What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-02 13:22:00 | Hacker russe Vladimir Dunaev condamné pour avoir créé un malware Trickbot Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (lien direct) |
Un ressortissant russe a été reconnu coupable dans le cadre de son rôle dans le développement et le déploiement d'un logiciel malveillant connu sous le nom de Trickbot, a annoncé le ministère américain de la Justice (DOJ).
Vladimir Dunaev, 40 ans, a été & nbsp; arrêté & nbsp; en Corée du Sud en septembre 2021 et extradé aux États-Unis un mois plus tard.
"Dunaev a développé des modifications du navigateur et des outils malveillants qui ont aidé à la récolte et aux données des informations d'identification
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data |
Malware Tool | ★★★ | |
 |
2023-12-01 21:32:00 | Des pirates nord-coréens attaquant des macos en utilisant des documents armées North Korean Hackers Attacking macOS Using Weaponized Documents (lien direct) |
#### Description
En 2023, les acteurs de la menace nord-coréenne ont intensifié leur concentration sur MacOS par le biais de deux campagnes majeures nommées Rustbucket et Kandykorn.
RustBucket a utilisé \\ 'swiftloader, \' se faire passer pour une visionneuse PDF, pour déployer un malware de deuxième étape écrit de la rouille.Pendant ce temps, la campagne de Kandykorn a utilisé des scripts Python ciblant les ingénieurs de la blockchain, livrant un rat de porte dérobée C ++ appelé \\ 'Kandykorn \' en détournant l'application Discord sur les hôtes.L'attaque en cinq étapes contre les utilisateurs de discorde impliquait l'ingénierie sociale pour les inciter à télécharger une application Python malveillante déguisée en bot d'arbitrage crypto, distribué sous le nom de \\ 'ponts multiplateaux.zip. \' l'application, contenant des scripts de python apparemment inoffensifs, a progressé à travers des étapes impliquant l'exécution de Findertools, Sugarloader, Hloader et, finalement, exécuter Kandykorn.
La campagne Rustbucket a présenté des techniques évolutives, en utilisant une application basée sur Swift nommée SecurePDF Viewer.App, signée par "BBQ Bazaar Private Limited".Une autre variante, Crypto-Assets App.zip, signée par "Northwest Tech-Con Systems Ltd", a indiqué une infrastructure partagée, des objectifs et des tactiques avec Kandykorn Rat, soulignant la sophistication des campagnes malveillantes du macos nord-coréen.
#### URL de référence (s)
1. https://gbhackers.com/korean-macos-weaponized-ocuments/
#### Date de publication
30 novembre 2023
#### Auteurs)
Tushar Subhra Dutta
#### Description In 2023, North Korean threat actors intensified their focus on macOS through two major campaigns named RustBucket and KandyKorn. RustBucket utilized \'SwiftLoader,\' masquerading as a PDF Viewer, to deploy a Rust-written second-stage malware. Meanwhile, the KandyKorn campaign employed Python scripts targeting blockchain engineers, delivering a C++ backdoor RAT called \'KandyKorn\' by hijacking the Discord app on hosts. The five-stage attack on Discord users involved social engineering to trick them into downloading a malicious Python app disguised as a crypto arbitrage bot, distributed as \'Cross-Platform Bridges.zip.\' The app, containing seemingly harmless Python scripts, progressed through stages involving the execution of FinderTools, SUGARLOADER, HLOADER, and ultimately running KANDYKORN. he RustBucket campaign showcased evolving techniques, using a Swift-based app named SecurePDF Viewer.app, signed by "BBQ BAZAAR PRIVATE LIMITED." Another variant, Crypto-assets app.zip, signed by "Northwest Tech-Con Systems Ltd," indicated shared infrastructure, objectives, and tactics with KandyKorn RAT, underscoring the sophistication of North Korean macOS malware campaigns. #### Reference URL(s) 1. https://gbhackers.com/korean-macos-weaponized-documents/ #### Publication Date November 30, 2023 #### Author(s) Tushar Subhra Dutta |
Malware Threat | ★★ | |
|
2023-12-01 18:10:00 | Nouveau Fjordphantom Android Malware cible les applications bancaires en Asie du Sud-Est New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia (lien direct) |
Les chercheurs en cybersécurité ont révélé un nouveau logiciel malveillant Android sophistiqué appelé & nbsp; fjordphantom & nbsp; qui a été observé ciblant les utilisateurs dans des pays d'Asie du Sud-Est comme l'Indonésie, la Thaïlande et le Vietnam depuis début septembre 2023.
