What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-16 12:43:00 | Les pirates d'armement des fenêtres pour déployer le voleur de phédrone crypto-siphonnant Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer (lien direct) |
Les acteurs de la menace ont été observés en tirant parti d'une faille de sécurité maintenant paires dans Microsoft Windows pour déployer un voleur d'informations open source appelé & nbsp; Phemedrone Stealer.
«Phemedrone cible les navigateurs Web et les données des portefeuilles de crypto-monnaie et des applications de messagerie telles que Telegram, Steam et Discord», a déclaré Simon Zuckerbraun & Nbsp;
"Ça aussi
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also |
Threat Prediction | ★★★ | |
 |
2024-01-16 12:34:28 | FBI: AndroxGH0st malware botnet vole AWS, Microsoft FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials (lien direct) |
La CISA et le FBI ont averti aujourd'hui que les acteurs de la menace utilisant des logiciels malveillants AndroxGH construisent un botnet axé sur le vol d'identification cloud et utilisent les informations volées pour fournir des charges utiles malveillantes supplémentaires.[...]
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...] |
Malware Threat Cloud | ★★★ | |
 |
2024-01-16 10:19:46 | LogPoint a annoncé la sortie de LogPoint Business-Critical Security Logpoint has announced the release of Logpoint Business-Critical Security (lien direct) |
LogPoint augmente la solution BCS avec les capacités de sécurité du cloud
Le nouveau BCS de LogPoint \\ pour SAP BTP offre des capacités de sécurité cloud pour aider les organisations à gérer la surveillance et la détection des menaces dans SAP Business Technology Platform (BTP)
-
revues de produits
Logpoint boosts BCS solution with cloud security capabilities Logpoint\'s new BCS for SAP BTP offers cloud security capabilities to help organisations manage monitoring and threat detection in SAP Business Technology Platform (BTP) - Product Reviews |
Threat Cloud Commercial | ★★ | |
 |
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Malware Tool Threat Cloud | ★★ | |
 |
2024-01-16 08:00:29 | Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix (lien direct) |
Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix
Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix |
Threat | ★★★ | |
 |
2024-01-15 23:35:41 | Ivanti Connect Secure VPN Exploitation devient global Ivanti Connect Secure VPN Exploitation Goes Global (lien direct) |
> Important: si votre organisation utilise Ivanti Connect Secure VPN et que vous n'avez pas appliqué l'atténuation, alors faites-le immédiatement!Les organisations doivent immédiatement examiner les résultats de l'outil de vérification d'intégrité intégré pour les entrées de journal indiquant des fichiers incompatibles ou nouveaux.À partir de la version 9.12, Ivanti a commencé à fournir un outil de vérificateur d'intégrité intégré qui peut être exécuté en tant que numérisation périodique ou planifiée.La volexité a observé qu'il a réussi à détecter les compromis décrits dans ce poste dans les organisations touchées.La semaine dernière, Ivanti a également publié une version mise à jour de l'outil de damier d'intégrité externe qui peut être utilisé pour vérifier et vérifier les systèmes.Le 10 janvier 2024, la volexité a partagé publiquement les détails des attaques ciblées par UTA00178 exploitant deux vulnérabilités de deux jours zéro (CVE-2024-21887 et CVE-2023-46805) dans les appareils VPN Ivanti Secure (ICS).Le même jour, Ivanti a publié une atténuation qui pourrait être appliquée aux appareils VPN ICS pour empêcher l'exploitation de ces [& # 8230;]
>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […] |
Tool Vulnerability Threat Industrial | ★★★ | |
 |
2024-01-15 13:34:55 | Prédateurs numériques de 2023: exposer les meilleurs acteurs de cyber-menaces Digital Predators of 2023: Exposing Top Cyber Threat Actors (lien direct) |
> En 2023, le paysage numérique a continué d'évoluer rapidement, mais la sophistication et ... aussi
>In 2023, the digital landscape continued to evolve rapidly, but so did the sophistication and... |
Threat | ★★★ | |
|
2024-01-15 13:26:32 | Ventes sur le Web sombre: un nouvel exploit RCE, des cartes de crédit américaines et 19m e-mails japonais Dark Web Sales: A New RCE Exploit, US Credit Cards, and 19M Japanese Emails (lien direct) |
Dans les découvertes récentes dans le paysage cyber-menace, l'équipe Web Socradar Dark a identifié ...
