What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Blog.webp 2023-10-23 02:22:16 2023 août & # 8211;Rapport de tendance des menaces sur les groupes APT
2023 Aug – Threat Trend Report on APT Groups (lien direct)		 août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT
August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups 		Threat Prediction APT 38 APT 38 APT 37 APT 29 APT 31 ★★★
Blog.webp 2023-10-23 02:21:45 2023 août & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky
2023 Aug – Threat Trend Report on Kimsuky Group (lien direct)		 Les activités de Kimsuky Group & # 8217;Les activités d'autres types étaient relativement faibles.De plus, des échantillons de phishing ont été trouvés dans l'infrastructure connue pour la distribution de logiciels malveillants antérieurs (fleurs, randomquery et appleseed), et des échantillons de babyshark ont été découverts dans l'infrastructure RandomQuery.Cela suggère la probabilité de plusieurs types de logiciels malveillants en utilisant une seule infrastructure.Rapport de tendance AUG_TRÉTÉE sur le groupe Kimsuk
The Kimsuky group’s activities in August 2023 showed a notable surge in the BabyShark type, while the activities of other types were relatively low. Also, phishing samples were found in the infrastructure known for distributing previous malware (FlowerPower, RandomQuery, and AppleSeed), and BabyShark samples were discovered in the RandomQuery infrastructure. This suggests the likelihood of multiple types of malware utilizing a single infrastructure. Aug_Threat Trend Report on Kimsuky Group 		Malware Threat Prediction APT 43 ★★★
CVE.webp 2023-10-19 10:15:09 CVE-2022-26943 (lien direct) La série Motorola MTM5000 Firmwares génère des défis d'authentification TETRA en utilisant un PRNG à l'aide d'un registre de comptage de tiques comme seule source d'entropie.Low Boottime Entropy et une réensemence limitée de la piscine rend le défi d'authentification vulnérable à deux attaques.Tout d'abord, en raison de l'entropie limitée du pool de boottime, un adversaire peut dériver le contenu du pool d'entropie par une recherche exhaustive de valeurs possibles, sur la base d'un défi d'authentification observé.Deuxièmement, un adversaire peut utiliser la connaissance du pool d'entropie pour prédire les défis d'authentification.En tant que tel, l'unité est vulnérable au CVE-2022-24400.
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.		 Prediction
CVE.webp 2023-10-19 10:15:08 CVE-2022-24400 (lien direct) Une faille dans la procècure d'authentification Tetra permet à un adversaire MITM qui peut prédire le défi MS Rand2 de définir la clé de session DCK à zéro.
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.		 Prediction
securityintelligence.webp 2023-10-16 13:00:00 Les coûts de violation des soins de santé montent en flèche nécessitant une nouvelle réflexion pour la sauvegarde des données
Healthcare breach costs soar requiring new thinking for safeguarding data (lien direct)		 > À l'ère numérique, les données sont souvent appelées la nouvelle huile.Sa valeur réside dans les idées qu'elle peut céder, en particulier en ce qui concerne les soins de santé, où les données peuvent aider à détecter les maladies, à prédire les résultats des patients et à aider les professionnels de la santé à personnaliser les traitements.Mais avec la numérisation croissante des informations de santé sensibles, il existe des [& # 8230;] légitimes [& # 8230;]
>In the digital age, data is often referred to as the new oil. Its value lies in the insights it can yield, particularly when it comes to healthcare, where data can help detect diseases, predict patient outcomes and help health professionals personalize treatments. But with the increasing digitization of sensitive health information, there are legitimate […] 		Prediction Medical ★★★
AlienVault.webp 2023-10-16 10:00:00 Renforcement de la cybersécurité: multiplication de force et efficacité de sécurité
Strengthening Cybersecurity: Force multiplication and security efficiency (lien direct)		 In the ever-evolving landscape of cybersecurity, the battle between defenders and attackers has historically been marked by an asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage.  These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication. Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures. Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI.  AI\'s malicious deployment is exemplified in the following quote from their research: "...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains." Furthermore, the report highlights: "Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks." As threat actors continue to employ asymmetrical strategies to render organizations\' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar. Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, Tool Vulnerability Threat Studies Prediction ChatGPT ★★★
The_Hackers_News.webp 2023-10-13 20:01:00 Nouvelle campagne de cyberattaque de Peapod ciblant les femmes dirigeantes politiques
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders (lien direct)		 Le personnel militaire de l'Union européenne et les dirigeants politiques travaillant sur les initiatives d'égalité des sexes sont devenus la cible d'une nouvelle campagne qui offre une version mise à jour de RomCom Rat appelé Peapod. La société de cybersécurité Trend Micro a attribué les attaques à un acteur de menace qu'il suit sous le nom de vide Rabisu, également connu sous le nom de Storm-0978, Tropical Scorpius et UNC2596, et qui est également
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also		 Threat Prediction ★★
globalsecuritymag.webp 2023-10-13 14:03:55 Dans l\'abîme du cyberespace : les prédictions alarmantes de Check Point pour 2024, une tempête d\'IA, d\'hacktivisme et de Deepfakes. (lien direct) Dans l'abîme du cyberespace : les prédictions alarmantes de Check Point pour 2024, une tempête d'IA, d'hacktivisme et de Deepfakes. - Points de Vue Prediction ★★★
