileges and prepare for their final endgame.   If one phrase could sum up the current state of the threat landscape, it is this: Threat actors don\'t break in. They log in.   Rather than spend time trying to circumnavigate or brute force their way through our defenses, today\'s cybercriminals set their sights firmly on our users. Or to be more accurate, their highly prized credentials and identities.   This remains true at almost every stage of the attack chain. Identities are not just an incredibly efficient way into our organizations, they also stand in the way of the most valuable and sensitive data. As a result, the cat-and-mouse game of cybersecurity is becoming increasingly like chess, with the traditional smash-and-grab approach making way for a more methodical M.O.   Cybercriminals are now adept at moving laterally through our networks, compromising additional users to escalate privileges and lay the necessary groundwork for the endgame.   While this more tactical gambit has the potential to do significant damage, it also gives security teams many more opportunities to spot and thwart attacks. If we understand the threat actor\'s playbook from the initial compromise to impact, we can follow suit and place protections along the length of the attack chain.     Understanding the opening repertoire   To continue our chess analogy, the more we understand our adversary\'s opening repertoire, the better equipped we are to counter it.   When it comes to lateral movement, we can be sure that the vast majority of threat actors will follow the line of least resistance. Why attempt to break through defenses and risk detection when it is much easier to search for credentials that are stored on the compromised endpoint?   This could be a search for password.txt files, stored Remote Desktop Protocol (RDP) credentials, and anything of value that could be sitting in the recycle bin. If it sounds scarily simple, that\'s because it is. This approach does not require admin privileges. It is unlikely to trigger any alarms. And unfortunately, it\'s successful time and time again.   Proofpoint has found through our research that one in six endpoints contain an exploitable identity risk that allows threat actors to escalate privileges and move laterally using this data. (Learn more in our Analyzing Identity Risks report.)  When it comes to large-scale attacks, DCSync is also now the norm. Nation-states and many hacking groups use it. It is so ubiquitous that if it were a zero-day, security leaders would be crying out for a patch.   However, as there is general acceptance that Active Directory is so difficult to secure, there is also an acceptance that vulnerabilities like this will continue to exist.   In simple terms, a DCSync attack allows a threat actor to simulate the behavior of a domain controller and retrieve password data on privileged users from Active Directory. And, once again, it is incredibly easy to execute.   With a simple PowerShell command, threat actors can find users with the permissions they require. Add an off-the-shelf tool like Mimikatz into the mix, and within seconds, they can access every hash and every Active Directory privilege on the network.   Mastering our defense  With threat actors inside our organizations, it is too late for traditional perimeter protections. Instead, we must take steps to limit attackers\' access to further privileges and encourage them to reveal their movements.   This starts with an assessment of our environment. Proofpoint Identity Threat Defense offers complete transparency, allowing security teams to see where they are most vulnerable. With this information, we can shrink the potential attack surface by increasing protections around privileged users and cleaning up endpoints to make it harder for cybercriminals to access valuable identities.  With Proofpoin Tool Vulnerability Threat ★★★
The_State_of_Security.webp 2024-02-28 02:45:51 Ce que nous avons appris de l'enquête sur l'état de la cybersécurité de 2024
What We Learned from the 2024 State of Cybersecurity Survey
(lien direct)
La cybersécurité est un sujet urgent préoccupant pour la plupart des organisations aujourd'hui, car toute quantité de données sensibles ou d'actifs numériques peut présenter un risque de sécurité.Comprendre le paysage numérique, les tendances des menaces et la façon dont ils changent avec le temps est une étape essentielle dans la défense contre les cyberattaques.Il peut être intimidant pour toute organisation de rester dans la boucle et de maintenir une perspective sur les cyber-états et les pratiques de sécurité.L'enquête sur l'état de la cybersécurité de Fortra \'s 2024 a interrogé plus de 400 professionnels de la cybersécurité dans un large éventail d'industries et de lieux afin d'obtenir une vue claire de ...
Cybersecurity is a pressing topic of concern for most organizations today, as any amount of sensitive data or digital assets can present a security risk. Understanding the digital landscape, threat trends, and the way they change over time is an essential step in defending against cyberattacks. It can be daunting for any organization to stay in the loop and maintain perspective on cyberthreats and security practices. Fortra\'s 2024 State of Cybersecurity Survey polled over 400 cybersecurity professionals across a wide range of industries and locations in order to obtain a clear-sighted view of...
