What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-04 12:11:49 | New iPhone Exploit utilise quatre jours zéro New iPhone Exploit Uses Four Zero-Days (lien direct) |
Kaspersky Researchers sont des détails & # 8220; une attaque qui sur quatre ans en arrière des dizaines, sinon des milliers d'iPhones, dont beaucoup appartenaient à des employés de la société de sécurité basée à Moscou, Kaspersky. & # 8221;Il est un exploit en clic zéro qui utilise quatre jours zéro-jours d'iPhone.
Le nouveau détail le plus intrigant est le ciblage de la fonctionnalité matérielle avant-monnale, qui s'est avérée cruciale de la campagne de triangulation de l'opération.Une journée zéro dans la fonction a permis aux attaquants de contourner les avancés protection de mémoire matérielle Conçu pour protéger l'intégrité du système d'appareils même après qu'un attaquant a acquis la possibilité de falsifier la mémoire du noyau sous-jacent.Sur la plupart des autres plateformes, une fois que les attaquants exploitent avec succès une vulnérabilité du noyau, ils ont le contrôle total du système compromis ...
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system... |
Vulnerability Threat Mobile | ★★★★ | |
 |
2024-01-04 11:00:00 | VR et AR: risques de sécurité potentiels à préparer VR and AR: Potential security risks to be prepared for (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) and augmented reality (AR) technologies capture everyone’s imagination with use cases and an unlimited potential for future implementations. While these concepts have been around for decades, they continue to be buzzwords with a fascinating flavor of science fiction. The truth is that the VR and AR combination is close to mainstream adoption these days, with plenty of examples of successful projects creating ripples in ecommerce, entertainment, and many other industries. According to Statista, the global virtual reality and augmented reality market is worth $32.1 billion in 2023, and analysts predict it will exceed $58 billion by 2028. These appear to be conservative estimates, with another study forecasting growth up to a whopping $252 billion in the next four years. Whereas these technologies aren’t susceptible to major malicious exploitation at this point, their skyrocketing popularity might encourage threat actors to come up with viable attack vectors in the near future. This article highlights some of the current security and privacy concerns that stem from the rising adoption of VR and AR technologies. 1. Eye tracking Many people consider eye tracking in VR to be truly revolutionary. The logic of such a perspective is clear: this tech enhances the accuracy of virtual interaction and takes the user experience to a new level by helping interpret people’s emotions. It is also believed to give the security of VR systems a boost because eye scanning can refine biometric verification in the login workflows. As useful as it is, glance tracking could also expose users to hidden monitoring and other privacy risks. For example, VR game makers may be tempted to embed advertisements in their products, similar to how sponsored information is shown in mobile games. If this is the case, eye tracking would be a perfect instrument for advertisers to figure out which ads draw your attention and which ones you ignore. As per analysts’ findings, 95% of decisions to buy a product occur in the subconscious mind. By snooping on a user’s visual response, marketers may be able to derive conclusions regarding their preferences and dislikes. The flip side is that such a technology could potentially play into unscrupulous parties’ hands as a powerful surveillance instrument. 2. Blackmail and harassment Adult entertainment is one of the most popular areas of the virtual reality industry. According to a relevant study, the VR adult content market will see a staggering rise from $716 million in 2021 to $19 billion in 2026. Cybercriminals may try to cash in on this hype by engaging in what’s known as “sextortion”. The idea is to deceive users into thinking that the malefactors have some embarrassing evidence of their private pastimes and instruct them to send money in exchange for not disclosing this information. In some cases, the scammers may even include a valid password for one of the user’s web accounts so that the blackmail message appears true. Bear in mind that they obtained these authentication details from a large-scale data breach that occurred in the past. While these emails contain | Data Breach Hack Tool Threat Mobile Prediction | ★★★ | |
 |
2024-01-04 09:25:22 | Cryptocurrency Wallet CEO perd 125 000 $ dans une arnaque de drainage de portefeuille Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam (lien direct) |
Tout le monde peut être arnaqué.Si vous pensez que vous êtes en quelque sorte à l'abri de la viciation, alors, à mon avis, vous êtes une cible privilégiée pour être arnaqué.Personne n'est trop grand, trop intelligent, trop averti de la sécurité pour éviter d'être dupé parce que c'est le seul humain pour faire une erreur et foutre.Et cela semble certainement être le cas avec Bill Lou.Bill Lou est le PDG et co-fondateur de Nest Wallet, un portefeuille de crypto-monnaie qui fait des allégations audacieuses pour "révolutionner la sécurité du portefeuille".Lou a appris que n'importe qui peut être arnaqué, et dans son cas, cela a été une expérience d'apprentissage coûteuse - à hauteur de 52 Steth (approximativement nous ...
Anyone can get scammed . If you think you\'re somehow immune to being scammed, then, in my opinion, you\'re a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it\'s only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou. Bill Lou is the CEO and co-founder of Nest Wallet, a cryptocurrency wallet that makes bold claims to "revolutionise wallet security." Lou has learnt that anyone can be scammed, and in his case, it\'s been a costly learning experience - to the tune of 52 stETH (approximately US... |
Threat | ★★★ | |
 |
2024-01-04 06:00:10 | Cybersecurity Stop of the Month: MFA Manipulation (lien direct) | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cybercriminals. Cybersecurity Stop of the Month focuses on the critical first three steps in the attack chain in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have covered the following types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion In this post, we examine an attack technique called multifactor (MFA) manipulation. This malicious post-compromise attack poses a significant threat to cloud platforms. We cover the typical attack sequence to help you understand how it works. And we dive deeper into how Proofpoint account takeover capabilities detected and prevented one of these threats for our customer. Background MFA manipulation is an advanced technique where bad actors introduce their own MFA method into a compromised cloud account. These attackers are used after a cloud account takeover attack, or ATO. ATOs are an insidious threat that are alarmingly common. Recent research by Proofpoint threat analysts found that in 2023 almost all businesses (96%) were targeted by cloud-based attacks. What\'s more, a whopping 60% were successfully compromised and had at least one account taken over. MFA manipulation attacks can work several ways with bad actors having multiple options for getting around MFA. One way is to use an adversary-in-the-middle (AiTM) attack. This is where the bad actor inserts a proxy server between the victim and the website that they\'re trying to log into. Doing so enables them to steal that user\'s password as well as the session cookie. There\'s no indication to the user that they\'ve been attacked-it just seems like they\'ve logged into their account as usual. However, the attackers have what they need to establish persistence, which means they can maintain access even if the stolen MFA credentials are revoked or deemed invalid. The scenario Recently, Proofpoint intercepted a series of MFA manipulation attacks on a large real estate company. In one case, the