What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-02 11:15:47 | Cloudflare piraté par un acteur de menace suspect par l'État Cloudflare Hacked by Suspected State-Sponsored Threat Actor (lien direct) |
> Un acteur de menace nationale a accédé aux systèmes internes de cloudflare à l'aide d'identification volées pendant le piratage d'Okta.
>A nation-state threat actor accessed internal Cloudflare systems using credentials stolen during the Okta hack. |
Hack Threat | ★★★ | |
 |
2024-02-02 09:22:56 | Fuite de passeports pour les employés de Lush ? (lien direct) | La marque de cosmétiques éthique Lush face à un piratage informatique. Le hacker malveillant annonce l'exfiltration de documents sensibles internes.... | Data Breach Threat | ★★★ | |
 |
2024-02-02 08:27:49 | Acteurs de la menace Installation des comptes de porte dérobée Linux Threat Actors Installing Linux Backdoor Accounts (lien direct) |
AhnLab Security Intelligence Center (ASEC) utilise un pot de miel Linux SSH pour surveiller les attaques contre les systèmes Linux non spécifiés.Les acteurs de la menace installent des logiciels malveillants en lançant des attaques de force brute et du dictionnaire contre les systèmes Linux qui sont mal gérés, tels que l'utilisation de paramètres par défaut ou le mot de passe simple.Bien qu'il existe une variété de cas d'attaque, y compris ceux où les vers, les co -miners et les robots DDOS sont installés, ce message couvrira les cas d'attaque où des comptes de porte dérobée sont créés à la place des logiciels malveillants.De telles attaques ...
AhnLab SEcurity intelligence Center (ASEC) is using a Linux SSH honeypot to monitor attacks against unspecified Linux systems. Threat actors install malware by launching brute force and dictionary attacks against Linux systems that are poorly managed, such as using default settings or having a simple password. While there is a variety of attack cases including those where worms, CoinMiners, and DDoS bots are installed, this post will cover attack cases where backdoor accounts are created instead of malware. Such attacks... |
Malware Threat | ★★ | |
 |
2024-02-02 08:00:00 | Protégez vos infos sensibles et surfez sur des sites dangereux avec Browser.lol (lien direct) | Pour accéder à des sites peu sûrs, Browser.lol offre un service de navigateur distant sécurisé. Il permet une navigation anonyme, contourne les restrictions géographiques et les blocages locaux, teste la compatibilité des navigateurs, identifie les vulnérabilités et bloque les publicités pour une expérience privée et sans trace. | Threat | ★★★ | |
 |
2024-02-02 05:00:40 | Brisez la chaîne d'attaque: le gambit d'ouverture Break the Attack Chain: The Opening Gambit (lien direct) |
The threat landscape has always evolved. But the pace of change over the last decade is unlike anything most security professionals have experienced before. Today\'s threats focus much less on our infrastructure and much more on our people. But that\'s not all. Where once a cyberattack may have been a stand-alone event, these events are now almost always multistage. In fact, most modern threats follow the same playbook: initial compromise, lateral movement and impact. While this approach has the potential to cause more damage, it also gives security teams more opportunities to spot and halt cyberattacks. By placing protections in key spots along the attack chain, we can thwart and frustrate would-be cybercriminals before their ultimate payoff. This starts with understanding the opening gambit: How do threat actors attempt to gain access to your king-in this case, your networks and data? And what can be done to keep them at bay? Understanding the playbook The chess parallels continue when we look at recent evolutions in the threat landscape, with our defensive tactics provoking an adapted method of attack. We see this in full effect when it comes to multifactor authentication (MFA). In recent years, security professionals have flocked to MFA to protect accounts and safeguard credentials. In response, threat actors have developed MFA bypass and spoofing methods to get around and weaponize these protections. So much so that MFA bypass can now be considered the norm when it comes to corporate credential phishing attacks. Increasingly, cybercriminals purchase off-the-shelf kits which enable them to use adversary-in-the-middle (AiTM) tactics to digitally eavesdrop and steal credentials. We have also seen an increase in other human-activated methods, such as telephone-oriented attack delivery (TOAD). This method combines voice and email phishing techniques to trick victims into disclosing sensitive information such as login credentials or financial data. Whatever the method, the desired outcome at this stage is the same. Cybercriminals seek to get inside your defenses so they can execute the next stage of their attack. That is what makes the opening gambit such a critical time in the lifecycle of a cyber threat. Modern threat actors are experts at remaining undetected once they are inside our networks. They know how to hide in plain sight, move laterally and escalate privileges. So, if this stage of the attack is a success, organizations have a huge problem. The good news is that the more we understand the tactics that today\'s cybercriminals use, the more we can adapt our defenses to stop them in their tracks before they can inflict significant damage. Countering the gambit The best opportunity to stop cybercriminals is before and during the initial compromise. By mastering a counter to the opening gambit, we can keep malicious actors where they belong-outside our perimeter. It will surprise no one that most threats start in the inbox. So, the more we can do to stop malicious messaging before it reaches our people, the better. There is no silver bullet in this respect. artificial intelligence (AI)-powered email security is as close as it gets. Proofpoint Email Protection is the only AI and machine learning-powered threat protection that disarms today\'s advanced attacks. Proofpoint Email Protection uses trillions of data points to detect and block business email compromise (BEC), phishing, ransomware, supply chain threats and plenty more. It also correlates threat intelligence across email, cloud and network data to help you stay ahead of new and evolving threats that target your people. However, the difficult reality is that nothing is entirely impenetrable. Today\'s security teams must assume some threats will reach the inbox. And your people need to be prepared when they do. Equipping this vital line of defense requires total visibility into who is being attacked in your organization-and when, where and how. Once you have identified the people who ar | Ransomware Threat Cloud | ★★★ | |
|
2024-02-02 05:00:28 | Analyse du cas de phishing imitant une célèbre page de connexion du portail coréen Analysis of Phishing Case Impersonating a Famous Korean Portal Login Page (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment analysé un cas de phishing où une page de phishing a été déguisée en tant quePage de connexion d'un célèbre site Web de portail coréen.L'ASEC a ensuite collecté des informations sur l'acteur de menace.La fausse page de connexion, qui aurait été distribuée sous le format des hyperliens jointe aux e-mails de phishing, s'est révélée très similaire à la page de connexion du célèbre site de portail.En fait, il est difficile de réaliser que ...