Threat ★★
Mandiant.webp 2024-02-28 00:00:00 Quand les chats volent: l'acteur de menace iranienne présumée UNC1549 cible les secteurs de l'aérospatiale et de la défense israéliens et du Moyen-Orient
When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors
(lien direct)
Aujourd'hui, Mandiant publie un article de blog sur & nbsp; Activité d'espionnage Iran-Nexus présumée ciblant les industries aérospatiales, de l'aviation et de la défense au Moyen-Orient Des pays, dont Israël et les Émirats arabes unis (EAU) et potentiellement la Turquie, l'Inde et l'Albanie. & nbsp; mandiant attribue cette activité avec une confiance modéréeà l'acteur iranien UNC1549 , qui chevauche & nbsp; tortue -Un acteur de menace qui a été publiquement & nbsp; lié à & nbsp; Le Corps de la Garde révolutionnaire islamique de l'Iran \\ (IRGC) .Tortoirhesell a déjà tenté de compromettre les chaînes d'approvisionnement en ciblant les entrepreneurs de défense et il
Today Mandiant is releasing a blog post about suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell-a threat actor that has been publicly linked to Iran\'s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell has previously attempted to compromise supply chains by targeting defense contractors and IT
Threat ★★★
RiskIQ.webp 2024-02-27 22:38:36 Ransomware Roundup – Abyss Locker (lien direct) #### Description Bien qu'il ait été soumis pour la première fois à un service de numérisation de fichiers accessible au public en juillet 2023, la première variante du ransomware ABYSS Locker peut avoir été originaire encore plus tôt en raison de sa fondation sur le code source du ransomware Hellokitty.Début janvier 2024, les chercheurs ont découvert une variante de version 1 ciblant les systèmes Windows, suivis d'une version ultérieure de la version 2 plus tard ce mois-ci. L'acteur Abyss Locker Threat adopte une stratégie d'exfiltration de données sur les victimes avant de déployer le ransomware pour le chiffrement des fichiers, avec des capacités supplémentaires, notamment la suppression de copies fantômes de volume et les sauvegardes du système.De plus, une variante Linux de ABYSS Locker a été observée, qui utilise différentes tactiques telles que le ciblage des machines virtuelles et crypter des fichiers avec une extension ".crypt". #### URL de référence (s) 1. https://www.fortinet.com/blog/thereat-research/ransomware-wounup-abyss-locker #### Date de publication 26 février 2024 #### Auteurs) Shunichi imano Fred Gutierrez
#### Description Despite being first submitted to a publicly available file scanning service in July 2023, the earliest variant of the Abyss Locker ransomware may have originated even earlier due to its foundation on the HelloKitty ransomware source code. In early January 2024, researchers uncovered a version 1 variant targeting Windows systems, followed by a subsequent version 2 release later that month. The Abyss Locker threat actor adopts a strategy of exfiltrating victims\' data before deploying the ransomware for file encryption, with additional capabilities including the deletion of Volume Shadow Copies and system backups. Additionally, a Linux variant of Abyss Locker has been observed, which employs different tactics such as targeting virtual machines and encrypting files with a ".crypt" extension. #### Reference URL(s) 1. https://www.fortinet.com/blog/threat-research/ransomware-roundup-abyss-locker #### Publication Date February 26, 2024 #### Author(s) Shunichi Imano Fred Gutierrez
Ransomware Threat ★★
DarkReading.webp 2024-02-27 21:49:18 Russie \\ 'S \\' Midnight Blizzard \\ 'cible les comptes de service pour l'accès au cloud initial
Russia\\'s \\'Midnight Blizzard\\' Targets Service Accounts for Initial Cloud Access
(lien direct)
La CISA et ses homologues au Royaume-Uni et dans d'autres pays cette semaine ont offert de nouvelles conseils sur la façon de gérer le récent passage de l'acteur de menace aux attaques cloud.
CISA and its counterparts in the UK and other countries this week offered new guidance on how to deal with the threat actor\'s recent shift to cloud attacks.
