What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-31 18:01:02 | Spotlight malware: linodas aka dinodasrat pour Linux Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) |
> Introduction Au cours des derniers mois, Check Point Research (RCR) a surveillé de près l'activité d'un acteur de menace de cyber-espionnage chinois-nexus qui se concentre sur l'Asie du Sud-Est, l'Afrique et l'Amérique du Sud.Cette activité s'aligne considérablement sur les idées que les micro-chercheurs de tendance ont publiquement partagées dans leur analyse complète d'un acteur de menace appelé & # 160; Terre Krahang.Ce [& # 8230;]
>Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insights the Trend Micro researchers publicly shared in their comprehensive analysis of a threat actor called Earth Krahang. This […] |
Malware Threat Prediction | ★★ | |
 |
2024-03-28 11:00:00 | La vie après la mort?Les campagnes de l'IO liées à un homme d'affaires russe notoire Prigozhin persiste après sa chute politique et sa mort Life After Death? IO Campaigns Linked to Notorious Russian Businessman Prigozhin Persist After His Political Downfall and Death (lien direct) |
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances. Up to that point, Prigozhin and his enterprises worked to advance the Kremlin\'s interests as the manifestation of the thinnest veil of plausible deniability for state-guided actions on multiple continents. Such enterprises included the Wagner PMC; overt influence infrastructure, like his media company Patriot Group that housed his media companies, including the “RIA FAN” Federal News Agency; covert influence infrastructures; and an array of businesses aimed at generating personal wealth and the resourcing necessary to fund his various ventures. Mandiant has for years tracked and reported on covert information operations (IO) threat activity linked to Prigozhin. His involvement in IO was first widely established in the West as part of the public exposure of Russian-backed interference in the 2016 U.S. presidential election-this included activity conducted by Russia\'s Internet Research Agency (IRA), which the U.S. Government publicly named Prigozhin as its financier. Subsequently, Prigozhin was publicly connected to a web of IO activity targeting the U.S., EU, Ukraine, Russian domestic audiences, countries across Africa, and further afield. Such activity has worked not only to advance Russian interests on matters of strategic importance, but also has attempted to exploit existing divisions in societies targeting various subgroups across their population. Throughout 2023, Mandiant has observed shifts in the activity from multiple IO campaigns linked to Prigozhin, including continued indicators that components of these campaigns have remained viable since his death. This blog post examines a sample of Prigozhin-linked IO campaigns to better understand their outcomes thus far and provide an overview of what can be expected from these activity sets in the future. This is relevant not only because some of the infrastructure of these campaigns remains viable despite Prigozhin\'s undoing, but also because we advance into a year in which Ukraine continues to dominate Russia\'s strategic priorities and there are multiple global elections that Russia may seek to influence. Mandiant and Google\'s Threat Analysis Group (TAG) work together in support of our respective missions at Google. TAG has likewise been tracking coordinated influence operations linked to Prigozhin and the Internet Research Agency (IRA) for years; and in 2023, Google took over 400 enforcement actions to disrupt IO campaigns linked to the IRA, details of which are reported in the quarterly TAG Bulletin. TAG has not observed significant activity from the IRA or other Prigozhin-linked entities specifically on Google platforms since Prigozhin\'s death, |
Threat Studies Legislation Prediction | ★★★ | |
 |
2024-03-28 10:21:02 | Améliorations de la sensibilisation à la sécurité de ProofPoint: 2024 Release hivernale et au-delà Proofpoint Security Awareness Enhancements: 2024 Winter Release and Beyond (lien direct) |
Proofpoint Security Awareness has long been at the forefront of innovative awareness strategies. In today\'s complex threat landscape, a human-centric strategy has never been more important. And we have never been more dedicated to creating a program that helps users change their behavior. In this post, we share a few enhancements that show how committed we are to helping users transform their behavior. We cover a key educational campaign and outline the benefits of several new functional enhancements within four focus areas. 1: Keeping users engaged There are two recent and upcoming enhancements in this focus area. We launched the Yearlong campaign: Cybersecurity Heroes We released this pioneering, comprehensive educational program late last year. It provides an ongoing, curriculum-based approach to cybersecurity training. It is a testament to our belief in the power of continuous learning and helping users change their behavior. The Cybersecurity Heroes campaign covers an array of key security topics in detail every month. Here are a few examples: Elements of data encryption Intricacies of strong password protocols Deceptive nature of ransomware Long-term training schedules can be an administrative burden. That\'s why we\'ve made this training available through stand-alone monthly modules. This flexibility helps ease administrative workloads. An article from the Cybersecurity Heroes campaign. QR code phishing simulations will launch soon In the second quarter of 2024, we will be releasing QR code phishing simulations. They are our proactive response to a novel and alarming trend. Recent intelligence from industry-leading analyses, including an eye-opening blog on QR code phishing from Tessian, underscores the urgent need for education. QR code phishing attacks are on the rise. Yet, 80% of end users perceive QR codes as safe. This highlights a dangerous gap in threat perception. How a QR code phishing attack works. Our new simulations will provide administrative visibility into which users are most vulnerable to an attack, as well as a dynamic environment for users to hone their threat detection abilities in alignment with real-world scenarios. They are based on our threat intelligence and designed to challenge and refine user reactions. With an understanding of who is most at risk and how users may react to a QR code phishing attack, administrators will be able to design a program that is tailored to each individual, resulting in maximum learning comprehension and retention. QR code phishing simulations will be available in the second quarter of 2024. 2: Enhancing how people learn We want to help businesses maximize their users\' learning comprehension and behavior change. One recent enhancement in this focus area is the integration of “Phish Hooks” into Teachable Moments. It was released in late 2023. Here\'s how it helps users learn better and retain what they\'ve learned. “Phish Hooks” is now integrated with Teachable Moments This enhancement helps users understand why a phishing simulation would have been an actual threat. Users get immediate and clear feedback so that they know what to look out for next time. A view of Teachable Moments with “Phish Hooks.” By dissecting the anatomy of a phishing attack, we can give a big boost to a user\'s ability to critically assess an attack. That, in turn, helps them to improve their understanding and retention of safe cybersecurity behaviors. 3: Gaining visibility into vulnerable users Proofpoint recognizes that security administrators play a critical role in orchestrating awareness efforts. That is why we refined our Repeat Behavior Report. It\'s designed to help administrators identify the users who can benefit from targeted training about phishing risks. Here\'s how. The Repeat Behavior Report is more detailed This enhancement gives you actionable insights that can help you identify vulnerability trends. To this end, the report now provides a more de | Vulnerability Threat Prediction | ★★★ | |
 |
2024-03-27 13:00:00 | Fausses applications sophistiquées: une préoccupation croissante Sophisticated Fake Apps: A Growing Concern (lien direct) |
> Les cybercriminels utilisent des tactiques de plus en plus sophistiquées pour cibler les utilisateurs sans méfiance.Une telle tactique gagnant du terrain est le smir & # 8211;Une attaque qui tire parti de messages texte pour tromper les individus en fournissant des informations sensibles ou en téléchargeant du contenu malveillant.Dans cette dernière tendance, les cybercriminels créent de fausses applications qui imitent les services bancaires ou financiers légitimes.[& # 8230;]
>Cybercriminals are employing increasingly sophisticated tactics to target unsuspecting users. One such tactic gaining traction is smishing – an attack that leverages text messages to deceive individuals into providing sensitive information or downloading malicious content. In this latest trend, cybercriminals create fake apps that mimic legitimate banking or financial services. […] |
Prediction | ★★ | |
 |
2024-03-26 10:00:00 | L'importance croissante du CAASM dans la stratégie de cybersécurité de l'entreprise The Growing Importance of CAASM in Company Cybersecurity Strategy (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years\' events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive tools in the cyber domain. Cybersecurity concepts that were nascent a few years ago are now being refined, demonstrating the practical benefits of modern digital risk management strategies. Gartner analysts have highlighted the expansion of the attack surface as a significant risk for corporate cyber environments in the upcoming years. The most vulnerable entities include IoT devices, cloud apps, open-source systems, and complex software supply chains. There is an increasing demand for concepts like Cyber Asset Attack Surface Management (CAASM), External Attack Surface Management (EASM), and Cloud Security Posture Management (CSPM) in corporate security frameworks. This trend is also documented in Gartner\'s "hype" chart. Let\'s discuss the concept of CAASM, which is centered on identifying and managing all digital assets within an organization, whether they are internal or external. This approach aims to provide a comprehensive view and control over the organization\'s cyber environment, enhancing security measures and management practices. What Is CAASM CAASM assists IT departments in achieving end-to-end visibility of a company\'s cyber assets. This strategy creates a fuller understanding of the actual state of the infrastructure, enabling the security team to respond promptly to existing threats and potential future ones. CAASM-based products and solutions integrate with a broad array of data sources and security tools. CAASM gathers and aggregates data and analyzes perimeter traffic, providing a continuous, multi-dimensional view of the entire attack surface. Having access to current asset data enables information security officers to visualize the infrastructure and address security gaps promptly. They can prioritize the protection of assets and develop a unified perspective on the organization\'s actual security posture. This sets the stage for proactive risk management strategies. Exploring CAASM\'s Core Functions The CAASM approach equips security professionals with a variety of tools necessary for effectively managing an organization\'s attack surface and addressing risks. Asset Discovery A lack of visibility into all of an organization\'s assets heightens the risk of cyberattacks. Cyber Asset Attack Surface Management products automatically detect and catalog every component of a company\'s digital infrastructure, encompassing local, cloud, and various remote systems, including shadow IT. A company employing CAASM gains a clear overview of all its deployed web applications, servers, network devices, and cloud services. CAASM facilitates a comprehensive inventory of the devices, applications, networks, and users constituting the company\'s attack surface. Vulnerability Detection It is important to understand the risks each asset poses, such as missing the latest security updates or opportunities to access sensitive data. CAASM systems integrate asset data, helping security teams identify misconfigurations, vulnerabilities, and oth | Ransomware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