"Spreading principalement via des services de messagerie, il combine des logiciels malveillants basés sur des applications avec l'ingénierie sociale pour frauder les clients bancaires", application mobile basée à Oslo
Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app |
Malware Mobile | ★★ | |
 |
2023-12-01 18:00:00 | Le promoteur russe de Trickbot Malware plaide coupable, risque de 35 ans de peine Russian developer of Trickbot malware pleads guilty, faces 35-year sentence (lien direct) |
Un ressortissant russe a plaidé coupable à la cour fédérale de Cleveland jeudi à des accusations liées à son implication dans le développement et le déploiement du logiciel malveillant connu sous le nom de TrickBot.Il est confronté à une pénalité maximale de 35 ans, les U.S.Le ministère de la Justice a dit .Selon des documents judiciaires, Vladimir Dunaev, 40 ans, était membre d'un cybercrimiral
A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said. According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal |
Malware | ★★ | |
 |
2023-12-01 16:51:23 | Trickbot Malware Dev plaide coupable, risque 35 ans de prison TrickBot malware dev pleads guilty, faces 35 years in prison (lien direct) |
Jeudi, un ressortissant russe a plaidé coupable à des accusations liées à son implication dans le développement et le déploiement du malware Trickbot, qui a été utilisé dans les attaques contre les hôpitaux, les entreprises et les particuliers aux États-Unis et dans le monde.[...]
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [...] |
Malware Legislation | ★★★ | |
|
2023-12-01 16:20:00 | Aftermath de Qakbot Takedown: atténuations et protection contre les menaces futures Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats (lien direct) |
Le département américain de la Justice (DOJ) et le FBI ont récemment collaboré dans une opération multinationale pour démanteler le malware et le botnet de Qakbot notoires.Alors que l'opération a réussi à perturber cette menace de longue date, des préoccupations se sont produites car il semble que Qakbot puisse encore poser un danger sous une forme réduite.Cet article traite des conséquences du retrait, fournit une atténuation
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation |
Malware Threat | ★★★ | |
|
2023-12-01 16:19:00 | Des pirates chinois utilisant le rat de Sugargh 0st pour cibler la Corée du Sud et l'Ouzbékistan Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan (lien direct) |
Un acteur suspecté de menace chinoise a été attribué à une campagne malveillante qui cible le ministère ouzbékistan des Affaires étrangères et les utilisateurs sud-coréens avec un cheval de Troie à distance appelé & nbsp; Sugargh0st Rat.
L'activité, qui a commencé au plus tard en août 2023, tire parti de deux séquences d'infection différentes pour livrer le malware, qui est une variante personnalisée de & nbsp; gh0st rat & nbsp
A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of Gh0st RAT |
Malware Threat | ★★ | |
 |
2023-12-01 15:08:12 | Les États-Unis se préparent une cellule de prison pour un autre développeur russe Trickbot US readies prison cell for another Russian Trickbot developer (lien direct) |
Hunt se poursuit pour les autres membres insaisissables de haut rang Un autre membre de l'équipe de malware de Trickbot est désormais confronté à une longue peine de prison au milieu de la recherche continue américaine de ses principaux membres.… | Malware Legislation | ★★★ | |
|
2023-12-01 14:15:09 | Les pirates utilisent un nouvel agent de raton laveur malware pour déambuler les cibles américaines Hackers use new Agent Raccoon malware to backdoor US targets (lien direct) |
Un roman de malware nommé \\ 'agent ratonon \' (ou agent Racoon) est utilisé dans les cyberattaques contre les organisations aux États-Unis, au Moyen-Orient et en Afrique.[...]
A novel malware named \'Agent Raccoon\' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. [...] |
Malware | ★★ | |
 |
2023-12-01 10:00:31 | IT Menace l'évolution au troisième trimestre 2023. Statistiques mobiles IT threat evolution in Q3 2023. Mobile statistics (lien direct) |
Les statistiques sur les menaces mobiles pour le troisième trimestre 2023 incluent des données sur les logiciels malveillants, les logiciels publicitaires, les chevaux de Troie bancaires et les ransomwares pour les appareils Android.
Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices. |
Ransomware Malware Threat Mobile Mobile | ★★★ | |
|
2023-12-01 10:00:03 | Il menace l'évolution au troisième trimestre 2023. Statistiques non mobiles IT threat evolution in Q3 2023. Non-mobile statistics (lien direct) |
Les statistiques des logiciels malveillants PC pour le troisième troque incluent des données sur les mineurs, les ransomwares, les chevaux de Troie bancaires et d'autres menaces pour Windows, MacOS et l'équipement IoT.
PC malware statistics for Q3 2023 include data on miners, ransomware, banking Trojans and other threats to Windows, macOS and IoT equipment. |
Ransomware Malware Threat Studies | ★★★ | |
 |
2023-11-30 20:50:00 | Un nouveau logiciel malveillant GH0ST RAT plus fantasme hante les cyber-cibles mondiales A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (lien direct) |
Une décennie et demie après la première apparition du rat GH0ST, la variante "Sugargh0st Rat" vise à rendre la vie plus douce pour les cybercriminels.