silicon.fr.webp 2023-10-12 11:44:24 XDR : quatre offres pour une approche cyber qui décolle (lien direct) Alors que les EDR ont démontré leur efficacité à détecter des attaques passées sous les radars des antivirus classiques, une évolution vers les XDR semble inéluctable. Passage en revue des offres de SentinelOne, Bitdefender, Trend Micro et Sekoia.io. Prediction ★★
ProofPoint.webp 2023-10-12 10:52:45 Une journée dans la vie d'un analyste de cybersécurité
A Day in the Life of a Cybersecurity Analyst (lien direct)		 The day-to-day experience of cybersecurity professionals can vary widely, even though we face similar threats and have many of the same tools at our disposal. In this post, I\'d like to shine a light on what a typical day looks like for a business information security analyst in the world of cybersecurity-a role I know well. Getting started in cybersecurity I\'m a musician-a bagpiper. It\'s a strange one, I know, but that\'s how I started my career. For a couple of years after leaving school, I taught and performed pipe music. But after finishing my music diploma, I knew that there were only so many hours in the week, and only so many people to teach. So, perhaps I should learn another skill, too. It was my dad who suggested cybersecurity. From the outside, it looked interesting and seemed like an industry on the up and up. So I applied for a cybersecurity course at Robert Gordon University in Aberdeen, Scotland. At that time, I didn\'t have much technical knowledge. However, after a chance meeting with the head of the cybersecurity course on a university open day, I felt it was an area I could potentially break into. Within a few weeks, I had signed up for a five-year course with the option of a placement after the second year. Fast-forward to today, and here I am two years into the job, and I\'ve just finished my third year at university. My work placement transitioned into a full-time role, which I still balance with my full-time studies. What does a “normal” day look like for a cybersecurity analyst? No two days are ever the same. It\'s typical for people new to this role to ask, “What are my tasks?” The honest answer is that they\'re hard to define. It depends on what\'s going on in the business at that time, and who you know and work with regularly. While we have great security tools in place to flag suspicious activity, a lot of the time I\'m dealing with situations where I must trust my gut instincts. A task I have grown into managing in my current role is the security training program and phishing simulations across the company. Just yesterday, I issued approvals for a new training campaign that we\'re running for our operations team in Iraq. We aim to carry out targeted team training quarterly in shorter bites, 20 minutes here and there, to try to keep people engaged more than once a year. I\'ll usually spend part of my day managing our external support teams and service providers, too. I manage our security exceptions process, which involves vetting and approving requests from the business. For me, it\'s a case of making sure we have the right information from our users, asking the “Why?” to their wants, and finding out if there are more secure alternatives for providing a solution. Indicator of compromise (IOC) checks are an ongoing task. We\'re part of a service organisation forum, so we often gather and share important information with our industry peers. We have a shared spreadsheet that\'s automatically tracked, and we always receive possible indicators internally from our ever-growing network of security champions. I just need to make sure that our email security and firewall security are ticked off, blocked and managed. Measuring success Being part of the service organisation forum means that we are constantly sharing information with our peers. It allows us to compare the results of our training programs over time to see how we trend against each other. We also look back at how we have performed in these areas internally over the last few years to make sure we\'re always improving. We\'re also passionate about data governance. We want to ensure that our users not only understand risk but also how to appropriately manage company and client data. We want to always use best practices and build an internal security culture from the ground up. There\'s that saying, “You\'re only as good as your weakest player.” When it comes to cybersecurity issues, an organization is like a football team. You have 40,000 employees-and if just one of them doesn\'t know what Tool Prediction ★★★
AlienVault.webp 2023-10-12 10:00:00 L'évolution des attaques de phishing
The evolution of phishing attacks (lien direct)		 A practical guide to phishing and best practices to avoid falling victim. Introduction Over the past several years, remote and hybrid work has quickly gained popularity amongst those seeking a to reduce the amount of time on the road or an improved work/life balance. To accomplish this, users are often working from multiple devices, some of which may be company issued, but others may be privately owned. Cyberattackers have leveraged this trend to bypass traditional security controls using social engineering, with phishing attacks being a favored tactic. In fact, the FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email.  This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access.  Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a Ransomware Malware Tool Threat Prediction ★★★
InfoSecurityMag.webp 2023-10-10 12:00:00 La moitié des cisos se rendent désormais au PDG à mesure que l'influence se développe
Half of CISOs Now Report to CEO as Influence Grows (lien direct)		 La tendance est plus prononcée en Europe que l'Amérique