AhnLab SEcurity intelligence Center (ASEC) has recently analyzed a phishing case where a phishing page was disguised as a login page of a famous Korean portal website. ASEC has then collected some information on the threat actor. The fake login page, which is believed to have been distributed in the format of hyperlinks attached to phishing emails, was found to be very similar to the login page of the famous portal site. In fact, it is difficult to realize that... |
Threat | ★★ | |
|
2024-02-02 04:20:46 | Distribution de Zephyr Coinmin en utilisant Autoit Distribution of Zephyr CoinMiner Using Autoit (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment découvert qu'un Coinmin, ciblant Zephyr est distribué.Le fichier est créé avec AutOIT, et il est réparti sous la forme d'un fichier compressé qui contient le Coinmin.Le fichier compressé est distribué sous le nom de «Windows_Py_M3U_EXPLOIT_2024.7Z», et en décompressant le fichier, plusieurs scripts et exécutables sont créés.Parmi eux, «comboiptvexploit.exe» se trouve un programme d'installation de système d'installation scriptable Nullsoft (NSIS), et deux fichiers JavaScript existent.Lorsque le fichier est exécuté, il ...
AhnLab SEcurity intelligence Center (ASEC) recently discovered that a CoinMiner targeting Zephyr is being distributed. The file is created with Autoit, and it is being spread in the form of a compressed file that contains the CoinMiner. The compressed file is being distributed as “WINDOWS_PY_M3U_EXPLOIT_2024.7z,” and upon decompressing the file, several scripts and executables are created. Among them, “ComboIptvExploit.exe” is a Nullsoft Scriptable Install System (NSIS) installer, and two Javascript files exist within it. When the file is run, it... |
Threat | ★★★ | |
 |
2024-02-01 22:20:00 | \\ 'Commando Cat \\' est la deuxième campagne de l'année ciblant Docker \\'Commando Cat\\' Is Second Campaign of the Year Targeting Docker (lien direct) |
L'acteur de menace derrière la campagne est encore inconnu, mais il partage certaines similitudes avec d'autres groupes de cyptojacking.
The threat actor behind the campaign is still unknown, but it shares some similarities with other cyptojacking groups. |
Threat | ★★★ | |
 |
2024-02-01 21:58:00 | L'acteur de l'État-nation a utilisé des références okta volées dans l'attaque de Thanksgiving, dit Cloudflare Nation-state actor used stolen Okta credentials in Thanksgiving attack, Cloudflare says (lien direct) |
Senior executives at networking giant Cloudflare said a suspected nation-state attacker used credentials stolen from Okta to breach the company\'s systems in late November. In a blog post Thursday afternoon, Cloudflare CEO Matthew Prince and others said the company detected on Thanksgiving Day a threat actor on its self-hosted Atlassian server. “Our security team immediately
Senior executives at networking giant Cloudflare said a suspected nation-state attacker used credentials stolen from Okta to breach the company\'s systems in late November. In a blog post Thursday afternoon, Cloudflare CEO Matthew Prince and others said the company detected on Thanksgiving Day a threat actor on its self-hosted Atlassian server. “Our security team immediately |
Threat | ★★★★ | |
 |
2024-02-01 21:40:33 | Trigona Ransomware Threat Actor Uses Mimic Ransomware (lien direct) | #### Description
AhnLab Security Intelligence Center (ASEC) has identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware.
The attack targets MS-SQL servers and exploits the Bulk Copy Program (BCP) utility in MS-SQL servers during the malware installation process. The attacker also attempted to use malware for port forwarding to establish an RDP connection to the infected system and control it remotely. The Trigona threat actor is known to use Mimikatz to steal account credentials. The threat actor installed AnyDesk to control the infected system. Administrators must use passwords that cannot be easily guessed and change them periodically to protect the database servers from brute force and dictionary attacks. V3 must also be updated to the latest version to block malware infection in advance. Administrators should also use security programs such as firewalls for database servers accessible from outside to restrict access by external threat actors.