A decade and a half after Gh0st RAT first appeared, the "SugarGh0st RAT" variant aims to make life sweeter for cybercriminals. |
Malware | ★★★ | |
|
2023-11-30 19:45:00 | Les pirates suspects de la Chine ciblent l'Ouzbékistan Gov \\ 't, les Sud-Coréens, dit Cisco Suspected China-based hackers target Uzbekistan gov\\'t, South Koreans, Cisco says (lien direct) |
Les pirates qui seraient basés en Chine visent le ministère ouzbékistan des affaires étrangères, ainsi que des habitants de la Corée du Sud, avec une souche de malware appelée Sugargh0st, selon un nouveau rapport.Cisco publié Un blog jeudi mettant en lumière le malware - qui, selon eux, est une variante de Gh0st Rat, un infâme
Hackers believed to be based in China are targeting the Uzbekistan Ministry of Foreign Affairs, as well as people in South Korea, with a strain of malware called SugarGh0st, according to a new report. Cisco published a blog on Thursday spotlighting the malware - which they believe is a variant of Gh0st RAT, an infamous |
Malware | ★★★ | |
 |
2023-11-30 18:58:27 | Android Banking Malware Fjordphantom vole des fonds via la virtualisation Android Banking Malware FjordPhantom Steals Funds Via Virtualization (lien direct) |
> Par waqas
Jusqu'à présent, le malware Fjordphantom a fraudé les victimes d'environ 280 000 $ (et 225 000).
Ceci est un article de HackRead.com Lire le post original: Android Banking Malware Fjordphantom vole des fonds via la virtualisation
>By Waqas Thus far, the FjordPhantom malware has defrauded victims of around $280,000 (£225,000). This is a post from HackRead.com Read the original post: Android Banking Malware FjordPhantom Steals Funds Via Virtualization |
Malware Mobile Mobile | ★★ | |
 |
2023-11-30 17:00:00 | Amélioration des outils d'analyse des logiciels malveillants de Flare \\ à Google Summer of Code 2023 Improving FLARE\\'s Malware Analysis Tools at Google Summer of Code 2023 (lien direct) |
Cet été a marqué la première année de la première année de l'équipe Flare \\ à googleÉté du code (GSOC) .GSOC est un programme mondial de mentorat en ligne axé sur l'introduction de nouveaux contributeurs au développement de logiciels open source.Les contributeurs du GSOC travaillent avec des mentors pour réaliser des projets de plus de 12 semaines qui soutiennent les organisations open source.En 2023, Flare a été acceptée en GSOC et a eu le privilège de travailler avec quatre contributeurs. Flare est une équipe d'ingénieurs et de chercheurs insensés qui se spécialisent dans l'analyse des logiciels malveillants, Exploiter Analyse et formation de logiciels malveillants.Flare développe, maintient et publie divers ouverts
This summer marked the FLARE team\'s first year participating in Google Summer of Code (GSoC). GSoC is a global online mentoring program focused on introducing new contributors to open source software development. GSoC contributors work with mentors to complete 12+ week projects that support open source organizations. During 2023 FLARE was accepted into GSoC and had the privilege of working with four contributors.FLARE is a team of reverse engineers and researchers who specialize in malware analysis, exploit analysis, and malware training. FLARE develops, maintains, and publishes various open |
Malware Tool Threat | ★★★ | |
 |
2023-11-30 14:30:00 | Fjordphantom Android Malware cible les banques avec virtualisation FjordPhantom Android Malware Targets Banks With Virtualization (lien direct) |
Promon a déclaré qu'une attaque de fjordphantom a entraîné une perte substantielle d'environ 280 000 $
Promon said one FjordPhantom attack resulted in a substantial loss of approximately $280,000 |
Malware Mobile Mobile | ★★★ | |
|
2023-11-30 14:00:00 | Les logiciels malveillants du voleur Redline déploient via l'outil d'évasion Scrubcrypt RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool (lien direct) |
Le nouvel outil d'obscurcissement des broussailles est conçu pour éviter les protections antivirus
The new ScrubCrypt obfuscation tool is designed to avoid antivirus protections |
Malware Tool | ★★★ | |
 |
2023-11-30 11:00:00 | Sécration sécurisée: un guide pour parcourir Internet en toute sécurité Secure browsing: A guide to browsing the internet safely (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an age when the internet is an integral part of our daily lives, ensuring your online safety and privacy is critical. Secure browsing is about protecting sensitive personal information and yourself from cyber threats such as malware, phishing, and hacking. This article delves into the various aspects of web browsing securely, from understanding the risks to implementing best practices and using the right tools to improve your online security. Understanding the risks Before delving into secure browsing techniques, it\'s critical to understand the risks. The internet is full of hazards, and a lack of awareness can leave you vulnerable. Here are a few of the most common dangers: Malware: When you download files, click on untrustworthy links, or visit compromised websites, malicious software can infect your device. Malware can steal your data, damage your system, or track your online activities once infected. Phishing: Phishing attacks involve duping users into disclosing sensitive information such as login credentials, credit card information, or personal information. These attacks frequently disguise themselves as legitimate emails or websites. Data protection: Many websites and online services collect and share your personal information without your permission, which can invade privacy and unwanted tracking. Hacking: Cybercriminals may try to gain unauthorized access to