Trend is more pronounced in Europe than America		 Prediction ★★★
DarkReading.webp 2023-10-04 22:00:00 Trend Micro Drive Dernière phase de la prospérité et de l'engagement des canaux
Trend Micro Drives Latest Phase of Channel Prosperity and Engagement (lien direct)		 La tendance est plus prononcée en Europe que l'Amérique
Trend is more pronounced in Europe than America		 Prediction ★★
globalsecuritymag.webp 2023-10-03 07:45:20 Trend Micro : Etat des attaques de ransomware au premier semestre 2023 (lien direct) Etat des attaques de ransomware au premier semestre 2023 par Trend Micro Les institutions américaines sont majoritairement prises pour cible par LockBit. • Le rapport de Trend Micro évalue le ratio d'attaque à une sur six. • Le volume de victimes de ransomware est en forte hausse : +47%. • LockBit, BlackCat et Clop sont les familles de ransonwares les plus actives.#Cybersecurité #Ransomware #LockBit - Investigations Ransomware Studies Prediction ★★★★
The_Hackers_News.webp 2023-09-30 15:19:00 Le FBI met en garde contre la tendance à la hausse des attaques à double rançon ciblant les entreprises américaines
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies (lien direct)		 Le Federal Bureau of Investigation (FBI) des États-Unis met en garde contre une nouvelle tendance d'attaques à double ransomware ciblant les mêmes victimes, au moins depuis juillet 2023. "Au cours de ces attaques, les acteurs de cyber-menaces ont déployé deux variantes de ransomware différentes contre les sociétés de victimes des variantes suivantes: Avoslocker, Diamond, Hive, Karakurt, Lockbit, Quantum et Royal", a déclaré le FBI dans une alerte."Variantes
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants		 Ransomware Threat Prediction ★★
The_Hackers_News.webp 2023-09-30 14:51:00 Iranian APT Group OilRig Utilisation de nouveaux logiciels malveillants Menorah pour les opérations secrètes
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (lien direct)		 Les cyber-acteurs sophistiqués soutenus par l'Iran connu sous le nom de OilRig ont été liés à une campagne de phistes de lance qui infecte les victimes d'une nouvelle souche de malware appelé Menorah. "Le malware a été conçu pour le cyberespionnage, capable d'identifier la machine, de lire et de télécharger des fichiers à partir de la machine, et de télécharger un autre fichier ou un malware", Trend Micro Researchers Mohamed Fahmy et Mahmoud Zohdy
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy		 Malware Prediction APT 34 ★★★
Checkpoint.webp 2023-09-27 13:00:00 Célébrer plus de 20 000 heures de formation de cyber-piratage via l'esprit de contrôle et le partenariat NotSosecure
Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure Partnership (lien direct)		 > Notre rapport de cybersécurité en milieu d'année en 2023 a révélé que les cyberattaques avaient bondi de 8% au premier semestre de 2023, avec plus d'attaques que jamais.Les cybercriminels ne montrent aucun signe de ralentissement.Malheureusement, les chercheurs de ISC2 prédisent qu'en 2025, il y aura 3,5 millions de postes non remplis au sein de la main-d'œuvre de la cybersécurité.Laissez cela s'enfoncer un instant.Plus que toute autre chose, l'écart existant au sein de la main-d'œuvre de la cybersécurité est le principal défi de l'industrie.Il est si massif qu'aucune organisation ne peut l'attaquer à elle seule.Reconnaître ce point de contrôle de besoin croissant a développé l'organisation Mind, sous l'égide de [& # 8230;]
>Our 2023 Mid-Year Cybersecurity Report found that cyberattacks surged 8% in the first half of 2023, with more attacks than ever before. Cyber criminals show no signs of slowing down. Unfortunately, researchers at ISC2 predict that by 2025, there will be 3.5 million unfilled positions within the cybersecurity workforce. Let that sink in for a moment. More than anything else, the existing gap within the cyber security workforce is our industry’s main challenge. It\'s so massive that no single organization can tackle it on its own.    Recognizing this growing need Check Point developed the MIND organization, under the umbrella of […] 		Prediction ★★
globalsecuritymag.webp 2023-09-26 14:31:49 Guillaume Leseigneur, Cybereason : nous arrivons aujourd\'hui à un nouveau point de basculement dans le paysage des menaces (lien direct) Guillaume Leseigneur, Cybereason : nous arrivons aujourd'hui à un nouveau point de basculement dans le paysage des menaces - Interviews Threat Prediction ★★★
globalsecuritymag.webp 2023-09-22 07:17:18 Les cybercriminels exploitent la tragédie marocaine dans une nouvelle campagne d\'escroquerie (lien direct) Cédric Pernet, Senior Threat Researcher – Trend Micro, présente une escroquerie qui a profité du tremblement de terre au Maroc en trompant les donateurs pour qu'ils achètent du matériel de secours prétendument destiné à aider les victimes de ce séisme. Les fraudeurs ont enregistré deux noms de domaines, dont l'un usurpe l'identité de la Croix-Rouge française et redirige vers le second. - Malwares Threat Prediction ★★
InfoSecurityMag.webp 2023-09-21 14:15:00 Les nouvelles victimes de ransomwares augmentent de 47% avec des gangs ciblant les petites entreprises
New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses (lien direct)		 Le Micro Report Trend a observé que les petites organisations sont de plus en plus ciblées par les gangs de ransomware, y compris Lockbit et Blackcat
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat		 Ransomware Prediction ★★
TrendMicro.webp 2023-09-21 00:00:00 Décodage Turla: Trend Micro \\'s Mitre Performance
Decoding Turla: Trend Micro\\'s MITRE Performance (lien direct)		 Cette année, l'évaluation de l'ingéniosité à la mitre a testé les fournisseurs de cybersécurité contre des scénarios d'attaque simulés imitant le groupe adversaire «Turla».Renseignez-vous sur les performances de protection à 100% réussies de Trend Micro \\.