bad actors used an AiTM attack to steal the credentials of the firm\'s financial controller as well as the session cookie. Once they did that, they logged into that user\'s business account and generated 27 unauthorized access activities. The threat: How did the attack happen? Here is a closer look at how this MFA manipulation attack played out: 1. Bad actors used the native “My Sign-Ins” app to add their own MFA methods to compromise Microsoft 365 accounts. We observed that the attackers registered their own authenticator app with notification and code. They made this move right after they gained access to the hijacked account as part of an automated attack flow execution. This, in turn, allowed them to secure their foothold within the targeted cloud environment. The typical MFA manipulation flow using Microsoft\'s “My Sign-Ins” app. 2. After the compromise, the attackers demonstrated a sophisticated approach. They combined MFA manipulation with OAuth application abuse. With OAuth abuse, an attacker authorizes and/or uses a third-party app to steal data, spread malware or execute other malicious activities. Attackers also use the abused app to maintain persistent access to specific resources even after their initial access to a compromised account has been cut off. 3. The attackers authorized the seemingly benign application, “PERFECTDATA SOFTWARE,” to gain persistent access to the user\'s account and the systems, as well as the resources and applications that the user could access. The permissions the attackers requested for this app included: | Malware Tool Vulnerability Threat Cloud | ★★★ | |
 |
2024-01-03 23:00:00 | Google Security Company Mandiant travaillant pour résoudre X rachat du compte Google security firm Mandiant working to resolve X account takeover (lien direct) |
La société de cybersécurité appartenant à Google Mandiant a déclaré qu'elle examinait un incident où son compte X a été repris par quelqu'un partageant des liens vers une plate-forme de crypto-monnaie.Mercredi après-midi vers 15h30 HNE, le compte de Mandiant \\ sur la plate-forme de médias sociaux a tweeté des liens vers une entreprise appelée Phantom, qui offre aux clients un portefeuille pour
The Google-owned cybersecurity firm Mandiant said it is looking into an incident where its X account was taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, Mandiant\'s account on the social media platform tweeted out links to a company called Phantom, which offers customers a wallet for |
Threat | ★★★ | |
 |
2024-01-03 21:00:00 | Apache Erp Zero-Day souligne les dangers des correctifs incomplets Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (lien direct) |
Apache a corrigé une vulnérabilité dans son cadre OfBiz Enterprise Resource Planning (ERP) le mois dernier, mais les attaquants et les chercheurs ont trouvé un moyen de contourner le patch.
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. |
Vulnerability Threat | ★★★ | |
 |
2024-01-03 19:16:54 | APT28: de l'attaque initiale à la création de menaces à un contrôleur de domaine en une heure APT28: From Initial Attack to Creating Threats to a Domain Controller in an Hour (lien direct) |
#### Description
Entre le 15 et 25 décembre, 2023, une série de cyberattaques a été identifiée impliquant la distribution des e-mails contenant des liens vers des «documents» présumés parmi les organisations gouvernementales.
Cliquer sur ces liens a entraîné une infection des logiciels malveillants.L'enquête a révélé que les liens ont redirigé les victimes vers un site Web où un téléchargement basé sur JavaScript a lancé un fichier de raccourci.L'ouverture de ce fichier a déclenché une commande PowerShell pour télécharger et exécuter un document de leurre, un interprète Python et un fichier Masepie classifié nommé client.py.Par la suite, divers outils, notamment OpenSSH, Steelhook PowerShell Scripts et la porte dérobée OceanMap ont été téléchargés, avec des outils supplémentaires comme Impacket et SMBEXEC créés pour la reconnaissance du réseau et le mouvement latéral.Les tactiques globales, les techniques et les outils utilisés ont indiqué le groupe APT28.Notamment, la stratégie d'attaque a indiqué un plan plus large pour compromettre l'ensemble du système d'information et de communication de l'organisation, mettant l'accent sur la menace potentielle pour l'ensemble du réseau.Des attaques similaires ont également été signalées contre des organisations polonaises.
#### URL de référence (s)
1. https://cert.gov.ua/article/6276894
#### Date de publication
3 janvier 2024
#### Auteurs)
Certificat
#### Description Between December 15-25, 2023, a series of cyberattacks were identified involving the distribution of emails containing links to purported "documents" among government organizations. Clicking on these links resulted in malware infecting computers. Investigation revealed that the links redirected victims to a website where a JavaScript-based download initiated a shortcut file. Opening this file triggered a PowerShell command to download and execute a decoy document, a Python interpreter, and a classified MASEPIE file named Client.py. Subsequently, various tools including OPENSSH, STEELHOOK PowerShell scripts, and the OCEANMAP backdoor were downloaded, with additional tools like IMPACKET and SMBEXEC created for network reconnaissance and lateral movement. The overall tactics, techniques, and tools used pointed to the APT28 group. Notably, the attack strategy indicated a broader plan to compromise the entire organization\'s information and communication system, emphasizing the potential threat to the entire network. Similar attacks were also reported against Polish organizations. #### Reference URL(s) 1. https://cert.gov.ua/article/6276894 #### Publication Date January 3, 2024 #### Author(s) CERT-UA |
Malware Tool Threat | APT 28 | ★★★★ |
 |
2024-01-03 18:46:00 | MALWORED Utilisation de Google Multilogin Exploit pour maintenir l'accès malgré la réinitialisation du mot de passe Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset (lien direct) |
Les informations sur le vol de malwares profitent activement d'un point de terminaison Google Oauth sans papiers nommé Multilogin pour détourner les sessions utilisateur et permettent un accès continu aux services Google même après une réinitialisation de mot de passe.
Selon CloudSek, le & nbsp; Critical Exploit & NBSP; facilite la persistance de la session et la génération de cookies, permettant aux acteurs de menace de maintenir l'accès à une session valide dans un
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an |
Malware Threat | ★★ | |
|
2024-01-03 16:12:00 | SMTP Tasseling: un nouveau défaut permet aux attaquants contourner la sécurité et les e-mails de parodie SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (lien direct) |
Une nouvelle technique d'exploitation appelée la contrebande de transfert de courrier simple (SMTP) peut être armée par les acteurs de la menace pour envoyer des e-mails usurpés avec de fausses adresses de l'expéditeur tout en contournant les mesures de sécurité.
"Les acteurs de la menace peuvent abuser des serveurs SMTP vulnérables dans le monde
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security |
Threat | ★★★ | |
 |
2024-01-03 14:00:00 | Faux et volés comptes d'or inonde le web sombre Fake and Stolen X Gold Accounts Flood Dark Web (lien direct) |
Cloudsek a exploré certaines des techniques que les acteurs de menace ont utilisé pour forger ou voler des comptes d'or depuis que l'entreprise d'Elon Musk \\ a introduit son nouveau programme de comptes vérifié
CloudSEK explored some of the techniques threat actors have been using to forge or steal X Gold accounts since Elon Musk\'s firm introduced its new verified accounts program |
Threat | ★★★ | |
 |
2024-01-03 13:23:43 | Nouvelles infects de porte dérobée Xamalicious 25 applications Android, affecte 327 000 appareils New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices (lien direct) |
>By Waqas
Despite Google\'s proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally.
This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices
>By Waqas Despite Google\'s proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally. This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices |
Threat Mobile | ★★★ | |
 |
2024-01-03 13:13:43 | Affiner les tests de pénétration avec l'intelligence cyber-menace Sharpen Penetration Testing with Cyber Threat Intelligence (lien direct) |
> Nous espérons que nos lecteurs sont compétents avec les chiffres.Laissez plonger dans certaines statistiques.En 2022, ...
>We hope our readers are proficient with figures. Let’s dive into some statistics. In 2022,... |
Threat | ★★ | |
|
2024-01-03 11:00:00 | Décodage du piratage éthique: une exploration complète des pratiques de chapeau blanc Decoding ethical hacking: A comprehensive exploration of white hat practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In era of digital devices, where the specter of data breaches and cyber threats looms large, the role of ethical hackers, colloquially known as white hat hackers, has become paramount. This article embarks on an in-depth journey into the realm of ethical hacking, illuminating its profound significance in identifying vulnerabilities and fortifying the intricate tapestry of overall cybersecurity. Ethical hacking, at its core, entails authorized and legal endeavors to infiltrate computer systems, networks, or applications. The primary objective is to unveil vulnerabilities. Diverging from their malevolent counterparts, ethical hackers leverage their skills to fortify security rather than exploit weaknesses. The strategic importance of ethical hacking: Proactive defense: Ethical hacking adopts a proactive stance, aiming to unearth and neutralize potential threats before malicious actors can exploit them. Vulnerability assessment: Systematic assessments conducted by ethical hackers pinpoint weaknesses in systems, networks, and applications, enabling organizations to address vulnerabilities in a timely manner. Compliance and risk management: Ethical hacking aligns seamlessly with regulatory compliance requirements, facilitating effective risk management. This ensures organizations adhere to industry standards and safeguard sensitive information. The crucial role of ethical hackers 1. Identifying vulnerabilities: Ethical hackers employ an array of techniques, including penetration testing, code review, and network analysis, to uncover vulnerabilities. By replicating the tactics of malicious hackers, they unveil potential entry points and weaknesses susceptible to exploitation. 2. Penetration testing: A cornerstone of ethical hacking, penetration testing involves simulating real-world cyber-attacks to evaluate the security posture of a system. This practice assesses how well an organization\'s defenses can withstand various threats. 3. Code Review: Analyzing source code for security flaws is fundamental. Ethical hackers scrutinize the codebase to identify vulnerabilities such as injection flaws, buffer overflows, and insecure dependencies. Navigating the ethical hacking process 1. Planning: Ethical hacking commences with meticulous planning. The ethical hacker collaborates with the organization to define the scope, goals, and methodologies of the assessment. 2. Reconnaissance: Gathering information about the target system is a critical phase. Ethical hackers employ both passive and active reconnaissance techniques to understand the environment they are assessing. 3. Scanning: The scanning phase involves identifying live hosts, open ports, and services on a network. Tools like Nmap and Nessus are commonly employed to assess the target\'s attack surface comprehensively. 4. Gaining access: Ethical hackers attempt to exploit identified vulnerabilities, gaining access to systems or sensitive data. This phase provides organizations insights into the potential impact of a suc | Tool Vulnerability Threat | ★★★ | |
|
2024-01-03 02:50:11 | La cybercriminalité va-t-elle empirer? Is Cybercrime Only Going to Get Worse? (lien direct) |
Au tournant du millénaire, peu de gens s'inquiétaient de la cybercriminalité.L'accord du Vendredi Saint venait de entrer en vigueur, les États-Unis ont expulsé un diplomate russe pour espionnage, et la menace du bug Y2K se profile.Iloveyou, le ver informatique qui a catapulté la cybercriminalité dans la conscience du public, était encore dans cinq mois.Aujourd'hui, les choses ne pourraient pas être plus différentes.En 2001, six personnes ont été victimes de la cybercriminalité par heure.D'ici 2022, ce nombre était passé à 97, soit une augmentation de 1517%.À cette époque, les attaques Solarwinds, Colonial Pipeline et Wannacry ont établi une cybercriminalité comme potentiellement ...
At the turn of the millennium, few people were worried about cybercrime. The Good Friday Agreement had just come into effect, the US expelled a Russian diplomat for spying, and the threat of the Y2K bug loomed. ILOVEYOU , the computer worm that catapulted cybercrime into the public consciousness, was still five months away. Today, things couldn\'t be more different. In 2001, six people fell victim to cybercrime an hour. By 2022, that number had risen to 97, an increase of 1517% . At that time, the SolarWinds, Colonial Pipeline, and WannaCry attacks established cybercrime as a potentially... |
Threat Threat | Wannacry | ★★★ |
|
2024-01-02 23:46:43 | Détection de la reconnaissance interne dans les environnements de domaine en utilisant EDR Detection of Internal Reconnaissance in Domain Environments Using EDR (lien direct) |
Alors que les acteurs de la menace peuvent augmenter les bénéfices en installant des co -miners ouUn logiciel malveillant de porte dérobée ou de rat pour prendre le contrôle du système infecté.Les infostelleurs sont utilisés dans le but de voler des informations sur les utilisateurs dans le système, mais parfois, ils sont utilisés pour obtenir des données qui peuvent être utilisées pour prendre le contrôle du système cible afin d'installer finalement des co -miners ou des ransomwares.Cela peut ne pas être important si l'attaque cible ...
While threat actors can raise a profit by installing CoinMiners or ransomware strains after initial access, they often first install a backdoor or RAT malware to seize control over the infected system. Infostealers are used for the purpose of stealing user information in the system, but sometimes, they are used to obtain data that can be utilized in gaining control over the target system to ultimately install CoinMiners or ransomware. This may not be of significance if the attack target... |
Ransomware Malware Threat | ★★★ | |
|
2024-01-02 21:20:00 | L'Ukraine dit que la Russie a piraté des caméras Web pour espionner des cibles à Kyiv Ukraine says Russia hacked web cameras to spy on targets in Kyiv (lien direct) |
Les agents de sécurité de l'Ukraine \\ ont déclaré avoir éliminé deux caméras de surveillance en ligne qui auraient été piratées par la Russie pour espionner les forces aériennes de défense et les infrastructures critiques dans la capitale de l'Ukraine \\, Kiev.Les caméras ont été installées sur des bâtiments résidentiels de Kiev et ont été initialement utilisés par les résidents pour surveiller les environs et le parking.Après piratage
Ukraine\'s security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine\'s capital, Kyiv. The cameras were installed on residential buildings in Kyiv and were initially used by residents to monitor the surrounding area and parking lot. After hacking |
Tool Threat | ★★★ | |
|
2024-01-02 18:23:54 | Essai d'invité: Tirer parti de DevSecops pour apaiser les cyber-risques dans un paysage de menace grouillant GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape (lien direct) |
Dans le paysage numérique d'aujourd'hui, les organisations sont confrontées à de nombreux défis lorsqu'il s'agit d'atténuer les cyber-risques.
lié: comment l'IA transforme les devops
 L'évolution constantede la technologie, une connectivité accrue et des cybermenaces sophistiquées posent des défis importants pour les organisations de toutes tailles & # 8230;(Plus…)
In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps  The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes … (more…) |
Threat | ★★ | |
 |
2024-01-02 18:16:59 | Utilisation de la correction de Veracode pour résoudre un défaut d'injection SQL Using Veracode Fix to Remediate an SQL Injection Flaw (lien direct) |
Introduction
Dans cette première dans une série d'articles visant à résoudre les défauts communs à l'aide de Veracode Fix & # 8211;Veracode \'s Ai Security Remediation Assistant, nous examinerons la recherche et la réparation de l'un des types de défauts les plus courants et les plus persistants & # 8211;Une attaque d'injection SQL.
Une attaque d'injection SQL est un exploit malveillant où un attaquant injecte du code SQL non autorisé dans les champs d'entrée d'une application Web, visant à manipuler la base de données de l'application \\.En manipulant les paramètres d'entrée, les attaquants peuvent inciter l'application à exécuter des commandes SQL non désirées.Cela peut entraîner un accès non autorisé, une récupération des données, une modification ou même une suppression.Les attaques réussies d'injection SQL compromettent l'intégrité des données et la confidentialité, posant de graves risques de sécurité.
Exemple de code et d'analyse
Soit \\ une faiblesse dans le code source de l'application Verademo délibérément vulnérable (et disponible librement), en particulier le fichier source userController.java trouvé dans le référentiel d'application dans…
Introduction In this first in a series of articles looking at how to remediate common flaws using Veracode Fix – Veracode\'s AI security remediation assistant, we will look at finding and fixing one of the most common and persistent flaw types – an SQL injection attack. An SQL injection attack is a malicious exploit where an attacker injects unauthorized SQL code into input fields of a web application, aiming to manipulate the application\'s database. By manipulating input parameters, attackers can trick the application into executing unintended SQL commands. This can lead to unauthorized access, data retrieval, modification, or even deletion. Successful SQL injection attacks compromise data integrity and confidentiality, posing serious security risks. Example Code and Analysis Let\'s look at a weakness in the source code of the deliberately vulnerable (and freely available) Verademo application, specifically the UserController.java source file found in the application repository in… |
Threat | ★★ | |
|
2024-01-02 12:04:42 | Analyse Vistial Tikkok TikTok Editorial Analysis (lien direct) |
tiktok semble être Inscripture des choses dans les intérêtsdu Parti communiste chinois.(Il s'agit d'une analyse sérieuse, et la méthodologie semble solide.)
CONCLUSION: Des différences substantielles dans les ratios de hashtag augmentent
Préoccupations concernant l'impartialité de Tiktok
Compte tenu de la recherche ci-dessus, nous évaluons une forte possibilité que le contenu sur Tiktok soit soit amplifié ou supprimé en fonction de son alignement sur les intérêts du gouvernement chinois.Les recherches futures devraient viser à une analyse plus complète pour déterminer l'influence potentielle de Tiktok sur les récits publics populaires.Cette recherche devrait déterminer si et comment Tiktok pourrait être utilisé pour faire avancer les objectifs nationaux / régionaux ou internationaux du gouvernement chinois ...
TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its alignment with the interests of the Chinese Government. Future research should aim towards a more comprehensive analysis to determine the potential influence of TikTok on popular public narratives. This research should determine if and how TikTok might be utilized for furthering national/regional or international objectives of the Chinese Government... |
Threat | ★★★ | |
|
2024-01-02 11:16:26 | Les pirates attaquent les services de déchets nucléaires de l'UK \\ via LinkedIn Hackers Attack UK\\'s Nuclear Waste Services Through LinkedIn (lien direct) |
par deeba ahmed
Les utilisateurs de LinkedIn, en particulier les employés qui gèrent les pages pour les grandes entreprises, doivent rester vigilants car la plate-forme est devenue une cible lucrative pour les cybercriminels et les pirates soutenus par l'État.
Ceci est un article de HackRead.com Lire le post original: Les pirates attaquent les services de déchets nucléaires du Royaume-Uni via LinkedIn
By Deeba Ahmed LinkedIn users, especially employees managing pages for large corporations, must remain vigilant as the platform has become a lucrative target for cybercriminals and state-backed hackers. This is a post from HackRead.com Read the original post: Hackers Attack UK’s Nuclear Waste Services Through LinkedIn |
Threat | ★★★★ | |
 |
2024-01-02 11:08:18 | Etude Zscaler : 86 % des cyberattaques transitent par des canaux chiffrés, et l\'industrie manufacturière est la plus ciblée (lien direct) | Etude Zscaler : 86 % des cyberattaques transitent par des canaux chiffrés, et l'industrie manufacturière est la plus ciblée Principaux constats : Les menaces via HTTPS sont en hausse de 24 % sur un an dans le cloud de Zscaler, soit près de 30 milliards de menaces bloquées. Les logiciels malveillants et les contenus malveillants chiffrés représentent une menace majeure, à l'origine de 78 % des attaques observées. L'industrie manufacturière a été le secteur le plus ciblé, et a subi 32 % des attaques chiffrées, alors que plus de 2,1 milliards de transactions liées à l'IA/au ML ont été traitées. Les exploits de navigateur et les sites de logiciels espions sont en hausse de 297 % et 290 % sur un an. - Investigations | Threat Studies Cloud | ★★★★ | |
|
2024-01-02 08:41:00 | 6 Exigences d'assurance cybersécurité Votre entreprise doit être prête à répondre 6 Cybersecurity Insurance Requirements Your Business Should Be Ready To Meet (lien direct) |
Every year, more companies are finding out firsthand how damaging a cyberattack can be. Research for the 2023 State of the Phish report from Proofpoint found that 30% of companies that were successfully attacked experienced a direct monetary loss. That\'s an increase of 76% year over year. And costs for these attacks are rising. IBM reports that the global average cost of a data breach went up by 15% over the last three years, hitting $4.45 million in 2023. Concerns about costs and risks mean that more companies than ever are buying cyber insurance. A World Economic Forum survey found that 71% of organizations have cyber insurance. And Allied Market Research projects that the global cyber insurance market, which is currently valued at $12.5 billion, will reach $116.7 billion by 2032. Investing in cyber insurance for your business can be a wise strategy. For one, it helps you to transfer some of the financial risks of a cybersecurity event to your insurance provider. But the cyber insurance landscape is changing. You should know that getting the coverage you want might be a challenge, and you will need to meet an array of cybersecurity insurance requirements. In this blog post, we\'ll cover six of the most common requirements you\'ll likely need to fulfill. What is cyber insurance-and what does it cover? But first, let\'s take a closer look at what cyber insurance is and why it is important. Also known as cyber liability insurance, this relatively new type of insurance helps to protect businesses and individuals from the negative impacts of cybersecurity events. It generally covers: Loss of data and the associated recovery Loss of revenue due to business interruption Loss of transferred funds from cyberattacks, like business email compromise (BEC) and phishing Loss of funds from ransomware and extortion Many policies also cover the aftermath and follow-up events associated with a data breach. This includes the costs associated with identifying and notifying victims, credit monitoring for victims and forensics expertise, to name a few. Why is cyber insurance important? For many companies, cyber insurance is an essential part of their risk management strategy. It covers many costs related to cyber events, such as legal expenses and fees for compliance violations. Depending on the policy, it might also cover: Ransomware attacks. If your business is hit with a ransomware attack, you may face demands for payment to unlock your systems. Or you may need to pay a ransom to prevent the release of sensitive data. In certain cases, cyber insurance can help cover ransom payments. Incident response and recovery. Cybersecurity insurance can help with the cost of investments you may need to make after an attack. For example, you may need to hire experts, conduct forensic investigations, and implement tools and measures to prevent future attacks. Business disruption. This may include lost revenue during downtime. This coverage can help your business stay afloat financially and continue operating in the wake of a cyber event. Want more details on the benefits of cyber insurance? Download the Proofpoint presentation, “Cyber Insurance: Facts, Figures and Policy Fundamentals.” Examples of common cyber insurance requirements As noted earlier, getting coverage is more complicated than it used to be. Because security breaches are so costly and cybercrime is so common, many insurers have become more stringent in their underwriting processes. Some have lowered caps for payouts and narrowed their coverage offerings as well. This means that the requirements your business may be expected to meet will be fairly complex. Every provider will likely conduct a risk assessment to determine if you qualify for cyber insurance. The process will help them to determine how much coverage they can offer you, and what you\'ll need to pay for it. The risk assessment might be as quick and simple as a questionnaire or as complex and time-consuming as a third-party audit. Here are six examples | Ransomware Data Breach Tool Threat | ★★★ | |
|
2024-01-01 19:30:00 | Nouvelle variante de la commande de recherche DLL Rijacking contourne les protections Windows 10 et 11 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (lien direct) |
Les chercheurs en sécurité ont détaillé une nouvelle variante d'une technique de détournement d'ordre de recherche de liens dynamiques (DLL) qui pourrait être utilisée par les acteurs de la menace pour contourner les mécanismes de sécurité et réaliser l'exécution d'un code malveillant sur les systèmes exécutant Microsoft Windows 10 et Windows 11.
L'approche "exploite les exécutables couramment trouvés dans le dossier de fiducie WINSXS et les exploite via la DLL classique
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL |
Threat Technical | ★★★ | |
|
2024-01-01 15:07:00 | New Terrapin Flaw pourrait laisser les attaquants dégrader la sécurité du protocole SSH New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security (lien direct) |
Des chercheurs en sécurité de l'Université Ruhr Bochum ont découvert une vulnérabilité dans le protocole de réseau cryptographique Secure Shell (SSH) qui pourrait permettre à un attaquant de rétrograder la sécurité de la connexion en brisant l'intégrité du canal sécurisé.
Appelé & nbsp; terrapin & nbsp; (CVE-2023-48795, score CVSS: 5.9), l'exploit a été décrit comme le "premier préfixe pratiquement exploitable
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection\'s security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix |
Vulnerability Threat | ★★★ | |
 |
2024-01-01 14:03:20 | 1er janvier & # 8211;Rapport de renseignement sur les menaces 1st January – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violation du réseau hospitalier allemand Katholische Hospitalveinigung Ostwestfalen (KHO) ont été victimes de cyberattaques qui ont perturbé les systèmes des hôpitaux de Bielefeld, Rheda-Wiedenbr & Uuml; CK et Herford.Lockbit Ransomware Group a revendiqué la responsabilité de l'attaque.[& # 8230;]
>For the latest discoveries in cyber research for the week of 1st January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has been a victim of cyber-attack that disrupted the systems of hospitals in Bielefeld, Rheda-Wiedenbrück, and Herford. Lockbit ransomware group claimed responsibility for the attack. […] |
Ransomware Threat | ★★★ | |
|
2024-01-01 12:22:00 | Nouveau Jinxloader ciblant les utilisateurs avec Formbook et Xloader malware New JinxLoader Targeting Users with Formbook and XLoader Malware (lien direct) |
Un nouveau chargeur de logiciels malveillants basé sur GO appelé & nbsp; Jinxloader & nbsp; est utilisé par les acteurs de la menace pour fournir des charges utiles à la prochaine étape telles que & nbsp; FormBook et son successeur xloader.
Le & nbsp; divulgation & nbsp; provient des sociétés de cybersécurité Palo Alto Networks Unit 42 et Symantec, qui ont tous deux mis en évidence des séquences d'attaques en plusieurs étapes qui ont conduit au déploiement de Jinxloader par des attaques de phishing.
"Le
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The |
Malware Threat | ★★★ | |
 |
2024-01-01 08:00:00 | Whisper Web – La reconnaissance vocale directement accessible depuis votre navigateur (lien direct) | Whisper Web est une version en ligne de l'outil d'OpenAI, Whisper, qui transcrit l'audio en texte sans installer de lourd modèle IA. Compatible avec plusieurs langues, il offre la possibilité de traduire en temps réel et convient parfaitement à la transcription d'interviews, de podcasts ou à la création de sous-titres. Son accès gratuit via un site web le rend facilement accessible. | Tool Threat | ★★★ | |
|
2023-12-31 19:14:22 | Microsoft désactive l'installateur de l'application après que la fonctionnalité est abusée pour les logiciels malveillants Microsoft Disables App Installer After Feature is Abused for Malware (lien direct) |
> Par deeba ahmed
Selon l'équipe Microsoft Threat Intelligence, les acteurs de la menace étiquetés comme \\ 'motivé financièrement \' utilisent le schéma URI MS-Appinstaller pour la distribution de logiciels malveillants.
Ceci est un article de HackRead.com Lire le post original: Microsoft désactive l'installateur de l'application après que la fonctionnalité est abusée pour les logiciels malveillants
>By Deeba Ahmed According to the Microsoft Threat Intelligence Team, threat actors labeled as \'financially motivated\' utilize the ms-appinstaller URI scheme for malware distribution. This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware |
Malware Tool Threat | ★★★ | |
|
2023-12-29 18:08:28 | MALWORED Tirageant Google Cookie Exploit via la fonctionnalité OAuth2 Malware Leveraging Google Cookie Exploit via OAuth2 Functionality (lien direct) |
> Par deeba ahmed
Entre autres, les développeurs de la tristement célèbre Lumma, un malware infosélérateur, utilisent déjà l'exploit en utilisant Advanced & # 8230;
Ceci est un article de HackRead.com Lire le post d'origine: MALWORED Tirageant Google Cookie Exploit via la fonctionnalité OAuth2
>By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality |
Malware Threat | ★★★ | |
|
2023-12-29 15:00:00 | Les erreurs de configuration dans Google Kubernetes Engine (GKE) conduisent à une chaîne d'exploitation d'escalade de privilèges Misconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit Chain (lien direct) |
Une enquête récente de l'unité 42 a révélé une chaîne d'escalade double privilège impactant le moteur Google Kubernetes ...
A recent Unit 42 investigation revealed a dual privilege escalation chain impacting Google Kubernetes Engine... |
Threat | ★★★ | |
|
2023-12-29 14:39:00 | Des pirates Kimsuky déploient Appleseed, Meterpreter et Tinynuke dans les dernières attaques Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (lien direct) |
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines.
South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.
“A notable point about attacks that
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. “A notable point about attacks that |
Tool Threat | APT 43 | ★★★ |
|
2023-12-29 12:03:53 | L'IA est effrayante pour deviner l'emplacement des photos aléatoires AI Is Scarily Good at Guessing the Location of Random Photos (lien direct) |
wow:
Pour tester les performances de Pigeon, je lui ai donné cinq photos personnelles d'un voyage que j'ai fait à travers l'Amérique il y a des années, dont aucune n'a été publiée en ligne.Certaines photos ont été prises dans les villes, mais quelques-unes ont été prises dans des endroits nulle part près des routes ou d'autres points de repère facilement reconnaissables.
qui ne semble pas avoir beaucoup d'importance.
Il a deviné un camping à Yellowstone à environ 35 miles de l'emplacement réel.Le programme a placé une autre photo, prise dans une rue de San Francisco, à quelques blocs de ville.
Toutes les photos ne correspondaient pas faciles: le programme a lié à tort une photo prise sur le frontal du Wyoming à un endroit le long de la gamme de frontaux du Colorado, à plus de cent kilomètres.Et il a deviné qu'une photo du canyon de la rivière Snake en Idaho était de la gorge de Kawarau en Nouvelle-Zélande (en toute honnêteté, les deux paysages sont remarquablement similaires) ...
Wow: To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location. The program placed another photo, taken on a street in San Francisco, to within a few city blocks. Not every photo was an easy match: The program mistakenly linked one photo taken on the front range of Wyoming to a spot along the front range of Colorado, more than a hundred miles away. And it guessed that a picture of the Snake River Canyon in Idaho was of the Kawarau Gorge in New Zealand (in fairness, the two landscapes look remarkably similar)... |
Tool Threat | ★★★★ | |
|
2023-12-29 10:46:00 | Microsoft désactive le protocole d'installation de l'application MSIX largement utilisée dans les attaques de logiciels malveillants Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks (lien direct) |
Microsoft a déclaré jeudi qu'il désactivant à nouveau le gestionnaire de protocole & nbsp; MS-Appinstaller & NBSP; à la suite de ses abus de plusieurs acteurs de menace pour distribuer des logiciels malveillants.
«L'activité de l'acteur de menace observée abuse
Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence |
Ransomware Malware Threat Patching | ★★★★ | |
|
2023-12-29 08:35:15 | Pointpoint de preuve nommé fournisseur représentatif en 2023 Gartner & Reg;Guide du marché pour la gouvernance des communications numériques Proofpoint Named as a Representative Vendor in 2023 Gartner® Market Guide for Digital Communications Governance (lien direct) |
It has been more than a year since Gartner retired its Magic Quadrant for Enterprise Information Archiving, which it had published for many years. When it first happened, many of us from the compliance, e-discovery and archiving world wondered what research would come next. Now the wait is over. On November 13, 2023, Gartner unveiled its new Market Guide for Digital Communications Governance (DCG). And it named Proofpoint as a Representative DCG solution Vendor. Gartner says, “Gartner retired the Magic Quadrant for Enterprise Information Archiving in 2022. This DCG research recognizes the rise in communication tool complexity and demand from clients to seek guidance on the selection of vendors and solutions that specialize in communications governance.” The Gartner Market Guide presents a “definition, rationale and dynamics” for the DCG market and a list of Representative Vendors. It is now up to clients to download the Market Guide so that they can learn more about digital communications governance. And they can refer to Gartner recommendations as they look into DCG solutions that will work best for their business. In this blog post, I go over some of initial coverage of DCG by Gartner. I also provide insights into some of the key points that are made in the new report. Assessing a strategic planning assumption Gartner specifies two strategic planning assumptions in the Market Guide. Here is a look at the first one: “By 2027, 40% of enterprise customers will proactively assess workstream collaboration and meeting solution content for corporate policy and general business insights, up from less than 5% in 2023.” We believe this seems reasonable at face value if you apply it to businesses that operate in regulated industries like financial services. But I question its validity if the intent is to expand it to all verticals. Customers that use a DCG solution as a way to improve their litigation readiness will likely find the deployment of a supervision/surveillance solution for “corporate policy and general business insights” to be a “nice to have,” not a “must have.” I suspect that, in general, these customers will agree to the value in principle. But they will struggle to gain executive sponsors and budget in the absence of: Regulatory mandates that compel relevant action, like the Financial Industry Regulatory Authority (FINRA) or the U.S. Securities and Exchange Commission (SEC) for financial services Widely accepted performance statistics, such as archive search performance or archive system availability It will be interesting to revisit this assumption in 2027. At that point, we\'ll see how much progress has been made on the regulatory and statistics fronts-and the percentage of enterprise customers. Compliance risk versus security risk In the Market Direction section of the report, under “Compliance risk versus security,” Gartner states, “Most frequently used for adherence to compliance use cases, solutions are expanding to broader uses in security risk.” No vendor will do integrations simply because they are cool ideas. They need compelling use cases and business cases. However, with Proofpoint you have a single vendor that offers leading technology for both digital communications governance and security. To learn more about these platforms, check out Proofpoint Aegis threat protection and the Proofpoint Sigma information protection. For more than 15 years, we have provided innovative solutions to address compliance use cases as well as security use cases. Most of the customers we work with who use Proofpoint Intelligent Compliance offerings are Proofpoint security customers, as well. The use of machine learning to improve supervision and surveillance Gartner addresses the use of these technologies in the Market Analysis section of the Market Guide, under “Supervision and surveillance capabilities.” It says, “The results can be used for improved automated monitoring/tagging, and accuracy and efficiency outcomes | Tool Threat Commercial | ★★ | |
|
2023-12-28 19:18:50 | Trend Analysis on Kimsuky Group\'s Attacks Using AppleSeed (lien direct) | #### Description
Le groupe de menaces Kimsuky, connu pour être soutenu par la Corée du Nord, est actif depuis 2013. Le groupe lance généralement des attaques de phishing de lance contre la défense nationale, les industries de la défense, les médias, la diplomatie, les organisations nationales et les secteurs académiques.
Leurs attaques visent à voler des informations internes et des technologies auprès des organisations.Alors que le groupe Kimsuky utilise généralement des attaques de phishing de lance pour un accès initial, la plupart de leurs attaques récentes impliquent l'utilisation de logiciels malveillants de type raccourci au format de fichier LNK.Bien que les logiciels malveillants LNK constituent une grande partie des attaques récentes, des cas utilisant des javascripts ou des documents malveillants continuent d'être détectés.Ces cas d'attaque qui utilisent des logiciels malveillants de type JavaScript impliquent généralement la distribution d'applications.En plus de JavaScript, des logiciels malwares de macro Excel sont également utilisés pour installer Appleseed.Appleseed est une porte dérobée qui peut recevoir les commandes de la menace acteur \\ du serveur C&C et exécuter les commandes reçues.L'acteur de menace peut utiliser Appleseed pour contrôler le système infecté.Il propose également des fonctionnalités telles qu'un téléchargeur qui installe des logiciels malveillants supplémentaires, Keylogging et prenant des captures d'écran, et en volant des informations en collectant des fichiers dans le système utilisateur et en les envoyant.Alphaseed est un logiciel malveillant développé dans Golang et prend en charge des fonctionnalités similaires à Appleseed telles que l'exécution des commandes et l'infostoritration.
#### URL de référence (s)
1. https://asec.ahnlab.com/en/60054/
#### Date de publication
27 décembre 2023
#### Auteurs)
Sanseo
#### Description The Kimsuky threat group, known to be supported by North Korea, has been active since 2013. The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim to steal internal information and technology from organizations. While the Kimsuky group typically uses spear phishing attacks for initial access, most of their recent attacks involve the use of shortcut-type malware in LNK file format. Although LNK malware comprise a large part of recent attacks, cases using JavaScripts or malicious documents are continuing to be detected. Such attack cases that use JavaScript-type malware usually involve the distribution of AppleSeed. In addition to JavaScript, Excel macro malware are also used to install AppleSeed. AppleSeed is a backdoor that can receive the threat actor\'s commands from the C&C server and execute the received commands. The threat actor can use AppleSeed to control the infected system. It also offers features such as a downloader that installs additional malware, keylogging and taking screenshots, and stealing information by collecting files from the user system and sending them. AlphaSeed is a malware developed in Golang and supports similar features to AppleSeed such as command execution and infostealing. #### Reference URL(s) 1. https://asec.ahnlab.com/en/60054/ #### Publication Date December 27, 2023 #### Author(s) Sanseo |
Malware Threat Prediction | APT 43 | ★★★ |
 |
2023-12-28 17:00:18 | Découverte de dizaines de milliers de selfies avec CNI (lien direct) | Mais d'où proviennent les informations personnelles découvertes par ZATAZ dans un espace caché du darknet ? Un hacker vient de mettre à disposition des milliers de selfies et de pièces d'identité des personnes figurant sur les photos.... | Threat | ★★★ | |
|
2023-12-28 16:31:20 | Le groupe ALPHV (BlackCat) appelle à la création d\'un cartel de ransomwares (lien direct) | Les représentants de la communauté de ransomwares ALPHV (BlackCat) ont appelé à la création d'un cartel capable de résister aux menaces des forces occidentales.... | Threat | ★★★★ | |
|
2023-12-28 16:10:25 | Colipays fait face à une cyberattaque en période de fêtes (lien direct) | En pleine période festive, la société française Colipays, spécialisée dans l'envoi de produits locaux, a été ciblée par une cyberattaque. Les pirates auraient modifié les adresses de livraison.... | Threat | ★★★★ | |
|
2023-12-28 15:00:00 | En cybersécurité et en mode, ce qui est l'ancien est nouveau In Cybersecurity and Fashion, What\\'s Old Is New Again (lien direct) |
Quelle récente augmentation des attaques du DDOS prédit - et comment se préparer pour 2024.
What a recent rise in DDoS attacks portends - and how to prepare for 2024. |
Threat | ★★★ | |
 |
2023-12-28 14:04:48 | Microsoft désactive le gestionnaire de protocole MSIX abusé des attaques de logiciels malveillants Microsoft disables MSIX protocol handler abused in malware attacks (lien direct) |
Microsoft a à nouveau désactivé le gestionnaire de protocole MSIX MS-Appinstaller après que plusieurs groupes de menaces motivés financièrement l'ont abusé pour infecter les utilisateurs de Windows par malware.[...]
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. [...] |
Malware Threat | ★★★ | |
|
2023-12-28 13:27:00 | La surveillance insouciante des serveurs SSH Linux dessine des cryptomineurs, des bots DDOS Careless oversight of Linux SSH servers draws cryptominers, DDoS bots (lien direct) |
Les cybercriminels ciblent les serveurs Linux SSH mal gérés pour installer des logiciels malveillants pour la cryptomiminage ou l'effort d'attaques distribuées au déni de service, ont révélé des chercheurs.Selon un rapport de AHNLAB publié cette semaine, une mauvaise gestion des mots de passe et un correctif de vulnérabilité laxiste peuvent permettre aux pirates d'exploiter les serveurs pour la cybercriminalité.Les serveurs SSH offrent un accès à distance sécurisé à un
Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime. SSH servers provide secure remote access to a |
Malware Vulnerability Threat Patching | ★★ | |
|
2023-12-28 13:18:57 | Dernières vulnérabilités zéro-jour: UNC4841 cible Barracuda ESG avec CVE-2023-7102, contournement d'authentification Apache Ofbiz (CVE-2023-51467) Latest Zero-Day Vulnerabilities: UNC4841 Targets Barracuda ESG with CVE-2023-7102, Apache OFBiz Authentication Bypass (CVE-2023-51467) (lien direct) |
Le groupe UNC4841, lié à la Chine, vise à nouveau Barracuda Email Security Gateway (ESG), ...