|
2024-03-25 10:00:00 | Décodage des implications de cybersécurité de l'avancement rapide de l'AI \\ Decoding the Cybersecurity Implications of AI\\'s Rapid Advancement (lien direct) |
The genius at the heart of AI—its ability to sift through mountains of data, actually spot a needle in a haystack, and act on threats before they blossom into full-scale emergencies—it’s undeniable. However, here’s the rub—every part of that impressive arsenal? It’s also up for grabs by the other side, and can (and will) arm them to launch attacks of unprecedented sophistication and elusiveness, the likes of which we’ve thankfully never seen up to now. How do we wield this impressive technology to fortify our defenses, while preventing it from falling into the wrong hands? Can such a thing even be accomplished? Join me below as we take a closer look at how AI’s rapid rise is changing the landscape of cybersecurity. AI as a Defense Tool AI is a reliable navigator for charting the digital deluge—it has the ability to handle vast quantities of information rapidly on a level that no human could ever hope to match. It doesn’t take a huge leap to come to the conclusion that those capabilities can very easily be leveraged for defense. Automated Threat Detection Think of AI as the ever-watchful eye, tirelessly scanning the horizon for signs of trouble in the vast sea of data. Its capability to detect threats with speed and precision beyond human ken is our first line of defense against the shadows that lurk in the network traffic, camouflaged in ordinary user behavior, or embedded within the seemingly benign activities of countless applications. AI isn’t just about spotting trouble; it’s about understanding it. Through machine learning, it constructs models that learn from the DNA of malware, enabling it to recognize new variants that bear the hallmarks of known threats. This is akin to recognizing an enemy’s tactics, even if their strategy evolves. All of what I’ve said also here applies to incident response—with AI’s ability to automatically meet threats head-on making a holistic cybersecurity posture both easier to achieve and less resource-intensive for organizations of all sizes. Predictive Analytics By understanding the patterns and techniques used in previous breaches, AI models can predict where and how cybercriminals might strike next. This foresight enables organizations to reinforce their defenses before an attack occurs, transforming cybersecurity from a reactive discipline into a proactive strategy that helps prevent breaches rather than merely responding to them. The sophistication of predictive analytics lies in its use of diverse data sources, including threat intelligence feeds, anomaly detection reports, and global cybersecurity trends. This comprehensive view allows AI systems to identify correlations and causations that might elude human analysts. Phishing Detection and Email Filtering AI has stepped up as a pivotal ally in the ongoing skirmish against phishing and other forms of social engineering attacks, which too often lay the groundwork for more invasive security breaches. Through meticulous analysis of email content, context, and even the | Spam Tool Vulnerability Threat Prediction Technical | Deloitte | ★★ |
|
2024-03-21 13:00:07 | Faire du sport de sport: la cyber-menace croissante pour les événements sportifs mondiaux en 2024 Making Sport of Sports: The Growing Cyber Threat to Global Sports Events in 2024 (lien direct) |
> Alors que le calendrier sportif mondial transforme ses pages aux Jeux olympiques attendus à Paris et à la Coupe Euro 2024 en Allemagne, une ombre inquiétante menace de ternir ces lunettes.La tendance des cyberattaques contre les événements sportives a considérablement augmenté, avec une augmentation de 20 fois les attaques contre les Jeux olympiques de 2012 à 2021, aboutissant à des attaques stupéfiantes de 4,4 milliards pendant les Jeux de Tokyo.De même, la Coupe du monde 2022 a connu un afflux de courriels de phishing, soulignant une marée croissante de cyber-menaces auxquelles le monde du sport doit affronter.Une enquête menée par le Centre national de cybersécurité du Royaume-Uni [& # 8230;]
>As the global sports calendar turns its pages to the eagerly awaited Olympic Games in Paris and the EURO 2024 Cup in Germany, an ominous shadow threatens to tarnish these spectacles. The trend of cyber attacks on sports events has escalated dramatically, with a 20-fold increase in attacks on the Olympics from 2012 to 2021, culminating in a staggering 4.4 billion attacks during the Tokyo games. Similarly, the 2022 World Cup witnessed an influx of phishing emails, underscoring a rising tide of cyber threats that the sports world must confront. A survey conducted by the UK’s National Cyber Security Centre […] |
Threat Prediction | ★★★ | |
|
2024-03-21 07:53:21 | Mémoire de sécurité: TA450 utilise des liens intégrés dans les pièces jointes PDF dans la dernière campagne Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign (lien direct) |
Ce qui s'est passé Les chercheurs de ProofPoint ont récemment observé une nouvelle activité par l'acteur de menace aligné par l'Iran TA450 (également connu sous le nom de Muddywater, Mango Sandstorm et Static Kitten), dans lequel le groupe a utilisé un leurre d'ingénierie social lié aux salaires pour cibler les employés israéliens dans de grandes organisations multinationales.TA450 est connu pour cibler les entités israéliennes, en particulier depuis au moins octobre 2023 avec le début de la guerre des Israël-Hamas et cela se poursuit qui se concentre sur les sociétés mondiales de fabrication, de technologie et de sécurité de l'information. Dans la campagne de phishing, qui a commencé le 7 mars et s'est poursuivie tout au long de la semaine du 11 mars 2024, TA450 a envoyé des e-mails avec des pièces jointes PDF qui contenaient des liens malveillants.Bien que cette méthode ne soit pas étrangère à TA450, l'acteur de menace s'est récemment appuyé sur des liens malveillants directement dans les corps de messagerie électronique au lieu d'ajouter cette étape supplémentaire.Les chercheurs de ProofPoint ont observé que les mêmes cibles reçoivent plusieurs e-mails de phishing avec des pièces jointes PDF qui avaient des liens intégrés légèrement différents.Les liens étaient vers une variété de sites de partage de fichiers, notamment EGnyte, OneHub, Sync et Terabox.Les e-mails ont également utilisé un compte .il d'expéditeur probable compromis, ce qui est conforme à l'activité récente de cette menace. Comme le montre les figures 1 et 2, si une cible ouvrait la pièce jointe et cliquait sur le lien inclus, il conduirait au téléchargement d'une archive zip contenant un MSI compressé qui installerait finalement AteraAgent, logiciel d'administration à distance connue pour être abusépar TA450. Figure 1. Attachement PDF ouvert avec un lien malveillant (Traduction machine: Titre du document: Signon de paie; Body of PDF: Bonjour, à partir de maintenant, recevez votre bordereau de paie via le logiciel suivant). Figure 2. Zip Archive via OneHub qui mène au téléchargement du logiciel d'administration à distance. Attribution Les chercheurs de ProofPoint attribuent cette campagne à TA450 sur la base de tactiques, techniques et procédures connues de TA450, ciblage de la campagne et analyse de logiciels malveillants.En janvier 2022, les États-Unis ont cyber-commandant ce groupe au ministère de l'Iran \\ du renseignement et de la sécurité. Pourquoi est-ce important Cette activité est remarquable pour plusieurs raisons, notamment qu'elle marque un tour des tactiques de Ta450 \\.Bien que cette campagne ne soit pas la première instance observée de TA450 en utilisant des pièces jointes avec des liens malveillants dans le cadre de la chaîne d'attaque de l'acteur de menace, il est la première fois que les chercheurs ont observé que TA450 tentative de livrer une URL malveillante dans une attachement PDF plutôt plutôtque lier directement le fichier dans un e-mail.De plus, cette campagne est la première fois que Proofpoint a observé TA450 à l'aide d'un compte de messagerie d'expéditeur qui correspond au contenu de leurre.Par exemple, cette campagne a utilisé un compte de messagerie de salaire [@] co [.] Il, qui est aligné sur les différentes lignes d'objet sur le thème de la rémunération. Enfin, cette activité continue la tendance de Ta450 \\ de tirer parti des leurres de langue hébraïque et de compromis compromis. Signatures de menace émergente (ET) Sid Nom de règle 2051743 ET ouvre la requête DNS au domaine de partage de fichiers (EGNYTE .com) 2051745 ET Open 2051745 - DNS Query to File Share Domain (Sync .Com) 2051749 ET ouvre la requête DNS au domaine de partage de fichiers (Terabox .com) 2051750 ET Open Domaine de partage de fichiers observé (Terabox .com dans TLS SNI) 2051746 ET Open Domaine de partage de fichiers observé (EGNYTE .com dans TLS SNI) 2051748 ET Open Domaine de partage de fichiers observé (Sync .com d | Malware Threat Prediction | ★★★ | |
 |
2024-03-20 10:26:22 | Trend Micro découvre la Terre des pirates de krahang exploitant la confiance intergouvernementale pour les attaques intergouvernementales Trend Micro uncovers Earth Krahang hackers exploiting intergovernmental trust for cross-government attacks (lien direct) |
Les micro-chercheurs de tendance ont révélé que depuis le début de 2022, ils suivent la Terre Krahang, un apt (avancé persistant ...