your accounts or devices, resulting in financial loss and damage to your online identity. Unsecured connections: Unsecured Wi-Fi networks expose your data to interception, as attackers can intercept your data. Browsing safely Now that you know the dangers, let\'s look at how to browse the web safely. Use a secure browser: Select a browser with a strong reputation for security features. Google Chrome, Mozilla Firefox, and Microsoft Edge provide regular security updates. Maintain software updates: Regularly update your browser and other software to patch vulnerabilities that cybercriminals may exploit. Use strong, unique passwords: Use solid, one-time passwords for each online account. To keep track of complex passwords, consider using a password manager. Enable two-factor authentication (2FA): Enable two-factor authentication wherever possible to add an extra layer of security to your online accounts. Stay informed: To stay informed about emerging threats and vulnerabilities, keep up with the latest cybersecurity news and best practices. Exercise caution with Email: Unsolicited emails should be avoided, especially those with attachments or links. Check the sender\'s identity before clicking on any links or downloading attachments. Use HTTPS: Look for HTTPS (secure browsing protocol) websites. Most modern browsers display a padlock icon in the address bar for secure sites. Install ad blockers and privacy extensions: Browser extensions such as uBlock Origin, Privacy Badger, and HTTPS Everywhere can help you protect your online privacy by blocking advertisements, tracking scripts, and forcing secure connections. Avoid public Wi-Fi for sensitive transactions: Avoid using public Wi-Fi networks when conducting sensitive transactions such as online banking or shopping. Consider using a Virtual Private Network (VPN) to encrypt your connection if you must use public Wi-Fi. Regularly clear browser data: Clear your browsing history, cookies, and cached data regularly to reduce your digital footprint. Tools for secure browsing Virtual private networks (VPNs): VPNs encrypt your internet connection, ma | Malware Tool Vulnerability Threat | LastPass LastPass | ★★ |
|
2023-11-30 09:00:00 | Fjordphantom Android Malware utilise la virtualisation pour échapper à la détection FjordPhantom Android malware uses virtualization to evade detection (lien direct) |
Un nouveau logiciel malveillant Android nommé FjordPhantom a été découvert en utilisant la virtualisation pour exécuter du code malveillant dans un conteneur et une détection d'évasion.[...]
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. [...] |
Malware Vulnerability Mobile Mobile | ★★★ | |
 |
2023-11-30 07:23:34 | Améliorations aux solutions fédérales de preuvepoint: un nouveau moteur de détection AI / ML, mises à jour du tableau de bord TAP et plus Enhancements to Proofpoint Federal Solutions: A New AI/ML Detection Engine, Updates to the TAP Dashboard and More (lien direct) |
ProofPoint a fait plus d'investissements dans notre plate-forme de protection contre les menaces AEGIS cette année qui peut aider à soutenir nos clients et partenaires de nos agences fédérales dans leurs missions.Ce blog donne un aperçu de certaines de ces innovations et améliorations récentes.
Moteur comportemental de supernova
En octobre, nous avons commencé à déployer le moteur comportemental Supernova pour Proofpoint FedRamp Reptection Environments.Supernova est une pile de détection de pointe qui utilise l'intelligence artificielle avancée et l'apprentissage automatique pour arrêter les menaces en temps réel.
Non seulement Supernova arrête le spam, mais il protège également contre les menaces qui ne comptent pas sur des logiciels malveillants, comme les compromis par courrier électronique (BEC), la fraude des fournisseurs et les attaques de livraison d'attaques axées sur le téléphone (TOAD).Il détecte également les menaces basées sur les logiciels malveillants, comme les ransomwares.Et il analyse les messages de phishing avant la livraison afin qu'ils ne soient jamais livrés aux utilisateurs.
Le moteur comportemental Supernova utilise la langue, les relations, la cadence et le contexte pour détecter les anomalies et prévenir les menaces en temps réel en utilisant l'IA / ML.
Avec cette récente version, Supernova est désormais disponible pour tous les clients de la sécurité des e-mails de ProofPoint à travers le monde.Il s'agit d'une mise à niveau de pile de détection gratuite qui est intégrée dans notre plate-forme plus large.Vous pouvez en savoir plus sur le moteur comportemental Supernova ici.
Autres investissements de point de preuve qui profitent aux clients fédéraux
Supernova n'est pas le seul nouveau déploiement.Ce sont des améliorations de produits supplémentaires qui soutiennent la communauté du gouvernement fédéral et ses missions:
FedRamp Email Gateway (Proofpoint à la demande, alias FedPod).Nous avons mis à niveau FedPod pour aligner la parité des fonctionnalités plus étroitement avec nos environnements commerciaux.Cela comprend des améliorations des balises d'avertissement de messagerie de preuves et du cercle de confiance de ProofPoint.
Tableau de bord de protection contre les attaques ciblés par FedRamp (TAP).Désormais, le tableau de bord TAP comprend un résumé détaillé de la menace.Il présente des informations sur les menaces sur les principales menaces à l'échelle mondiale et au sein de votre agence ou de votre verticale.Ceci s'ajoute aux vulnérabilités et aux expositions courantes (CVE) que nous organisons à partir de nos analystes émergents des données de renseignement des menaces et des analystes de renseignements sur les menaces de preuve.
