What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-14 15:00:00 | La violation de données de l'agence d'emploi française pourrait affecter 43 millions de personnes French Employment Agency Data Breach Could Affect 43 Million People (lien direct) |
L'agence d'emploi de la France a subi une violation massive, exposant les données des utilisateurs qui se sont inscrits au cours des 20 dernières années
France\'s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years |
Data Breach | APT 19 | ★★★ |
 |
2020-09-29 14:00:00 | Weekly Threat Briefing: Federal Agency Breach, Exploits, Malware, and Spyware (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cyber Espionage, FinSpy, Magento, Taurus Project and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
German-made FinSpy Spyware Found in Egypt, and Mac and Linux Versions Revealed
(published: September 25, 2020)
Security Researchers from Amnesty International have identified new variants of FinSpy, spyware that can access private data and record audio/video. While used as a law enforcement tool, authoritarian governments have been using FinSpy to spy on activists and dissidents. Spreading through fake Flash Player updates, the malware is installed as root with use of exploits, and persistence is gained by creating a logind.pslist file. Once a system is infected with the malware, it has the ability to run shell scripts, record audio, keylogging, view network information, and list files. Samples have been found of FinSpy for macOS, Windows, Android, and Linux.
Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from threat actors, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
MITRE ATT&CK: [MITRE ATT&CK] Logon Scripts - T1037 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071
Tags: Amnesty, Android, Backdoor, Linux, macOS, FinSpy, Spyware
Magento Credit Card Stealing Malware: gstaticapi
(published: September 25, 2020)
Security researchers, at Sucuri, have identified a malicious script, dubbed “gstaticapi,” that is designed to steal payment information from Magento-based websites. The script first attempts to find the “checkout” string in a web browser URL and, if found, will create an element to the web pages header. This allows the JavaScript to handle external code-loading capabilities that are used to process the theft of billing and payment card information.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
MITRE ATT&CK: [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Data Encoding - T1132
T |
Data Breach Malware Vulnerability Threat | APT 19 | ★★★★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