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro\'s 100% successful protection performance.		 Prediction
Chercheur.webp 2023-09-20 11:06:33 Sur la pénurie d'emplois de cybersécurité
On the Cybersecurity Jobs Shortage (lien direct)		 En avril, Cybersecurity Ventures Sur la pénurie de travaux de cybersécurité extrême: Prediction ★★
The_Hackers_News.webp 2023-09-20 10:58:00 Trend Micro verse une solution urgente pour la vulnérabilité de sécurité critique exploitée activement
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability (lien direct)		 La société de cybersécurité Trend Micro a publié des correctifs et des hotfixs pour aborder un défaut de sécurité critique dans Apex One et des solutions de sécurité commerciale sans souci pour Windows qui ont été activement exploitées dans des attaques réelles. Suivi comme CVE-2023-41179 (score CVSS: 9.1), il se rapporte à un module de désinstallation antivirus tiers qui a été emballé avec le logiciel.La liste complète des impacts
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that\'s bundled along with the software. The complete list of impacted		 Vulnerability Prediction ★★
ProofPoint.webp 2023-09-20 05:00:47 Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité
Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability (lien direct)		 If the history of cyber threats has taught us anything, it\'s that the game is always changing. The bad actors show us a move. We counter the move. Then, the bad actors show us a new one. Today, that “new move” is the vulnerable state of identities. Attackers realize that even if the network and every endpoint and device are secured, they can still compromise an enterprise\'s resources by gaining access to one privileged account.  There is a lot of opportunity to do that, too. Within companies, one in six endpoints has an exploitable identity risk, as research for the Analyzing Identity Risks (AIR) Research Report from Proofpoint found. “Well, that escalated quickly.” The latest Data Breach Investigations Report from Verizon highlights the risks of complex attacks that involve system intrusion. It also underscores the need to disrupt the attacker once they are inside your environment. Once they have that access, they will look for ways to escalate privileges and maintain persistence. And they will search for paths that will allow them to move across the business so that they can achieve their goals, whatever they may be.hey may be. This problem is getting worse because managing enterprise identities and the systems to secure them is complex. Another complication is the constant changes to accounts and their configurations. Attackers are becoming more focused on privileged identity account takeover (ATO) attacks, which allow them to compromise businesses with ease and speed. At least, as compared with the time, effort and cost that may be required to exploit a software vulnerability (a common vulnerability and exposure or CVE).  We should expect this trend to continue, given that ATOs have reduced attacker dwell times from months to days. And there is little risk that attackers will be detected before they are able to complete their crimes. How can IT and security leaders and their teams respond? A “back to the basics” approach can help. Shifting the focus to identity protection Security teams work to protect their networks, systems and endpoints in their infrastructure, and they have continued moving up the stack to secure applications. Now, we need to focus more on ways to improve how we protect identities. That is why an identity threat detection and response (ITDR) strategy is so essential today. We tend to think of security in battle terms; as such, identity is the next “hill” we need to defend. As we have done with the network, endpoint and application hills in the past, we should apply basic cyber hygiene and security posture practices to help prevent identity risk.  There is value in using preventative and detective controls in this effort, but the former type of control is preferred. (It can cost less to deploy, too.) In other words, as we take this next hill to secure identity threats, we should keep in mind that an ounce of prevention is worth a pound of cure. Identity as a vulnerability management asset type Businesses should consider managing remediation of the identity vulnerabilities that are most often attacked in the same or a similar way to how they manage the millions of other vulnerabilities across their other asset types (network, host, application, etc.). We need to treat identity risk as an asset type. Its vulnerability management should be included in the process for prioritizing vulnerabilities that need remediation. A requirement for doing this is the ability to scan the environment on a continuous basis to discover identities that are vulnerable now-and learn why are at risk. Proofpoint SpotlightTM provides a solution. It enables: The continuous discovery of identity threats and vulnerability management Their automated prioritization based on the risk they pose Visibility into the context of each vulnerability And Spotlight enables fully automated remediation of vulnerabilities where the remediation creates no risk of business interruption. Prioritizing remediation efforts across asset types Most enterprises have millions of vulnerabilities across their Data Breach Vulnerability Threat Prediction ★★