Solutions de point de preuve pour le gouvernement fédéral
Il existe des centaines de clients fédéraux qui utilisent des dizaines de solutions sur site et cloud de Proofpoint.Ce ne sont que quelques-uns:
Département américain de la défense
La base industrielle de la défense
La communauté du renseignement
Agences civiles fédérales
Intégrateurs de systèmes fédéraux
ProofPoint a obtenu la certification modérée FedRamp dans ces quatre solutions basées sur le cloud:
Protection de la protection des e-mails
ProofPoint Email Data Loss Prevention (DLP)
Tap de point de preuve
Archivage de preuves
Apprendre encore plus
Les missions de l'agence fédérale sont sous attaque constante.Et les agences sont confrontées à une tâche intimidante: ils doivent mettre en œuvre des mesures qui protègent les données vitales tout en permettent à leurs employés de réaliser leurs missions.Le point de preuve peut aider.
Pour plus de détails sur la façon dont Proofpoint aide à protéger les agences gouvernementales fédérales, consultez cette solution brève.Vous pouvez en savoir plus sur nos solutions gouvernementales ici.
Proofpoint has made more investments in our Aegis threat protection platform this year that can help support our federal agency customer |
Ransomware Spam Malware Vulnerability Threat Industrial Cloud Commercial | ★★ | |
|
2023-11-29 23:36:38 | Ventes d'informations personnelles utilisées comme appâts pour distribuer des logiciels malveillants Personal Information Sales Used as Bait to Distribute Malware (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a découvert un cas de distribution de logiciels malveillants en utilisant les ventes d'informations personnelles comme appât.Ce cas d'attaque utilise une technique de piratage d'ingénierie sociale.L'ASEC vous fournit des circonstances récemment découvertes de distribution de logiciels malveillants à l'aide de techniques de piratage d'ingénierie sociale.La figure 1 montre le contenu du site Web utilisé par l'acteur de menace comme site de distribution, avec plusieurs fichiers.La plupart des fichiers contiennent des informations personnelles, et les noms de fichiers incluent des mots clés liés à l'investissement tels que & # 8216; Reading, & # 8217;& # 8216; Unfactted, & # 8217; ...
AhnLab Security Emergency response Center (ASEC) discovered a case of malware distribution using personal information sales as bait. This attack case employs a social engineering hacking technique. ASEC provides you with recently discovered circumstances of malware distribution using social engineering hacking techniques. Figure 1 shows the content of the website used by the threat actor as a distribution site, with multiple files. Most of the files contain personal information, and the file names include investment-related keywords such as ‘reading,’ ‘unlisted,’... |
Malware Threat | ★★ | |
|
2023-11-29 17:53:00 | Les cybercriminels étendent le ciblage des clients de la banque iranienne avec des logiciels malveillants mobiles connus Cybercriminals expand targeting of Iranian bank customers with known mobile malware (lien direct) |
Les chercheurs ont découvert plus de 200 fausses applications mobiles qui imitent les grandes banques iraniennes pour voler des informations à leurs clients.La campagne était découvert pour la première fois en juilletde cette année, mais depuis lors, les cybercriminels ont a élargi leurs capacités , selon la société de cybersécurité basée aux États-Unis Zimperium.Initialement, l'acteur de menace derrière la campagne a créé 40 personnes accueillantes
Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their capabilities, according to U.S.-based cybersecurity firm Zimperium. Initially, the threat actor behind the campaign created 40 credential-harvesting |
Malware Threat Mobile Mobile | ★★★ | |
|
2023-11-29 15:43:00 | Plus de 200 applications malveillantes sur la boutique Android iranienne installée par des millions d'utilisateurs bancaires 200+ Malicious Apps on Iranian Android Store Installed by Millions of Banking Users (lien direct) |
Une campagne de logiciels malveillants Android ciblant les banques iraniennes a élargi ses capacités et incorporé des tactiques d'évasion supplémentaires pour voler sous le radar.
Cela \\ est selon un nouveau rapport de Zimperium, qui a découvert plus de 200 applications malveillantes associées à l'opération malveillante, l'acteur de menace a également observé des attaques de phishing contre les institutions financières ciblées.
An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That\'s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out phishing attacks against the targeted financial institutions. |
Malware Threat Mobile Mobile | ★★★ | |
|
2023-11-29 14:05:00 | L'IA augmente les taux de détection de logiciels malveillants de 70% AI Boosts Malware Detection Rates by 70% (lien direct) |
De nouvelles recherches ont montré que l'IA est beaucoup plus précise que les techniques traditionnelles pour détecter les logiciels malveillants malveillants
New research has found that AI is significantly more accurate than traditional techniques at detecting malicious malware |
Malware | ★★★ | |
|
2023-11-29 06:51:24 | Le groupe lié au Hamas fait revivre les logiciels malveillants sysjoker, exploite OneDrive Hamas-Linked Group Revives SysJoker Malware, Leverages OneDrive (lien direct) |
> Par waqas
Le Hamas lance une nouvelle variante de la rouille multiplateforme basée sur la rouille de la porte dérobée contre les cibles en Israël.