Trend Micro researchers disclosed that since early 2022 they have been tracking Earth Krahang, an APT (advanced persistent... |
Studies Prediction | ★★★ | |
|
2024-03-19 13:00:00 | The Growing Risks of On-Device Fraud (lien direct) | > L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]
>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023. JuniperResearch puts the number at $91billion by 2028 and […] |
Studies Mobile Prediction | ★★★★ | |
|
2024-03-19 13:00:00 | Les risques croissants de fraude à disposition The Growing Risks of On-Device Fraud (lien direct) |
> L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]
>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023. JuniperResearch puts the number at $91billion by 2028 and […] |
Mobile Prediction | ★★ | |
 |
2024-03-19 09:30:00 | La campagne de menace chinoise prolifique cible plus de 100 victimes Prolific Chinese Threat Campaign Targets 100+ Victims (lien direct) |
Trend Micro découvre la campagne de cyber-espionnage chinois Earth Krahang
Trend Micro uncovers Chinese cyber-espionage campaign Earth Krahang |
Threat Prediction | ★★ | |
 |
2024-03-18 13:23:03 | Faits saillants hebdomadaires OSINT, 18 mars 2024 Weekly OSINT Highlights, 18 March 2024 (lien direct) |
## Weekly OSINT Highlights, 18 March 2024 Last week\'s OSINT reporting revealed a common theme: cyberattacks targeting specific user groups are becoming more sophisticated. Take, for instance, the Notion installer malware, which dupes users by posing as a legitimate software installer, showcasing adept social engineering. Similarly, the BIPClip campaign demonstrates a highly targeted approach towards developers involved in cryptocurrency projects, with the threat actors leveraging multiple open-source packages to steal sensitive mnemonic phrases. Despite distinct attack methods, both instances underscore threat actors\' adaptability in tailoring attacks to their targets. Additionally, the analysis highlights a growing trend where attackers focus on specific sectors or user demographics, indicating a shift towards more targeted and stealthy cyber threats rather than indiscriminate attacks. This trend underscores the importance of user vigilance and the necessity for industry-specific cybersecurity measures to mitigate evolving risks. 1. **[Notion Installer Malware](https://security.microsoft.com/intel-explorer/articles/f21ac4ec?):** A new MSIX malware posing as the Notion installer is distributed through a fake website resembling the official Notion homepage. The malware, signed with a valid certificate, infects Windows PCs when users attempt to install Notion, compromising their systems with malware. 2. **[BIPClip Crypto Wallet Theft Campaign](https://security.microsoft.com/intel-explorer/articles/21aa5484?):** ReversingLabs uncovered the BIPClip campaign, which utilizes seven open-source packages across 19 versions from PyPI to steal mnemonic phrases for crypto wallet recovery. The campaign targets developers involved in cryptocurrency wallet projects, particularly those implementing Bitcoin Improvement Proposal 39 (BIP39), and employs sophisticated methods to avoid detection. The BIPClip campaign underscores how crypto assets are one of the most popular targets of cybercriminal groups and other threat actors, such as North Korean APTs. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments: - Tool Profile: [Information stealers](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) - [Financially motivated threat actors misusing App Installer](https://security.microsoft.com/intel-explorer/articles/74368091?) ## Recommendations to protect against Information stealers Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-sec | Ransomware Spam Malware Tool Threat Prediction | ★★★ | |
 |
2024-03-18 04:20:51 | Apprentissage fédéré pour la cybersécurité: intelligence collaborative pour la détection des menaces Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection (lien direct) |
La demande d'approches innovantes de détection des menaces et de renseignements est plus urgente que jamais.Une telle technologie de transfert de paradigme gagne en importance est l'apprentissage fédéré (FL).Ce concept émergent exploite le pouvoir de l'intelligence collaborative, permettant aux entités disparates de mettre en commun leurs idées sans compromettre les données sensibles.Un rapport d'Apple suggère que le nombre de violations de données a presque triplé entre 2013 et 2022, compromettant 2,6 milliards de dossiers au cours de deux ans seulement, une tendance qui ne fait qu'empirer.Un examen des organisations de base des concepts a rapidement ...
The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A report by Apple suggests that the number of data breaches nearly tripled between 2013 and 2022, compromising 2.6 billion records over the course of just two years, a trend that is only getting worse. A Review of Basic Concepts Organizations have rapidly... |
Threat Prediction | ★★★ | |
 |
2024-03-14 15:53:00 | Redcurl Cybercrime Group abuse de l'outil PCA Windows pour l'espionnage d'entreprise RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage (lien direct) |
Le groupe de cybercrimes russophone appelé & nbsp; redcurl & nbsp; tire un tir un composant Microsoft Windows légitime appelé l'assistant de compatibilité du programme (PCA) pour exécuter des commandes malveillantes.