ProofPoint.webp 2023-09-20 05:00:00 Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (lien direct)		 Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators.   Overview Since early 2023, Proofpoint observed an increase in the email distribution of malware associated with suspected Chinese cybercrime activity. This includes the attempted delivery of the Sainbox Remote Access Trojan (RAT) – a variant of the commodity trojan Gh0stRAT – and the newly identified ValleyRAT malware. After years of this malware not appearing in Proofpoint threat data, its appearance in multiple campaigns over the last six months is notable.  The phrase “Chinese-themed” is used to describe any of the observed content related to this malicious activity, including lures, malware, targeting, and any metadata that contains Chinese language usage. Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses\' operations in China. Although most campaigns have targeted Chinese speaking users, Proofpoint observed one campaign targeting Japanese organizations, suggesting a potential expansion of activity.  These recently identified activity clusters have demonstrated flexible delivery methods, leveraging both simple and moderately complex techniques. Commonly, the emails contain URLs linking to compressed executables that are responsible for installing the malware. However, Proofpoint has also observed Sainbox RAT and ValleyRAT delivered via Excel and PDF attachments containing URLs linking to compressed executables.  Proofpoint researchers assess those multiple campaigns delivering Sainbox RAT and ValleyRAT contain some similar tactics, techniques, and procedures (TTPs). However, research into additional activity clusters utilizing these malwares demonstrate enough variety in infrastructure, sender domains, email content, targeting, and payloads that researchers currently conclude that all use of these malwares and associated campaigns are not attributable to the same cluster, but likely multiple distinct activity sets.  The emergence and uptick of both novel and older Chinese-themed malware demonstrates a new trend in the overall 2023 threat landscape. A blend of historic malware such as Sainbox – a variant of the older Gh0stRAT malware – and the newly uncovered ValleyRAT may challenge the dominance that the Russian-speaking cybercrime market has on the threat landscape. However, the Chinese-themed malware is currently mostly targeted toward users that likely speak Chinese. Proofpoint continues to monitor for evidence of increasing adoption across other languages.  For network defenders, we include several indicators of compromise and Emerging Threats detections to provide the community with the ability to cover these threats. Campaign Details  Proofpoint has observed over 30 campaigns in 2023 leveraging malware typically associated with Chinese cybercrime activity. Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country.  Gh0stRAT / Sainbox Proofpoint has observed an increase in a variant of Gh0stRAT Proofpoint researchers refer to as Sainbox. Sainbox was first i Malware Tool Threat Prediction ★★★
DarkReading.webp 2023-09-19 21:11:00 L'acteur lié à la Chine puise la porte dérobée Linux dans une campagne d'espionnage énergique
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign (lien direct)		 "Sprysocks" mélange les fonctionnalités de plusieurs badware précédemment connus et ajoute à l'arsenal de logiciels malveillants croissants de la menace, dit Trend Micro.
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor\'s growing malware arsenal, Trend Micro says.		 Malware Threat Prediction ★★★
DarkReading.webp 2023-09-19 20:20:00 Trend micro patchs vulnérabilité de point final zéro jour
Trend Micro Patches Zero-Day Endpoint Vulnerability (lien direct)		 La vulnérabilité critique implique une désinstallation de produits de sécurité tiers et a été utilisé dans les cyberattaques.
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.		 Vulnerability Prediction ★★
The_Hackers_News.webp 2023-09-19 16:40:00 Les nouvelles cotes de la terre de Lusca \\ ont cible la porte dérobée Linux cible les entités gouvernementales
Earth Lusca\\'s New SprySOCKS Linux Backdoor Targets Government Entities (lien direct)		 L'acteur de menace lié à la Chine connue sous le nom de Lusca Earth Lusca a été observé ciblant les entités gouvernementales à l'aide d'une porte dérobée Linux jamais vue appelée Sprysocks. Earth Lusca a été documenté pour la première fois par Trend Micro en janvier 2022, détaillant les attaques de l'adversaire contre les entités du secteur public et privé à travers l'Asie, l'Australie, l'Europe, l'Amérique du Nord. Actif depuis 2021, le groupe s'est appuyé sur
The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary\'s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on		 Threat Prediction ★★
CVE.webp 2023-09-19 14:15:21 CVE-2023-41179 (lien direct) Une vulnérabilité dans le tiers du module de désinstallation AV contenu dans Trend Micro Apex One (sur site et SaaS), la sécurité commerciale sans inquiétude et les services de sécurité commerciale sans souci pourraient permettre à un attaquant de manipuler le module pour exécuter des commandes arbitraires sur un affecté d'un affecté concernéinstallation. Notez qu'un attaquant doit d'abord obtenir un accès à la console administrative sur le système cible afin d'exploiter cette vulnérabilité.