Ceci est un article de HackRead.com Lire le post original: Le groupe lié au Hamas fait revivre les logiciels malveillants sysjoker, exploite OneDrive
>By Waqas Hamas launches a new variant of Rust-based, multi-platform backdoor sysJoker against targets in Israel. This is a post from HackRead.com Read the original post: Hamas-Linked Group Revives SysJoker Malware, Leverages OneDrive |
Malware | ★★ | |
|
2023-11-28 23:05:04 | Prédictions 2024 de Proofpoint \\: Brace for Impact Proofpoint\\'s 2024 Predictions: Brace for Impact (lien direct) |
In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques, and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain. Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behavior rather than exploiting technological weaknesses. As we reflect on 2023, it becomes evident that cyber threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain. So, what\'s on the horizon? The experts at Proofpoint provide insightful predictions for the next 12 months, shedding light on what security teams might encounter and the implications of these trends. 1. Cyber Heists: Casinos are Just the Tip of the Iceberg Cyber criminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. The Scattered Spider group, responsible for ransomware attacks on Las Vegas casinos, showcases the sophistication of these tactics. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances. 2. Generative AI: The Double-Edged Sword The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT bring both promise and peril, but the sky is not falling as far as cybersecurity is concerned. While large language models took the stage, the fear of misuse prompted the U.S. president to issue an executive order in October 2023. At the moment, threat actors are making bank doing other things. Why bother reinventing the model when it\'s working just fine? But they\'ll morph their TTPs when detection starts to improve in those areas. On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we\'ll start seeing statements being published about responsible AI policies. Expect both spectacular failures and responsible AI policies to emerge. 3. Mobile Device Phishing: The Rise of Omni-Channel Tactics take Centre Stage A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls | Ransomware Malware Tool Vulnerability Threat Mobile Prediction Prediction | ChatGPT ChatGPT | ★★★ |
|
2023-11-28 17:30:00 | Macos malware mix & match: les apts nord-coréens suscitent des attaques fraîches macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks (lien direct) |
Lazare et ses cohortes changent de chargement et d'autres code entre Rustbucket et Kandykorn MacOS malware pour tromper les victimes et les chercheurs.
Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers. |
Malware | APT 38 APT 38 | ★★ |
 |
2023-11-28 11:00:00 | Dévoiler la menace persistante: la campagne iranienne des logiciels malveillants des banques mobiles étend sa portée Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach (lien direct) |
> Recherche d'Aazim Bill Se Yaswant et Vishnu Pratapagiri En juillet 2023, il a été découvert qu'une campagne mobile Android, qui était composée de chevaux de Troie bancaires, visait les grandes banques iraniennes.L'équipe de recherche de Zimperium \\ a récemment constaté que la campagne reste non seulement active mais a également étendu ses capacités.Ces échantillons nouvellement trouvés sont complètement [& # 8230;]
>Research by Aazim Bill SE Yaswant and Vishnu Pratapagiri In July 2023, it was discovered that an Android mobile campaign, which consisted of banking trojans, was targeting major Iranian banks. Zimperium\'s research team recently found that the campaign not only remains active but also extended its capabilities. These newly found samples are completely […] |
Malware Threat Mobile | ★★ | |
|
2023-11-28 11:00:00 | Pour le manque de cyber ongle, le royaume est tombé For want of a cyber nail the kingdom fell (lien direct) |
An old proverb, dating to at least the 1360’s, states: "For want of a nail, the shoe was lost, for want of a shoe, the horse was lost, for want of a horse, the rider was lost, for want of a rider, the battle was lost, for want of a battle, the kingdom was lost, and all for the want of a horseshoe nail," When published in Ben Franklin’s Poor Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”. This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities. Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital "nail." In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn\'t just a single machine that was compromised due to this overlooked \'nail,\' but entire networks, echoing how a lost shoe leads to a lost horse in the proverb. This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization\'s cyber hygiene play the role of the "rider" in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the \'rider\' who loses the \'battle\'. Once the \'battle\' of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader \'kingdom\' of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems. | Ransomware Data Breach Malware Vulnerability | Wannacry Wannacry Equifax Equifax | ★★ |
|
2023-11-28 10:24:00 | N. coréen pirates \\ 'Mixing \\' macOS malware tactiques pour échapper à la détection N. Korean Hackers \\'Mixing\\' macOS Malware Tactics to Evade Detection (lien direct) |
Les acteurs de la menace nord-coréenne derrière les souches de malware macos tels que Rustbucket et Kandykorn ont été observés "mélangeant et assortissant" différents éléments des deux chaînes d'attaque disparates, tirant parti des gouttelettes de RustBucket pour livrer Kandykorn.
Les résultats proviennent de la société de cybersécurité Sentineone, qui a également égalé un troisième logiciel malveillant spécifique au macOS appelé Objcshellz à la campagne Rustbucket.
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. |
Malware Threat | ★★ | |
 |
2023-11-28 06:47:00 | Le volume d'échantillons de logiciels malveillants uniques menace de submerger les défenseurs Volume of unique malware samples threatens to overwhelm defenders (lien direct) |
Les acteurs de la menace nord-coréenne derrière les souches de malware macos tels que Rustbucket et Kandykorn ont été observés "mélangeant et assortissant" différents éléments des deux chaînes d'attaque disparates, tirant parti des gouttelettes de RustBucket pour livrer Kandykorn.
Les résultats proviennent de la société de cybersécurité Sentineone, qui a également égalé un troisième logiciel malveillant spécifique au macOS appelé Objcshellz à la campagne Rustbucket.
