What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-06 20:46:03 | Nouveau Flaw Emailgpt met les données utilisateur en danger: supprimez l'extension maintenant New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW (lien direct) |
Synopsys met en garde contre un nouveau hack d'injection rapide impliquant une vulnérabilité de sécurité dans EmailGpt, un e-mail populaire de l'IA & # 8230;
Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI email… |
Hack Vulnerability | APT 42 | ★★ |
 |
2024-04-25 10:00:00 | Pole Voûte: cyber-menaces aux élections mondiales Poll Vaulting: Cyber Threats to Global Elections (lien direct) |
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts. When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure. Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity. Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture. The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence. |
Ransomware Malware Hack Tool Vulnerability Threat Legislation Cloud Technical | APT 40 APT 29 APT 28 APT 43 APT 31 APT 42 | ★★★ |
 |
2023-04-04 13:00:00 | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist (lien direct) |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
Ransomware Malware Hack Threat | ChatGPT ChatGPT APT 43 | ★★ |
 |
2022-11-01 15:00:00 | Anomali Cyber Watch: Active Probing Revealed ShadowPad C2s, Fodcha Hides Behind Obscure TLDs, Awaiting OpenSSL 3.0 Patch, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, DDoS, OpenSSL, Ransomware, Russia, Spyware, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
(published: October 27, 2022)
ShadowPad is a custom, modular malware in use by multiple China-sponsored groups since 2015. VMware researchers analyzed the command-and-control (C2) protocol in recent ShadowPad samples. They uncovered decoding routines and protocol/port combinations such as HTTP/80, HTTP/443, TCP/443, UDP/53, and UDP/443. Active probing revealed 83 likely ShadowPad C2 servers (during September 2021 to September 2022). Additional samples communicating with this infrastructure included Spyder (used by APT41) and ReverseWindow (used by the LuoYu group).
Analyst Comment: Researchers can use reverse engineering and active probing to map malicious C2 infrastructure. At the same time, the ShadowPad malware changes the immediate values used in the packet encoding per variant, so finding new samples is crucial for this monitoring.
MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] Ingress Tool Transfer - T1105
Tags: detection:ShadowPad, C2, APT, China, source-country:CN, actor:APT41, actor:LuoYu, detection:Spyder, detection:ReverseWindow, TCP, HTTP, HTTPS, UDP
Raspberry Robin Worm Part of Larger Ecosystem Facilitating Pre-Ransomware Activity
(published: October 27, 2022)
The Raspberry Robin USB-drive-targeting worm is an increasingly popular infection and delivery method. Raspberry Robin works as a three-file infection: Raspberry Robin LNK file on an USB drive, Raspberry Robin DLL (aka Roshtyak) backdoor, and a heavily-obfuscated .NET DLL that writes LNKs to USB drives. Microsoft researchers analyzed several infection chains likely centered around threat group EvilCorp (aka DEV-0206/DEV-0243). Besides being the initial infection vector, Raspberry Robin was seen delivered by the Fauppod malware, which shares certain code similarities both with Raspberry Robin and with EvilCorp’s Dridex malware. Fauppod/Raspberry Robin infections were followed by additional malware (Bumblebee, Cobalt Strike, IcedID, TrueBot), and eventually led to a ransomware infection (LockBit, Clop).
Analyst Comment: Organizations are advised against enabling Autorun of removable media on Windows by default, as it allows automated activation of an inserted, Raspberry Robin-infected USB drive. Apply best practices related to credential hygiene, network segmentation, and attack surface reduction.
MITRE ATT&CK: [MITRE ATT&CK] Replicat |
Ransomware Malware Hack Tool Vulnerability Threat Guideline | APT 41 | |
 |
2022-03-09 21:10:20 | APT41 Spies Broke Into 6 US State Networks via a Livestock App (lien direct) | The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. | Hack Threat | APT 41 |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