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.		 Vulnerability Prediction
Checkpoint.webp 2023-09-19 13:00:32 Est-ce que le VRAI Slim Shady se lèvera?La recherche sur les points de contrôle expose le cybercriminé derrière un logiciel malveillant impactant EMEA et APAC
Will the Real Slim Shady Please Stand Up? Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and APAC (lien direct)		 Bien que la RPR de profit ait identifié «Eminэm» comme l'un des cyberciminaux derrière la distribution Remcos et Guloader RCR a révélé ses conclusions à l'entité d'application de la loi pertinente que le logiciel «légitime» devient le choix de cyberclinal \\ 'dans une tendance alarmante mise en évidence par chèqueLe rapport de sécurité en milieu d'année en 2023 de Point \\, un logiciel apparemment légitime est devenu le choix préféré des cybercriminels.Les exemples notables sont [& # 8230;]
>Highlights: Advertised as legitimate tools, Remcos and GuLoader are malware in disguise, heavily utilized in cyberattacks Check Point Research (CPR) has uncovered evidence that the distributor is deeply entwined within the cybercrime scene, leveraging their platform to facilitate cybercrime, while making a profit CPR has identified “EMINэM” as one of the cyberciminals behind the distribution Remcos and GuLoader CPR has disclosed its findings to the relevant law enforcement entity “Legit” software becomes cybercrminals\' preferred choice In an alarming trend highlighted in Check Point\'s 2023 Mid-Year Security Report, seemingly legitimate software has become the preferred choice of cybercriminals. Notable examples are […] 		Malware Prediction ★★
globalsecuritymag.webp 2023-09-18 09:37:48 Trend Micro rejoint le Hacking Policy Council (lien direct) Trend Micro rejoint le Hacking Policy Council. • Le spécialiste de la cybersécurité renforce son engagement de protection cyber auprès des Etats-Unis. • Grâce à son programme Zero Day Initiative, Trend Micro aura la capacité de livrer des informations sur les menaces au consortium. - Business Threat Prediction ★★
ProofPoint.webp 2023-09-18 05:00:09 Comment mieux sécuriser et protéger votre environnement Microsoft 365
How to Better Secure and Protect Your Microsoft 365 Environment (lien direct)		 Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents.   While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats.    That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery).    “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.”  Source: 2023 Gartner Market Guide for Email Security    The rise of cloud-based email security solutions  Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market.  Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses.  The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them.  Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs.  Post-delivery deployment (API-based model)  In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats.  Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive.   Pre-delivery deployment (MX-based model)  This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in Ransomware Data Breach Malware Tool Threat Prediction Cloud ★★★
itsecurityguru.webp 2023-09-15 15:26:04 Trend Micro protège l'Université de Kingston pendant la période de compensation de pointe
Trend Micro Protects Kingston University During Peak Clearing Period (lien direct)		 Leur période la plus occupée de l'année pour le recrutement des étudiants.«La compensation universitaire est comme la course à Noël pour les détaillants.Et de la même manière, menace [& # 8230;]
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that it is supplying managed detection and response (MDR) capabilities to Kingston University free of charge to mitigate the threat of serious cyber disruption during their busiest time of year for student recruitment. “University clearing is like the run up to Christmas for retailers. And in the same way, threat […] 		Threat Prediction ★★
The_Hackers_News.webp 2023-09-15 14:19:00 Les cybercriminels combinent des certificats de phishing et de véhicules électriques pour livrer les charges utiles des ransomwares
Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (lien direct)		 Les acteurs de la menace derrière les voleurs d'informations Redline et Vidar ont été observés pivotant des ransomwares grâce à des campagnes de phishing qui répartissent les charges utiles initiales signées avec des certificats de signature de code de validation (EV) prolongés. "Cela suggère que les acteurs de la menace rationalisent les opérations en faisant leurs techniques polyvalentes", a déclaré les micro-chercheurs Trend dans une nouvelle analyse publiée
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this		 Ransomware Threat Prediction ★★
AlienVault.webp 2023-09-13 10:00:00 Eco-Hacks: l'intersection de la durabilité et des cyber-menaces
Eco-hacks: The intersection of sustainability and cyber threats (lien direct)		 The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Environmental sustainability is more important than ever before for organizations across all sectors. Sustainability concerns including geopolitics, future-focused developments, advanced ESG reporting, and building sustainability into supply chains going forward are all significant trends shaping businesses in 2023 and beyond.  While the shift towards environmental sustainability is a worthy pursuit no matter the industry, the trend towards adopting new technologies that provide more sustainability and eco-friendliness can have some unintended consequences on the realm of cybersecurity.  Today we can see many hybrid endeavors that combine both cutting-edge technology and green, eco-friendly initiatives to create long-term ecologically sustainable solutions for businesses in all fields. But since these collaborations tend to utilize new technology, they may not provide the kind of advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities.  In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production.  1. The unexpected cybersecurity risks of going green While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks. 2. New developments in green technology New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing.  Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy.  Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings.  All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level Vulnerability Threat Prediction Cloud ★★★
AlienVault.webp 2023-09-12 10:00:00 Réseaux résilients: éléments constitutifs de l'architecture de la cybersécurité moderne
Resilient networks: Building blocks of modern Cybersecurity architecture (lien direct)		 The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In today\'s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced. As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture. Understanding resilient networks Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions. They aren\'t just about preventing breaches; they\'re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover. Network security It\'s essential to distinguish between network security and network resilience. Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods. On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures. Resilience Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It\'s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached. Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes. Key components of resilient networks Consider your home\'s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats. Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience. Redundancy Redundancy involves creating backup systems or pathways. It\'s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions. Diversity Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact. Segmentation and isolation Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it\'s isolated, preventing the entire building from Tool Vulnerability Threat Prediction Medical ★★
Blog.webp 2023-09-11 05:05:00 Rapport de tendance des menaces sur les ransomwares & # 8211;Juillet 2023
Threat Trend Report on Ransomware – July 2023 (lien direct)		 Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en juillet 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Plus d'entreprises affectées par l'exploitation des ransomwares de Clop & # 8217;Problèmes
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in July 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) More businesses affected by CLOP ransomware’s exploitation of MOVEit zero-day vulnerability 2) Big Head ransomware disguised as an emergency Windows update 3) Detection names for ransomware disguised as Sophos file ATIP_2023_Jul_Threat Trend Report on Ransomware Statistics and Major Issues 		Ransomware Vulnerability Threat Prediction ★★
Blog.webp 2023-09-11 05:02:48 Rapport de tendance des menaces sur les groupes APT & # 8211;Juillet 2023
Threat Trend Report on APT Groups – July 2023 (lien direct)		 juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT
July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups 		Threat Prediction APT 38 APT 37 APT 37 APT 35 APT 35 APT 29 APT 29 APT 28 APT 28 APT 31 ★★
Blog.webp 2023-09-11 05:02:13 Rapport sur la tendance du Web Deep et Dark WEB & # 8211;Juillet 2023
Deep Web and Dark Web Threat Trend Report – July 2023 (lien direct)		 Ce rapport de tendance sur le Web Deep et le réseau sombre de juillet 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Cactus (3) Clop (4) Monti 2) Forum & # 38;Black Market (1) La vente de Genesis Market (2) Base de données pour violation de la base de données (3) US Medical Institution & # 8217; s Base de données 3) Acteur de menace (1) ...