#### Reference URL(s)
1. https://asec.ahnlab.com/en/61000/
#### Publication Date
January 29, 2024
#### Author(s)
Sanseo
#### Description AhnLab Security Intelligence Center (ASEC) has identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware. The attack targets MS-SQL servers and exploits the Bulk Copy Program (BCP) utility in MS-SQL servers during the malware installation process. The attacker also attempted to use malware for port forwarding to establish an RDP connection to the infected system and control it remotely. The Trigona threat actor is known to use Mimikatz to steal account credentials. The threat actor installed AnyDesk to control the infected system. Administrators must use passwords that cannot be easily guessed and change them periodically to protect the database servers from brute force and dictionary attacks. V3 must also be updated to the latest version to block malware infection in advance. Administrators should also use security programs such as firewalls for database servers accessible from outside to restrict access by external threat actors. #### Reference URL(s) 1. https://asec.ahnlab.com/en/61000/ #### Publication Date January 29, 2024 #### Author(s) Sanseo |
Ransomware Malware Threat | ★★★ | |
 |
2024-02-01 21:14:00 | FritzFrog revient avec Log4Shell et Pwnkit, diffusant des logiciels malveillants à l'intérieur de votre réseau FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network (lien direct) |
L'acteur de menace derrière un botnet peer-to-peer (P2P) appelé & nbsp; FritzFrog & nbsp; a fait un retour avec une nouvelle variante qui exploite le & nbsp; log4shell vulnérabilité & nbsp; pour se propager en interne dans un réseau déjà compromis.
"La vulnérabilité est exploitée de manière brute-force qui tente de cibler autant d'applications Java vulnérables que possible"
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security |
Malware Vulnerability Threat | ★★★ | |
|
2024-02-01 20:30:00 | La Chine s'infiltre les infrastructures critiques américaines en accélération au conflit China Infiltrates US Critical Infrastructure in Ramp-up to Conflict (lien direct) |
Les acteurs de la menace liés à la République de Chine du peuple, comme Volt Typhoon, continuent de "préposition" eux-mêmes dans l'infrastructure critique des États-Unis, selon des responsables militaires et des forces de l'ordre.
Threat actors linked to the People\'s Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials. |
Threat | Guam | ★★★ |
|
2024-02-01 20:23:00 | Le FBI perturbe Volt Typhoon soutenu par l'État chinois \\ 's kv botnet FBI Disrupts Chinese State-Backed Volt Typhoon\\'s KV Botnet (lien direct) |
par waqas
Le KV Botnet, un groupe d'acteurs de menaces parrainé par l'État chinois a attiré une attention généralisée pour compromettre des centaines de routeurs de petit bureau / bureau à domicile basés aux États-Unis (SOHO).
Ceci est un article de HackRead.com Lire la publication originale: Le FBI perturbe le Typhoon Volt soutenu par l'État chinois & # 8217; s kv botnet
By Waqas The KV Botnet, a Chinese state-sponsored threat actor group gained widespread attention for compromising hundreds of U.S.-based small office/home office (SOHO) routers. This is a post from HackRead.com Read the original post: FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet |
Threat | Guam | ★★★ |
|
2024-02-01 17:07:00 | Les fédéraux américains ont fermé "KV-Botnet" lié à la Chine ciblant les routeurs SOHO U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers (lien direct) |
Le gouvernement américain a déclaré mercredi qu'il avait pris des mesures pour neutraliser un botnet comprenant des centaines de routeurs de petits bureaux et du ministère de l'Intérieur basé aux États-Unis (SOHO) détournés par un acteur de menace parrainé par l'État lié à la Chine appelée Volt Typhoon et émoussé l'impact posé par le piratagecampagne.
L'existence du botnet, surnommé & nbsp; kv-botnet, était & nbsp; d'abord divulgué & nbsp; par l'équipe Black Lotus Labs à
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at |
Threat Legislation | Guam | ★★★ |
 |
2024-02-01 16:59:36 | Comment la médecine légale a révélé l'exploitation d'Ivanti Connect Secure VPN Vulnérabilités de jour zéro How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities (lien direct) |
> Dans une récente série d'articles de blog liés à deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN, les détails partagés par volexité de l'exploitation active dans la sauvage;a fourni une mise à jour sur la façon dont l'exploitation était devenue dans le monde;et des observations rapportées sur la façon dont les logiciels malveillants et les modifications de l'outil de vérificateur d'intégrité intégré ont été utilisés pour échapper à la détection.Une étude initiale critique de Volexity \\ a consisté à collecter et à analyser un échantillon de mémoire.Comme indiqué dans le premier article de blog de la série en trois parties (je souligne): «… Volexité a analysé l'un des échantillons de mémoire collectés et a découvert la chaîne d'exploitation utilisée par l'attaquant.La volexité a découvert deux exploits différents-jour qui étaient enchaînés pour réaliser l'exécution de code distant non authentifié (RCE).Grâce à l'analyse médico-légale de l'échantillon de mémoire, la volexité a pu recréer deux exploits de preuve de concept qui ont permis une exécution complète de commande non authentifiée sur l'appliance ICS VPN. »Collect & # 38;Analyser la mémoire ASAP Le volexité priorise régulièrement la criminalistique de la mémoire [& # 8230;]
>In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of how malware and modifications to the built-in Integrity Checker Tool were used to evade detection. A critical piece of Volexity\'s initial investigation involved collecting and analyzing a memory sample. As noted in the first blog post of the three-part series (emphasis added): “…Volexity analyzed one of the collected memory samples and uncovered the exploit chain used by the attacker. Volexity discovered two different zero-day exploits which were being chained together to achieve unauthenticated remote code execution (RCE). Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.” Collect & Analyze Memory ASAP Volexity regularly prioritizes memory forensics […] |
Malware Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-02-01 16:52:00 | Headcrab 2.0 devient sans fil, ciblant les serveurs Redis pour l'exploitation cryptographique HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining (lien direct) |
Les chercheurs en cybersécurité ont détaillé une version mise à jour du malware & nbsp; headcrab & nbsp; qui est connu pour cibler les serveurs de base de données Redis à travers le monde depuis début septembre 2021.