«Le service d'assistant de compatibilité du programme (Pcalua.exe) est un service Windows conçu pour identifier et résoudre les problèmes de compatibilité avec les programmes plus anciens», Trend Micro & Nbsp; Said & NBSP; dans une analyse
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs,” Trend Micro said in an analysis |
Tool Prediction | ★★ | |
|
2024-03-12 10:00:00 | Le rôle des proxies dans le commerce électronique: stimuler le succès en ligne de la vente au détail The role of proxies in e-commerce: Boosting online retail success (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Just as the heart keeps the body going, unseen and often not thought about unless something goes wrong, so do proxies serve as the hidden engines that power the bustling world of online retail. They are the invisible assistants that work hard to ensure the storefront—that shiny website filled with enticing products—remains the focus of our shopping experience. In embracing tools like rotating proxies, services like GoProxies have become indispensable allies in the quest to boost e-commerce success. What exactly are proxies? Imagine you want to send a gift without revealing your identity. You might ask a friend to deliver it for you. That\'s what a proxy does — it\'s your discreet friend in the world of the internet, passing along requests and responses so your online presence remains anonymous and secure. A cloak of invisibility for market research | Tool Prediction | ★★★ | |
|
2024-03-11 13:43:18 | Faits saillants hebdomadaires OSINT, 11 mars 2024 Weekly OSINT Highlights, 11 March 2024 (lien direct) |
## Weekly OSINT Highlights, 11 March 2024 The OSINT reporting last week underscores several prevalent trends in cyber threats. Firstly, ransomware continues to be a significant threat, with groups like GhostSec conducting double extortion attacks and offering RaaS programs, while threat actors like SocGholish exploit vulnerabilities in web platforms like WordPress. Additionally, phishing remains a persistent tactic, exemplified by the discovery of the CryptoChameleon kit targeting cryptocurrency platforms and governmental agencies. Furthermore, attackers are targeting misconfigured servers and leveraging 1-day vulnerabilities to conduct various malicious activities, from cryptocurrency mining to unauthorized data collection. These trends emphasize the evolving tactics and motivations of cyber threat actors, highlighting the need for robust cybersecurity measures and vigilance across various sectors and platforms. 1. **[SocGholish Malware Targeting WordPress](https://security.microsoft.com/intel-explorer/articles/0218512b?)**: WordPress websites are targeted by SocGholish malware, initiating with a JavaScript malware framework and leading to potential ransomware infections, often through compromised administrator accounts. 2. **[GhostSec Ransomware Activities Surge](https://security.microsoft.com/intel-explorer/articles/ee5a4e56?)**: GhostSec, a financially motivated hacking group, collaborates with Stormous ransomware in double extortion attacks across various business verticals, offering a ransomware-as-a-service (RaaS) program, with a surge in activities observed recently. 3. **[CryptoChameleon Phishing Kit](https://security.microsoft.com/intel-explorer/articles/9227be0c?)**: Lookout uncovers the CryptoChameleon phishing kit, adept at stealing sensitive data from cryptocurrency platforms and the FCC, utilizing custom single sign-on (SSO) pages and SMS lures, primarily targeting victims in the United States. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. 4. **[Malware Campaign Targeting Misconfigured Servers](https://security.microsoft.com/intel-explorer/articles/68797fe5?)**: Cado Security Labs discovers a malware campaign targeting misconfigured servers, leveraging unique payloads and exploiting n-day vulnerabilities for Remote Code Execution (RCE) attacks and cryptocurrency mining. 5. **[Earth Kapre Espionage Group](https://security.microsoft.com/intel-explorer/articles/d2d46a48?)**: Trend Micro exposes the Earth Kapre espionage group, conducting phishing campaigns across multiple countries, with malicious attachments leading to unauthorized data collection and transmission to command-and-control (C&C) servers. 6. **[Magnet Goblin Exploiting 1-Day Vulnerabilities](https://security.microsoft.com/intel-explorer/articles/11616c16?)**: Check Point identifies Magnet Goblin\'s financially motivated attacks, rapidly adopting 1-day vulnerabilities, particularly targeting Ivanti Connect Secure VPN, with a diverse arsenal including a Linux version of NerbianRAT and JavaScript credential stealers. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) - [Cryptojacking: Understanding and defending against cloud compute resource abuse](https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/) Microsoft customers can use the following reports in Mi | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
 |
2024-03-11 10:25:07 | Trend Micro : Rapport 2023 sur l\'état de la cybersécurité (lien direct) | #Cybersécurité #ransomware Rapport 2023 sur l'état de la cybersécurité Trend Micro a bloqué plus de 160 milliards d'incidents sur l'année ! Une importante hausse des menaces qui traduit une évolution dans les stratégies d'attaque employées par les assaillants. - Investigations | Threat Studies Prediction | ★★★★ | |
 |
2024-03-07 21:16:13 | \\ 'La tendance la plus étrange de la cybersécurité \\': les États-nations reviennent aux USB \\'The Weirdest Trend in Cybersecurity\\': Nation-States Returning to USBs (lien direct) |
Les USB se rapprochent à nouveau, car les principaux aptes de la Russie, de la Chine et au-delà se tournent vers eux pour les cyberattaques BYOD.
USBs are fetch again, as major APTs from Russia, China, and beyond are turning to them for BYOD cyberattacks. |
Prediction | ★★★★ | |
 |
2024-03-06 15:00:00 | Mémo sur les menaces du cloud: Google Drive a abusé des organisations ciblées dans les pays asiatiques Cloud Threats Memo: Google Drive Abused to Target Organizations in Asian Countries (lien direct) |
> Le dernier exemple d'une menace persistante avancée exploitant un service cloud légitime pour fournir une charge utile malveillante a récemment été déterminé par les chercheurs de Trend Micro.En tant que suivi d'une campagne ciblant plusieurs pays européens, découvert en juillet 2023 et attribué à l'APT Earth Preta (également connu sous le nom de Mustang Panda et Bronze [& # 8230;]
>The latest example of an advanced persistent threat exploiting a legitimate cloud service to deliver a malicious payload was recently unearthed by researchers at Trend Micro. As a follow up of a campaign targeting several European countries, discovered in July 2023 and attributed to the APT Earth Preta (also known as Mustang Panda and Bronze […] |
Threat Prediction Cloud | ★★ | |
 |
2024-03-06 00:00:00 | Dévoiler la Terre Kapre AKA AKE REDCURL \\'s Cyberspionage Tactics with Trend Micro MDR, Mende Intelligence Unveiling Earth Kapre aka RedCurl\\'s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence (lien direct) |
Cette entrée de blog examinera l'enquête de Trend Micro MDR Team \\ qui a réussi à découvrir les ensembles d'intrusion employés par Earth Kapre dans un incident récent, ainsi que sur la façon dont l'équipe a exploité les renseignements sur les menaces pour attribuer les preuves extraites au groupe de menaces de Cyberespionage.
This blog entry will examine Trend Micro MDR team\'s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group. |
Threat Prediction | ★★ | |
 |
2024-03-04 00:00:00 | Le ransomware mondial à plusieurs étages utilise des tactiques anti-AV, exploite GPO Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO (lien direct) |
L'équipe de chasse aux micro-menaces tendance est tombée sur une attaque mondiale de RA impliquant des composants à plusieurs degrés conçus pour assurer un impact maximal.
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. |
Ransomware Threat Prediction | ★★ | |
|
2024-02-29 11:00:00 | Gouvernance de l'IA et préservation de la vie privée AI governance and preserving privacy (lien direct) |
AT&T Cybersecurity featured a dynamic cyber mashup panel with Akamai, Palo Alto Networks, SentinelOne, and the Cloud Security Alliance. We discussed some provocative topics around Artificial Intelligence (AI) and Machine Learning (ML) including responsible AI and securing AI. There were some good examples of best practices shared in an emerging AI world like implementing Zero Trust architecture and anonymization of sensitive data. Many thanks to our panelists for sharing their insights. Before diving into the hot topics around AI governance and protecting our privacy, let’s define ML and GenAI to provide some background on what they are and what they can do along with some real-world use case examples for better context on the impact and implications AI will have on our future. GenAI and ML Machine Learning (ML) is a subset of AI that relies on the development of algorithms to make decisions or predictions based on data without being explicitly programmed. It uses algorithms to automatically learn and improve from experience. GenAI is a subset of ML that focuses on creating new data samples that resemble real-world data. GenAI can produce new and original content through deep learning, a method in which data is processed like the human brain and is independent of direct human interaction. GenAI can produce new content based on text, images, 3D rendering, video, audio, music, and code and increasingly with multimodal capabilities can interpret different data prompts to generate different data types to describe an image, generate realistic images, create vibrant illustrations, predict contextually relevant content, answer questions in an informational way, and much more. Real world uses cases include summarizing reports, creating music in a specific style, develop and improve code faster, generate marketing content in different languages, detect and prevent fraud, optimize patient interactions, detect defects and quality issues, and predict and respond to cyber-attacks with automation capabilities at machine speed. Responsible AI Given the power to do good with AI - how do we balance the risk and reward for the good of society? What is an organization’s ethos and philosophy around AI governance? What is the organization’s philosophy around the reliability, transparency, accountability, safety, security, privacy, and fairness with AI, and one that is human-centered? It\'s important to build each of these pillarsn into an organization\'s AI innovation and business decision-making. Balancing the risk and reward of innovating AI/ML into an organization\'s ecosystem without compromising social responsibility and damaging the company\'s brand and reputation is crucial. At the center of AI where personal data is the DNA of our identity in a hyperconnected digital world, privacy is a top priority. Privacy concerns with AI In Cisco’s 2023 consumer privacy survey, a study of over 2600 consumers in 12 countries globally, indicates consumer awareness of data privacy rights is continuing to grow with the younger generations (age groups under 45) exercising their Data Subject Access rights and switching providers over their privacy practices and policies. Consumers support AI use but are also concerned. With those supporting AI for use: 48% believe AI can be useful in improving their lives 54% are willing to share anonymized personal data to improve AI products AI is an area that has some work to do to earn trust 60% of respondents believe the use of AI by organizations has already eroded trust in them 62% reported concerns about the business use of AI 72% of respondents indicated that having products and solutions aud | Studies Prediction Cloud Technical | ★★ | |
 |
2024-02-28 10:30:36 | Securonix Threat Research Knowledge Sharing Series: Lot (DOS) Obfuscation ou Dosfusccation: pourquoi il est en augmentation, et comment les attaquants se cachent dans l'obscurité Securonix Threat Research Knowledge Sharing Series: Batch (DOS) Obfuscation or DOSfuscation: Why It\\'s on the Rise, and How Attackers are Hiding in Obscurity (lien direct) |
La recherche sur les menaces de Securonix a surveillé une tendance connue sous le nom de fusccation ou dosfuscation par lots (DOS) où un nombre accru d'échantillons de logiciels malveillants utilise le code obscurci contenu dans des scripts par lots ou DOS.Cette tendance a probablement été provoquée lorsque Microsoft a pris la décision de désactiver l'exécution des macro dans les produits de bureau par défaut.Depuis lors, il y a eu une augmentation de l'exécution basée sur les raccourcis (.LNK Fichier) provenant des pièces jointes archivées.Naturellement, l'obscuscation CMD est le chemin naturel car tout ce qui est passé en ligne de commande dans un fichier de raccourci sera probablement principalement exécuté à l'aide de CMD.exe comme processus initial
Securonix Threat Research has been monitoring a trend known as batch (DOS) fuscation or DOSfuscation where an increased number of malware samples use obfuscated code contained within batch or DOS-based scripts. This trend was likely brought about when Microsoft made the decision to disable macro execution in Office products by default. Since then, there has been a rise in shortcut-based (.lnk file) execution coming from archived email attachments. Naturally, CMD obfuscation is the natural path as any passed in command line into a shortcut file will likely be primarily executed using cmd.exe as the initial process |
Malware Threat Prediction | ★★★ | |
|
2024-02-24 21:04:58 | Les agences de cybersécurité gouvernementales font appel à l\'expertise de Trend Micro pour neutraliser les opérations du groupe Lockbit (lien direct) | #Cybersecurity #LockBit #ransomware Les agences de cybersécurité gouvernementales font appel à l'expertise de Trend Micro pour neutraliser les opérations du groupe Lockbit. Trend est l'unique acteur privé à avoir contribué au démantèlement de ce groupe de ransomwares, comptant parmi les plus actifs au monde, Le spécialiste de la cybersécurité a offert à ses clients des moyens de protection avancée les protégeant des prochains programmes malveillants du groupe. - Malwares | Prediction | ★★★ | |
|
2024-02-21 18:33:00 | Mustang Panda cible l'Asie avec des variantes avancées Doplugs Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS (lien direct) |
L'acteur de menace lié à la Chine connue sous le nom de Mustang Panda a ciblé divers pays asiatiques à l'aide d'une variante de la porte dérobée Plugx (AKA Korplug) surnommée Doplugs.
