What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
 |
2024-01-25 10:00:38 | Prédictions de confidentialité pour 2024 Privacy predictions for 2024 (lien direct) |
Les experts de Kaspersky examinent leurs prévisions de confidentialité pour les tendances de 2023 et de l'année dernière, et tenter de prédire les préoccupations et les solutions de confidentialité à venir en 2024.
Kaspersky experts review their privacy predictions for 2023 and last year\'s trends, and try to predict what privacy concerns and solutions are to come in 2024. |
Prediction | ★★★ | |
 |
2024-01-24 17:57:00 | Ransomware Kasseika lié à Blackmatter dans BYOVD Attack Kasseika Ransomware Linked to BlackMatter in BYOVD Attack (lien direct) |
Un acteur émergent est le dernier à déployer une tactique qui met fin aux processus et services AV avant de déployer sa charge utile;La campagne fait partie d'une plus grande tendance "apporter votre propre conducteur vulnérable".
An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger "bring your own vulnerable driver" trend. |
Ransomware Prediction | ★★★ | |
 |
2024-01-24 16:50:00 | Ransomware Kasseika Utilisation de l'astuce BYOVD pour désarmer la sécurité pré-incrypative Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption (lien direct) |
Le groupe Ransomware connu sous le nom de Kasseika est devenu le dernier à tirer parti de l'attaque Bring Your Own Vulnerable Driver (BYOVD) pour désarmer les processus liés à la sécurité sur des hôtes Windows compromis, en rejoignant d'autres groupes comme Akira, Avoslocker, Blackbyte et Robbinhood.
La tactique permet "aux acteurs de menace de résilier les processus et services antivirus pour le déploiement de ransomwares"
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend |
Ransomware Prediction | ★★★ | |
 |
2024-01-24 13:04:22 | \'Canalys Global Cybersecurity Leadership Matrix 2023\' Trend Micro est reconnu comme le champion de la cybersécurité (lien direct) | 'Canalys Global Cybersecurity Leadership Matrix 2023' Trend Micro est reconnu comme le champion de la cybersécurité. L'engagement de Trend envers son écosystème est notamment salué pour aider " à accélérer la croissance et les compétences des partenaires ". - Business | Prediction | ★★ | |
 |
2024-01-23 12:51:12 | Le paysage des menaces est toujours en train de changer: à quoi s'attendre en 2024 The Threat Landscape Is Always Changing: What to Expect in 2024 (lien direct) |
Gather \'round, cyber friends, and I\'ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can look back on 2023, identify notable changes and actor behaviors, and make educated assessments about what 2024 will bring. This month on the DISCARDED podcast my co-host Crista Giering and I sat down with our Threat Research leaders Daniel Blackford, Alexis Dorais-Joncas, Randy Pargman, and Rich Gonzalez, leaders of the ecrime, advanced persistent threat (APT), threat detection, and Emerging Threats teams, respectively. We discussed what we learned over the last year, and what\'s on the horizon for the future. While the discussions touched on different topics and featured different opinions on everything from artificial intelligence (AI) to living off the land binaries (LOLBins) to vulnerability exploitation to ransomware, there were some notable themes that are worth writing down. We can\'t say for sure what surprises are in store, but with our cyber crystals balls fully charged – and a deep knowledge of a year\'s worth of threat actor activity based on millions of email threats per day – we can predict with high confidence what\'s going to be impactful in the coming year. 1: Quick response (QR) codes will continue to proliferate 2023 was the year of the QR code. Although not new, QR codes burst on the scene over the last year and were used in many credential phishing and malware campaigns. The use was driven by a confluence of factors, but ultimately boiled down to the fact that people are now way more accustomed to scanning QR codes for everything from instructions to menus. And threat actors are taking advantage. Proofpoint recently launched new in-line sandboxing capabilities to better defend against this threat, and our teams anticipate seeing more of it in 2024. Notably, however, Dorais-Joncas points out that QR codes still just exist in the realm of ecrime – APT actors have not yet jumped on the QR code bandwagon. (Although, some of those APT actors bring ecrime energy to their campaigns, so it\'s possible they may start QR code phishing, too.) 2: Zero-day and N-day vulnerability exploitation A theme that appeared throughout our conversations was the creative use of vulnerabilities – both known and unreported – in threat actor activity. APT actors used a wide variety of exploits, from TA473 exploiting publicly-facing webmail servers to espionage actors using a zero-day in an email security gateway appliance that ultimately forced users to rip out and reinstall physical hardware. But ecrime actors also exploited their share of vulnerabilities, including the MOVEit file transfer service vulnerability from the spring of 2023 that had cascading repercussions, and the ScreenConnect flaw announced in the fall of 2023 – both of which were used by ecrime actors before being officially published. Proofpoint anticipates vulnerability exploitation will continue, driven in part by improved defense making old school techniques – like macro-enabled documents – much less useful, as well as the vast financial resources now available to cybercriminals that were once just the domain of APT. Pargman says the creativity from ecrime threat actors is a direct response of defenders imposing cost on our adversaries. 3: Continuing, unexpected behavior changes Avid listeners of the podcast know I have regularly said the ecrime landscape is extremely chaotic, with TA577 demonstrating the most chaotic vibes of them all. The tactics, techniques, and procedures (TTPs) of some of the most sophisticated actors continue to change. The cost imposed on threat actors that Pargman mentioned – from law enforcement takedowns of massive botnets like Qbot to improved detections and automated defenses – have forced threat actors, cybercriminals in particular, to regularly change their behaviors to figure out what is most effective. For example, recently Proofpoint has observed the increased use of: traffic dis | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-01-23 10:21:41 | Cybersécurité : 5 risques à suivre en 2024, selon Hiscox (lien direct) | Cybersécurité : 5 risques à suivre en 2024, selon Hiscox. le Rapport Hiscox 2023 sur la gestion des cyber-risques, tandis qu'avec la croissance de modèles tels que ChatGPT, facilitant la rédaction d'emails de phishing convaincants, les employés se sont plus que jamais retrouvés en première ligne - Points de Vue | Threat Prediction | ChatGPT | ★★★★ |
 |
2024-01-22 22:07:00 | CISA \\'s est la cible de l'incident de swatting \\ 'déchirant \\' CISA\\'s Easterly the target of \\'harrowing\\' swatting incident (lien direct) |
La directrice de la Cybersecurity and Infrastructure Security Agency, Jen Easterly \\, a été échappée à la fin du mois dernier, un autre incident dans ce qui est devenu une tendance nationale ciblant les responsables de l'État et du gouvernement fédéral.La police du comté d'Arlington, en Virginie, a déclaré qu'elle enquêtait sur un appel au 911 légèrement passé avant 21 heures.Le 30 décembre, qui a faussement affirmé qu'une fusillade avait
Cybersecurity and Infrastructure Security Agency Director Jen Easterly\'s home was swatted late last month, another incident in what has become a nationwide trend targeting state and federal government officials. Police in Arlington County, Virginia, say they are investigating a 911 call placed slightly before 9 p.m. on December 30 that falsely claimed a shooting had |
Prediction | ★★ | |
 |
2024-01-22 00:00:00 | 18X Un leader de Gartner Magic Quadrant pour Epp 18X a Leader in Gartner Magic Quadrant for EPP (lien direct) |
Explorez pourquoi Trend Micro est reconnu pour la 18e fois - comme un leader du Gartner Magic Quadrant pour les plates-formes de protection des points finaux.