In recent discoveries within the cyber threat landscape, the SOCRadar Dark Web Team has identified... |
Threat | ★★ | |
 |
2024-01-15 11:52:44 | 15 janvier & # 8211;Rapport de renseignement sur les menaces 15th January – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violations le groupe Ransomware en tant que service Medusa ont violé l'eau pour les personnes à but non lucratif, qui vise à améliorer l'accès à l'eau potable dans différents pays, notamment le Guatemala, le Honduras, le Mozambique et l'Inde.Les cybercriminels demandent [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The ransomware-as-a-service group Medusa has breached Water for People nonprofit organization, which aims to improve access to clean water in different countries including Guatemala, Honduras, Mozambique and India. The cybercriminals are asking for […] |
Threat | ★★ | |
|
2024-01-15 11:25:00 | DDOS attaque contre l'industrie des services environnementaux augmente de 61 839% en 2023 DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 (lien direct) |
L'industrie des services environnementaux a connu une «augmentation sans précédent» dans les attaques de déni de service distribué basées sur HTTP (DDOS), représentant la moitié de tout son trafic HTTP.
Cela marque une augmentation de 61 839% du trafic d'attaque DDOS d'une année à l'autre, la société d'infrastructure Web et de sécurité Cloudflare a déclaré dans son rapport de menace DDOS pour 2023 Q4 publié la semaine dernière.
«Cette augmentation des cyberattaques a coïncidé
The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks coincided |
Threat | ★★★ | |
 |
2024-01-15 08:40:11 | Flaw critique trouvé dans le plugin WordPress utilisé sur plus de 300 000 sites Web Critical flaw found in WordPress plugin used on over 300,000 websites (lien direct) |
Un plugin WordPress utilisé sur plus de 300 000 sites Web contenait des vulnérabilités qui pourraient permettre aux pirates de prendre le contrôle.Les chercheurs en sécurité de WordFence ont trouvé deux défauts critiques dans le plugin post SMTP Mailer.Le premier défaut a permis aux attaquants de réinitialiser la clé API d'authentification du plugin \\ et d'afficher les journaux sensibles (y compris les e-mails de réinitialisation du mot de passe) sur le site Web affecté.Un pirate malveillant exploitant la faille pourrait accéder à la clé après avoir déclenché une réinitialisation de mot de passe.L'attaquant pourrait alors se connecter au site, verrouiller l'utilisateur légitime et exploiter son accès à la cause ...
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin\'s authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset. The attacker could then log into the site, lock out the legitimate user, and exploit their access to cause... |
Vulnerability Threat | ★★ | |
|
2024-01-14 10:32:54 | Graphène: Android Android Auto-Recouots Bloquer les exploits du micrologiciel GrapheneOS: Frequent Android auto-reboots block firmware exploits (lien direct) |
Grapheneos, un système d'exploitation basé sur Android axé sur la confidentialité et la sécurité, a publié une série de tweets sur X suggérant qu'Android devrait introduire de fréquents réapparition automatique pour rendre les fournisseurs de logiciels médico-légaux pour exploiter les défauts du firmware et l'espion des utilisateurs.[...]