Threat Cloud ★★
Mandiant.webp 2024-02-27 21:30:00 Cutting avant, partie 3: Enquête sur Ivanti Connect Secure Secure VPN Exploitation et Tentatives de persistance
Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
(lien direct)
Les enquêtes de mandiant et ivanti \\ sur les larges et nbsp; Ivanti Exploitation zéro-jour se sont poursuivis à travers une variété de verticales de l'industrie, y compris le secteur de la base industrielle de la défense américaine.Après la publication initiale du 10 janvier 2024, Mandiant a observé des tentatives de masse pour exploiter ces vulnérabilités par un petit nombre d'acteurs de la menace de Chine-Nexus, et le développement d'un byligation d'exploitation de ciblage & nbsp; CVE-2024-21893 utilisé par & nbsp; unc5325 , que nous avons introduit dans notre & nbsp; " Cutting Edge, partie 2 "Blog Article . & nbsp; notamment, Mandiant a identifié unc5325 en utilisant une combinaison de vie-the-land (LOTL)
Mandiant and Ivanti\'s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting CVE-2024-21893 used by UNC5325, which we introduced in our "Cutting Edge, Part 2" blog post. Notably, Mandiant has identified UNC5325 using a combination of living-off-the-land (LotL)
Vulnerability Threat Industrial ★★
RiskIQ.webp 2024-02-27 20:31:31 La campagne Timbrester cible les utilisateurs mexicains avec des leurres financiers
TimbreStealer Campaign Targets Mexican Users with Financial Lures
(lien direct)
#### Description Talos a observé une campagne de spam de phishing ciblant les victimes potentielles au Mexique, attirant les utilisateurs à télécharger un nouveau voleur d'informations obscurcis Talos appelle Timbrester, qui est actif depuis au moins novembre 2023. Il contient plusieurs modules intégrés utilisés pour l'orchestration, le décryptage et la protection dele malware binaire. Cet acteur de menace a été observé distribuant Timbrester via une campagne de spam utilisant des thèmes mexicains liés à l'impôt à partir du moins en novembre 2023. L'acteur de menace a déjà utilisé des tactiques, des techniques et des procédures similaires (TTPS) pour distribuer un trojan bancaire connu sous le nom de «Mispadu». #### URL de référence (s) 1. https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/ #### Date de publication 27 février 2024 #### Auteurs) Guilherme Veree Jacob Finn Tucker Favreau Jacob Stanfill James Nutland
#### Description Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer Talos is calling TimbreStealer, which has been active since at least November 2023. It contains several embedded modules used for orchestration, decryption and protection of the malware binary. This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known as “Mispadu.” #### Reference URL(s) 1. https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/ #### Publication Date February 27, 2024 #### Author(s) Guilherme Venere Jacob Finn Tucker Favreau Jacob Stanfill James Nutland
Spam Malware Threat ★★
The_Hackers_News.webp 2024-02-27 18:26:00 Open source Xeno Rat Troie apparaît comme une menace puissante sur Github
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
(lien direct)
Un cheval de Troie (rat) à l'égard à distance "conçu de manière complexe" appelée & nbsp; xeno rat & nbsp; a été mis à disposition sur github, ce qui la rend à la disposition d'autres acteurs sans frais supplémentaires. Écrit en C # et compatible avec les systèmes d'exploitation Windows 10 et Windows 11, le rat open-source est livré avec un "ensemble complet de fonctionnalités pour la gestion du système distant", selon son développeur, qui porte le nom MOOM825
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of features for remote system management," according to its developer, who goes by the name moom825
Threat ★★★
InfoSecurityMag.webp 2024-02-27 18:00:00 Cyber-Espionage industriel France \\'s Menace avant 2024 Olympiques de Paris
Industrial Cyber Espionage France\\'s Top Threat Ahead of 2024 Paris Olympics
(lien direct)
Les attaques de ransomware et de déstabilisation ont augmenté en 2023, mais l'agence nationale de cybersécurité de France \\ est plus préoccupée par une diversification des campagnes de cyber-espionnage
Ransomware and destabilization attacks rose in 2023, yet France\'s National Cybersecurity Agency is most concerned about a diversification of cyber espionage campaigns
Ransomware Threat Industrial ★★★
globalsecuritymag.webp 2024-02-27 17:29:50 Les industries hautement réglementées sont menacées de plus en plus de la cybercriminalité
Highly regulated industries are under increasing threat from cybercrime
(lien direct)
Les industries hautement réglementées sont sous la menace croissante de la cybercriminalité L'adhésion à la réglementation, les pressions sur les services de première ligne et les budgets signifient que les organisations ont du mal à hiérarchiser avec les cybercriminels en profitant AJ Thompson, CCO à Northdoor Plc - opinion
Highly regulated industries are under increasing threat from cybercrime Adherence to regulation, pressures on front-line services and budgets mean organisations are struggling to prioritise with cybercriminals taking advantage AJ Thompson, CCO at Northdoor plc - Opinion
Threat ★★★
DarkReading.webp 2024-02-27 17:04:55 Les sites eBay, VMware, McAfee ont détourné des opérations de phishing tentaculaire
eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation
(lien direct)
Des marques de confiance comme The Economist font également partie des 8 000 entités compromises par l'opération Subomailailing, qui est au cœur d'une plus grande opération d'un acteur à menace unique.
Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor.
Threat ★★
The_Hackers_News.webp 2024-02-27 16:18:00 De l'alerte à l'action: comment accélérer vos enquêtes SOC
From Alert to Action: How to Speed Up Your SOC Investigations
(lien direct)
Le traitement des alertes rapidement et efficacement est la pierre angulaire d'un rôle professionnel du centre d'opérations de sécurité (SOC).Les plateformes de renseignement sur les menaces peuvent améliorer considérablement leur capacité à le faire.Soit \\ savoir quelles sont ces plateformes et comment elles peuvent autoriser les analystes. Le défi: surcharge d'alerte Le SoC moderne fait face à un barrage implacable d'alertes de sécurité générés par SIEMS et EDRS.
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional\'s role. Threat intelligence platforms can significantly enhance their ability to do so. Let\'s find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated by SIEMs and EDRs.
Threat ★★
The_Hackers_News.webp 2024-02-27 16:04:00 Cinq agences Eyes exposent des tactiques d'évolution des nuages en évolution de l'APT29 \\
Five Eyes Agencies Expose APT29\\'s Evolving Cloud Attack Tactics
(lien direct)
La cybersécurité et les agences de renseignement des cinq yeux des Nations ont publié un conseil conjoint détaillant les tactiques évolutives de l'acteur de menace parrainé par l'État russe connu sous le nom de & NBSP; APT29. La tenue de piratage, également connue sous le nom de Bluebravo, Ursa masqué, Cozy Bear, Midnight Blizzard (anciennement Nobelium) et les Dukes, est évaluée pour être affiliée au Foreign Intelligence Service (SVR) de la
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the
Threat Cloud APT 29 ★★★
Fortinet.webp 2024-02-27 14:00:00 Fortiguard Labs Outbreak Alertes Rapport annuel 2023: Un aperçu du paysage des menaces en évolution
FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape
(lien direct)
Le rapport annuel Fortiguard Labs examine les alertes d'épidémie critiques ayant un impact sur les organisations du monde entier.Apprendre encore plus.
FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more.
Threat Studies ★★★★
globalsecuritymag.webp 2024-02-27 13:45:58 Enkrypt Ai augmente 2,35 millions de dollars
Enkrypt AI raises $2.35M
(lien direct)
Enkrypt Ai recueille 2,35 millions de dollars pour construire une couche de visibilité et de sécurité pour la génération AI Enkrypt AI se distingue en fusionnant la détection, la vie privée et la conformité des menaces dans une boîte à outils complète garantissant l'adoption des entreprises de LLMS et d'IA générative est sûre, fiable et conforme. - nouvelles commerciales
Enkrypt AI raises $2.35M to build a visibility and security layer for Gen AI Enkrypt AI stands apart by merging threat detection, privacy, and compliance into a comprehensive toolkit ensuring business adoption of LLMs and generative AI is safe, reliable and compliant. - Business News
Threat ★★
globalsecuritymag.webp 2024-02-27 13:20:31 Les CTO considèrent que l'erreur humaine est leur plus grande menace de cybersécurité, explique la prochaine recherche STX
CTOs consider human error to be their biggest cybersecurity threat, says STX Next research
(lien direct)
CTOS considère que l'erreur humaine est leur plus grande menace de cybersécurité, explique STX Next Research Les ransomwares et le phishing ont également été mis en évidence comme de graves préoccupations par CTOS - rapports spéciaux
CTOs consider human error to be their biggest cybersecurity threat, says STX Next research Ransomware and phishing were also highlighted as serious concerns by CTOs - Special Reports
Threat ★★
Pirate.webp 2024-02-27 12:32:30 (Déjà vu) Etude Proofpoint : 75% des salariés français mettent sciemment leur entreprise à risque (lien direct) >Les menaces cyber ciblant les individus représentent un risque croissant pour les entreprises ; les notifications de pénalités financières directes liées aux campagnes d'hameçonnage ont augmenté de 320 % en France, et celles liées aux dommages réputationnels de 166 %. Rapport State of the Phish 2024 de Proofpoint : 75 % des salariés français jouent sciemment avec la sécurité de leur entreprise Tribune – […] The post Etude Proofpoint : 75% des salariés français mettent sciemment leur entreprise à risque first appeared on UnderNews. Threat Studies
globalsecuritymag.webp 2024-02-27 11:45:56 Netskope Threat Labs : le secteur financier reste l\'un des principaux secteurs ciblés par les groupes de ransomware (lien direct) Netskope Threat Labs : le secteur financier reste l'un des principaux secteurs ciblés par les groupes de ransomware - Investigations Ransomware Threat ★★