Explore why Trend Micro is recognized-for the 18th time-as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms. |
Prediction Commercial | ★★★ | |
|
2024-01-20 18:46:50 | API dans Peril: Le dernier rapport de Wallarm \\ expose la hausse des attaques d'API et met en évidence les prédictions de sécurité pour 2024 APIs in peril: Wallarm\\'s latest report exposes uptick in API attacks and highlights security predictions for 2024 (lien direct) |
API dans Peril: Le dernier rapport de Wallarm \\ expose la hausse des attaques d'API et met en évidence les prédictions de sécurité pour 2024
Rapport annuel a analysé 1,2 milliard d'attaques, plus de 22 000 vulnérabilités et plus de 146 rapports de primes de bug pour prédire les tendances de sécurité des API 2024
18 janvier 2024 09:00 am
-
opinion
APIs in peril: Wallarm\'s latest report exposes uptick in API attacks and highlights security predictions for 2024 Annual report analyzed 1.2 billion attacks, more than 22,000 vulnerabilities and over 146 bug bounty reports to predict 2024 API security trends January 18, 2024 09:00 AM Eastern Standard Time - Opinion |
Vulnerability Prediction | ★★ | |
|
2024-01-18 11:00:00 | Quatre tendances de cybersécurité que vous devriez connaître pour 2024 Four cybersecurity trends you should know for 2024 (lien direct) |
This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur | Tool Threat Prediction | ★★★ | |
|
2024-01-18 00:00:00 | Réduire les compromis sur les e-mails commerciaux avec la collaboration Reduce Business Email Compromise with Collaboration (lien direct) |
Voici la dernière intégration de plate-forme Trend Vision One ™ répondant au besoin croissant de collaboration dans l'espace de sécurité des e-mails commerciaux.
Here\'s the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security space. |
Prediction | ★★ | |
|
2024-01-17 16:53:57 | Acronis : Etat des cybermenaces en 2024 (lien direct) | etty des cybermenaces a 2024
Pariux Experts acronic, Candid w & uuml; Est - VP Gestion des produits It Kevin Reed - ci> / p> / p>
Candid Growing, VP Product Management
- c'est
pointer le point de vue
Etat des cybermenaces en 2024 Par deux experts Acronis, Candid Wüest - VP product management et Kevin Reed - CISO Candid Wuest, VP product management - Points de Vue |
Prediction | ★★★ | |
 |
2024-01-17 11:03:36 | Cyber Security 2024: Tendances clés au-delà du battage médiatique Cyber Security 2024: Key Trends Beyond the Hype (lien direct) |
etty des cybermenaces a 2024
Pariux Experts acronic, Candid w & uuml; Est - VP Gestion des produits It Kevin Reed - ci> / p> / p>
Candid Growing, VP Product Management
- c'est
pointer le point de vue
Etat des cybermenaces en 2024 Par deux experts Acronis, Candid Wüest - VP product management et Kevin Reed - CISO Candid Wuest, VP product management - Points de Vue |
Prediction | ★★ | |
|
2024-01-17 10:00:24 | Menaces Web sombres et prédictions du marché sombre pour 2024 Dark web threats and dark market predictions for 2024 (lien direct) |
Un aperçu des prédictions de l'année dernière pour les menaces Web d'entreprise et sombres et nos prédictions pour 2024.
An overview of last year\'s predictions for corporate and dark web threats and our predictions for 2024. |
Prediction | ★★ | |
|
2024-01-16 14:37:37 | Trend Cloud One™ for Government obtient une nouvelle mise en conformité avec l\'autorisation d\'exploitation FedRAMP® (lien direct) | Grâce à l'autorisation FedRAMP®, la plateforme de cybersécurité de Trend Micro s'impose comme la plus conforme du marché. Les entreprises et les gouvernements du monde entier font confiance à Trend Micro pour combler le fossé entre la sécurité et la conformité. - Business | Prediction Cloud | ★★ | |
|
2024-01-16 12:43:00 | Les pirates d'armement des fenêtres pour déployer le voleur de phédrone crypto-siphonnant Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer (lien direct) |
Les acteurs de la menace ont été observés en tirant parti d'une faille de sécurité maintenant paires dans Microsoft Windows pour déployer un voleur d'informations open source appelé & nbsp; Phemedrone Stealer.