"Le jeu de malware Plugx personnalisé est différent du type général du malware Plugx qui contient un module de commande de porte dérobée terminé, et que le premier n'est utilisé que pour télécharger le second", Trend Micro Researchs Sunny Lu
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu |
Malware Threat Prediction | ★★★ | |
|
2024-02-21 11:00:00 | Le SoC moderne de Next Gen propulsé par l'IA The modern next gen SOC powered by AI (lien direct) |
AI is among the most disruptive technologies of our time. While AI/ML has been around for decades, it has become a hot topic with continued innovations in generative AI (GenAI) from start-up OpenAI to tech giants like Microsoft, Google, and Meta. When large language models (LLMs) combined with big data and behavior analytics, AI/ML can supercharge productivity and scale operations across every sector from healthcare to manufacturing, transportation, retail, finance, government & defense, telecommunications, media, entertainment, and more. Within the cybersecurity industry, SentinelOne, Palo Alto Networks, Cisco, Fortinet and others are pioneering AI in Cybersecurity. In a research report of the global markets by Allied Market Research, AI in Cybersecurity is estimated to surge to $154.8 billion in 2032 from $19.2 billion in 2022, rising at a CAGR of 23.6%. Challenges of the traditional SOC SIEM One of the challenges with the traditional Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7 | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★ | |
|
2024-02-21 00:00:00 | Trend Micro et Interpol se joignent à nouveau à l'opération Synergie Trend Micro and INTERPOL Join Forces Again for Operation Synergia (lien direct) |
Trend et d'autres entités privées ont récemment contribué à la synergie de l'opération d'Interpol \\, une opération mondiale qui a réussi à éliminer plus de 1 000 serveurs C&
Trend and other private entities recently contributed to INTERPOL\'s Operation Synergia, a global operation that successfully took down over 1,000 C&C servers and identified suspects related to phishing, banking malware, and ransomware activity. |
Ransomware Malware Prediction | ★★ | |
|
2024-02-20 08:45:00 | Guardians of the Digital Realm: Comment vous protéger de l'ingénierie sociale Guardians of the Digital Realm: How to Protect Yourself from Social Engineering (lien direct) |
Social engineering has been around for as long as coveted information has existed. In the digital realm, threat actors use this psychological manipulation tactic to drive people to break normal security procedures. It is a con game that relies on human error rather than digital hacking. These are some common forms of social engineering in digital communications: Impersonation. In these attacks, bad actors pose as trusted entities. Pretexting. Bad actors use fake stories to bait their targets into revealing sensitive information. Baiting. Attackers use promises of rewards or benefits to lure in their targets. In social engineering attacks, bad actors exploit psychological principles like trust, the fear of missing out, authority and the desire to be helpful. When you and your users learn to recognize these triggers, you can build a strong defense. In this blog post, we\'ll cover three more steps you can take to protect yourself and your business. 1. Build a human firewall If you want your employees to be able to recognize social engineering attacks, you need to educate them. Training should cover various types of social engineering tactics. Some top examples include: Phishing Telephone-oriented attack delivery (TOAD) Pretexting Baiting Quid pro quo Tailgating It\'s a good idea to keep your employees informed of the latest attack trends. That is why continuous education has more of an impact than one-off training sessions. Regular updates can help you keep your workforce up to speed. You may want to support your training efforts with a comprehensive security awareness platform. It can provide content that\'s designed to increase user participation and help lessons stick, like gamification and microlearning. Quizzes, interactive modules and mock phishing scenarios can all help your users learn how to become better defenders, too. Actionable tips: Test your team with simulated phishing emails at least once a month Conduct security awareness training sessions at least once per quarter Build a yearlong campaign that also provides employees with other training information, like digital newsletters or packets that they can take home 2. Slow down and ask questions You might assume your security team has put technology in place to defend against social engineering. However, there is no silver bullet to stop these attacks. That\'s why you need to approach digital communications with a critical eye, especially when they include requests for sensitive information or prompts to take urgent actions. You want to complete your work quickly and be responsive to your leadership team, of course. But threat actors count on these types of triggers. Instead, do your best to: Slow down This is a crucial move in the fight against social engineering. It enables you to evaluate the situation with a critical eye and recognize potential red flags. When you slow down, you transform automatic, reflexive responses into thoughtful, deliberate actions. Practice skepticism When you stop to question whether an interaction is legitimate, you can spot inconsistencies. You can ask questions like: “Is this request from a person or entity I can trust?”, “Can I verify their identity?” and “Is this request truly urgent?” You might consult with colleagues or managers or refer to company policies. Or you might even do a quick internet search to validate claims. Actionable tips: Examine emails for unusual language or requests Double-check that email addresses and domain names are authentic Verify requests that come through alternative communication channels 3. Use a multilayered defense If you want to have an edge in combatting social engineering, you need to adopt a multilayered security approach. In other words, you need to combine the human element of user vigilance with advanced tools. A core part of this strategy is to deploy an advanced email security solution that can stop an initial attack. Ideally, it should use a combination of behaviora | Tool Threat Prediction | ★★★ | |
|
2024-02-15 18:48:58 | Bumblebee bourdonne en noir |Point de preuve nous Bumblebee Buzzes Back in Black | Proofpoint US (lien direct) |
#### Description
Les chercheurs de Proofpoint ont découvert le retour du malware de Bumblebee le 8 février 2024, marquant sa réapparition après quatre mois d'absence de leurs données de menace.
Bumblebee, un téléchargeur sophistiqué utilisé par divers groupes de cybercrimins, a refait surface dans une campagne ciblant les organisations américaines via des e-mails avec des URL OneDrive contenant des fichiers Word se présentant comme des messages vocaux de "info @ Quarlesaa [.] Com".Ces documents de mots, l'identité de la société d'électronique Humane, ont utilisé des macros pour exécuter des scripts et télécharger des charges utiles malveillantes à partir de serveurs distants.La chaîne d'attaque, utilisant notamment des documents macro-compatibles VBA, contraste avec les tendances récentes des cyber-menaces, où ces macros étaient moins couramment utilisées.Malgré l'absence d'attribution à un acteur de menace spécifique, Proofpoint prévient le potentiel de Bumblebee en tant que point d'accès initial pour les attaques de ransomware ultérieures.La résurgence de Bumblebee s'aligne sur une tendance plus large de l'augmentation de l'activité cybercriminale observée en 2024, marquée par le retour de plusieurs acteurs de menace et des souches de logiciels malveillants après des périodes de dormance prolongées, indiquant une augmentation des cybermenaces après une baisse temporaire.