globalsecuritymag.webp 2024-02-27 11:42:01 Rapport State of the Phish 2024 de Proofpoint : 75 % des salariés français jouent sciemment avec la sécurité de leur entreprise (lien direct) Rapport State of the Phish 2024 de Proofpoint : 75 % des salariés français jouent sciemment avec la sécurité de leur entreprise Les menaces cyber ciblant les individus représentent un risque croissant pour les entreprises ; les notifications de pénalités financières directes liées aux campagnes d'hameçonnage ont augmenté de 320 % en France, et celles liées aux dommages réputationnels de 166 %. - Investigations Threat
globalsecuritymag.webp 2024-02-27 11:36:59 Secteur de la santé et menaces cyber : au-delà des mythes (lien direct) Secteur de la santé et menaces cyber : au-delà des mythes Par Thomas Segura, spécialiste cybersécurité chez GitGuardian - Points de Vue Threat ★★
AlienVault.webp 2024-02-27 11:00:00 L'évolution du point de terminaison - passant des critères de terminaison traditionnels aux charges de travail cloud ou conteneurisées et les solutions de sécurité pour les protéger
The endpoint evolution - Evolving from traditional endpoints to cloud or containerized workloads and the security solutions to protect them
(lien direct)
As organizations grow and more endpoints are added across the enterprise, they create an increasingly broad attack surface sophisticated attackers are looking to compromise. According to the 2019 Endpoint Security Trends Report 70% of breaches originate at the endpoint¹. That is likely because endpoints typically represent the Intersection between humans and machines creating vulnerable points of entry for cybercriminals. This is why it is increasingly important to secure your endpoints. Growth in endpoints An endpoint is defined as any computing device that communicates back and forth with a network to which it is connected. Some end user devices serve as an interface with human users while others are servers that communicate with other endpoints on the network. Traditional endpoints began as physical devices including servers, workstations, desktops, and laptops, all connected to a corporate network. When smartphones and tablets became handheld computing devices with access to corporate email, document sharing and collaboration tools the number of endpoints at least doubled.   Then came the rise of the Internet of Things (IoT) including devices like printers, webcams, smartwatches, and thermostats, all of which are connected to the network. Industries like healthcare and manufacturing are using millions of IoT sensors to collect and exchange data. This continued growth in IoT only increases the number of endpoints that need to be protected. Another contribution to the growth in endpoints is the migration to the cloud. It is estimated that 67% of enterprise infrastructure is cloud-based². This cloud transformation is the evolution from physical devices to virtualization and containerization. Endpoint virtualization  The cloud is a multi-tenant environment where multiple users run services on the same server hardware. Virtualization and containerization are both virtualization technologies that separate the host operating system from the programs that run in them. endpoint virtualization Virtualization is achieved using a hypervisor, which splits CPU, RAM, and storage resources between multiple virtual machines (VMs). Each VM behaves like a separate computer that gets a guest operating system and each VM is independent of each other. This allows organizations to run multiple OS instances on a single server. Containerization, on the other hand, runs a single host OS instance and uses a container engine to help package applications into container images that can be easily deployed and re-used. By splitting each individual application function or microservice into containers they can operate independently to improve enterprise resilience and scalability. Kubernetes then manages the orchestration of multiple containers. VMs and containers present very different security challenges so let’s look at the evolution of endpoint security and the solutions that meet the needs of complex customer environments. Securing endpoints For decades, organizations have heavily relied on antivirus (AV) software to secure endpoints. However, traditional antivirus worked by matching known malicious signatures in a database and can no longer protect against today’s sophisticated threats. Modern endpoint security solutions are less signature-based and much more behavior-based. Endpoint protection platforms (EPP) offer cloud native architectures that provide a layered defense against fileless attacks using machine learning and behavioral AI to protect against malicious activity. Endpoint detection and response (EDR) solutions went beyond protection by recording and storing endpoint-system level behaviors to detect malicious threats.  EDR solutions use data analytics combined with threat intelligence feeds to provide incident responders with the forensic data for completing investigations and threat hunting. In addi Malware Tool Vulnerability Threat Mobile Cloud ★★