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [...] |
Threat Mobile | ★★★ | |
 |
2024-01-13 02:26:04 | Le nombre d'organismes compromis via Ivanti VPN zéro-jours se développe à mesure que le mandiant pèse Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in (lien direct) |
Snoops n'avait pas moins de cinq bits personnalisés de logiciels malveillants aux réseaux de porte dérobée Deux bugs de jour zéro dans les produits Ivanti étaient probablement attaqués par les cyberspies dès décembre, selon Mandiant \\ 's Menace Intel Team.…
Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant\'s threat intel team.… |
Malware Vulnerability Threat | ★★★ | |
 |
2024-01-12 20:15:00 | Vulnérabilité affectant les thermostats intelligents patchés par Bosch Vulnerability affecting smart thermostats patched by Bosch (lien direct) |
Le fabricant de technologies allemands Bosch a fixé une vulnérabilité affectant une gamme populaire de thermostats intelligents en octobre, a révélé la société cette semaine.Des chercheurs de Bitdefender ont découvert un problème avec les thermostats Bosch BCC100 en août dernier qui permet à un attaquant du même réseau de remplacer le firmware de l'appareil par une version voyou.Bogdan Boozatu, directeur de la recherche sur les menaces
German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research |
Vulnerability Threat Industrial | ★★★ | |
|
2024-01-12 19:34:07 | Exploiter pour un sous-siege SharePoint Vuln aurait été entre les mains de l'équipage de Ransomware Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew (lien direct) |
Il a pris des mois pour que Crims pirater ensemble une chaîne d'exploitation de travail Les experts en sécurité affirment que les criminels de ransomware ont mis la main sur un exploit fonctionnel pour une vulnérabilité critique de Microsoft Sharepoint de presque un an que Microsoft qui queCette semaine a-t-elle été ajoutée à la liste des combinaisons des États-Unis.…
It\'s taken months for crims to hack together a working exploit chain Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US\'s must-patch list.… |
Ransomware Hack Vulnerability Threat | ★★ | |
|
2024-01-12 19:23:00 | Les acteurs de l'État-nation ont armé Ivanti VPN Zero-Days, déploiement de 5 familles de logiciels malveillants Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families (lien direct) |
Jusqu'à cinq familles de logiciels malveillants différentes ont été déployées par des acteurs suspects de l'État-nation dans le cadre des activités post-exploitation en tirant parti de la mise à profit et de la NBSP; deux appareils VPN Ivanti Connect Secure (ICS) depuis début décembre 2023.
"Ces familles permettent aux acteurs de la menace de contourner l'authentification et de fournir un accès de porte dérobée à ces appareils", Mandiant & nbsp; dit & nbsp; dans un
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an |
Malware Vulnerability Threat | ★★★★ | |
|
2024-01-12 18:53:00 | Ransomware de Medusa à la hausse: des fuites de données à la multi-extention Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (lien direct) |
Les acteurs de la menace associés à la & nbsp; medusa ransomware & nbsp; ont augmenté leurs activités après les débuts d'un site de fuite de données dédié sur le Web Dark en février 2023 pour publier des données sensibles des victimes qui ne veulent pas accepter leurs demandes.
«Dans le cadre de leur stratégie multi-extorsion, ce groupe offrira aux victimes plusieurs options lorsque leurs données seront publiées sur leur
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their |
Ransomware Threat | ★★★ | |
 |
2024-01-12 13:00:00 | Le FBI met en garde plus d'élections & quot; chaos & quot;en 2024 FBI Warns More Election "Chaos" in 2024 (lien direct) |
Le directeur du FBI, Christopher Wray, dit avoir confiance dans le système électoral américain mais s'attendre à une guerre d'information continue, soulignant la Chine en tant qu'acteur de menace le plus formidable.
FBI Director Christopher Wray says to have confidence in the American election system but to expect ongoing information warfare, pointing to China as most formidable threat actor. |
Threat | ★★★ | |
 |
2024-01-12 11:59:43 | Le rapport du CCB met en évidence le paysage cyber-menace en 2023, alors que les attaques hacktiviste et parrainée par l'État augmentent CCB report highlights cyber threat landscape in 2023, as hacktivist and state-sponsored attacks rise (lien direct) |
Le Center for Cybersecurity Belgium (CCB) a révélé que le paysage mondial de la cyber-menace en 2023 continuait d'être ...
The Centre for Cybersecurity Belgium (CCB) disclosed that the global cyber threat landscape in 2023 continued to be... |
Threat Studies | ★★★ | |
 |
2024-01-12 10:43:03 | Les logiciels malveillants utilisés dans les attaques Ivanti Zero-Day montrent des pirates se préparant pour le déploiement du patch Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout (lien direct) |
> Les vulnérabilités ivanti zéro-jour surnommées connexion pourraient avoir un impact sur des milliers de systèmes et les cyberspies chinoises se préparent à la libération de patchs.
>Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 10:30:18 | Ivanti Connect Secure Zero-Days exploité pour déployer des logiciels malveillants personnalisés Ivanti Connect Secure zero-days exploited to deploy custom malware (lien direct) |
Les pirates exploitent les deux vulnérabilités zéro jour dans Ivanti Connect Secure divulguées cette semaine depuis début décembre pour déployer plusieurs familles de logiciels malveillants personnalisés à des fins d'espionnage.[...]
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 06:00:17 | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? (lien direct) |
When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you | Malware Tool Vulnerability Threat | ★★ | |
|
2024-01-11 22:49:00 | Volt Typhoon augmente l'activité malveillante contre les infrastructures critiques Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (lien direct) |
L'APT parrainé par l'État chinois a compromis jusqu'à 30% des routeurs Cisco Legacy sur un botnet SoHo que plusieurs groupes de menaces utilisent.
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use. |
Threat | Guam | ★★★ |
|
2024-01-11 21:43:00 | Les chercheurs de l'Ivanti signalent deux vulnérabilités critiques à jour zéro Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities (lien direct) |
Les correctifs seront disponibles fin janvier et février, mais jusque-là, les clients doivent prendre des mesures d'atténuation.
Patches will be available in late January and February, but until then, customers must take mitigation measures. |
Vulnerability Threat | ★★ | |
 |
2024-01-11 21:11:04 | Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) | #### Description
La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifiée dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.
Les vulnérabilités permettent l'exécution de code distant non authentifiée et ont été attribuées les CVE suivants: CVE-2023-46805 et CVE-2024-21887.L'attaquant a exploité ces exploits pour voler les données de configuration, modifier les fichiers existants, télécharger des fichiers distants et inverser le tunnel à partir de l'appliance ICS VPN.
Volexity a découvert que l'attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.L'attaquant a modifié un fichier CGI légitime (compcheckResult.cgi) sur l'appliance ICS VPN pour permettre l'exécution de la commande.En outre, l'attaquant a également modifié un fichier JavaScript utilisé par le composant VPN Web SSL de l'appareil afin de Keylog et d'exfiltrat d'identification pour les utilisateurs qui s'y connectent.Volexity attribue actuellement cette activité à un acteur de menace inconnu qu'il suit en vertu de l'alias UTA0178.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways
2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-ay-vulnerabilities-in-ivanti-connect-secure-vpn/
#### Date de publication
11 janvier 2024
#### Auteurs)
Matthew Meltzer
Robert Jan Mora
Sean Koessel
Steven Adair
Thomas Lancaster
#### Description Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. The vulnerabilities allow unauthenticated remote code execution and have been assigned the following CVEs: CVE-2023-46805 and CVE-2024-21887. The attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance. Volexity discovered that the attacker was placing webshells on multiple internal and external-facing web servers. The attacker modified a legitimate CGI file (compcheckresult.cgi) on the ICS VPN appliance to allow command execution. Further, the attacker also modified a JavaScript file used by the Web SSL VPN component of the device in order to keylog and exfiltrate credentials for users logging into it. Volexity currently attributes this activity to an unknown threat actor it tracks under the alias UTA0178. #### Reference URL(s) 1. https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways 2. https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ #### Publication Date January 11, 2024 #### Author(s) Matthew Meltzer Robert Jan Mora Sean Koessel Steven Adair Thomas Lancaster |
Vulnerability Threat Industrial | ★★★ | |
|
2024-01-11 20:58:00 | Les acteurs de la menace abusent de plus en plus de Github à des fins malveillantes Threat Actors Increasingly Abusing GitHub for Malicious Purposes (lien direct) |
L'ubiquité des environnements GitHub dans les technologies de l'information (IT) en a fait un choix lucratif pour les acteurs de menace d'accueillir et de livrer des charges utiles malveillantes et d'agir comme & nbsp; Dead Drop Resolvers, Command and Control et Exfiltration Points.