«Phemedrone cible les navigateurs Web et les données des portefeuilles de crypto-monnaie et des applications de messagerie telles que Telegram, Steam et Discord», a déclaré Simon Zuckerbraun & Nbsp;
"Ça aussi
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also |
Threat Prediction | ★★★ | |
|
2024-01-16 11:00:00 | Prédictions inhabituelles et stimulantes pour la cybersécurité en 2024 Unusual, thought-provoking predictions for cybersecurity in 2024 (lien direct) |
This is part one of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b | Tool Mobile Prediction Cloud Technical | ★★★ | |
|
2024-01-16 08:09:50 | Les incidents cyber, en tête du Baromètre des risques d\'Allianz 2024 (lien direct) | Les incidents cyber, en tête du Baromètre des risques d'Allianz 2024 Les violations de données, les attaques contre les infrastructures essentielles ou les biens physiques et les attaques par ransomware, de plus en plus fréquentes, sont les risques cyber les plus préoccupants. L'interruption d'activité demeure à la 2e place, avec 31 % des réponses. Les catastrophes naturelles réalisent la plus forte hausse par rapport à 2023, avec 26 %, et se classent en 3e place. En France, les incidents cyber (44%) et les interruptions d'activité (40%) sont également en tête du classement, suivis par les risques d'incendie et explosion qui grimpent à la 3e place (25%). Le baromètre des risques Allianz explore également les risques de 23 secteurs clés : Transport & logistique (1e Évolutions législatives et réglementaires), Marine & transport maritime (1e ex aequo Incendie, explosion et Vol, fraude et corruption), Aviation (1e Risques politiques), Télécoms (1e Incidents cyber), Ingénierie, construction & immobilier (1e Catastrophes naturelles), Agriculture (1e Changement climatique) ... - Investigations | Ransomware Studies Prediction | ★★★ | |
|
2024-01-15 08:19:50 | Exposition du cloud, architecture hybride et attaques des PME : les prédictions cybersécurité de Tenable pour 2024 (lien direct) | Exposition du cloud, architecture hybride et attaques des PME : les prédictions cybersécurité de Tenable pour 2024 - Points de Vue | Prediction Cloud | ★★★ | |
|
2024-01-11 15:10:45 | Cybersécurité : quels enjeux pour 2024 ? (lien direct) | Cybersécurité : quels enjeux pour 2024 ? par Theo Zafirakos, CISO de Terranova Security - Points de Vue | Prediction | ★★★ | |
 |
2024-01-11 15:06:20 | Techniques de piratage courantes en 2023 et prédictions pour 2024 Common Hacking Techniques in 2023 and Predictions for 2024 (lien direct) |
|
Prediction | ★★★ | |
|
2024-01-11 14:35:23 | PQC, IA et durabilité: cinq tendances de cybersécurité pour 2024 PQC, AI & sustainability: five cybersecurity trends for 2024 (lien direct) |
PQC, IA et durabilité: cinq tendances de cybersécurité pour 2024 par
Nils Gerhardt, CTO et expert en cybersécurité, Utimaco
-
opinion
/ /
affiche
PQC, AI & sustainability: five cybersecurity trends for 2024 BY Nils Gerhardt, CTO and cybersecurity expert, Utimaco - Opinion / affiche |
Prediction | ★★★ | |
|
2024-01-11 10:34:21 | Les experts en cybersécurité de Yubico partagent leurs recommandations pour naviguer sur Internet en toute sécurité en 2024 (lien direct) | Les experts en cybersécurité de Yubico partagent leurs recommandations pour naviguer sur Internet en toute sécurité en 2024 - Points de Vue | Prediction | ★★★ | |
|
2024-01-11 00:00:00 | Trend Micro défend la Coupe du monde de la FIFA contre les cyber-menaces Trend Micro Defends FIFA World Cup from Cyber Threats (lien direct) |
Trend Micro collabore avec Interpol pour défendre la Coupe du monde de la FIFA en empêchant les attaques et en atténuant les risques de lutter contre la menace croissante de la cybercriminalité.