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. |
Malware | ★★ | |
|
2023-11-27 21:37:00 | Les pirates suspects du Hamas ciblent Israël avec une nouvelle version du logiciel malveillant sysjoker Suspected Hamas-linked hackers target Israel with new version of SysJoker malware (lien direct) |
Les pirates peuvent être liés au groupe militant palestinien Hamas ciblent les secteurs de l'industrie critique israéliens avec une nouvelle version du malware de dérobée sysjoker, selon des chercheurs en cybersécurité.Sysjoker était auparavant utilisé contre les établissements d'enseignement d'Israël en 2021. Cependant, depuis lors, les pirates ont presque entièrement réécrit son code et amélioré les capacités du malware \\.Le
Hackers possibly linked to the Palestinian militant group Hamas are targeting Israeli critical industry sectors with a new version of the SysJoker backdoor malware, according to cybersecurity researchers. SysJoker was previously used against Israel\'s educational institutions in 2021. However, since then, the hackers have almost entirely rewritten its code and improved the malware\'s capabilities. The |
Malware | ★★ | |
|
2023-11-27 17:44:00 | L'APT lié au Hamas Wields New Sysjoker Backdoor contre Israël Hamas-Linked APT Wields New SysJoker Backdoor Against Israel (lien direct) |
Gaza Cybergang utilise une version du malware réécrit dans le langage de programmation Rust.
Gaza Cybergang is using a version of the malware rewritten in the Rust programming language. |
Malware | ★★ | |
 |
2023-11-27 16:31:36 | Sous la surface: comment les pirates tournent Netsupport contre les utilisateurs Beneath the Surface: How Hackers Turn NetSupport Against Users (lien direct) |
> 
Les variantes de logiciels malveillants de NetSupport ont été une menace persistante, démontrant l'adaptabilité et les techniques d'infection en évolution.Dans cette analyse technique, nous plongeons ...
> 
NetSupport malware variants have been a persistent threat, demonstrating adaptability and evolving infection techniques. In this technical analysis, we delve...
|
Malware Threat Technical | ★ | |
|
2023-11-27 16:30:00 | Sysjoker malware: la menace liée au Hamas se développe avec la variante de la rouille SysJoker Malware: Hamas-Related Threat Expands With Rust Variant (lien direct) |
CPR a déclaré que le malware utilise désormais OneDrive au lieu de Google Drive pour stocker les URL du serveur C2 dynamique
CPR said the malware now uses OneDrive instead of Google Drive for storing dynamic C2 server URLs |
Malware Threat | ★★ | |
|
2023-11-27 09:26:51 | 8 sujets essentiels de cybersécurité à inclure dans votre programme de formation 8 Essential Cybersecurity Topics to Include in Your Training Program (lien direct) |
Your employees have a critical role to play as a first line of defense against cyberthreats. But to be effective, they need to know what those threats are-and stay apprised of how they\'re evolving. A comprehensive security awareness program is the key to helping your users grow their understanding of attackers\' methods and objectives so they can become more proactive defenders. That includes knowing what strategies malicious actors employ to manipulate people so they can use them to enable their campaigns. The importance of security awareness It\'s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization\'s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course. Companies face different cyberthreat challenges and regulatory compliance requirements related to data protection and data privacy. That said, there are several subjects that almost any modern business, regardless of its industry, will want to ensure its employees understand. We list eight of these cybersecurity topics below. They are the go-to approaches and tools that attackers around the world commonly use to compromise users and their accounts, disrupt normal business operations, steal money or data, and do other damage. Here\'s a high-level overview of these eight must-know cybersecurity topics: 1. Social engineering Social engineering is a collection of techniques malicious actors use to manipulate human psychology. Attackers rely on these strategies to trick or threaten users to take actions such as giving up account credentials, handing over sensitive data, running malicious code and transferring funds. They do this by taking advantage of users\': Emotions, by conveying a sense of urgency, generating excitement about an opportunity, or creating fear around losing money or doing something wrong Trust, by posing as someone familiar to the user or a trusted brand or authority-such as the Internal Revenue Service (IRS), UPS, Amazon or Microsoft Fatigue, by timing attacks when users are likely to be tired or distracted and more inclined to let their “emotional mind” guide their decision-making Common social engineering tactics include phishing-which we cover in the next section-and these others: Social media reconnaissance. Attackers often turn to social media to gather information about users that they target with their campaigns. These efforts can include direct outreach to users. Vishing (voice phishing) and smishing (SMS/text phishing). Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from a trusted brand or authority. With smishing, attackers use text messages to send SMS messages to users or robocall them. The messages often promise gifts or services in exchange for payment. Telephone-oriented attack delivery (TOAD). TOAD attacks start with an email that claims to be from a legitimate source and includes a phone number for customer assistance. Callers are connected to fake customer service representatives who then direct the victim through the attack. They may instruct the victim to let them access their machine remotely or download a file that turns out to be malware. Or they might direct them to a phishing site. Common sense can go a long way toward preventing a social engineering attack. Make sure to reiterate that if a message seems too good to be true, it\'s very likely a scam. And if something doesn\'t look or sound right, it probably isn\'t. 2. Phishing Phishing is an example of social engineering. Most phishing messages are sent by email. But some attackers deliver these messages through other methods, including smishing and vishing. Here are some typical strategies: Malicious links. When a user clicks on a | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | Uber Uber | ★★ |
|
2023-11-26 22:00:00 | Hamas-Linked APT Wields New SysJoker Backdoor Against Israel (lien direct) | Gaza Cybergang utilise une version du malware réécrit dans le langage de programmation Rust.