This trend report on the deep web and dark web of July 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) Cactus (3) CLOP (4) Monti 2) Forum & Black Market (1) The Sale of Genesis Market (2) BreachedForums Database on Sale (3) US Medical Institution’s Database Breached 3) Threat Actor (1)... 		Ransomware Threat Prediction Medical ★★
Blog.webp 2023-09-11 05:01:36 Rapport de tendance des menaces sur le groupe Kimsuky & # 8211;Juillet 2023
Threat Trend Report on Kimsuky Group – July 2023 (lien direct)		 Les activités de Kimsuky Group & # 8217;diversifie simultanément leurs méthodes d'attaque.De plus, il n'y avait pas de problèmes particuliers concernant les types d'applications et RandomQuery car ils sont désormais moins utilisés.Le type BabyShark qui sera décrit en détail sur ce rapport sera inclus dans les statistiques de juillet.ATIP_2023_JUL_TRÉTERAT RAPPORT DE TRENDE SUR LE GROUPE KIMSUKY
The Kimsuky group’s activities in July 2023 showed that FlowerPower is gaining traction, and the group is simultaneously diversifying their attack methods. Additionally, there were no particular issues regarding AppleSeed and RandomQuery types as they are now less used. The BabyShark type to be described in detail further on this report will be included in the statistics from July thereon. ATIP_2023_Jul_Threat Trend Report on Kimsuky Group 		Threat Prediction ★★
AlienVault.webp 2023-09-07 10:00:00 Le jeu du chat et de la souris: rester en avance sur l'évolution des menaces de cybersécurité
The cat and mouse game: Staying ahead of evolving cybersecurity threats (lien direct)		 The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure. And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large. Individuals face risks of identity theft, financial loss, and invasion of privacy. Businesses can suffer from data breaches, financial damages, and reputational harm. Societal consequences include compromised infrastructure, erosion of trust in digital systems, and potential disruptions to essential services. As technology becomes increasingly integrated into our lives, understanding and addressing cyber threats is crucial for safeguarding personal, economic, and societal well-being. The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe. The dynamic nature of cyber threats The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data. In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats. They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides. What cybersecurity pros have at their disposal Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection. This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors. The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems. The evolution of cyber threats The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet. The early days We have gone from: Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems. Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information. Current threats What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening. Contemporary threats include: Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or click Malware Tool Vulnerability Threat Prediction ★★★
InfoSecurityMag.webp 2023-09-01 13:30:00 Groupe de cyber-espionnage sophistiqué Earthing Exposed
Sophisticated Cyber-Espionage Group Earth Estries Exposed (lien direct)		 Trend Micro a noté que les «œstries de la Terre» employaient des tactiques avancées pour infiltrer les réseaux
Trend Micro noted that “Earth Estries” employed advanced tactics to infiltrate networks		 Prediction ★★★
Trend.webp 2023-09-01 00:00:00 Revisiter le kit de phishing 16Shop, Trend-Interpol Partnership
Revisiting 16shop Phishing Kit, Trend-Interpol Partnership (lien direct)		 Dans cette entrée, nous résumons les analyses de sécurité et les enquêtes effectuées sur le 16shop de phishing en tant que service au fil des ans.Nous décrivons également le partenariat entre Trend Micro et Interpol pour éliminer les principaux administrateurs et serveurs de cette campagne de phishing massive.