Le développement, qui survient exactement un an après la première fois que le malware a été le premier et NBSP; divulgué publiquement & nbsp; par aqua, est un signe que l'acteur de menace motivé financièrement derrière la campagne s'adapte activement et
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that\'s known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and |
Malware Threat | ★★★ | |
 |
2024-02-01 15:55:19 | (Déjà vu) Check Point Software Technologies présente Quantum Spark 1900 & 2000 (lien direct) | Check Point Software Technologies présente Quantum Spark 1900 & 2000 : la cybersécurité de pointe pour les PME Des pare-feux innovants nouvelle génération pour une meilleure prévention des menaces grâce à l'intelligence artificielle, capables d'atteindre 6,5 Gbps avec un taux de blocage de 99,7 % contre les malwares zero-day, le phishing et les ransomwares - Produits | Vulnerability Threat | ★★ | |
|
2024-02-01 15:52:42 | Check Point Software Technologies lance Quantum Spark 1900 et 2000 Check Point Software Technologies Launches Quantum Spark 1900 & 2000 (lien direct) |
Vérifier les technologies du logiciel Point lance Quantum Spark 1900 & 2000: Advanced Cyber Security for Pme
Les pare-feu de nouvelle génération innovants offrent une prévention améliorée des menaces d'IA jusqu'à 5 Gbps avec un taux de bloc de 99,8% contre les logiciels malveillants, le phishing et les ransomwares zéro-jour
-
revues de produits
Check Point Software Technologies Launches Quantum Spark 1900 & 2000: Advanced Cyber security for SMBs Innovative Next-Generation Firewalls Deliver Enhanced AI Threat Prevention up to 5 Gbps with a 99.8% block rate against zero-day malware, phishing, and ransomware - Product Reviews |
Malware Vulnerability Threat | ★★★ | |
|
2024-02-01 15:32:30 | REGARDER: Les meilleurs responsables des cyber-témoignent sur la cyber-menace de la Chine pour les infrastructures critiques américaines Watch: Top Cyber Officials Testify on China\\'s Cyber Threat to US Critical Infrastructure (lien direct) |
VIDÉO: Les hauts responsables des cyber-américains témoignent sur la cyber-menace de la Chine pour la sécurité nationale américaine et l'infrastratiture critique.
Video: Top US cyber officials testify on China\'s cyber threat to U.S. national security and critical infrastrcuture. |
Threat | ★★★ | |
 |
2024-02-01 14:30:00 | Bazel de Google \\ exposé à la menace d'injection de commandement Google\\'s Bazel Exposed to Command Injection Threat (lien direct) |
Cycode a souligné la sécurisation des chaînes d'approvisionnement des logiciels au milieu des dépendances complexes et des actions tierces
Cycode stressed securing software supply chains amid complex dependencies and third-party actions |
Threat | ★★ | |
 |
2024-02-01 14:00:48 | Impacts courts, moyens et à long terme de l'IA en cybersécurité Short, Mid and Long-Term Impacts of AI in Cybersecurity (lien direct) |
> Kyle Wilhoit, directeur de la recherche sur les menaces à l'unité 42 Menace Intelligence, partage les réflexions et les prédictions sur les impacts de l'IA en cybersécurité.
>Kyle Wilhoit, director for threat research at Unit 42 Threat Intelligence, shares thoughts and predictions on impacts of AI in cybersecurity. |
Threat | ★★ | |
|
2024-02-01 13:44:53 | Tendances des ransomwares et cyber-extorsion dans l'équipe de recherche sur les menaces de rediaquest du quatrième trimestre Ransomware and Cyber-extortion Trends in Q4 2023 ReliaQuest Threat Research Team (lien direct) |
Ransomware et Tendances de cyber-axtotion dans le quatrième trimestre 2023
Équipe de recherche sur les menaces de Reliaquest
-
mise à jour malveillant
Ransomware and Cyber-extortion Trends in Q4 2023 ReliaQuest Threat Research Team - Malware Update |
Ransomware Threat | ★★★ | |
 |
2024-02-01 13:40:22 | Le traité de la cybercriminalité des Nations Unies pourrait mettre en danger la sécurité du Web UN Cybercrime Treaty Could Endanger Web Security (lien direct) |
Royal Hansen, Vice President of Privacy, Safety and Security EngineeringThis week, the United Nations convened member states to continue its years-long negotiations on the UN Cybercrime Treaty, titled “Countering the Use of Information and Communications Technologies for Criminal Purposes.” As more aspects of our lives intersect with the digital sphere, law enforcement around the world has increasingly turned to electronic evidence to investigate and disrupt criminal activity. Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it. When governments send Google legal orders to disclose user data in connection with their investigations, we carefully review those orders to make sure they satisfy applicable laws, international norms, and Google\'s policies. We also regularly report the number of these orders in our Transparency Report. | Threat | ★★★ | |
|
2024-02-01 13:13:00 | AVERTISSEMENT: de nouveaux logiciels malveillants émergent dans les attaques exploitant les vulnérabilités Ivanti VPN Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities (lien direct) |
Mandiant appartenant à Google a déclaré avoir identifié de nouveaux logiciels malveillants employés par un acteur de menace d'espionnage China-Nexus connu sous le nom de UNC5221 et d'autres groupes de menaces pendant l'activité post-exploitation ciblant Ivanti Connect Secure VPN et les appareils sécurisés politiques.