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime. |
Threat Prediction | ★★★ | |
 |
2024-01-10 21:30:08 | 7 meilleurs calculatrices d'étranglement pour PC en 2024 7 Best Bottleneck Calculators for PC in 2024 (lien direct) |
Looking for the best bottleneck calculator for PC? This article provides concise discussions on them, along with essential information for calculating bottlenecks on your computer. Getting optimal performance on PCs involves considering various factors. One crucial factor to consider is preventing any hardware component from bottlenecking another. For instance, a CPU bottleneck on the GPU can significantly affect the overall performance of the PC especially when you are running a program that requires a lot of GPU power. To identify potential bottleneck hardware on a PC and address issues like freezing, lag, and crashes caused by bottlenecks, it’s common to examine resource usage during program execution. This analysis can be carried out using utilities like Task Manager or specialized resource monitoring software such as MSI Afterburner. However, using a specialized bottleneck calculator often complements the aforementioned method by employing algorithmic analysis to calculate PC bottlenecks. That’s why we’ve created this article to review the best PC bottleneck calculators for PC including all the methods above, helping you in pinpointing any hardware limitations in your system. Understanding the concept of a bottleneck in a PC Bottleneck is a generic term but when it comes to computing, it refers to a PC component - be it CPU, GPU, RAM or disk driver - that limits or slows down the overall functioning of the computer. This occurs when a particular hardware component struggles to process data requests at a pace comparable to the data reception capacity of the hardware awaiting the information. An instance of CPU bottleneck affecting the GPU arises when the CPU impedes the smooth flow of requests to the GPU, probably when gaming. In such a scenario, the CPU experiences high utilization, while the GPU operates with a utilization below the norm. This bottleneck restricts how the GPU should handle requests for the optimal running of processes, leading to issues like lags, crashes, stuttering, and low FPS. While bottleneck may be a simple term, it is most times the cause of issues faced on PCs. Hence, it is very important to take note of it. And the bottleneck calculator below can be of help in getting bottlenecks on your computer. Best Bottleneck Calculators for PC As previously noted, there are tools available to help in identifying hardware bottlenecks on PCs. This helps pinpoint which components may require overclocking or replacement to enhance data/request processing on your computer. Below are the top options derived from our extensive testing. However, the first four recommendations are best to be used if you are just planning to build a PC and the last three can only be used post PC build. 1. PC Built Bottleneck Calculator PC Built Bottleneck Calculator is one of the top platforms to calculate PC bottleneck before building a PC. | Tool Prediction | ★★★ | |
 |
2024-01-10 19:52:40 | Pikabot malware se propage par les campagnes de phishing Pikabot Malware Spreading Through Phishing Campaigns (lien direct) |
Malware Threat Prediction | ★★ | ||
 |
2024-01-10 14:00:34 | L'IA change la sécurité - 5 prédictions du cortex AI Is Changing Security - 5 Predictions from Cortex (lien direct) |
> Avec des développements critiques à portée de main, nous avons contacté nos propres équipes de Palo Alto Networks pour obtenir des opinions franches sur les impacts de l'IA en cybersécurité.
>With critical developments at hand, we reached out to our own teams at Palo Alto Networks to get some candid opinions about the impacts of AI in cybersecurity. |
Prediction | ★★★ | |
 |
2024-01-09 09:31:36 | Tendance 2024 : l\'évolution de l\'intelligence artificielle sera un tremplin pour l\'IT (lien direct) | Selon Nutanix, l'IA va s'imposer dans le cloud, son évolution reposera sur l'algèbre linéaire, les systèmes d'infrastructure vont changer et les GPU seront mis de côté alors qu'Apple ne s'est pas encore prononcé sur le sujet. | Prediction Cloud | ★★★ | |
 |
2024-01-08 20:58:49 | 6 prédictions de cybersécurité pour 2024 & # 8211;Rester en avance sur les derniers hacks et attaques 6 Cybersecurity Predictions for 2024 – Staying Ahead of the Latest Hacks and Attacks (lien direct) |
> 
AI et principales élections, Deepfakes et les Jeux olympiques - ils figurent tous en bonne place dans nos prévisions de cybersécurité pour 2024. que \\ 's ...
> 
AI and major elections, deepfakes and the Olympics - they all feature prominently in our cybersecurity predictions for 2024. That\'s...
|
Prediction | ★★★ | |
|
2024-01-08 12:40:00 | 2024 les grandes tendances de la cybersécurité (lien direct) | 2024 les grandes tendances de la cybersécurité - Points de Vue | Prediction | ★★★ | |
|
2024-01-08 00:00:00 | Trend Micro \\'s Bug Bounty Program ZDI 2023 Performance Trend Micro\\'s Bug Bounty Program ZDI 2023 Performance (lien direct) |
Trend Micro \'s Bog Bounty Program Initiative Zero Day 2023 Performance donne un aperçu du monde de la chasse aux menaces et de la prévention des risques de cyber-risque
Trend Micro\'s bug bounty program Zero Day Initiative 2023 performance gives a glimpse inside the world of threat-hunting and cyber risk prevention |
Threat Prediction | ★★★ | |
 |
2024-01-05 13:20:57 | Tendances et défis de la cybersécurité à surveiller en 2024 & # 8211;Semaine en sécurité avec Tony Anscombe Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe (lien direct) |
Quelles sont les principales tendances de la cybersécurité que les gens et les organisations devraient avoir sur leurs radars cette année?
What are some of the key cybersecurity trends that people and organizations should have on their radars this year? |
Prediction | ★★ | |
|
2024-01-05 06:00:31 | 2023 Année en revue: versions de contenu axées sur les menaces pour la sensibilisation à la sécurité 2023 Year in Review: Threat-Driven Content Releases for Security Awareness (lien direct) |
As a new year approaches, it is natural to reflect on recent accomplishments. At Proofpoint, we are reflecting on our work to deliver security awareness content and updated features in line with our ongoing goal to drive behavior change. Proofpoint Security Awareness integrates our rich threat intelligence, which means it taps into current and emerging attacks. Our threat analysts surface threat trends, such as artificial intelligence (AI)-enhanced vishing, malicious QR codes and remote IT support scams. And then we work quickly to release new training features and awareness material to ensure inform security administrators and educate employees about ever-evolving attacks. In 2023, our content releases focused on three areas: Delivering a threat-driven program Improving how security awareness administrators work Enhancing how people learn Let\'s review the past year and explore how Proofpoint used content releases to respond to the changing threat landscape. Image from AI Chatbot Threats training (play video). Quick turnaround for threat trends Proofpoint Security Awareness alerts customers to threats in two powerful ways-Threat Alerts and Attack Spotlights. It also continuously trains employees with threat-driven training modules. Threat Alerts These weekly releases focus on a specific and current ongoing attack. They explain what the threat is and who it might target. And they describe a specific lure, if applicable. Each alert is linked to activity that our threat analysts see happening in the wild. We recommend applicable training like simulated phishing and awareness material and include suggested email messaging. In 2023, we released Threat Alerts on: IRS-themed phishing lures for tax season (February, March, April) AI-enhanced vishing calls that impersonate loved ones (March) Malicious QR codes for credential phishing (May, August) Telephone-oriented attack delivery (TOAD) using a Geek Squad PDF lure (July, October) Charity donation scams around the Israel-Palestine crisis (October) Christmas party lures for credential phishing (November) Attack Spotlights These monthly releases cast a wider lens on attack types. They focus on a time-based or reoccurring threat that is expected to trend, typically related to holidays, travel seasons or shopping events. Each spotlight is released a month in advance with a campaign plan, awareness material and training modules, and is available in 12 core languages. In 2023, Proofpoint published these Attack Spotlight campaigns: Smishing with package delivery lures (February) Business email compromise (BEC) phishing with requests for quotations (RFQs) (April) LinkedIn phishing lures (May) Amazon phishing lures (June) Remote IT support scams (September) Gift card scams (December) Image from Attack Spotlight video (play video). Threat modules These training videos are relevant to the changing threat landscape. They are inspired by our threat intelligence and our team\'s threat landscape research. These micro-learning modules are grounded in learning science principles that are designed to drive behavior change. Each module has a concise and specific learning objective. The delivery of content is tailored to individual factors such as a person\'s role, learning style, vulnerability level and preferred language. In 2023, we covered these topics in our new threat training modules: Data loss protection AI chatbot threats Amazon phishing scams Cryptocurrency investment scams QR code dangers Multifactor authentication (MFA) Image from Threat Module video (play video). Staying ahead of generative AI attacks AI-powered systems are promoted as tools to help us work faster, and they are transforming businesses and industries. This wide-reaching access can create security risks from potential data breaches to concerns over user privacy. Your employees need to be aware of the limitations and risks of using AI-powered tools, especiall | Ransomware Tool Vulnerability Threat Studies Prediction Cloud | ★★★★ | |
|
2024-01-04 11:00:00 | VR et AR: risques de sécurité potentiels à préparer VR and AR: Potential security risks to be prepared for (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) and augmented reality (AR) technologies capture everyone’s imagination with use cases and an unlimited potential for future implementations. While these concepts have been around for decades, they continue to be buzzwords with a fascinating flavor of science fiction. The truth is that the VR and AR combination is close to mainstream adoption these days, with plenty of examples of successful projects creating ripples in ecommerce, entertainment, and many other industries. According to Statista, the global virtual reality and augmented reality market is worth $32.1 billion in 2023, and analysts predict it will exceed $58 billion by 2028. These appear to be conservative estimates, with another study forecasting growth up to a whopping $252 billion in the next four years. Whereas these technologies aren’t susceptible to major malicious exploitation at this point, their skyrocketing popularity might encourage threat actors to come up with viable attack vectors in the near future. This article highlights some of the current security and privacy concerns that stem from the rising adoption of VR and AR technologies. 1. Eye tracking Many people consider eye tracking in VR to be truly revolutionary. The logic of such a perspective is clear: this tech enhances the accuracy of virtual interaction and takes the user experience to a new level by helping interpret people’s emotions. It is also believed to give the security of VR systems a boost because eye scanning can refine biometric verification in the login workflows. As useful as it is, glance tracking could also expose users to hidden monitoring and other privacy risks. For example, VR game makers may be tempted to embed advertisements in their products, similar to how sponsored information is shown in mobile games. If this is the case, eye tracking would be a perfect instrument for advertisers to figure out which ads draw your attention and which ones you ignore. As per analysts’ findings, 95% of decisions to buy a product occur in the subconscious mind. By snooping on a user’s visual response, marketers may be able to derive conclusions regarding their preferences and dislikes. The flip side is that such a technology could potentially play into unscrupulous parties’ hands as a powerful surveillance instrument. 2. Blackmail and harassment Adult entertainment is one of the most popular areas of the virtual reality industry. According to a relevant study, the VR adult content market will see a staggering rise from $716 million in 2021 to $19 billion in 2026. Cybercriminals may try to cash in on this hype by engaging in what’s known as “sextortion”. The idea is to deceive users into thinking that the malefactors have some embarrassing evidence of their private pastimes and instruct them to send money in exchange for not disclosing this information. In some cases, the scammers may even include a valid password for one of the user’s web accounts so that the blackmail message appears true. Bear in mind that they obtained these authentication details from a large-scale data breach that occurred in the past. While these emails contain | Data Breach Hack Tool Threat Mobile Prediction | ★★★ | |
 |
2023-12-28 19:18:50 | Trend Analysis on Kimsuky Group\'s Attacks Using AppleSeed (lien direct) | #### Description
Le groupe de menaces Kimsuky, connu pour être soutenu par la Corée du Nord, est actif depuis 2013. Le groupe lance généralement des attaques de phishing de lance contre la défense nationale, les industries de la défense, les médias, la diplomatie, les organisations nationales et les secteurs académiques.
Leurs attaques visent à voler des informations internes et des technologies auprès des organisations.Alors que le groupe Kimsuky utilise généralement des attaques de phishing de lance pour un accès initial, la plupart de leurs attaques récentes impliquent l'utilisation de logiciels malveillants de type raccourci au format de fichier LNK.Bien que les logiciels malveillants LNK constituent une grande partie des attaques récentes, des cas utilisant des javascripts ou des documents malveillants continuent d'être détectés.Ces cas d'attaque qui utilisent des logiciels malveillants de type JavaScript impliquent généralement la distribution d'applications.En plus de JavaScript, des logiciels malwares de macro Excel sont également utilisés pour installer Appleseed.Appleseed est une porte dérobée qui peut recevoir les commandes de la menace acteur \\ du serveur C&C et exécuter les commandes reçues.L'acteur de menace peut utiliser Appleseed pour contrôler le système infecté.Il propose également des fonctionnalités telles qu'un téléchargeur qui installe des logiciels malveillants supplémentaires, Keylogging et prenant des captures d'écran, et en volant des informations en collectant des fichiers dans le système utilisateur et en les envoyant.Alphaseed est un logiciel malveillant développé dans Golang et prend en charge des fonctionnalités similaires à Appleseed telles que l'exécution des commandes et l'infostoritration.
#### URL de référence (s)
1. https://asec.ahnlab.com/en/60054/
#### Date de publication
27 décembre 2023
#### Auteurs)
Sanseo
#### Description The Kimsuky threat group, known to be supported by North Korea, has been active since 2013. The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim to steal internal information and technology from organizations. While the Kimsuky group typically uses spear phishing attacks for initial access, most of their recent attacks involve the use of shortcut-type malware in LNK file format. Although LNK malware comprise a large part of recent attacks, cases using JavaScripts or malicious documents are continuing to be detected. Such attack cases that use JavaScript-type malware usually involve the distribution of AppleSeed. In addition to JavaScript, Excel macro malware are also used to install AppleSeed. AppleSeed is a backdoor that can receive the threat actor\'s commands from the C&C server and execute the received commands. The threat actor can use AppleSeed to control the infected system. It also offers features such as a downloader that installs additional malware, keylogging and taking screenshots, and stealing information by collecting files from the user system and sending them. AlphaSeed is a malware developed in Golang and supports similar features to AppleSeed such as command execution and infostealing. #### Reference URL(s) 1. https://asec.ahnlab.com/en/60054/ #### Publication Date December 27, 2023 #### Author(s) Sanseo |
Malware Threat Prediction | APT 43 | ★★★ |
|
2023-12-28 18:30:00 | Les violations des données d'attaque d'identification prévues pour augmenter en 2024 Impersonation Attack Data Breaches Predicted to Increase in 2024 (lien direct) |
avec une grande partie d'une attaque sur une capacité de cybercriminels à accéder aux systèmes, aux applications et aux données, les experts prédisent que la tendance à l'augmentation de l'identité ne fera qu'empirer.
With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse. |
Prediction | ★★★ | |
 |
2023-12-28 15:10:18 | Bern aveugle d'Excel \\: le déploiement stratégique de l'agent Tesla Malware par les cyberattaques Excel\\'s Blind Spot: The Strategic Deployment of Agent Tesla Malware by Cyberattackers (lien direct) |
Dans le paysage en constante évolution des cyber-menaces, une tendance notable est apparue: l'exploitation de ...
In the ever-evolving landscape of cyber threats, a notable trend has emerged: the exploitation of... |
Malware Prediction | ★★★ | |
 |
2023-12-28 05:17:46 | Analyse des tendances sur les attaques de Kimsuky Group \\ en utilisant Appleseed Trend Analysis on Kimsuky Group\\'s Attacks Using AppleSeed (lien direct) |
connu pour être soutenu par la Corée du Nord, le groupe de menaces Kimsuky est actif depuis 2013. Au début,Ils ont attaqué les instituts de recherche liés à la Corée du Nord en Corée du Sud avant d'attaquer une société sud-coréenne de l'énergie en 2014. Depuis 2017, des attaques ciblant des pays autres que la Corée du Sud ont également été observées.[1] Le groupe lance généralement des attaques de phishing de lance contre la défense nationale, les industries de la défense, les médias, la diplomatie, les organisations nationales et les secteurs universitaires.Leurs attaques visent à voler des informations internes et des technologies auprès des organisations.[2] tandis que ...
Known to be supported by North Korea, the Kimsuky threat group has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Since 2017, attacks targeting countries other than South Korea have also been observed. [1] The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim to steal internal information and technology from organizations. [2] While... |
Threat Prediction | ★★★ | |
|
2023-12-27 11:00:00 | Cybersécurité post-pandémique: leçons de la crise mondiale de la santé Post-pandemic Cybersecurity: Lessons from the global health crisis (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Beyond ‘just’ causing mayhem in the outside world, the pandemic also led to a serious and worrying rise in cybersecurity breaches. In 2020 and 2021, businesses saw a whopping 50% increase in the amount of attempted breaches. The transition to remote work, outdated healthcare organization technology, the adoption of AI bots in the workplace, and the presence of general uncertainty and fear led to new opportunities for bad actors seeking to exploit and benefit from this global health crisis. In this article, we will take a look at how all of this impacts the state of cybersecurity in the current post-pandemic era, and what conclusions can be drawn. New world, new vulnerabilities Worldwide lockdowns led to a rise in remote work opportunities, which was a necessary adjustment to allow employees to continue to earn a living. However, the sudden shift to the work-from-home format also caused a number of challenges and confusion for businesses and remote employees alike. The average person didn’t have the IT department a couple of feet away, so they were forced to fend for themselves. Whether it was deciding whether to use a VPN or not, was that email really a phishing one, or even just plain software updates, everybody had their hands full. With employers busy with training programs, threat actors began intensifying their ransomware-related efforts, resulting in a plethora of high-profile incidents in the last couple of years. A double-edged digital sword If the pandemic did one thing, it’s making us more reliant on both software and digital currencies. You already know where we’re going with this—it’s fertile ground for cybercrime. Everyone from the Costa Rican government to Nvidia got hit. With the dominance of Bitcoin as a payment method in ransoming, tracking down perpetrators is infinitely more difficult than it used to be. The old adage holds more true than ever - an ounce of prevention is worth a pound of cure. To make matters worse, amongst all that chaos, organizations also had to pivot away from vulnerable, mainstream software solutions. Even if it’s just choosing a new image editor or integrating a PDF SDK, it’s an increasing burden for businesses that are already trying to modernize or simply maintain. Actors strike where we’re most vulnerable Healthcare organizations became more important than ever during the global coronavirus pandemic. But this time also saw unprecedented amounts of cybersecurity incidents take place as bad actors exploited outdated cybersecurity measures. The influx of sudden need caused many overburdened healthcare organizations to lose track of key cybersecurity protocols that could help shore up gaps in the existing protective measures. The United States healthcare industry saw a 25% spike in successful data breaches during the pandemic, which resulted in millions of dollars of damages and the loss of privacy for thousands of patients whose data was compromis | Data Breach Vulnerability Threat Studies Prediction | ChatGPT | ★★ |
 |
2023-12-27 00:00:07 | 2023 Rapport d'impact commercial: petites entreprises et cyberattaques 2023 Business Impact Report: Small Businesses and Cyberattacks (lien direct) |
Nous vivons dans un monde très numérisé, et les petites entreprises et les solopreneurs sont devenus des cibles privilégiées pour les cybercriminels.Le rapport d'impact commercial de 2023, réalisé par le Centre de ressources de vol d'identité (ITRC), met en lumière une tendance préoccupante: une forte augmentation des cyberattaques sur ces petites entités.Ce rapport annuel révèle que 73% des propriétaires de petites entreprises et des dirigeants ont connu des violations de données ou des cyberattaques au cours de la dernière année, une augmentation significative.Résultats clés Le rapport sur l'impact commercial de 2023 dépeint un tableau qui donne à réfléchir le paysage en évolution de la cybersécurité pour les petites entreprises.Au dessus de...
We live in a highly digitized world, and small businesses and solopreneurs have become prime targets for cybercriminals. The 2023 Business Impact Report , conducted by the Identity Theft Resource Center (ITRC), sheds light on a concerning trend: a sharp rise in cyberattacks on these smaller entities. This annual report reveals that 73% of small business owners and leaders experienced data breaches or cyberattacks in the past year, a significant increase. Key Findings The 2023 Business Impact Report paints a sobering picture of the evolving cybersecurity landscape for small businesses. Over the... |
Studies Prediction | ★★★ | |
 |
2023-12-22 13:18:54 | La menace croissante des attaques de phishing avec des draineur cryptographique The Rising Threat of Phishing Attacks with Crypto Drainers (lien direct) |
> Par Oded Vanunu, Dikla Barda, Roman Zaikin Démasking Tactics Tactics: & # 160; Une enquête récente de Check Point Research expose unTendance troublante dans le paysage des crypto-monnaies.La communauté des crypto-monnaies a assisté à une augmentation alarmante des attaques de phishing sophistiquées.Ces menaces sont uniques dans leur approche, ciblant un large éventail de réseaux de blockchain, d'Ethereum et Binance [& # 8230;]
>By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks. These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance […] |
Threat Prediction | ★★ | |
|
2023-12-21 17:00:01 | Tendances cybercriminalité, course à l\'IA, NIS2 & CRA, JO, cyberguerre : ce qui nous attend en 2024 (lien direct) | Tendances cybercriminalité, course à l'IA, NIS2 & CRA, JO, cyberguerre : ce qui nous attend en 2024 - Points de Vue | Prediction | ★★★ | |
 |
2023-12-21 16:30:00 | Battleroyal Cluster signaux Darkgate Surge BattleRoyal Cluster Signals DarkGate Surge (lien direct) |
Proofpoint a déclaré que l'utilisation de la cluster de plusieurs chaînes d'attaque met en évidence une nouvelle tendance parmi les cybercriminels
Proofpoint said the cluster\'s use of multiple attack chains highlights a new trend among cybercriminals |
Prediction | ★★ | |
 |
2023-12-21 14:00:00 | 2024 DevOps Prédictions de l'équipe de défenseurs du développeur de sonar 2024 DevOps Predictions from the Sonar Developer Advocate Team (lien direct) |
L'équipe des développeurs Advocate partage ses prédictions sur ce qu'ils prévoient pour les tendances DevOps et les sujets chauds en 2024.
The Developer Advocate team shares their predictions on what they foresee for DevOps trends and hot topics in 2024. |
Prediction | ★★★ | |
|
2023-12-21 13:33:30 | ESET, quelles sont les tendances et prédictions 2024 en termes de cybersécurité ? (lien direct) | ESET, quelles sont les tendances et prédictions 2024 en termes de cybersécurité ? - Points de Vue | Prediction | ★★★ | |
|
2023-12-21 13:18:30 | Bitwarden 2024 Prédictions de cybersécurité Bitwarden 2024 cybersecurity predictions (lien direct) |
2024 Prédictions de cybersécurité par Bitwarden, le gestionnaire d'identification open source.
-
opinion
2024 Cybersecurity Predictions by Bitwarden, the open source credential manager. - Opinion |
Prediction | ★★★ | |
 |
2023-12-21 10:50:55 | Cybersécurité 2023-2024 : Rétrospective édifiante et des prédictions 2024 pas au top (lien direct) | 2023 a été une année marquée par une augmentation sans précédent des incidents de cybersécurité, soulignant l'importance cruciale de la vigilance numérique. Des attaques malveillantes sophistiquées ont façonné l'année, nous rappelant que la sécurité numérique est une nécessité constante dans notre m... | Prediction | ★★★ | |
|
2023-12-21 05:00:25 | Battleroyal, le cluster Darkgate se propage par e-mail et les fausses mises à jour du navigateur BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (lien direct) |
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates. Proofpoint researchers are tracking a particularly interesting operator of the DarkGate malware. At the time of publication, researchers are not attributing this cluster of activity to a known threat actor and are temporarily calling it BattleRoyal. Between September and November 2023, at least 20 email campaigns used DarkGate malware with GroupIDs “PLEX”, “ADS5”, “user_871236672” and “usr_871663321”. The GroupID is a configuration setting that is also referred to as username, botnet, campaign, or flag 23. The campaigns are notable for: Delivery: via email and RogueRaticate fake browser updates Volumes and geography: email campaigns include tens of thousands of emails targeting dozens of industries primarily in USA and Canada Attack chain: includes a variety of notable tools such as 404 TDS, Keitaro TDS, and .URL files exploiting CVE-2023-36025 Volume of DarkGate campaigns based on four GroupIDs discussed in this report. TDS all the things! (an email campaign example) On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Additionally, the .URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. While other parts of the attack chain from this actor changed or varied, .URL files were involved in every campaign. The emails in this campaign contained: 404 TDS URLs that, if clicked by the user, redirected to Keitaro TDS Keitaro TDS was observed serving an internet shortcut (.URL) file The internet shortcut, if double clicked, downloaded a zipped VBS script The VBS in turn downloaded and executed several shell commands (cmd.exe) The shell commands (a) created a directory on C: drive, (b) copied curl.exe from system folder to this new directory, (c) used the curl to download Autoit3.exe, (d) used curl to download and save an AutoIT script, and (e) ran the downloaded AutoIT script with the downloaded AutoIT interpreter The AutoIT script ran an embedded DarkGate Attack chain summary that follows the flow of: Email > 404 TDS > Keitaro TDS > .URL > .VBS > Shell commands > AutoIT / AutoIT script > DarkGate. Screenshot of an example email from October 2 campaign. Screenshot of the .URL file involved in the October 2 campaign. Proofpoint has identified multiple cybercriminal campaigns exploiting CVE-2023-36025; however, the BattleRoyal cluster exploited this vulnerability more than any other actor observed in Proofpoint threat data. Notably, this activity cluster exploited CVE-2023-36025 before it was published by Microsoft. SmartScreen is a security feature that is designed to prevent people from visiting malicious websites. The vulnerability could allow an actor to bypass the SmartScreen defenses if a user clicked on a specially crafted .URL file or a hyperlink pointing to a .URL file. More specifically, a SmartScreen alert would not be triggered when a .URL points to a SMB or WebDav share as file:// and the malicious payload is inside a ZIP file which is specified in the URL target. RogueRaticate (fake browser update campaign example) On October 19, 2023, an external researcher identified and publicly shared details of the RogueRaticate fake update activity cluster using an interesting obfuscation technique first identified in 2020. Proofpoint subsequently identified the activity in Proofpoint data. This campaign delivered fake browser update requests to end users on their web browsers that dropped a DarkGate payload with the “ADS5” GroupID. The threat actor injected a request to a domain they controlled that used .css steganography to conceal the malicious c | Malware Tool Vulnerability Threat Prediction | ★★ | |
 |
2023-12-21 00:00:00 | 2024 Prévisions du paysage cyber-menace 2024 Cyber Threat Landscape Forecast (lien direct) |
Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates. Proofpoint researchers are tracking a particularly interesting operator of the DarkGate malware. At the time of publication, researchers are not attributing this cluster of activity to a known threat actor and are temporarily calling it BattleRoyal. Between September and November 2023, at least 20 email campaigns used DarkGate malware with GroupIDs “PLEX”, “ADS5”, “user_871236672” and “usr_871663321”. The GroupID is a configuration setting that is also referred to as username, botnet, campaign, or flag 23. The campaigns are notable for: Delivery: via email and RogueRaticate fake browser updates Volumes and geography: email campaigns include tens of thousands of emails targeting dozens of industries primarily in USA and Canada Attack chain: includes a variety of notable tools such as 404 TDS, Keitaro TDS, and .URL files exploiting CVE-2023-36025 Volume of DarkGate campaigns based on four GroupIDs discussed in this report. TDS all the things! (an email campaign example) On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Additionally, the .URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. While other parts of the attack chain from this actor changed or varied, .URL files were involved in every campaign. The emails in this campaign contained: 404 TDS URLs that, if clicked by the user, redirected to Keitaro TDS Keitaro TDS was observed serving an internet shortcut (.URL) file The internet shortcut, if double clicked, downloaded a zipped VBS script The VBS in turn downloaded and executed several shell commands (cmd.exe) The shell commands (a) created a directory on C: drive, (b) copied curl.exe from system folder to this new directory, (c) used the curl to download Autoit3.exe, (d) used curl to download and save an AutoIT script, and (e) ran the downloaded AutoIT script with the downloaded AutoIT interpreter The AutoIT script ran an embedded DarkGate Attack chain summary that follows the flow of: Email > 404 TDS > Keitaro TDS > .URL > .VBS > Shell commands > AutoIT / AutoIT script > DarkGate. Screenshot of an example email from October 2 campaign. Screenshot of the .URL file involved in the October 2 campaign. Proofpoint has identified multiple cybercriminal campaigns exploiting CVE-2023-36025; however, the BattleRoyal cluster exploited this vulnerability more than any other actor observed in Proofpoint threat data. Notably, this activity cluster exploited CVE-2023-36025 before it was published by Microsoft. SmartScreen is a security feature that is designed to prevent people from visiting malicious websites. The vulnerability could allow an actor to bypass the SmartScreen defenses if a user clicked on a specially crafted .URL file or a hyperlink pointing to a .URL file. More specifically, a SmartScreen alert would not be triggered when a .URL points to a SMB or WebDav share as file:// and the malicious payload is inside a ZIP file which is specified in the URL target. RogueRaticate (fake browser update campaign example) On October 19, 2023, an external researcher identified and publicly shared details of the RogueRaticate fake update activity cluster using an interesting obfuscation technique first identified in 2020. Proofpoint subsequently identified the activity in Proofpoint data. This campaign delivered fake browser update requests to end users on their web browsers that dropped a DarkGate payload with the “ADS5” GroupID. The threat actor injected a request to a domain they controlled that used .css steganography to conceal the malicious c | Threat Prediction | ★★★ |
To see everything:
Our RSS (filtrered)