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.		 Prediction ★★★
globalsecuritymag.webp 2023-08-30 10:28:07 CERTFR-2023-AVI-0699 : Multiples vulnérabilités dans Trend Micro Mobile Security (30 août 2023) (lien direct) De multiples vulnérabilités ont été découvertes dans Trend Micro Mobile Security. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS). - Vulnérabilités Prediction
Trend.webp 2023-08-29 00:00:00 Le logiciel malveillant Android furtif MMRat effectue une fraude bancaire via de faux magasins d'applications
Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores (lien direct)		 L'équipe MARS (Mobile Application Reputation Service) de Trend Micro a découvert un nouveau cheval de Troie bancaire Android totalement non détecté, baptisé MMRat, qui cible les utilisateurs mobiles d'Asie du Sud-Est depuis fin juin 2023.
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.		 Malware Prediction ★★
The_Hackers_News.webp 2023-08-28 16:57:00 Cyberattaques ciblant les applications de commerce électronique
Cyberattacks Targeting E-commerce Applications (lien direct)		 Les cyberattaques contre les applications de commerce électronique sont une tendance courante en 2023, à mesure que les entreprises de commerce électronique deviennent de plus en plus omnicanales, elles créent et déploient de plus en plus d'interfaces API, les acteurs malveillants explorant constamment de nouvelles façons d'exploiter les vulnérabilités.C'est pourquoi des tests réguliers et une surveillance continue sont nécessaires pour protéger pleinement les applications Web, en identifiant les faiblesses afin qu'elles puissent être
Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be		 Threat Prediction ★★
CVE.webp 2023-08-24 17:15:08 CVE-2023-34973 (lien direct) Il a été rapporté qu'une vulnérabilité d'entropie insuffisante affecte les systèmes d'exploitation QNAP.S'il est exploité, la vulnérabilité permet peut-être aux utilisateurs distants de prédire le secret via des vecteurs non spécifiés. Nous avons déjà corrigé la vulnérabilité dans les versions suivantes: QTS 5.0.1.2425 Build 20230609 et plus tard QTS 5.1.0.2444 Build 20230629 et plus tard Quts Hero H5.1.0.2424 Build 20230609 et plus tard
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later		 Vulnerability Prediction
TrendMicro.webp 2023-08-23 00:00:00 Interpol + tendance pour lutter contre les réseaux de cybercriminalité africains
INTERPOL + Trend to Fight African Cybercrime Networks (lien direct)		 Global Threat Intelligence aide à perturber des milliers de réseaux de cybercrimes africains
Global threat intelligence helps to disrupt thousands of African cyber crimes networks		 Threat Prediction ★★
Trend.webp 2023-08-21 00:00:00 Ex-uss CISO explique les agences \\ 'lutte avec Biden Eo
Ex-USSS CISO Explains Agencies\\' Struggle with Biden EO (lien direct)		 Ed Cabrera, ancien CISO des services secrets américains et chef de la cybersécurité actuel pour Trend Micro, explique pourquoi les agences fédérales sont lentes à se conformer au décret exécutif de la cybersécurité de Biden \\.
Ed Cabrera, former CISO of the US Secret Service and current Chief Cybersecurity Officer for Trend Micro, explains why Federal agencies are slow to comply with Biden\'s cybersecurity executive order.		 Prediction ★★
AlienVault.webp 2023-08-16 11:00:00 Proxynation: le lien sombre entre les applications proxy et les logiciels malveillants
ProxyNation: The dark nexus between proxy apps and malware (lien direct)		 Executive summary AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad. In this research, Alien Labs identified a company that offers proxy services, wherein proxy requests are rerouted through compromised systems that have been transformed into residential exit nodes due to malware infiltration. Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems. In addition, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies. In this follow up article we explore the dramatic rise in Windows malware delivering the same payload to create a 400,000 proxy botnet. Key takeaways: In just one week AT&T Alien Labs researchers observed more than a thousand new malware samples in the wild delivering the proxy application. According to the proxy website, there are more than 400,000 proxy exit nodes, and it is not clear how many of them were installed by malware. The application is silently installed by malware on infected machines without user knowledge and interaction. The proxy application is signed and has zero anti-virus detection. The proxy is written in Go programming language and is spread by malware both on Windows and macOS. Analysis In the constantly evolving landscape of cyber threats, malicious actors continuously find new and ingenious ways to exploit technology for their own gain. Recently Alien Labs has observed an emerging trend where malware creators are utilizing proxy applications as their tool of choice. Different malware strains are delivering the proxy - relying on users looking for interesting things, like cracked software and games. The proxy is written in the Go programming language, giving it the flexibility to be compiled into binaries compatible with various operating systems, including macOS and Windows. Despite the fact that the binaries originated from the same source code, macOS samples are detected by numerous security checks while the Windows proxy application skirts around these measures unseen. This lack of detection is most likely due to the application being signed. (Figure 1)  proxy on VT  Figure 1. As  on Virus Total: Proxy application – zero detections. After being executed on a compromised system, the malware proceeds to quietly download and install the proxy application. This covert process takes place without requiring any user interaction and often occurs alongside the installation of additional malware or adware elements. The proxy application and most of the malware delivering it are packed using Inno Setup, a free and popular Windows installer. installing proxy silently Figure 2. As observed by Alien Labs: Malware embedded script to install the proxy silently. As shown in the figure 2 above, the malware uses specific Inno Malware Tool Threat Prediction ★★
Last update at: 2024-06-03 02:08:01
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter