SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-04-26 19:12:08	Todckat APT Group Honne les tactiques d'expiltration des données, exploite les outils légitimes ToddyCat APT Group Hones Data Exfiltration Tactics, Exploits Legitimate Tools (lien direct)	#### Targeted Geolocations - Oceania - Southeast Asia - South Asia - East Asia - Central Asia #### Targeted Industries - Government Agencies & Services - Defense ## Snapshot Kaspersky reports the APT group ToddyCat has been observed targeting governmental organizations, particularly defense-related ones in the Asia-Pacific region, with the goal of stealing sensitive information on an industrial scale. ## Description They employ various tools and techniques, including traffic tunneling and the creation of reverse SSH tunnels, to maintain constant access to compromised infrastructure. The attackers utilize disguised OpenSSH private key files, execute scripts to modify folder permissions, create SSH tunnels to redirect network traffic, and employ the SoftEther VPN package to potentially facilitate unauthorized access and data exfiltration. Additionally, they use various files and techniques, such as concealing file purposes, copying files through shared resources, and tunneling to legitimate cloud providers, to gain access to victim hosts and evade detection. The threat actors initially gain access to systems by installing servers, modifying server settings, and utilizing tools like Ngrok and Krong to redirect C2 traffic and create tunnels for unauthorized access. They also employ the FRP client, a data collection tool named "cuthead", and a tool called "WAExp" to search for and collect browser local storage files containing data from the web version of WhatsApp. The attackers demonstrate a sophisticated and evolving approach to data collection and exfiltration, utilizing multiple tools and techniques to achieve their objectives. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magicti_ta_learndoc) to check attachments to inbound email. - Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enforce MFA on all accounts, remove users excluded from MFA, and strictly [require MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?ocid=magicti_ta_learndoc) from all devices, in all locations, at all times. - Enable passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA. [Refer to this article](https://learn.microsoft.com/azure/active-directory/authentic	Ransomware Spam Malware Tool Threat Industrial Cloud
	2024-04-26 13:59:31	Dragos rapporte que la baisse des attaques de ransomwares contre le secteur industriel au milieu des mesures d'application de la loi Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures (lien direct)	> La société de cybersécurité industrielle Dragos a identifié que les pirates ont ciblé des équipements de systèmes de contrôle industriel (ICS), avec l'ingénierie ... >Industrial cybersecurity firm Dragos has identified that hackers have targeted industrial control systems (ICS) equipment, with the engineering...	Ransomware Legislation Industrial
	2024-04-26 07:20:28	Le navigateur Cref de Mitre \\ s'aligne sur le CMMC de DOD \\ pour stimuler la cyber-résilience dans la base industrielle de la défense MITRE\\'s CREF Navigator aligns with DoD\\'s CMMC to boost cyber resilience in defense industrial base (lien direct)	Organisation à but non lucratif Mitre a annoncé jeudi que son navigateur d'ingénierie de cyber-résilience (CREF) s'aligne avec le département américain ... Non-profit organization MITRE announced Thursday that its Cyber Resiliency Engineering Framework (CREF) Navigator aligns with the U.S. Department...	Industrial
	2024-04-25 13:00:00	Analyse des ransomwares industriels de Dragos: T1 2024 Dragos Industrial Ransomware Analysis: Q1 2024 (lien direct)	> Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post Dragos Industrial Ransomware Analysis: T1 2024 = "https://www.dragos.com"> dragos . >Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q1 2024 first appeared on Dragos.	Ransomware Threat Industrial		★★★
	2024-04-25 08:21:16	Le rapport de ForeScout met en garde contre les risques de sécurité croissants pour les infrastructures critiques à mesure que les données exposées OT / ICS dégénèrent Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates (lien direct)	Les chercheurs du bras de recherche de ForeStcout \\, Vedere Labs, ont fait l'alarme sur les menaces de sécurité ignorées pour exposer la critique ... Researchers from Forescout\'s research arm, Vedere Labs, have raised an alarm about ignored security threats to exposed critical...	Industrial		★★
	2024-04-24 20:59:50	Critical Start introduit la cybersécurité pour ... Critical Start Introduces Cybersecurity for... (lien direct)	Critical Start introduit la cybersécurité pour la technologie opérationnelle (OT) avec le lancement à venir du service MDR sur mesure - revues de produits Critical Start Introduces Cybersecurity for Operational Technology (OT) with Upcoming Launch of Tailored MDR Service - Product Reviews	Industrial		★★
	2024-04-24 17:43:06	La Commission européenne fait & euro; 112 millions d'investissement dans l'IA, recherche quantique dans le programme Horizon Europe European Commission makes €112 million investment in AI, quantum research under Horizon Europe program (lien direct)	> La Commission européenne a lancé des appels à des propositions au sein de Horizon Europe & # 8217; s 2023-2024 Programme de travail numérique, industriel et spatial, se concentrant ... >The European Commission initiated calls for proposals within Horizon Europe’s 2023-2024 digital, industrial, and space work program, focusing...	Industrial		★★★
	2024-04-24 14:00:00	2023: a \\ 'bonne \\' année pour les cyberattaques OT 2023: A \\'Good\\' Year for OT Cyberattacks (lien direct)	Les attaques ont augmenté de "seulement" 19% l'année dernière.Mais ce nombre devrait augmenter de manière significative. Attacks increased by "only" 19% last year. But that number is expected to grow significently.	Industrial		★★★
	2024-04-24 13:29:58	ADM21 et Vecow lancent ECS-4700, Box PC compact robuste de qualité marine (lien direct)	Vecow a annoncé le lancement du ECS-4700, système compact innovant et robuste, conçu pour des applications d'IA dans des environnements difficiles. Conçu sur la base de processeurs I5/I7 de 13ème génération, ce modèle certifié EN60945 offre des performances exceptionnelles, prévues pour des environnements difficiles et réduits comme la Marine, la vision industrielle, le NVR mobile et autres applications Edge AI. L'ECS-4700 étend la gamme de BOX PC embarqués, ultra-compacts de Vecow avec des E/S (...) - Produits	Mobile Industrial		★★
	2024-04-23 18:02:10	Le conseil d'atténuation des risques acquiert un tiricon, stimulant les offres de cybersécurité et d'assurance de mission Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings (lien direct)	> Consulting d'atténuation des risques (RMC), un fournisseur de gestion des risques et de solutions de cybersécurité industrielle pour les infrastructures critiques et critique ... >Risk Mitigation Consulting (RMC), a provider of risk management and industrial cybersecurity solutions for critical infrastructure and critical...	Industrial		★★
	2024-04-23 15:34:20	Vol de données \\ 'sur une échelle industrielle \\' est l'objectif du groupe en Asie-Pacifique Data theft \\'on an industrial scale\\' is group\\'s goal in Asia-Pacific (lien direct)	> Consulting d'atténuation des risques (RMC), un fournisseur de gestion des risques et de solutions de cybersécurité industrielle pour les infrastructures critiques et critique ... >Risk Mitigation Consulting (RMC), a provider of risk management and industrial cybersecurity solutions for critical infrastructure and critical...	Industrial		★★★
	2024-04-23 08:54:08	Le nouveau rapport CGCYBER met en garde contre les risques de cybersécurité dans le milieu marin en raison des systèmes OT connectés au réseau New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems (lien direct)	> Le Cyber Command (CGCyber) de la Garde côtière américaine a annoncé lundi que l'OT (technologie opérationnelle) connecté au réseau introduit des vulnérabilités potentielles ... >The U.S. Coast Guard Cyber Command (CGCYBER) announced on Monday that network-connected OT (operational technology) introduces potential vulnerabilities...	Vulnerability Industrial		★★★★