#### URL de référence (s)
1. https://www.proalpoint.com/us/blog/thereat-insight/bumblebee-buzzes-back-black
#### Date de publication
12 février 2024
#### Auteurs)
Axel f
Selena Larson
Équipe de recherche sur les menaces de preuve
#### Description Proofpoint researchers discovered the return of the Bumblebee malware on February 8, 2024, marking its reappearance after four months of absence from their threat data. Bumblebee, a sophisticated downloader utilized by various cybercriminal groups, resurfaced in a campaign targeting US organizations through emails with OneDrive URLs containing Word files posing as voicemail messages from "info@quarlesaa[.]com". These Word documents, impersonating the electronics company Humane, utilized macros to execute scripts and download malicious payloads from remote servers. The attack chain, notably employing VBA macro-enabled documents, contrasts with recent trends in cyber threats, where such macros were less commonly used. Despite the absence of attribution to a specific threat actor, Proofpoint warns of Bumblebee\'s potential as an initial access point for subsequent ransomware attacks. The resurgence of Bumblebee aligns with a broader trend of increased cybercriminal activity observed in 2024, marked by the return of several threat actors and malware strains after prolonged periods of dormancy, indicating a surge in cyber threats following a temporary decline. #### Reference URL(s) 1. https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black #### Publication Date February 12, 2024 #### Author(s) Axel F Selena Larson Proofpoint Threat Research Team |
Ransomware Malware Threat Prediction | ★★ | |
|
2024-02-13 13:00:21 | Apprenez à connaître le point de chèque Harmony Sase Get to Know Check Point Harmony SASE (lien direct) |
> La nouvelle offre de la nouvelle offre Secure Access Service Edge (SASE) est désormais appelée harmonie.Le monde a changé au cours des dernières années, et l'ancienne façon d'obtenir un réseau standard sur site, avec ses notions à l'intérieur et à l'extérieur du périmètre, ne suffit plus.Il existe de nombreuses raisons pour ce changement, notamment la montée en puissance des réseaux de cloud public pour l'hébergement d'applications et de données, et l'agilité améliorée du flux de travail à partir de logiciels en tant que plateformes de service comme Salesforce et Office 365.Connexions haute performance, et il est clair [& # 8230;]
>Check Point\'s new Secure Access Service Edge (SASE) offering is now called Harmony SASE. The world has changed in the last few years, and the old way of securing a standard on-premises network, with its notions of inside and outside the perimeter, is no longer enough. There are many reasons for this change including the rise of public cloud networks for hosting applications and data, and the enhanced workflow agility from software as a service platforms like Salesforce and Office 365. Add to that the increasing trend of remote work and the need for high performance connections, and it\'s clear […] |
Prediction Cloud | ★★ | |
|
2024-02-13 00:00:00 | Tendances mondiales de la cybersécurité: IA, risques géopolitiques et zéro confiance Global Cybersecurity Trends: AI, Geopolitical Risks, and Zero Trust (lien direct) |
Le directeur de la stratégie technologique de Trend Micro \\ discute des plus grandes tendances de cybersécurité et de ce qu'il faut surveiller en 2024.
Trend Micro\'s Chief Technology Strategy Officer discusses the biggest cybersecurity trends and what to watch for in 2024. |
Prediction | ★★★ | |
|
2024-02-13 00:00:00 | Vulnérabilité à écran intelligent: CVE-2024-21412 Faits et correctifs SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes (lien direct) |
Cette entrée vise à fournir un contexte supplémentaire au CVE-2024-21412, comment il peut être utilisé par les acteurs de la menace et comment la tendance protège les clients de cette vulnérabilité spécifique.
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability. |
Vulnerability Threat Prediction | ★★ | |
|
2024-02-13 00:00:00 | CVE-2024-21412: Water Hydra cible les commerçants avec Microsoft Defender SmartScreen Zero-Day CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day (lien direct) |
L'APT Group Water Hydra a exploité la vulnérabilité de SmartScreen Microsoft Defender zéro-jour (CVE-2024-21412) dans ses campagnes ciblant les commerçants de marchés financiers.Cette vulnérabilité, qui a maintenant été corrigée par Microsoft, a été découverte et divulguée par l'initiative Trend Micro Zero Day.
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative. |
Vulnerability Threat Prediction | ★★★ | |
|
2024-02-12 08:02:39 | 4 étapes pour empêcher le compromis des e-mails des fournisseurs dans votre chaîne d'approvisionnement 4 Steps to Prevent Vendor Email Compromise in Your Supply Chain (lien direct) |
Supply chains have become a focal point for cyberattacks in a world where business ecosystems are increasingly connected. Email threats are a significant risk factor, as threat actors are keen to use compromised email accounts to their advantage. Every month, a staggering 80% of Proofpoint customers face attacks that originate from compromised vendor, third-party or supplier email accounts. Known as supplier account compromise, or vendor email compromise, these attacks involve threat actors infiltrating business communications between trusted partners so that they can launch internal and external attacks. Their ultimate goal might be to steal money, steal data, distribute malware or simply cause havoc. In this blog post, we\'ll explain how vendor emails are compromised and how you can stop these attacks. Finally, we\'ll tell you how Proofpoint can help. What\'s at stake Supply chain compromise attacks can be costly for businesses. IBM, in its latest Cost of a Data Breach Report, says that the average total cost of a cyberattack that involves supply chain compromise is $4.76 million. That is almost 12% higher than the cost of an incident that doesn\'t involve the supply chain. In addition to the financial implications, compromised accounts can lead to: Phishing scams that result in even more compromised accounts Reputational and brand damage Complex legal liabilities between business partners How does vendor email compromise occur? Supply chain compromise attacks are highly targeted. They can stretch out over several months. And typically, they are structured as a multistep process. The bad actor initiates the assault by gaining access to the email account of a vendor or supplier through various means. Phishing attacks are one example. Once the attacker gains access, they will lay low for an extended period to observe the vendor\'s email communications. During this time, the adversary will study the language and context of messages so that they can blend in well and avoid detection. Attackers might also use this observation period to establish persistence. They will create mail rules and infrastructure so that they can continue to receive and send messages even after the vendor has regained control of the account. Once they establish access and persistence, the attackers will begin to insert themselves into conversations within the supplier\'s company as well as with external partners and customers. By posing as the sender, the attacker takes advantage of established trust between parties to increase their chances of success. Overview of a vendor email compromise attack. Proofpoint has observed a growing trend of attackers targeting accounts within smaller businesses and using them to gain entry into larger companies. Threat actors often assume that small businesses have less protection than large companies. They see them as targets that can help them achieve a bigger payday. How to stop vendor email compromise If you want to defend against these attacks, it\'s critical to understand the methods behind them. Such a formidable problem requires a strategic and multilayered solution. The four broad steps below can help. Step 1: Know your suppliers Your first line of defense against these email attacks sounds simple, but it\'s challenging. It is the ability to intimately “know your supplier” and understand their security strategy. This requires more than a one-time vendor assessment. Your security teams will need to prioritize continuous monitoring of your company\'s business partnerships. On top of that knowledge, you need a thorough understanding of the access and privileges that your business grants to each vendor. Compromised accounts that have uncontrolled access may be able to exfiltrate sensitive data or upload malware like ransomware. So, when you know what your suppliers can (and can\'t) access, you can identify a data breach faster. Other steps, like requiring multifactor authentication (MFA) for vendor accounts, can | Ransomware Data Breach Malware Tool Threat Studies Prediction Cloud | ★★★ | |
|
2024-02-09 06:00:24 | Offensif et défensif: renforcer la sensibilisation à la sécurité avec deux approches d'apprentissage puissantes Offensive and Defensive: Build Security Awareness with Two Powerful Learning Approaches (lien direct) |