«L'utilisation de services GitHub pour les infrastructures malveillantes permet aux adversaires de se fondre dans le trafic réseau légitime, contournant souvent la sécurité traditionnelle
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security |
Threat | ★★★ | |
|
2024-01-11 19:46:00 | Nouvel Exploit POC pour la vulnérabilité Apache Ofbiz présente un risque pour les systèmes ERP New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems (lien direct) |
Les chercheurs en cybersécurité ont & nbsp; développé & nbsp; un code de preuve de concept (POC) qui exploite A & NBSP; a récemment divulgué des défauts et NBSP critiques; dans le système de planification des ressources d'entreprise open-source de Biz pour exécuter une charge utile de mémoire de mémoire.
La vulnérabilité en question est & nbsp; CVE-2023-51467 & nbsp; (Score CVSS: 9.8), une contournement pour une autre lacune sévère dans le même logiciel (
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( |
Vulnerability Threat | ★★★ | |
|
2024-01-11 18:05:33 | ForeScout publie une analyse critique des cyberattaques du secteur de l'énergie récentes au Danemark, Ukraine Forescout publishes critical analysis of recent energy sector cyberattacks in Denmark, Ukraine (lien direct) |
> ForeScout Technologies a publié un briefing de menace qui examine deux cyberattaques récemment publiées ciblant le secteur de l'énergie dans ...
>Forescout Technologies has released a threat briefing that examines two recently published cyberattacks targeting the energy sector in... |
Threat | ★★★★ | |
 |
2024-01-11 17:44:52 | NOABOT BOTNET basé à Mirai ciblant les systèmes Linux avec Cryptominer Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer (lien direct) |
> Par deeba ahmed
Un autre jour, une autre menace de logiciels malveillants contre les systèmes Linux!
Ceci est un article de HackRead.com Lire le post original: mirai-Botnet noabot basé ciblant les systèmes Linux avec cryptominer
>By Deeba Ahmed Another day, another malware threat against Linux systems! This is a post from HackRead.com Read the original post: Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer |
Malware Threat | ★★★ | |
|
2024-01-11 17:10:00 | Atomic Stealer obtient une mise à niveau - ciblant les utilisateurs de Mac avec charge utile cryptée Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (lien direct) |
Les chercheurs en cybersécurité ont identifié une version mise à jour d'un voleur d'informations MacOS appelé & nbsp; atomic & nbsp; (ou amos), indiquant que les acteurs de la menace derrière les logiciels malveillants améliorent activement ses capacités.
"Il semble qu'Atomic Stealer a été mis à jour vers la mi-fin à la fin décembre 2023, où ses développeurs ont introduit le cryptage en charge utile dans le but de contourner les règles de détection", "
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules," |
Malware Threat | ★★ | |
|
2024-01-11 15:24:12 | SecurityScoreCard Research: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days (lien direct) |
Recherche de menace de sécurité de sécurité: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours
-
mise à jour malveillant
SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update |
Vulnerability Threat Studies | Guam | ★★★★ |
 |
2024-01-11 14:18:14 | MiraclePtr: protéger les utilisateurs contre les vulnérabilités sans utilisation sans plateformes MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms (lien direct) |
Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team
Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.
More platforms
We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes:
In June 2022, we enabled MiraclePtr for the browser process on Windows and Android.
In September 2022, we expanded its coverage to include all processes except renderer processes.
In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux.
Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level!
Evaluating Security Impact
First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness.
Bug reports
Chrome vulnerability reports come from various sources, such as:
Chrome Vulnerability Reward Program participants,
our fuzzing infrastructure,
internal and external teams investigating security incidents.
For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria.
What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues.
Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever |
Tool Vulnerability Threat Mobile | ★★★ | |
 |
2024-01-11 13:55:59 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Les acteurs de la menace des armes FBOT avec un outil d'attaque multifonction conçu pour détourner le cloud, le SaaS et les services Web.