Cela comprend des coquilles Web personnalisées telles que Bushwalk, Chainline, Framesting et une variante de & nbsp; Lightwire.
"Chainline est une porte dérobée Python Web Shell qui est
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices. This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE. "CHAINLINE is a Python web shell backdoor that is |
Malware Vulnerability Threat | ★★★ | |
 |
2024-02-01 12:58:50 | Re # Turncence: une plongée profonde dans les pirates turques \\ 'Campagne ciblant les serveurs MSSQL RE#TURGENCE: A Deep Dive into Turkish Hackers\\' Campaign Targeting MSSQL Servers (lien direct) |
Les acteurs de menaces turques motivées financières sont apparues avec un développement significatif dans les cyber-menaces, introduisant ...
Financially motivated Turkish threat actors have emerged with a significant development in cyber threats, introducing... |
Threat | ★★★ | |
 |
2024-02-01 11:43:04 | Le comité restreint du CCP tient une audience sur la menace chinoise pour la patrie américaine, les infrastructures Select Committee on CCP holds hearing on Chinese threat to American homeland, infrastructure (lien direct) |
Le comité restreint du Parti communiste chinois (PCC) a mené une audience mercredi pour aborder le CCP & # 8217; s ...
The Select Committee on the Chinese Communist Party (CCP) conducted a hearing on Wednesday to address the CCP’s... |
Threat | ★★★ | |
|
2024-02-01 09:30:00 | Ivanti libère des correctifs zéro jour et révèle deux nouveaux bugs Ivanti Releases Zero-Day Patches and Reveals Two New Bugs (lien direct) |
Ivanti a finalement publié des mises à jour pour corriger deux bogues zéro-jours et deux nouvelles vulnérabilités de haute sévérité
Ivanti has finally released updates to fix two zero-day bugs and two new high-severity vulnerabilities |
Vulnerability Threat | ★★ | |
 |
2024-02-01 08:30:00 | Dévoiler les subtilités de diceloader Unveiling the intricacies of DiceLoader (lien direct) |
> Ce rapport vise à détailler le fonctionnement d'un logiciel malveillant utilisé par FIN7 depuis 2021, nommé Diceloader (également connu Icebot), et à fournir une approche complète de la menace en détaillant les techniques et procédures connexes. la publication Suivante | Malware Threat | ★★★ | |
|
2024-02-01 06:00:12 | Le pare-feu humain: Pourquoi la formation de sensibilisation à la sécurité est une couche de défense efficace The Human Firewall: Why Security Awareness Training Is an Effective Layer of Defense (lien direct) |
Do security awareness programs lead to a quantifiable reduction in risk? Do they directly impact a company\'s security culture? In short, are these programs effective? The answer to these questions is a resounding yes! With 74% of all data breaches involving the human element, the importance of educating people to help prevent a breach cannot be understated. However, for training to be effective, it needs to be frequent, ongoing and provided to everyone. Users should learn about: How to identify and protect themselves from evolving cyberthreats What best practices they can use to keep data safe Why following security policies is important In this blog post, we discuss the various ways that security awareness training can have a positive impact on your company. We also discuss how to make your program better and how to measure your success. Security awareness training effectiveness Let\'s look at three ways that security awareness training can help you boost your defenses. 1. Mitigate your risks By teaching your team how to spot and handle threats, you can cut down on data breaches and security incidents. Our study on the effects of using Proofpoint Security Awareness showed that many companies saw up to a 40% decrease in the number of harmful links clicked by users. Think about this: every click on a malicious link could lead to credential theft, a ransomware infection, or the exploitation of a zero-day vulnerability. So, an effective security awareness program essentially reduces security incidents by a similar amount. Want more evidence about how important it is? Just check out this study that shows security risks can be reduced by as much as 80%. Here is more food for thought. If a malicious link does not directly result in a breach, it must still be investigated. The average time to identify a breach is 204 days. So, if you can reduce the number of incidents you need to investigate, you can see real savings in time and resources. 2. Comply with regulations Security awareness education helps your company comply with data regulations, which are always changing. This can help you avoid hefty fines and damage to your reputation. In many cases, having a security awareness program can keep you compliant with several regulations. This includes U.S. state privacy laws, the European Union\'s GDPR and other industry regulations. 3. Cultivate a strong security culture An effective security awareness program doesn\'t have to be all doom and gloom. Done right, it can help you foster a positive security culture. More than half of users (56%) believe that being recognized or rewarded would make their company\'s security awareness efforts more effective. But only 8% of users say that their company provides them with incentives to practice “good” cybersecurity behavior. When you make security fun through games, contests, and reward and recognition programs, you can keep your employees engaged. You can also motivate them to feel personally responsible for security. That, in turn, can inspire them to be proactive about keeping your critical assets safe. Finally, be sure to incorporate security principles into your company\'s core values. For example, your business leaders should regularly discuss the importance of security. That will help users to understand that everyone plays a vital role in keeping the business safe. How to make your security awareness program effective The verdict is clear. Security awareness programs can tangibly reduce organizational risks. When asked about the connection between their security awareness efforts and their company\'s cybersecurity resilience, a resounding 96% of security professionals say that there is more than just a strong link. They say that it\'s either a direct result of security training or that training is a strong contributor. Let\'s discuss how you can make your program more effective. Assess your security posture The first step toward effectiveness is to assess your company\'s security posture | Ransomware Tool Vulnerability Threat Studies | ★★★ | |