ProofPoint.webp 2024-02-27 05:00:31 Risque et ils le savent: 96% des utilisateurs de prise de risque sont conscients des dangers mais le font quand même, 2024 State of the Phish révèle
Risky and They Know It: 96% of Risk-Taking Users Aware of the Dangers but Do It Anyway, 2024 State of the Phish Reveals
(lien direct)
We often-and justifiably-associate cyberattacks with technical exploits and ingenious hacks. But the truth is that many breaches occur due to the vulnerabilities of human behavior. That\'s why Proofpoint has gathered new data and expanded the scope of our 2024 State of the Phish report.   Traditionally, our annual report covers the threat landscape and the impact of security education. But this time, we\'ve added data on risky user behavior and their attitudes about security. We believe that combining this information will help you to:  Advance your cybersecurity strategy  Implement a behavior change program  Motivate your users to prioritize security  This year\'s report compiles data derived from Proofpoint products and research, as well as from additional sources that include:   A commissioned survey of 7,500 working adults and 1,050 IT professionals across 15 countries  183 million simulated phishing attacks sent by Proofpoint customers  More than 24 million suspicious emails reported by our customers\' end users  To get full access to our global findings, you can download your copy of the 2024 State of the Phish report now.  Also, be sure to register now for our 2024 State of the Phish webinar on March 5, 2024. Our experts will provide more insights into the key findings and answer your questions in a live session.  Meanwhile, let\'s take a sneak peek at some of the data in our new reports.  Global findings  Here\'s a closer look at a few of the key findings in our tenth annual State of the Phish report.  Survey of working adults  In our survey of working adults, about 71%, said they engaged in actions that they knew were risky. Worse, 96% were aware of the potential dangers. About 58% of these users acted in ways that exposed them to common social engineering tactics.  The motivations behind these risky actions varied. Many users cited convenience, the desire to save time, and a sense of urgency as their main reasons. This suggests that while users are aware of the risks, they choose convenience.  The survey also revealed that nearly all participants (94%) said they\'d pay more attention to security if controls were simplified and more user-friendly. This sentiment reveals a clear demand for security tools that are not only effective but that don\'t get in users\' way.  Survey of IT and information security professionals  The good news is that last year phishing attacks were down. In 2023, 71% of organizations experienced at least one successful phishing attack compared to 84% in 2022. The bad news is that the consequences of successful attacks were more severe. There was a 144% increase in reports of financial penalties. And there was a 50% increase in reports of damage to their reputation.   Another major challenge was ransomware. The survey revealed that 69% of organizations were infected by ransomware (vs. 64% in 2022). However, the rate of ransom payments declined to 54% (vs. 64% in 2022).   To address these issues, 46% of surveyed security pros are increasing user training to help change risky behaviors. This is their top strategy for improving cybersecurity.  Threat landscape and security awareness data  Business email compromise (BEC) is on the rise. And it is now spreading among non-English-speaking countries. On average, Proofpoint detected and blocked 66 million BEC attacks per month.  Other threats are also increasing. Proofpoint observed over 1 million multifactor authentication (MFA) bypass attacks using EvilProxy per month. What\'s concerning is that 89% of surveyed security pros think MFA is a “silver bullet” that can protect them against account takeover.   When it comes to telephone-oriented attack delivery (TOAD), Proofpoint saw 10 million incidents per month, on average. The peak was in August 2023, which saw 13 million incidents.  When looking at industry failure rates for simulated phishing campaigns, the finance industry saw the most improvement. Last year the failure rate was only 9% (vs. 16% in 2022). “Resil Ransomware Tool Vulnerability Threat Studies Technical ★★★★