“Offensive” security awareness and “defensive” security awareness are two learning approaches that you can use to build a robust security culture in your company. They involve applying different strategies to educate your employees about threats and how they can respond to them safely. You may have heard the terms “offensive cybersecurity” and “defensive cybersecurity.” You use defensive tools and techniques to strengthen security vulnerabilities. And with offensive tools and techniques, you focus on identifying those vulnerabilities before attackers find them first. How do defensive and offensive approaches apply to security awareness? Here\'s a quick overview: With a defensive approach, users learn the fundamentals of security. With an offensive approach, users learn how to protect themselves and the business against future threats. Let\'s use a sports analogy here. You can actively learn to be a defensive goalie and block threats. Then, you can take your skills up a level and learn to score points with protective techniques. With Proofpoint Security Awareness, our industry-leading threat intelligence informs both approaches. We help people learn how to defend against current threats. And we give them the tools for taking offensive action against future threats. Live-action series about Insider Threats. (play video) Defensive security awareness: set the foundation We all have to start with the basics, right? With defensive security awareness, you teach people the fundamentals of security and set the stage for safe behavior. This training is often reactive. It enables people to respond to immediate threats and incidents as they arise. At Proofpoint, we believe in using behavioral science methodologies, like adaptive learning and contextual nudges. We combine this with a threat-driven approach, weaving trend analysis and insights about recent security breaches into our training. A personalized adaptive framework The adaptive learning framework is a personalized defensive approach to training. It recognizes that everyone learns differently; it is the opposite of a one-size-fits-all approach. You can teach security fundamentals in a way that is meaningful for each person based on what they know, what they might do and what they believe. This framework lets you drive behavior change with education that is tailored to each person\'s needs. That can include their professional role, industry, content style and native language. The learner can engage with a wide variety of styles and materials. And each training is tied to a specific learning objective. Adaptive learning recognizes that people learn best in short bursts that are spread over time. Our microlearning video modules are under three minutes, and our nano-learning videos are under one minute. These formats give people the flexibility to learn at their own pace. For instance, our “You\'re Now a Little Wiser” nano series offers bite-size training on topics such as data protection to help users learn about specific threats. Screenshots from a one-minute nano-learning video. Contextual nudges and positive reinforcement Training is essential if you want to build a robust security culture. But it is not enough to change behavior fully. Here is where contextual nudges play a vital role in helping to reinforce positive behavior habits once they are formed. These deliberate interventions are designed to shape how people behave. Nudges are rooted in a deep understanding of human behavior. They can move people toward making better decisions, often without them realizing it. They are gentle reminders that can guide people toward creating optimal outcomes. That, in turn, helps to foster a defensive security-conscious culture in your company. It is important to find the respectful balance of nudging people toward secure behaviors without being too intrusive or complex. For example, when a user fails a phishing simulation exercise, Proofpoint Security Awareness offers “Tea | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-02-02 05:00:36 | Développement d'une nouvelle norme Internet: le cadre de la politique relationnelle du domaine Developing a New Internet Standard: the Domain Relationship Policy Framework (lien direct) |
Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation. In this blog post, we discuss the Domain Relationship Policy Framework (DRPF)-an effort that has been years in the making at Proofpoint. The DRPF is a simple method that is used to identify verifiably authorized relationships between arbitrary domains. We create a flexible way to publish policies. These policies can also describe complex domain relationships. The details for this new model require in-depth community discussions. These conversations will help us collectively steer the DRPF toward becoming a fully interoperable standard. We are now in the early proposal stage for the DRPF, and we are starting to engage more with the broader community. This post provides a glimpse down the road leading to standardization for the DRPF. Why Proofpoint developed DRPF To shine a light on why Proofpoint was inspired to develop the DRPF in the first place, let\'s consider the thinking of the initial designers of the Domain Name System (DNS). They assumed that subdomains would inherit the administrative control of their parent domains. And by extension, this should apply to all subsequent subdomains down the line. At the time, this was reasonable to assume. Most early domains and their subdomains operated in much the same way. For example, “university.edu” directly operated and controlled the administrative policies for subdomains such as “lab.university.edu” which flowed down to “project.lab.university.edu.” Since the mid-1980s, when DNS was widely deployed, there has been a growing trend of delegating subdomains to third parties. This reflects a breakdown of the hierarchical model of cascading policies. To see how this works, imagine that a business uses “company.com” as a domain. That business might delegate “marketing.company.com” to a third-party marketing agency. The subdomain must inherit some policies, while the subdomain administrator may apply other policies that don\'t apply to the parent domain. Notably, there is no mechanism yet for a domain to declare a relationship with another seemingly independent domain. Consider a parent company that operates multiple distinct brands. The company with a single set of policies may want them applied not only to “company.com” (and all of its subdomains). It may also want them applied to its brand domains “brand.com” and “anotherbrand.com.” It gets even more complex when any of the brand domains delegate various subdomains to other third parties. So, say some of them are delegated to marketing or API support. Each will potentially be governed by a mix of administrative policies. In this context, “policies” refers to published guidance that is used when these subdomains interact with the domain. Policies might be for information only. Or they might provide details that are required to use services that the domain operates. Most policies will be static (or appear so to the retrieving parties). But it is possible to imagine that they could contain directives akin to smart contracts in distributed ledgers. 3 Design characteristics that define DRPF The goal of the DRPF is to make deployment and adoption easier while making it flexible for future use cases. In many prior proposals, complex requirements bogged down efforts to get rid of administrative boundaries between and across disparate domains. Our work should be immediately useful with minimal effort and be able to support a wide array of ever-expanding use cases. In its simplest form, three design characteristics define the DRPF: A domain administrator publishes a policy assertion record for the domain so that a relying party can discover and retrieve it. The discovered policy assertion directs the relying party to where they can find | Tool Prediction Cloud Technical | ★★★ | |
|
2024-02-01 09:50:52 | 300 millions de données de compte utilisateur ont été divulguées à l'échelle mondiale en 2023 - Tendances de violation de données 300 million user account data leaked globally in 2023 - data breach trends (lien direct) |
10 comptes ont été divulgués chaque seconde de 2023, l'étude globale de Surfshark \\ montre: & copy;Boguslaw Mazur
«Alors que nous regardons en arrière sur 2023, il y a une tendance positive dans les violations de données & # 8211;Une diminution de 20% des comptes touchés par rapport à 2022. Malgré cette amélioration, 300 millions d'utilisateurs dans le monde ont encore subi des violations », explique Agneska Sablovskaja, chercheuse principale chez Surfshark.«Même une fuite de données de compte unique peut entraîner un accès non autorisé, risquant l'utilisation abusive des informations personnelles, l'identité potentielle ou (...)
-
rapports spéciaux
/ /
affiche
10 accounts were leaked every second of 2023, Surfshark\'s global study shows: © Boguslaw Mazur “As we look back on 2023, there\'s a positive trend in data breaches – a 20% decrease in affected accounts compared to 2022. Despite this improvement, 300 million users worldwide still experienced breaches,” says Agneska Sablovskaja, Lead Researcher at Surfshark. “Even a single account data leak can lead to unauthorized access, risking the misuse of personal information, potential identity or (...) - Special Reports / affiche |
Data Breach Studies Prediction | ★★★ | |
|
2024-01-31 16:30:00 | L'assaut Net-Ntlmv2 furtif de Pawn Storm \\ a révélé Pawn Storm\\'s Stealthy Net-NTLMv2 Assault Revealed (lien direct) |
Trend Micro a signalé des attaques récentes axées sur les secteurs gouvernementaux, notamment les affaires étrangères, l'énergie, la défense et les transports
Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation |
Prediction | APT 28 | ★★★ |
 |
2024-01-31 10:00:45 | ICS et prédictions de menace OT pour 2024 ICS and OT threat predictions for 2024 (lien direct) |
Les experts de Kaspersky font leurs prédictions sur les CI et les menaces OT: en particulier, les ransomwares et les attaques hacktivistes, les menaces pour la logistique et le transport, etc.
Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. |
Ransomware Threat Industrial Prediction | ★★★★ | |
 |
2024-01-30 07:00:00 | Prédictions de cybersécurité: Quelles tendances seront répandues en 2024? Cybersecurity Predictions: What Trends Will Be Prevalent in 2024? (lien direct) |
> L'environnement numérique en évolution et l'expansion de la surface d'attaque exigent l'adaptation vigilante pour rester une étape ...