	2024-04-22 20:41:00	Le groupe de pirates russes Toddycat utilise des outils avancés pour le vol de données à l'échelle industrielle Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft (lien direct)	L'acteur de menace & nbsp; connu sous le nom de & nbsp; toddycat & nbsp; a & nbsp; a été observé & nbsp; en utilisant un large éventail d'outils pour conserver l'accès à des environnements compromis et voler des données précieuses. La société russe de cybersécurité Kaspersky a caractérisé l'adversaire comme s'appuyant sur divers programmes pour récolter des données sur une "échelle industrielle" des organisations gouvernementales principalement, certaines d'entre elles liées à la défense, située dans The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in	Tool Threat Industrial		★★★
	2024-04-22 15:00:00	Zero Trust a-t-il raison pour l'OT, en ce moment? Is Zero Trust Right for OT, Right Now? (lien direct)	Découvrez comment les organisations OT peuvent passer d'un modèle de confiance implicite hérité à un modèle de frust en zéro de manière transparente à travers et dans les infrastructures critiques. Find out how OT organizations can shift from a legacy implied trust model to a zero-trust model seamlessly across and within critical infrastructures.	Industrial		★★★
	2024-04-22 12:30:29	DC3, DCSA collabore pour lancer le programme de divulgation de vulnérabilité pour la base industrielle de la défense DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base (lien direct)	> Le Département américain de la Défense (DOD) Cyber Crime Center (DC3) et l'agence de contre-espionnage et de sécurité de la défense (DCSA) annoncent ... >The U.S. Department of Defense (DoD) Cyber Crime Center (DC3) and Defense Counterintelligence and Security Agency (DCSA) announce...	Vulnerability Industrial		★★
	2024-04-22 12:24:32	Cascade, 2TS entrent dans la cybersécurité Alliance pour le marché africain Waterfall, 2TS enter into cybersecurity alliance for African market (lien direct)	> Waterfall Security Solutions et Thuthukani Technology Solutions (2TS) ont annoncé un partenariat qui aidera à sécuriser les réseaux OT à travers ... >Waterfall Security Solutions and Thuthukani Technology Solutions (2TS) announced a partnership that will help secure OT networks across...	Industrial		★★
	2024-04-22 10:55:30	Le rapport sur les menaces USB de Honeywell 2024 révèle une augmentation significative de la fréquence des logiciels malveillants, mettant en évidence les préoccupations croissantes Honeywell\\'s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns (lien direct)	Un nouveau rapport de l'équipe de Honeywell \'s GARD (Global Analysis, Research and Defence) a révélé que la fréquence globale des logiciels malveillants se poursuit ... A new report from Honeywell\'s GARD (Global Analysis, Research, and Defense) team disclosed that overall malware frequency continues...	Data Breach Malware Threat Industrial		★★★
	2024-04-21 05:44:44	Améliorer la cybersécurité industrielle en s'attaquant aux menaces, en respectant les réglementations, en stimulant la résilience opérationnelle Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience (lien direct)	> Les organisations de l'espace de cybersécurité industrielle traitent constamment des défis, notamment les violations de logiciels, les vulnérabilités matérielles, la chaîne d'approvisionnement ... >Organizations across the industrial cybersecurity space are constantly dealing with challenges including software breaches, hardware vulnerabilities, supply chain...	Vulnerability Industrial		★★
	2024-04-19 15:51:17	Radiflow, partenaire de réseaux exclusifs pour élever la cybersécurité OT Radiflow, Exclusive Networks partner to elevate OT cybersecurity (lien direct)	> Exclusive Networks, un fournisseur mondial de cybersécurité spécialisé dans l'infrastructure numérique, a récemment dévoilé un nouveau partenariat de distribution avec ... >Exclusive Networks, a global cybersecurity provider specializing in digital infrastructure, has recently unveiled a new distribution partnership with...	Industrial		★★★
	2024-04-19 14:09:19	Mitre prévoit d'améliorer la cybersécurité en 2024 avec des sous-technologies ICS et l'intégration multi-domaines MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration (lien direct)	Organisation à but non lucratif, Mitre a souligné jeudi que ses objectifs d'attr & # 38; CK 2024 sont de renforcer la convivialité et d'améliorer la réalisation ... Non-profit organization MITRE outlined Thursday that its ATT&CK 2024 goals are to bolster broader usability and enhance actionable...	Industrial		★★★
	2024-04-19 14:03:45	Nouveau projet de loi présenté pour mettre en place l'organisation des risques d'eau et de la résilience pour sécuriser les systèmes d'eau des cyber-menaces New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats (lien direct)	Deux membres du Congrès américain ont présenté un projet de loi visant à protéger les systèmes d'eau des cyber-menaces.La législation proposée ... Two U.S. Congressmen have introduced a bill aimed at safeguarding water systems from cyber threats. The proposed legislation...	Legislation Industrial		★★★
	2024-04-18 20:25:50	Les contrôleurs de réseau ICS ouverts à l'exploit à distance, aucun correctif disponible ICS Network Controllers Open to Remote Exploit, No Patches Available (lien direct)	CISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits. CISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits.	Threat Industrial		★★★
	2024-04-18 08:59:48	(Déjà vu) Hexagon et Dragos dévoilent le partenariat stratégique Hexagon and Dragos unveil strategic partnership (lien direct)	Hexagon et Dragos dévoilent le partenariat stratégique pour renforcer la cybersécurité industrielle - nouvelles commerciales Hexagon and Dragos unveil strategic partnership to strengthen industrial cybersecurity - Business News	Industrial		★★
	2024-04-18 07:19:06	Radiflow s'associe à des réseaux exclusifs Radiflow Partners with Exclusive Networks (lien direct)	Radiflow s'associe à des réseaux exclusifs pour élever la cybersécurité OT avec les solutions de cybersécurité et de gestion des risques de Radiflow \\ pour les environnements OT, Réseaux exclusifs L'Italie étend sa gamme de technologies pour protéger les entreprises \\ ' Sites de production - nouvelles commerciales Radiflow Partners with Exclusive Networks to Elevate OT Cybersecurity With Radiflow\'s cybersecurity and risk management solutions for OT environments, Exclusive Networks Italy expands its range of technologies to protect companies\' production sites - Business News	Industrial		★★
	2024-04-17 20:31:30	Dangereux ICS Maleware cible les organisations en Russie et en Ukraine Dangerous ICS Malware Targets Orgs in Russia and Ukraine (lien direct)	"Kapeka" et "Fuxnext" sont les derniers exemples de logiciels malveillants à émerger du conflit de longue date entre les deux pays. "Kapeka" and "Fuxnext" are the latest examples of malware to emerge from the long-standing conflict between the two countries.	Malware Industrial		★★★★
	2024-04-17 16:25:58	Paysage cyber-menace pour le secteur américain de l'eau et des eaux usées OT Cyber Threat Landscape for the U.S. Water & Wastewater Sector (lien direct)	> Dragos OT Cyber Threat Intelligence Les chasseurs et les analystes d'adversaire effectuent des recherches sur les opérations adversaires et leurs tactiques, techniques et procédures ... Le post OT Cyber Threat Landscape pour l'US Water &Le secteur des eaux usées est apparu pour la première fois sur dragos . >Dragos OT Cyber Threat Intelligence adversary hunters and analysts conduct research on adversary operations and their tactics, techniques, and procedures... The post OT Cyber Threat Landscape for the U.S. Water & Wastewater Sector first appeared on Dragos.	Threat Industrial		★★
	2024-04-17 12:52:50	Hexagon et Dragos annoncent une alliance technique pour stimuler la cybersécurité industrielle, réduire le cyber-risque global Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk (lien direct)	dragos et hexagon ont uni leurs forces pour fournir aux organisations industrielles une visibilité et un contexte complet de l'ICS / OT ... Dragos and Hexagon have joined forces to provide industrial organizations with the comprehensive visibility and context of ICS/OT...	Industrial Technical		★★
	2024-04-17 10:24:14	Acheteurs de la cybersécurité industrielle \\ 'Guide 2024 Navigue du paysage industriel complexe Industrial Cybersecurity Buyers\\' Guide 2024 navigates complex industrial landscape (lien direct)	> La sixième édition annuelle de la technologie de cybersécurité industrielle, des solutions et des acheteurs de services \\ 'Guide 2024 a été publié ... >The sixth annual edition of the Industrial Cybersecurity Technology, Solutions, and Services Buyers\' Guide 2024 has been published...	Industrial		★★
	2024-04-15 13:47:34	Kaspersky ICS CERT rapporte sur l'escalade des conséquences des cyberattaques contre les organisations industrielles Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations (lien direct)	Les nouvelles données publiées par les chercheurs de l'équipe Kaspersky ICS CERT fournissent des détails sur les attaques cybercriminales et hacktiviste ... New data released by researchers from the Kaspersky ICS CERT team provides details on cybercriminal and hacktivist attacks...	Industrial		★★★★
	2024-04-15 12:51:28	Destructif ics malware \\ 'Fuxnet \\' utilisé par l'Ukraine contre l'infrastructure russe Destructive ICS Malware \\'Fuxnet\\' Used by Ukraine Against Russian Infrastructure (lien direct)	ics malware Fuxnet prétendument utilisé par le groupe de blackjack ukrainien pour perturber les capteurs industriels et autres systèmes appartenant à une entreprise d'infrastructure de Moscou. ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.	Malware Industrial		★★★
	2024-04-15 06:00:31	Comment la protection d'identification de la preuve peut vous aider à répondre aux exigences de conformité CMMC How Proofpoint Impersonation Protection Can Help You Meet CMMC Compliance Requirements (lien direct)	The Cybersecurity Maturity Model Certification (CMMC) program enforces the protection of sensitive unclassified information that the U.S. Department of Defense (DoD) shares with its contractors and subcontractors. Threat actors know how to hijack your trusted organization communications. They can impersonate you, your brand or your organization partners. And they can make a nice profit doing it. The FBI\'s 2023 Internet Crime Report notes that last year\'s adjusted losses from organization email compromise (BEC) cases exceeded $2.9 billion-up 7.4% from 2022. Bad actors use spoofed domains, lookalike domains, compromised supplier accounts and other tactics in their attacks. So it\'s important to keep communications with trusted partners, customers and suppliers safe. This should be a top focus for government agencies and the organizations that they work with since they are key targets for bad actors. Proofpoint helps you mitigate the risk of impersonation abuse with a holistic, multilayered approach. With Proofpoint Impersonation Protection, you can: Protect your organization\'s communications from impersonation threats Stop attackers from impersonating your brand Detect and defend against risky suppliers, including compromised supplier accounts Secure user and application emails so that they can be trusted We help our federal and defense industrial base customers with Level 3 CMMC controls around the Risk Assessment (RA) and Identification and Authentication (IA) Practices. Here\'s how. CMMC overviews for Level 3 controls In this section, we match CMMC compliance requirements with the capabilities of Proofpoint Impersonation Protection. CMMC Level 3 – Risk Assessment Practice RA.L3-3.11.1e – Threat-Informed Risk Assessment CMMC compliance requirement Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting and response and recovery activities. RA.L3-3.11.3e – Advanced Risk Identification CMMC compliance requirement Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems and system components. RA.L3-3.11.6e – Supply Chain Risk Response CMMC compliance requirement Assess, respond to and monitor supply chain risks associated with organizational systems and system components. RA.L3-3.11.7e – Supply Chain Risk Plan CMMC compliance requirement Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in response to a relevant cyber incident. How Proofpoint Impersonation Protection meets the Risk Assessment (RA) Practice needs above Proofpoint Nexus Supplier Risk Explorer gives you insights into supplier risk. This includes threats where attackers are impersonating your agency as well as compromised suppliers and third parties. Supplier Risk can also be used as part of a vendor risk management process when sourcing and choosing new vendors/suppliers. Proofpoint provides visibility into supply chain threats, lookalike detection, and impersonations of your brand with Supplier Risk and Domain Discover. This helps to create the supply chain risk plans that are needed to comply with CMMC. Supplier Risk Explorer identifies supplier domains and shows you which suppliers pose a risk to your organization. As noted above, Supplier Risk Explorer assesses the risk level of supplier domains by evaluating several dimensions, including: Threats sent to your organization Threats sent to other Proofpoint customers The lookalikes of supplier domains Whether a domain was recently registered Whether a domain has a DMARC reject policy By ranking an	Threat Industrial Prediction Commercial		★★
	2024-04-14 08:49:09	Besoin continu pour faire face à des défis, élaborer des stratégies à travers la cybersécurité industrielle au milieu des menaces en évolution Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats (lien direct)	Les cyber-menaces et les attaques croissantes contre les installations d'infrastructures critiques ont conduit à l'adaptation constante du changement ... Rising cyber threats and attacks against critical infrastructure installations have led to the constant adaptation of the changing...	Industrial		★★
	2024-04-10 16:44:18	Salvador assure les investissements de Deutsche Telekom pour étendre la plate-forme de récupération de cyber-attaque Salvador secures investment from Deutsche Telekom to expand cyber-attack recovery platform (lien direct)	> La société de récupération des données OT / ICS Salvador Technologies a obtenu un investissement de Deutsche Telekom.Le financement sera utilisé ... >OT/ICS data recovery firm Salvador Technologies has secured an investment from Deutsche Telekom. The funding will be used...	Industrial		★★
	2024-04-10 16:43:28	Securitygate annonce la disponibilité générale du flux de travail ISA / IEC 62443-2-1 dans sa plate-forme SecurityGate announces general availability of ISA/IEC 62443-2-1 workflow in its platform (lien direct)	> Securitygate Inc., un fournisseur de plate-forme SaaS pour l'OT / ICS Cyber Improvement, a annoncé mardi qu'il avait ajouté ISA / IEC 62443-2-1 ... >SecurityGate Inc., a SaaS platform provider for OT/ICS cyber improvement, announced Tuesday that it has added ISA/IEC 62443-2-1...	Industrial Cloud		★★★
	2024-04-10 13:00:00	The Hunt: détecter l'activité du groupe de menaces de voltzite dans les infrastructures critiques The Hunt: Detecting VOLTZITE Threat Group Activity in Critical Infrastructure (lien direct)	> Bienvenue à & # 8220; The Hunt, & # 8221;Notre série de blogs offrant des informations et des stratégies approfondies pour défendre contre les cyber-risques sophistiqués menaçant OT ... Le post la chasse: détection est apparu pour la première fois sur dragos . >Welcome back to “The Hunt,” our blog series offering in-depth insights and strategies for defending against sophisticated cyber risks threatening OT... The post The Hunt: Detecting VOLTZITE Threat Group Activity in Critical Infrastructure first appeared on Dragos.	Threat Industrial		★★★
	2024-04-09 17:44:10	Sécurité en cascade et partenaire Axys pour offrir une protection contre les centres de données Waterfall Security and AXYS partner to deliver OT protection for data centers (lien direct)	> Waterfall Security et Axys ont annoncé mardi un nouveau partenariat qui offrira un nouveau niveau d'OT (opérationnel ... >Waterfall Security and AXYS announced Tuesday a new partnership that will deliver a new level of OT (operational...	Industrial		★★
	2024-04-09 17:43:23	Otorio s'intègre à ServiceNow pour stimuler la cybersécurité opérationnelle et l'efficacité OTORIO integrates with ServiceNow to boost operational cybersecurity and efficiency (lien direct)	> La société de solutions de gestion des cyber-risques de sécurité otorio a annoncé mardi une intégration pour une gestion de sécurité OT dédiée avec ... >OT security cyber risk management solutions company OTORIO announced Tuesday an integration for dedicated OT security management with...	Industrial		★★
	2024-04-09 14:00:00	L'interférence étrangère entraîne une augmentation record du vol IP Foreign Interference Drives Record Surge in IP Theft (lien direct)	DTEX affirme que l'espionnage industriel et le vol IP sont à un niveau record grâce aux initiés malveillants DTEX claims industrial espionage and IP theft are at an all-time high thanks to malicious insiders	Industrial		★★★
	2024-04-08 14:20:29	4 leçons Les entreprises industrielles peuvent tirer de la bibliothèque britannique Cyberattack 4 lessons industrial companies can draw from the British Library cyberattack (lien direct)	Alors que les cyberattaques se produisent quotidiennement, peu attirent autant d'attention et de couverture médiatique que l'attaque qui a frappé la bibliothèque britannique en octobre 2023. L'attaque, qui a paralysé les systèmes en ligne de la bibliothèque \\ pendant des mois et a provoqué un coût estimé de & livre; 7 millions, était frappant par son ampleur.Pourtant, les attaquants de Blueprint suivis sont malheureusement familiers.Après [& # 8230;] Le post 4 leçons Les sociétés industrielles peuvent s'appuyer dans la cyberattaque de la bibliothèque britannique C'est apparu pour la première fois sur gourou de la sécurité informatique . While cyberattacks occur daily, few garner as much attention and media coverage as the attack that struck the British Library in October 2023. The attack, which paralysed the Library\'s online systems for months and caused an estimated cost of £7 million, was striking by its magnitude. Yet, the blueprint attackers followed is sadly familiar. After […] The post 4 lessons industrial companies can draw from the British Library cyberattack first appeared on IT Security Guru.	Industrial		★★★
	2024-04-08 10:00:00	10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also	Vulnerability Threat Patching Legislation Industrial		★★★★
	2024-04-06 12:54:18	Le rapport de recherche Xage-Takepoint révèle une adoption croissante de la sécurité de la fiducie zéro dans les entreprises industrielles Xage-Takepoint Research report reveals growing adoption of zero trust security in industrial enterprises (lien direct)	Zero Trust Access and Protection Vendor Xage Security, en collaboration avec Takepoint Research, a dévoilé de nouvelles recherches cette semaine ... Zero trust access and protection vendor Xage Security, in collaboration with Takepoint Research, unveiled new research this week...	Industrial		★★
	2024-04-05 13:39:39	Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct)	## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for increasing software supply chain attacks and cryptocurrency heists over the past year. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands ![Graph showing targeted regions in the South Pacific by China based threat actor Gingham Typhoon](https://cdn-riq-ti.azureedge.net/49bcef0e-36ca-42a0-a66d-f5339c8b48e2) Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a	Malware Tool Vulnerability Threat Studies Industrial Prediction Technical	Guam	★★★
	2024-04-05 12:14:06	HMS Networks, Red Lion Collaborent pour stimuler les offres d'informations industrielles et de technologies de communication HMS Networks, Red Lion collaborate to boost industrial information and communication technology offerings (lien direct)	HMS Networks a finalisé l'acquisition de contrôles Red Lion à partir de Spectris Group Holdings Limited.Les deux sociétés ... HMS Networks has finalized the acquisition of Red Lion Controls from Spectris Group Holdings Limited. The two companies...	Industrial		★★
	2024-04-05 12:11:07	Exalens s'associe à Hoop Cyber pour stimuler la résilience du système cyber-physique dans les opérations industrielles Exalens partners with HOOP Cyber to boost cyber-physical system resilience in industrial operations (lien direct)	> EXALENS a annoncé un partenariat avec Hoop Cyber, un conseil en génie des cyber-données de nouvelle génération dédié à l'autonomisation des organisations ... >Exalens has announced a partnership with HOOP Cyber, a next-generation cyber data engineering consultancy dedicated to empowering organizations...	Industrial		★★
	2024-04-05 12:10:11	Ampère la sécurité industrielle est en train de renommer AMPYX Cyber, élargit la présence mondiale avec de nouveaux bureaux Ampere Industrial Security rebrands to Ampyx Cyber, expands global presence with new offices (lien direct)	> Ampère Industrial Security, réputée pour son expertise en sécurité industrielle, annonce son changement de marque à AMPYX Cyber, marquant un ... >Ampere Industrial Security, renowned for its expertise in industrial security, announces its rebranding to Ampyx Cyber, marking a...	Industrial		★★★
	2024-04-04 16:57:00	Considérations pour la cybersécurité des technologies opérationnelles Considerations for Operational Technology Cybersecurity (lien direct)	La technologie opérationnelle (OT) & NBSP; fait référence au matériel et aux logiciels utilisés pour modifier, surveiller ou contrôler les appareils, processus et événements physiques de l'Enterprise \\.Contrairement aux systèmes traditionnels des technologies de l'information (TI), les systèmes OT ont un impact direct sur le monde physique.Cette caractéristique unique de l'OT apporte des considérations de cybersécurité supplémentaires qui ne sont généralement pas présentes dans la sécurité informatique conventionnelle Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise\'s physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security	Industrial		★★
	2024-04-02 12:00:00	Les cyberattaques produisaient une perturbation physique en augmentation Cyberattacks Wreaking Physical Disruption on the Rise (lien direct)	Les groupes de ransomware ont entré dans la fabrication d'autres parties du secteur OT en 2023, et quelques attaques ont causé des dommages à huit et neuf chiffres.Mais le pire n'est pas encore venu en 2024. Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024.	Ransomware Industrial		★★★
	2024-04-02 11:26:02	New Mitre Engage Mappings publié pour ATT & CK pour ICS, ATT & CK pour mobile New MITRE Engage mappings released for ATT&CK for ICS, ATT&CK for Mobile (lien direct)	L'organisation à but non lucratif, Mitre, a annoncé lundi que son équipe ENGED avait introduit de nouvelles mappages pour les techniques de l'ATT & # 38; CK ... Non-profit organization MITRE announced Monday that its Engage team has introduced new mappings for techniques from the ATT&CK...	Mobile Industrial		★★
	2024-04-02 10:24:00	La campagne de phishing massive frappe l'Amérique latine: Venom Rat ciblant plusieurs secteurs Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (lien direct)	L'acteur de menace connu sous le nom de & NBSP; TA558 & NBSP; a été attribué à une nouvelle campagne de phishing massive qui cible un large éventail de secteurs en Amérique latine dans le but de déployer Venom Rat. Les attaques ont principalement distingué l'hôtel, les voyages, le commerce, les finances, la fabrication, l'industrie et le gouvernement en Espagne, au Mexique, aux États-Unis, en Colombie, au Portugal, au Brésil, à la République dominicaine, et The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and	Threat Industrial		★★★
	2024-04-01 12:55:31	US DOD dévoile la stratégie de cybersécurité Dib 2024 pour renforcer les cyber-défenses nationales US DoD unveils DIB Cybersecurity Strategy 2024 to strengthen national cyber defenses (lien direct)	> Le Département américain de la Défense (DOD) a publié sa stratégie de cybersécurité de la base industrielle de la défense (DIB), une approche exploitable ... >The U.S. Department of Defense (DoD) has published its Defense Industrial Base (DIB) Cybersecurity Strategy, an actionable approach...	Industrial		★★

Last update at: 2024-04-28 03:07:53
See our sources.

To see everything: Our RSS (filtrered)