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services. |
Malware Tool Threat Cloud | ★★ | |
|
2024-01-11 12:56:08 | Les attaquants exploitent Ivanti Connectez des vulnérabilités sécurisées zéro-jours pour déployer des webshells (CVE-2023-46805, CVE-2024-21887) Attackers Exploit Ivanti Connect Secure Zero-Day Vulnerabilities to Deploy Webshells (CVE-2023-46805, CVE-2024-21887) (lien direct) |
à la mi-décembre 2023, les chercheurs de volexité ont identifié une activité suspecte au sein d'un réseau client.Leur enquête ...
In mid-December 2023, researchers at Volexity identified suspicious activity within a client’s network. Their investigation... |
Vulnerability Threat | ★★★ | |
|
2024-01-11 11:40:00 | Le compte mandiant \\ s a été piraté en utilisant une attaque de force brute Mandiant\\'s X Account Was Hacked Using Brute-Force Attack (lien direct) |
Le compromis du compte X mandiant \\ (anciennement Twitter) la semaine dernière était probablement le résultat d'une "attaque de mot de passe brute-force", attribuant le piratage à un groupe de drainage en tant que service (DAAS).
"Normalement, [l'authentification à deux facteurs] aurait atténué cela, mais en raison de certaines transitions d'équipe et d'un changement dans la politique de la 2FA de X \\, nous n'étions pas adéquatement protégés", la société de renseignement sur les menaces & nbsp; a dit & nbsp;
The compromise of Mandiant\'s X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X\'s 2FA policy, we were not adequately protected," the threat intelligence firm said |
Hack Threat | ★★★ | |
 |
2024-01-11 11:00:00 | Histoires du Soc: Blackcat sur le prouvoir Stories from the SOC: BlackCat on the prowl (lien direct) |
This blog was co-authored with Josue Gomez and Ofer Caspi.
Executive summary
BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries. This blog will cover a recent incident impacting one of the AT&T Managed Detection and Response (MDR) Security Operations Center SOC’s customers and discuss how in partnering with AT&T Alien Labs, the MDR SOC was able to detect and remediate the incident.
Building the investigation
On September 14th, 2023, the AT&T MDR SOC received multiple alarms indicating that lateral movement was occurring for one of our clients. The alarm detections were generated after activity in SentinelOne for multiple users attempting to perform network traversing through the clients’ environment.
Figure 1. Alarm Detection
The AT&T SOC immediately generated an investigation that included a call to the client to notify them of the activity as well as escalate the detection to the AT&T MDR Incident Response (IR) Team and the client\'s dedicated Threat Hunter. The IR team and Threat Hunter began the engagement by creating a timeline and searching through SentinelOne Deep Visibility tool. Within its events, they found a user was successfully logged into the client’s internal network on multiple endpoints using lsass.exe.. Additionally, multiple files were logged as being encrypted, which resulted in the team designating the incident a ransomware attack.
Figure 2. Lsass Activity in SentinelOne
During the review of the lsass.exe activity, a specific file was located with a suspicious process tree. A command line was recorded with the file execution that included an internal IP address and the user ADMIN$. The activity from the suspicious file prompted an immediate blocklist for the SHA 1 file hash to ensure that the file was unable to be executed within the client’s environment. Following the block of the file hash, multiple detections from SentinelOne populated, indicating that the file was successfully killed and quarantined and that the client’s devices were protected.
Figure 3. File execution command line
After initiating the blocklist, the Threat Hunter utilized the SentinelOne “file fetch” feature, which enabled them to download the malicious file and save a copy locally. The AT&T SOC then worked with the AT&T Alien Labs team to perform a deeper analysis of the file in order to more understand the true nature of the ransomware attack.
Technical analyses
As previously mentioned, BlackCat ransomware is developed in the Rust programming language, providing the attacker with the versatility to compile and run it on both Windows and Linux operating systems.The ransomware e |
Ransomware Malware Tool Threat | ★★★ | |
|
2024-01-11 10:59:00 | Les pirates chinois exploitent les défauts de jour zéro dans Ivanti Connect Secure and Policy Secure Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure (lien direct) |
Une paire de défauts zéro-jours identifiés dans Ivanti Connect Secure (ICS) et Policy Secure ont été enchaînés par des acteurs suspects de l'État-nation liés à la Chine pour violer moins de 10 clients.
La société de cybersécurité volexité, qui & nbsp; a identifié & nbsp; l'activité sur le réseau de l'un de ses clients au cours de la deuxième semaine de décembre 2023, l'a attribuée à un groupe de piratage qu'il suit sous le nom & NBSP; UTA0178
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178 |
Vulnerability Threat | ★★★ | |
|
2024-01-11 09:27:04 | Étude Netskope Threat Labs : les cybercriminels surfent sur l\'augmentation de 400 % de l\'utilisation d\'applications d\'IA générative par les employés (lien direct) | Étude Netskope Threat Labs : les cybercriminels surfent sur l'augmentation de 400 % de l'utilisation d'applications d'IA générative par les employés Une nouvelle étude détaille la forte croissance de l'adoption de l'intelligence artificielle générative, les risques liés aux applications en cloud, les principales menaces et les adversaires tout au long de l'année 2023. - Investigations | Threat Studies Cloud | ★★★★ | |
|
2024-01-11 08:12:28 | Fortinet annonce la disponibilité de Fortinet Advisor (lien direct) | Fortinet Advisor, un assistant basé sur l'IA générative pour accélérer les investigations sur les menaces et la remédiation Fortinet capitalise sur plus d'une décennie d'innovation en Intelligence Artificielle (IA) et sur son expertise sur les menaces pour offrir un outil d'IA générative qui renforce les compétences des équipes de cybersécurité - Produits | Threat | ★★ | |
|
2024-01-11 08:10:37 | IBOSS lance le module DNS de protection gouvernemental pour fortifier les cyber-défenses iboss Launches Government Protective DNS Module to Fortify Cyber Defenses (lien direct) |
iboss lance le module DNS de protection gouvernemental pour fortifier les cyber-défenses.
Le module révolutionnaire s'intègre de manière transparente au service DNS protecteur de CISA \\, fournissant aux agences gouvernementales de détection de menace avancée et à DNS cryptée sur tous les appareils
-
revues de produits
iboss Launches Government Protective DNS Module to Fortify Cyber Defenses. The Revolutionary Module Seamlessly Integrates with CISA\'s Protective DNS Service, Providing Government Agencies Advanced Threat Detection and Encrypted DNS Across All Devices - Product Reviews |
Threat | ★★★ | |
|
2024-01-11 08:00:14 | Securonix Threat Labs Monthly Intelligence Insights & # 8211;Décembre 2023 Securonix Threat Labs Monthly Intelligence Insights – December 2023 (lien direct) |
Securonix Threat Labs Monthly Intelligence Insights décembre 2023 fournit un résumé des principales menaces organisées, surveillées et analysées par Securonix Threat Labs.
Securonix Threat Labs Monthly Intelligence Insights December 2023 provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs. |
Threat | ★★★ | |
 |
2024-01-11 02:00:00 | Cutting avant: cibles présumées APT Ivanti Connect Secure VPN dans une nouvelle exploitation zéro-jour Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation (lien direct) |
Remarque: Il s'agit d'une campagne de développement sous analyse active de Mandiant et Ivanti.Nous continuerons à ajouter plus d'indicateurs, de détections et d'informations à ce billet de blog au besoin. le 10 janvier 2024, ivanti divulgué Deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887 , impactant Ivanti Connect Secure VPN (" CS ", anciennement Secure Secure) et Ivanti Secure (" PS") appareils électroménagers.Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities |
Vulnerability Threat | ★★★ | |
 |
2024-01-11 00:00:00 | Trend Micro défend la Coupe du monde de la FIFA contre les cyber-menaces Trend Micro Defends FIFA World Cup from Cyber Threats (lien direct) |
Trend Micro collabore avec Interpol pour défendre la Coupe du monde de la FIFA en empêchant les attaques et en atténuant les risques de lutter contre la menace croissante de la cybercriminalité.