The UNC4841 group, linked to China, is targeting Barracuda Email Security Gateway (ESG) appliances again,... |
Vulnerability Threat | ★★★ | |
|
2023-12-28 12:43:18 | Les pirates militaires russes ciblent l'Ukraine avec de nouveaux logiciels malveillants Masepie Russian military hackers target Ukraine with new MASEPIE malware (lien direct) |
L'équipe d'intervention d'urgence informatique de l'Ukraine (CERT) prévient une nouvelle campagne de phishing qui a permis aux pirates de russe à déployer des logiciels malveillants invisibles auparavant sur un réseau en moins d'une heure.[...]
Ukraine\'s Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. [...] |
Malware Tool Threat | ★★★ | |
|
2023-12-28 11:26:00 | Un nouveau chargeur de logiciels malveillants rugmi des centaines de détections quotidiennes New Rugmi Malware Loader Surges with Hundreds of Daily Detections (lien direct) |
Un nouveau chargeur de logiciels malveillants est utilisé par les acteurs de la menace pour livrer une large gamme de & nbsp; Information Stealers & nbsp; tel que Lumma Stealer (aka Lummac2), Vidar, Recordbreaker (AKA Raccoon Stealer v2) et & nbsp; Rescoms.
La société de cybersécurité ESET suit le Trojan sous le nom et NBSP; Win / Trojandownloader.Rugmi.
"Ce malware est un chargeur avec trois types de composants: un téléchargeur qui télécharge un
A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an |
Malware Threat | ★★ | |
|
2023-12-28 05:17:46 | Analyse des tendances sur les attaques de Kimsuky Group \\ en utilisant Appleseed Trend Analysis on Kimsuky Group\\'s Attacks Using AppleSeed (lien direct) |
connu pour être soutenu par la Corée du Nord, le groupe de menaces Kimsuky est actif depuis 2013. Au début,Ils ont attaqué les instituts de recherche liés à la Corée du Nord en Corée du Sud avant d'attaquer une société sud-coréenne de l'énergie en 2014. Depuis 2017, des attaques ciblant des pays autres que la Corée du Sud ont également été observées.[1] Le groupe lance généralement des attaques de phishing de lance contre la défense nationale, les industries de la défense, les médias, la diplomatie, les organisations nationales et les secteurs universitaires.Leurs attaques visent à voler des informations internes et des technologies auprès des organisations.[2] tandis que ...
Known to be supported by North Korea, the Kimsuky threat group has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Since 2017, attacks targeting countries other than South Korea have also been observed. [1] The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim to steal internal information and technology from organizations. [2] While... |
Threat Prediction | ★★★ | |
 |
2023-12-28 00:45:01 | Qu'est-ce que Vishing?Les escroqueries de phishing vocal pour éviter What is Vishing? Voice Phishing Scams to Avoid (lien direct) |
> 
Qu'est-ce que Vishing?Vishing est une arnaque de téléphone.Dans une attaque Vishing, un escroc se proie à l'erreur humaine en téléphonant à leurs victimes et en essayant de les amener à exposer leurs informations personnelles, leur argent ou les deux.Le mot «vish» vient de la «voix» et du «phishing», ce qui suggère qu'un fraudeur pendait un crochet ou un leurre [& # 8230;]
> 
What is vishing? Vishing is a phone scam. In a vishing attack, a scammer preys on human error by phoning their victims and attempting to get them to expose their personal information, money or both. The word “vishing” comes from “voice” and “phishing,” which suggests that a fraudster is dangling a hook or a lure […]
|
Threat General Information | ★★★ | |
 |
2023-12-28 00:01:00 | Annexe médico-légale: L'exploit de clic de zéro de Pegasus menace les journalistes en Inde Forensic appendix: Pegasus zero-click exploit threatens journalists in India (lien direct) |
> Cette annexe médico-légale décrit les preuves médico-légales sur l'utilisation de logiciels espions hautement invasifs contre deux journalistes d'Inde.Notre enquête confirme que les appareils des deux individus ont été ciblés avec des logiciels espions Pegasus de NSO Group \\ entre août et octobre 2023. Plus d'informations sur le contexte de ces attaques sont disponibles dans un communiqué de presse qui l'accompagne.Ce [& # 8230;]
>This forensic appendix outlines forensic evidence on the use of highly invasive spyware against two journalists from India. Our investigation confirms that the devices of both individuals were targeted with NSO Group\'s Pegasus spyware between August and October 2023. More information about the context for these attacks is available in an accompanying press release. This […] |
Threat | ★★★ | |
 |
2023-12-28 00:00:00 | Microsoft Adresse les abus des installateurs de l'application Microsoft addresses App Installer abuse (lien direct) |
Résumé Au cours des derniers mois, Microsoft Threat Intelligence a observé que les acteurs de la menace tirent parti des techniques d'ingénierie sociale et de phishing pour cibler les utilisateurs de Windows OS et en utilisant le schéma URI MS-Appinstaller.Nous avons abordé et atténué cette activité malveillante en désactivant par défaut MS-Appinstaller.De plus, Microsoft a coordonné les autorités de certificat pour révoquer les certificats de signature de code abusés utilisés par des échantillons de logiciels malveillants que nous avons identifiés.
Summary In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified. |
Malware Threat | ★ | |
|
2023-12-27 21:09:00 | Le système Zero-Day critique dans Apache Ofbiz ERP expose les entreprises à attaquer Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack (lien direct) |
Une nouvelle faille de sécurité zéro-jour a été découverte dans l'Apache Ofbiz, un système de planification des ressources d'entreprise open source (ERP) qui pourrait être exploité pour contourner les protections d'authentification.
La vulnérabilité, suivie en tant que & nbsp; CVE-2023-51467, réside dans la fonctionnalité de connexion et est le résultat d'un correctif incomplet pour une autre vulnérabilité critique (CVE-2023-49070, score CVSS: 9.8) qui était
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was |
Vulnerability Threat | ★★★ | |
|
2023-12-27 18:05:00 | Les pirates chinois ont exploité le nouveau zéro-jour dans les appareils ESG de Barracuda \\ Chinese Hackers Exploited New Zero-Day in Barracuda\\'s ESG Appliances (lien direct) |
Barracuda a révélé que les acteurs de la menace chinoise ont exploité un nouvel jour zéro dans ses appareils électroménagers (ESG) pour déployer une porte dérobée sur un "nombre limité" d'appareils.
Suivi en tant que & nbsp; CVE-2023-7102, la question concerne un cas de & nbsp; Arbitrary Code Execution & NBSP; qui réside dans un tiers et une bibliothèque d'Open-source dans la bibliothèque :: ParseExcel qui \\ est utilisée par le scanner Amavis au sein du scanner Amavis au sein de la bibliothèque ::
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel that\'s used by the Amavis scanner within the |
Vulnerability Threat | ★★ |
To see everything:
Our RSS (filtrered)