 |
2024-02-01 06:00:00 | Securonix Threat Research Security Advisory: Analyse et détection de la campagne d'attaque stable # URSA ciblant Ukraine Military abandonnant de nouveaux PowerShell de PowerShell de nouveaux pattes Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor (lien direct) |
Securonix Threat Research Security Advisory: Analyse et détection de la campagne d'attaque stable # URSA ciblant Ukraine Military abandonnant de nouveaux PowerShell de PowerShell de nouveaux pattes
Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor |
Threat | ★★★ | |
 |
2024-02-01 03:00:27 | Naviguer dans le labyrinthe de la cybersécurité pour les petites et moyennes affaires: comment Quantum Spark 1900 et 2000 remodeler la sécurité des PME et des MSP Navigating the Cyber security Maze for Small and Medium Business: How Quantum Spark 1900 & 2000 are Reshaping Security for SMBs and MSPs (lien direct) |
 Les pare-feu de nouvelle génération innovants offrent une prévention améliorée des menaces d'IA jusqu'à 5 Gbit / G, les petites et moyennes entreprises (PME) se retrouvent dans une position difficile.Avec une expertise limitée, une main-d'œuvre et un budget informatique, les PME ont souvent du mal à se défendre contre une vague croissante de menaces dynamiques.C'est là que le rôle des prestataires de services gérés (MSP) devient cruciale car ils doivent être prêts à aider les PME à chaque étape.Pour aider, vérifier Point & Reg;Software Technologies Ltd. & # 8217; s présente deux nouveaux [& # 8230;]
 Innovative Next-Generation Firewalls Deliver Enhanced AI Threat Prevention up to 5 Gbps with a 99.8% block rate against zero-day malware, phishing, and ransomware In an era where cyber threats are becoming increasingly complex, small and medium-sized businesses (SMBs) are finding themselves in a challenging position. With limited expertise, manpower, and IT budget, SMBs often struggle to defend against a growing wave of dynamic threats. This is where the role of Managed Service Providers (MSPs) becomes crucial as they must be prepared to aid SMBs every step of the way. To help, Check Point® Software Technologies Ltd.’s is introducing two new […]
|
Malware Vulnerability Threat | ★★ | |
|
2024-02-01 02:20:55 | Les informations d'identification du compte volant les logiciels malveillants détectés par Ahnlab MDS (navigateurs Web, e-mail, FTP) Account Credentials Stealing Malware Detected by AhnLab MDS (Web Browsers, Email, FTP) (lien direct) |
Les utilisateurs utilisent fréquemment la commodité des fonctionnalités de connexion automatique fournies par des programmes tels que les navigateurs Web, les clients de messagerie, etClients FTP.Cependant, cette commodité a un coût car chacun de ces programmes stocke les informations d'identification du compte utilisateur dans leurs données de paramètres.En dépit d'être une fonctionnalité pratique, il présente également un risque de sécurité parce que les acteurs de menaces malveillants sont en mesure de fuir les utilisateurs & # 8217;Compte les informations d'identification facilement.Si les acteurs de malware ou de menace prennent le contrôle d'un système infecté, ils peuvent utiliser divers ...
Users frequently utilize the convenience of automatic log in features provided by programs like web browsers, email clients, and FTP clients. However, this convenience comes at a cost as each of these programs stores user account credentials within their settings data. Despite being a convenient feature, it also poses a security risk because malicious threat actors are able to leak the users’ account credentials easily. If malware or threat actors gain control of an infected system, they can employ various... |
Malware Threat | ★★★ | |
|
2024-02-01 02:06:29 | Les États-Unis dit que cela a perturbé une cyber-menace en Chine, mais avertit les pirates pourraient encore faire des ravages pour les Américains US Says It Disrupted a China Cyber Threat, but Warns Hackers Could Still Wreak Havoc for Americans (lien direct) |
> Les pirates de gouvernement chinois visent activement les usines de traitement de l'eau, le réseau électrique, les systèmes de transport et d'autres infrastructures critiques à l'intérieur des États-Unis, a déclaré le directeur du FBI, Chris Wray, a déclaré aux législateurs.
>Chinese government hackers are busily targeting water treatment plants, the electrical grid, transportation systems and other critical infrastructure inside the United States, FBI Director Chris Wray told lawmakers. |
Threat | ★★★ | |
|
2024-02-01 01:30:00 | RunC Flaws Enable Container Escapes, Granting Attackers Host Access (lien direct) | Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container |
Tool Vulnerability Threat | ★★ | |
|
2024-01-31 22:36:00 | Le comté de Fulton subit des pannes de courant alors que la cyberattaque se poursuit Fulton County Suffers Power Outages as Cyberattack Continues (lien direct) |
Les services du comté se sont arrêtés et ne devraient pas reprendre avant la semaine prochaine;Aucun acteur de menace n'a encore été identifié.
County services have come to a halt and are not expected to resume until next week; no threat actor has yet been identified. |
Threat | ★★★ | |
 |
2024-01-31 19:51:29 | Qu'est-ce que la chasse à la cyber-menace?(Définition et comment cela fonctionne) What Is Cyber Threat Hunting? (Definition & How it Works) (lien direct) |
La chasse au cybermenace est le processus proactif de recherche et de détection des menaces potentielles ou des activités malveillantes au sein d'un réseau ou d'un système.
Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system. |
Threat | ★★★ | |
|
2024-01-31 19:08:00 | Alerte: Ivanti révèle 2 nouveaux défauts zéro-jours, un sous exploitation active Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation (lien direct) |
Ivanti alerte de deux nouveaux défauts de haute sévérité dans ses produits Secure et Policy Secure Connect, dont l'un est dit en cours d'exploitation ciblée dans la nature.
La liste des vulnérabilités est la suivante -
CVE-2024-21888 & NBSP; (Score CVSS: 8.8) - Une vulnérabilité d'escalade de privilège dans le composant Web d'Ivanti Connect Secure (9.x, 22.x) et la politique Ivanti Secure (9.x, 22.x)
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows |
Vulnerability Threat | ★★ | |
 |
2024-01-31 18:52:23 | Les paiements de ransomware sur le déclin alors que les cyberattaquants se concentrent sur les organisations les plus petites et les plus grandes Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations (lien direct) |
Ransomware Threat | ★★★ | ||
|
2024-01-31 17:51:00 | Les marchés de télégramme sont des attaques de phishing à carburant avec des kits et des logiciels malveillants faciles à utiliser Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware (lien direct) |
Les chercheurs en cybersécurité attirent l'attention sur la «démocratisation» de l'écosystème de phishing en raison de l'émergence du télégramme en tant qu'épicentre pour la cybercriminalité, permettant aux acteurs de la menace de monter une attaque de masse pour aussi peu que 230 $.
"Cette application de messagerie s'est transformée en un centre animé où les cybercriminels chevronnés et les nouveaux arrivants échangent des outils et des idées illicites créant un sombre et
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and |
Malware Tool Threat | ★★★ | |
 |
2024-01-31 17:31:43 | Les pirates poussent les charges utiles de logiciels malveillants USB via les nouvelles, les sites d'hébergement des médias Hackers push USB malware payloads via news, media hosting sites (lien direct) |
Un acteur de menace à motivation financière utilisant des appareils USB pour une infection initiale a été constaté abusant de plateformes en ligne légitimes, notamment GitHub, Vimeo et ARS Technica, pour héberger des charges utiles codées intégrées dans un contenu apparemment bénin.[...]
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. [...] |
Malware Threat | ★★★ | |
 |
2024-01-31 16:30:00 | Cutting Edge, partie 2: Enquêter Ivanti Connect Secure VPN Exploitation Zero-Day Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation (lien direct) |
Le 12 janvier 2024, Mandiant a publié un Article de blog Détaillant deux vulnérabilités à haut impact, CVE-2023-46805 et CVE-2024-21887 , affectant Ivanti Connect Secure VPN (CS, anciennement Secure Secure) et Ivanti Secure (Ps) Appareils.Le 31 janvier 2024, Ivanti divulgué Deux vulnérabilités supplémentaires ayant un impact sur les dispositifs CS et PS, CVE-2024-21888 et CVE-2024-21893. Les vulnérabilités permettent à un acteur de menace non authentifié d'exécuter des commandes arbitraires sur l'appareil avec des privilèges élevés.Comme indiqué précédemment, Mandiant a identifié l'exploitation zéro jour de ces vulnérabilités
On Jan. 12, 2024, Mandiant published a blog post detailing two high-impact zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affecting Ivanti Connect Secure VPN (CS, formerly Pulse Secure) and Ivanti Policy Secure (PS) appliances. On Jan. 31, 2024, Ivanti disclosed two additional vulnerabilities impacting CS and PS devices, CVE-2024-21888 and CVE-2024-21893.The vulnerabilities allow for an unauthenticated threat actor to execute arbitrary commands on the appliance with elevated privileges. As previously reported, Mandiant has identified zero-day exploitation of these vulnerabilities |
Vulnerability Threat | ★★ | |
|
2024-01-31 16:30:00 | Les entreprises italiennes frappées par des USB armées répartissant le malware du cryptojacking Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware (lien direct) |
Un acteur de menace à motivation financière connue sous le nom de & NBSP; UNC4990 & NBSP; tire parti des dispositifs USB armés en tant que vecteur d'infection initial pour cibler les organisations en Italie.
Mandiant appartenant à Google a déclaré que les attaques distinctent plusieurs industries, notamment la santé, le transport, la construction et la logistique.
"Les opérations UNC4990 impliquent généralement une infection USB généralisée suivie du déploiement de la
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the |
Malware Threat | ★★★★ | |
|
2024-01-31 14:25:10 | Europcar nie la violation de données de 50 millions d'utilisateurs, affirme que les données sont fausses Europcar denies data breach of 50 million users, says data is fake (lien direct) |
La société de location de voitures Europcar a déclaré qu'elle n'a pas subi de violation de données et que les données des clients partagées sont fausses après qu'un acteur de menace a affirmé vendre les informations personnelles de 50 millions de clients.[...]
Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. [...] |
Data Breach Threat | ★★ | |
|
2024-01-31 14:15:23 | Exploit publié pour une faille d'élévation locale Android impactant 7 OEM Exploit released for Android local elevation flaw impacting 7 OEMs (lien direct) |
Un exploit de preuve de concept (POC) pour un défaut local d'altitude de privilège impactant au moins sept fabricants d'équipements d'origine Android (OEM) est désormais accessible au public sur GitHub.Cependant, comme l'exploit nécessite un accès local, sa version sera principalement utile aux chercheurs.[...]