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime. |
Threat Prediction | ★★★ | |
|
2024-01-10 20:45:00 | Noabot: le dernier botnet basé à Mirai ciblant les serveurs SSH pour l'exploitation cryptographique NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining (lien direct) |
Un nouveau botnet basé à Mirai appelé & nbsp; noabot & nbsp; est utilisé par les acteurs de la menace dans le cadre d'une campagne minière de crypto depuis le début de 2023.
"Les capacités du nouveau botnet, Noabot, incluent un auto-répartiteur verbalable et une porte dérobée clé SSH pour télécharger et exécuter des binaires supplémentaires ou se propager à de nouvelles victimes", a déclaré le chercheur en sécurité Akamai, Stiv Kupchik, dans un rapport partagé avec le
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher Stiv Kupchik said in a report shared with The |
Threat | ★★★ | |
 |
2024-01-10 19:52:40 | Pikabot malware se propage par les campagnes de phishing Pikabot Malware Spreading Through Phishing Campaigns (lien direct) |
Malware Threat Prediction | ★★ | ||
|
2024-01-10 19:00:06 | Exploitation active de deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) |
> La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifié dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.Cependant, une atténuation ne remédie pas à un compromis passé ou continu.Les systèmes devraient simultanément être analysés en profondeur par détails dans ce post pour rechercher des signes de violation.Au cours de la deuxième semaine de décembre 2023, la volexité a détecté un mouvement latéral suspect sur le réseau de l'un de ses clients de services de surveillance de la sécurité de réseau.Après une inspection plus approfondie, Volexity a constaté qu'un attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.Ces détections ont lancé une enquête sur la réponse aux incidents sur plusieurs systèmes que la volexité a finalement retrouvé à l'Ivanti Connect Secure (ICS) de l'organisation (anciennement connu sous le nom de Pulse Connect Secure, ou simplement Pulse Secure).Une inspection plus approfondie [& # 8230;]
>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization\'s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […] |
Vulnerability Threat | ★★★ | |
|
2024-01-10 17:14:32 | Python in Threat Intelligence: Analyser et atténuer les cyber-menaces Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats (lien direct) |
> Par waqas
Dans le monde des menaces de cybersécurité émergentes, la compréhension de l'importance de l'intelligence des menaces est cruciale et ne peut pas & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Python dans les menaces de l'intelligence: analyse et atténuation des cyber-menaces
>By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats |
Threat | ★★★ | |
|
2024-01-10 16:29:00 | Pikabot Malware surface en remplacement de Qakbot pour les attaques Black Basta Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (lien direct) |
Un acteur de menace émergente, Water Curupera, exerce un nouveau chargeur sophistiqué dans une série de campagnes de phishing en filetage qui précèdent les ransomwares.
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware. |
Ransomware Malware Threat | ★★★ | |
|
2024-01-10 16:01:00 | Decryptor gratuit publié pour les victimes de ransomwares de tortilla de Black Basta et Babuk \\ Free Decryptor Released for Black Basta and Babuk\\'s Tortilla Ransomware Victims (lien direct) |
Un décrypteur pour la variante Tortilla du ransomware Babuk a été & nbsp; libéré & nbsp; par Cisco Talos, permettant aux victimes ciblées par le malware de retrouver l'accès à leurs fichiers.
Le cabinet de cybersécurité a déclaré que les renseignements sur les menaces qu'il partageaient avec les autorités néerlandaises de l'application des lois avaient permis d'arrêter l'acteur de menace derrière les opérations.
La clé de chiffrement a également été partagée avec Avast,
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast, |
Ransomware Malware Threat | ★★ | |
|
2024-01-10 15:24:35 | Cyber Threat Intelligence, un programme qui s\'adapte aux besoins des organisations (lien direct) | Cyber Threat Intelligence, un programme qui s'adapte aux besoins des organisations par Mickaël Walter, Threat Intelligence Officer au CERT (Computer Emergency Response Team) I-TRACING - Risk Management | Threat | ★★★ |
To see everything:
Our RSS (filtrered)