>The evolving digital environment and expanding attack surface demand vigilant adaptation to stay one step... |
Prediction | ★★★ | |
|
2024-01-30 05:00:16 | Mémoire de sécurité: \\ 'c'est la saison de Tax Hax Security Brief: \\'Tis the Season for Tax Hax (lien direct) |
Ce qui s'est passé Les chercheurs de ProofPoint ont récemment identifié le retour de TA576, un acteur de menace cybercriminale qui utilise des leurres sur le thème de la taxe ciblant spécifiquement les organisations comptables et financières.Cet acteur n'est généralement actif que les premiers mois de l'année pendant la saison fiscale des États-Unis, ciblant généralement les organisations en Amérique du Nord avec des campagnes de messagerie à faible volume.Dans toutes les campagnes, l'acteur par e-mail des demandes d'aide à la préparation des revenus et tentera de livrer des chevaux de Troie à distance (rats). Dans les deux premières campagnes observées en janvier 2024, l'acteur a utilisé un compte compromis pour envoyer des e-mails bénins censés demander une assistance fiscale.Bien que le compte de l'expéditeur ait été compromis, les e-mails comportaient une adresse de réponse avec un domaine récemment enregistré qui appartient probablement à l'acteur de menace.L'acteur de menace a fourni une trame de fond et a demandé des prix et une disponibilité.Si la cible a répondu, l'acteur de menace a répondu par une URL malveillante Google Firebase (Web.App). Lyure sur le thème des impôts utilisé par TA576. Si l'URL était cliquée, elle redirigea vers le téléchargement d'un fichier de raccourci zippé (LNK).Si ce raccourci était exécuté, il a exécuté PowerShell encodé via l'injection SyncappvpublishingServer.vbs lolbas.La commande PowerShell a lancé MSHTA pour exécuter la charge utile de l'application HTML (HTA) à partir d'une URL fournie.Vivant des techniques de binaires terrestres, scripts et bibliothèques (lolbas) devient de plus en plus populaire parmi les menaces cybercriminales. Exemple de cible de raccourci. Le code prend une séquence de valeurs numériques, soustrait un nombre de chacun (dans ce cas 593), et convertit chaque résultat en un caractère utilisant le casting de type [char], et concaténe les caractères en une chaîne stockée dans la variable $ k.Fait intéressant, le nombre soustrait diffère du raccourci au raccourci. La charge utile HTA a exécuté une commande PowerShell à AES Decrypt et décompresser une autre commande qui a téléchargé un exécutable dans le dossier% AppData% et l'a exécuté.Cette technique est similaire à celle précédemment documentée par SANS ISC.L'exécutable de la campagne TA576 a utilisé la technique d'évasion de la "porte du ciel" pour exécuter Parallax Rat. Résumé de la chaîne d'attaque: Message bénigne> Réponse cible> Réponse de l'acteur avec web.app URL> Redirection> zip> lnk> syncappvpublishingServer.vbs lolbas> PowerShell> mshta exécute HTA à partir de l'URL> PowerShell cryptée> Obfuscated PowerShell> Télécharger et exécuter l'exe exe Les campagnes de 2024 de TA576 \\ sont notables car il s'agit du premier point de preuve a observé que l'acteur livrant Parallax Rat.De plus, la chaîne d'attaque de l'acteur \\ à l'aide de techniques LOLBAS et de plusieurs scripts PowerShell est nettement différente des campagnes précédemment observées qui ont utilisé des URL pour zipper les charges utiles JavaScript ou des documents Microsoft Word en macro. Attribution TA576 est un acteur de menace cybercriminale.ProofPoint a suivi TA576 depuis 2018 via des techniques de création de courriels de spam, une utilisation des logiciels malveillants, des techniques de livraison de logiciels malveillants et d'autres caractéristiques.Cet acteur utilise des leurres d'impôt contenant des caractéristiques et des thèmes similaires pendant la saison fiscale américaine pour livrer et installer des rats.Les objectifs de suivi de Ta576 \\ sont inconnus.Bien que les secteurs les plus fréquemment observés ciblés incluent les entités comptables et financières, Proof Point a également observé le ciblage des industries connexes telles que le légal. Pourquoi est-ce important Les campagnes annuelles sur le thème de l'impôt de TA576 \\ servent de rappel récurrent que les acteurs des menaces de cybercri | Spam Malware Threat Prediction | ★★ | |
 |
2024-01-29 01:29:08 | Les hacks de Tesla font une grande banque lors de l'événement axé sur l'automobile de Pwn2own \\ Tesla hacks make big bank at Pwn2Own\\'s first automotive-focused event (lien direct) |
Aussi: SEC admet la négligence du compte X;La nouvelle famille de malware macOS apparaît;Et certaines vulns critiques infosec en bref Trend Micro \'s Zero Day Initiative (ZDI) ont tenu son tout premier événement PWN2OWN axé sur l'automobile à Tokyo la semaine dernière, et a décernéPlus de 1,3 million de dollars aux découvreurs de 49 vulnérabilités liées à des véhicules.…
ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Infosec in brief Trend Micro\'s Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities.… |
Malware Vulnerability Threat Prediction | ★★★ | |
 |
2024-01-28 17:22:55 | Le vol de crypto PYPI malware frappe à la fois les utilisateurs de Windows et Linux Crypto Stealing PyPI Malware Hits Both Windows and Linux Users (lien direct) |
> Par deeba ahmed
Fortiguard Labs & # 8217;Le dernier rapport de recherche révèle une tendance préoccupante: les acteurs de la menace tirent parti de l'indice de package Python (PYPI), & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Le vol de crypto PYPI malware frappe à la fois les utilisateurs de Windows et Linux
>By Deeba Ahmed FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI),… This is a post from HackRead.com Read the original post: Crypto Stealing PyPI Malware Hits Both Windows and Linux Users |
Malware Threat Prediction | ★★★ | |
|
2024-01-26 21:51:03 | Les pirates fissurent Tesla deux fois, récupèrent 1,3 million de dollars chez PWN2OWN AUTOMOTIVE Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive (lien direct) |
> Par deeba ahmed
Les vendeurs ont 90 jours pour publier des correctifs de sécurité avant que la tendance micro le révèle publiquement.
Ceci est un article de HackRead.com Lire le post original: Les pirates cassent Tesla deux fois, récupèrent 1,3 million de dollars chez PWN2OWN AUTOMOTIVE
>By Deeba Ahmed Vendors have 90 days to release security patches before Trend Micro publicly discloses it. This is a post from HackRead.com Read the original post: Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive |
Prediction | ★★ | |
 |
2024-01-26 14:00:49 | Cybersécurité des soins de santé - Trois tendances à surveiller en 2024 Healthcare Cybersecurity - Three Trends to Watch in 2024 (lien direct) |
> Le Guide de la transformation de la cybersécurité du CISO \\ des soins de santé met en évidence les dernières tendances des soins de santé et où les efforts défensifs devraient être concentrés.
>The Healthcare CISO\'s Guide to Cybersecurity Transformation highlights the latest trends in healthcare and where defensive efforts should be focused. |
Prediction | ★★★ | |
|
2024-01-25 20:18:28 | Kasseika Ransomware déploie BYOVD ATTAQUES ABUS Psexec et exploite le pilote Martini Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver (lien direct) |
#### Description
L'opération de ransomware nommée \\ 'Kasseika \' a adopté Bring vos propres tactiques de pilote vulnérable (BYOVD) pour désactiver le logiciel antivirus avant de crypter des fichiers.
Kasseika exploite le pilote Martini, qui fait partie du système d'agent Virtt Soft \\ de TG Soft, pour désactiver les produits antivirus protégeant le système ciblé.Trend Micro a découvert Kasseika en décembre 2023, notant ses similitudes avec Blackmatter, suggérant qu'il pourrait avoir été construit par d'anciens membres ou acteurs qui ont acheté le code de Blackmatter \\.L'attaque commence par un e-mail de phishing, volant des informations d'identification pour l'accès initial, suivie de l'outil d'abus de Psexec Windows pour le mouvement latéral.Kasseika utilise des attaques BYOVD pour gagner des privilèges, résilier les processus antivirus et exécuter son ransomware binaire, exigeant une rançon de Bitcoin et offrant aux victimes une option de décryptage dans les 120 heures.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attades-abuses-psexec-and-expl.html
#### Date de publication
25 janvier 2024
#### Auteurs)
Chercheurs Trendmicro
#### Description The ransomware operation named \'Kasseika\' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. Kasseika exploits the Martini driver, part of TG Soft\'s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro discovered Kasseika in December 2023, noting its similarities with BlackMatter, suggesting it may have been built by former members or actors who purchased BlackMatter\'s code. The attack begins with a phishing email, stealing credentials for initial access, followed by the abuse of Windows PsExec tool for lateral movement. Kasseika utilizes BYOVD attacks to gain privileges, terminate antivirus processes, and execute its ransomware binary, demanding a Bitcoin ransom and providing victims with a decryption option within 120 hours. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html #### Publication Date January 25, 2024 #### Author(s) TrendMicro Researchers |
Ransomware Tool Prediction | ★★★ | |
 |
2024-01-25 17:43:48 | Le nombre de victimes d'attaque ransomware augmente en 2023 à plus de 4000 The Number of Ransomware Attack Victims Surge in 2023 to over 4000 (lien direct) |
La poussée de ransomware -As-A-Service Affiliates est probablement la raison de l'augmentation spectaculaire du nombre d'organisations victimes, avec tous les indicateurs suggérant que cette tendance persistera en 2024.
The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.
|
Ransomware Prediction | ★★★ | |
|
2024-01-25 16:47:00 | Cyber Threat Landscape: 7 conclusions clés et tendances à venir pour 2024 Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024 (lien direct) |
Le rapport sur le paysage des menaces d'axur 2023/2024 fournit une analyse complète des dernières cyber-menaces.Les informations combinent les données de la surveillance de la plate-forme de la surface, du Web en profondeur et sombre avec des idées dérivées des recherches et des enquêtes approfondies menées par l'équipe de renseignement des menaces.
Découvrez l'étendue complète des menaces numériques dans le rapport Axur 2023/2024.
Aperçu
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform\'s surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview |
Threat Prediction | ★★★ | |
|
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
To see everything:
Our RSS (filtrered)