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers. [...] |
Threat Mobile | ★★★ | |
|
2024-01-31 12:53:00 | Hackers chinois exploitant des défauts VPN pour déployer des logiciels malveillants Krustyloader Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware (lien direct) |
Une paire de défauts zéro-jours récemment divulgués dans les appareils de réseau privé virtuel (VPN) Ivanti Connect Secure (ICS) a été exploité pour livrer une charge utile basée sur la rouille appelée & nbsp; krustyloader & nbsp; que \\ est utilisée pour supprimer le Sliver open-sourceoutil de simulation adversaire.
La & nbsp; les vulnérabilités de sécurité, suivies sous le nom de CVE-2023-46805 (score CVSS: 8,2) et CVE-2024-21887 (score CVSS: 9.1), pourrait être abusé
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that\'s used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused |
Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-01-31 12:00:00 | Apple et Google viennent de corriger leurs premiers défauts zéro-jour de l'année Apple and Google Just Patched Their First Zero-Day Flaws of the Year (lien direct) |
Plus: Google corrige des dizaines de bogues Android, Microsoft déploie près de 50 patchs, Mozilla Squashes 15 Firefox Flaws, et plus encore.
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more. |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-01-31 11:00:00 | Bulletproofing the Retail Cloud avec la sécurité de l'API Bulletproofing the retail cloud with API security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability. Evolving cyber threats necessitate a dynamic approach to API security, making it a moving target that requires continuous attention and adaptation. Understanding the retail cloud environment API is a set of protocols and tools that allows different software applications to communicate with each other. In cloud environments, it facilitates the interaction between cloud services and applications, enabling features — like data synchronization, payment processing and inventory management — to work seamlessly together. It is also pivotal in the retail sector by connecting various services and applications to deliver a smooth shopping experience. If organizations neglect API security, cybercriminals can exploit APIs to access confidential information, leading to a loss of customer trust, which is critical in the highly competitive retail market. Regular API audits and assessments These audits help identify vulnerabilities before attackers can exploit them, ensuring organizations can promptly address security gaps. Regular assessments are also proactive measures to fix current issues and anticipate future threats. They enable IT teams to verify that security measures are current with the latest protection standards and to confirm APIs comply with internal policies and external regulations. By routinely evaluating API security, retailers can detect anomalies, manage access controls effectively and guarantee they consistently apply encryption standards. Robust authentication and authorization They verify the identity of users and systems, ensuring only legitimate parties can access sensitive retail data. Utilizing multi-factor authentication, which requires more than one verification method, significantly enhances security by adding layers that an unauthorized user must penetrate. With authorization, it’s crucial to implement protocols that dictate what authenticated users can do. Effective approval guarantees users have access only to the data and actions necessary for their role. For instance, role-based access control can help manage user permissions with greater granularity. Retailers can assign roles and permissions based on job functions, enabling tight control over who is authorized to view or alter data within the API ecosystem. Encryption and data protection Encryption is an essential barrier, obscuring data to make it indecipherable to unauthorized users who might intercept it during transmission or gain access to storage systems. It’s also critical for retailers to manage encryption keys with strict policies, ensuring only authorized personnel can decrypt the data. Beyond protection, comprehensive data encryption allows retailers, especially in the apparel industry, to collect and analyze extensive customer data safely. This data is invaluable for forecasting trends, customer pre | Tool Vulnerability Threat Cloud | ★★★ | |
|
2024-01-31 10:30:00 | Rapport de menace Microsoft: comment la guerre de la Russie contre l'Ukraine a un impact sur la communauté mondiale de la cybersécurité Microsoft Threat Report: How Russia\\'s War on Ukraine Is Impacting the Global Cybersecurity Community (lien direct) |
Les Russes sont engagés dans des opérations généralisées d'influence conçue pour éroder la confiance, augmenter la polarisation et menacer les processus démocratiques à travers le monde.
The Russians are engaged in widespread influence operations designed to erode trust, increase polarization, and threaten democratic processes around the globe. |
Threat | ★★★ | |
 |
2024-01-31 10:00:45 | ICS et prédictions de menace OT pour 2024 ICS and OT threat predictions for 2024 (lien direct) |
Les experts de Kaspersky font leurs prédictions sur les CI et les menaces OT: en particulier, les ransomwares et les attaques hacktivistes, les menaces pour la logistique et le transport, etc.
Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. |
Ransomware Threat Industrial Prediction | ★★★★ | |
|
2024-01-31 10:00:03 | Quantaiverse & # 8211;Une perspective de menace d'initié QuantAIverse – An Insider Threat Perspective (lien direct) |
Quantaiverse & # 8211;Une perspective de menace d'initié Le monde de la technologie en constante évolution continue de façonner et de redéfinir le paysage de la cybersécurité.Les technologies émergentes, comme l'IA, le métaverse et l'informatique quantique, changent la façon dont nous interagissons avec les environnements numériques et l'introduction de nouveaux défis dans la gestion des menaces d'initiés.
QuantAIverse – An Insider Threat Perspective The ever-evolving world of technology continues to shape and redefine the cybersecurity landscape. Emerging technologies, like AI, the Metaverse, and quantum computing, are changing how we interact with digital environments and introducing new challenges in managing insider threats. |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