Gaza Cybergang is using a version of the malware rewritten in the Rust programming language. |
Malware | ★★ | |
|
2023-11-24 11:00:00 | Pourquoi vous avez besoin d'une passerelle Web sécurisée Why you need a Secure Web Gateway (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Safeguarding your digital perimeter: The indispensability of Secure Web Gateways In today\'s hyper-connected digital landscape, where the flow of information is incessant, ensuring the security of your online activities has never been more crucial. Enter the Secure Web Gateway (SWG) – a formidable guardian standing sentinel at the crossroads of the internet, offering protection against cyber threats. In this blog, we unravel the significance of a Secure Web Gateway, explore the cutting-edge products in this domain, and elucidate why businesses and individuals alike should consider embracing this powerful shield. A Secure Web Gateway is more than a mere cyber sentry; it\'s a comprehensive solution designed to monitor, filter, and secure user internet activity. Acting as a virtual gatekeeper, it ensures that all web traffic aligns with security policies, preventing unauthorized access and shielding against a myriad of online threats. A Secure Web Gateway (SWG) operates as a sophisticated security solution designed to fortify an organization\'s cybersecurity posture. At its core, an SWG serves as a gatekeeper, meticulously monitoring and managing user interactions with the internet to safeguard against a myriad of cyber threats. By employing advanced threat intelligence, real-time content analysis, and access controls, SWGs play a pivotal role in ensuring that every online transaction aligns with stringent security protocols. The SWG\'s multifaceted capabilities include but are not limited to, web filtering to block malicious sites, data loss prevention to safeguard sensitive information, and encryption for secure data transmission. Its robust threat detection mechanisms extend to scrutinizing downloads, file transfers, and other internet activities, preventing potential security breaches. Cloud-centric architectures empower SWGs with scalability, enabling them to adapt to evolving cyber threats and deliver real-time responses. Key attributes of an ideal Secure Web Gateway: Comprehensive threat protection: An ideal SWG should provide multi-faceted defense mechanisms, including URL filtering, content inspection, and malware scanning. This ensures a holistic shield against diverse cyber threats. Cloud-centric approach: Adopting a cloud-centric approach enhances scalability and flexibility. An ideal SWG operates seamlessly in the cloud, eliminating the need for on-premise hardware. User authentication and access control: Granular user policies are a hallmark of an effective SWG. The ability to control access based on user identity and specific security requirements ensures a tailored and secure online experience. Why businesses and individuals should consider SWGs: Businesses: Protection of sensitive data and intellectual property. Ensuring regulatory compliance in online activities. Mitigating the risk of cyber-attacks and data breaches. Individuals: Safeguarding personal information from phishing and malicious websites. Ensuring a secure browsing experience by protecting against online threats. Key requirements for an ideal SWG: Advanced threat detection: The SWG should incorporate sophisticated threat detection mechanisms to identify and neutralize emerging threats effectively. Integration capabilities: Seamless integration with existing security infrastructures enhances overall cybersecurity posture. User-friendly interfaces: A modern SWG should boast an intuitive interface, simplifying management and configuration for both businesses and individuals. Scalability and flexibility: | Malware Threat Cloud | ★★ | |
 |
2023-11-22 19:47:34 | Le voleur atomique distribue des logiciels malveillants sur les Mac via les faux téléchargements du navigateur Atomic Stealer Distributes Malware to Macs Through False Browser Downloads (lien direct) |
Le malware atomique du voleur se fait annoncer via les mises à jour du navigateur Clearfake déguisées en safari de Google \\ de Google et d'Apple \\.
Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google\'s Chrome and Apple\'s Safari. |
Malware | ★★ | |
|
2023-11-22 18:49:59 | Kinsing crypto malware cible les systèmes linux via une faille Apache activemq Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw (lien direct) |
> Par deeba ahmed
Les correctifs pour toutes les versions affectées d'Apache ActiveMQ ont été publiées, et les clients sont fortement invités à mettre à niveau leurs systèmes.
Ceci est un post deHackRead.com Lire le post original: kinsing crypto malin cible Linux Systems Systems Systemsvia apache activemq flaw
>By Deeba Ahmed Patches for all affected versions of Apache ActiveMQ have been released, and clients are strongly advised to upgrade their systems. This is a post from HackRead.com Read the original post: Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw |
Malware | ★★ | |
|
2023-11-22 17:44:00 | Les pirates nord-coréens se présentent en tant que recruteurs d'emplois et demandeurs dans des campagnes de logiciels malveillants North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns (lien direct) |
Les acteurs de la menace nord-coréenne ont été liés à deux campagnes dans lesquelles ils se sont masqués en tant que recruteurs d'emplois et demandeurs pour distribuer des logiciels malveillants et obtenir un emploi non autorisé avec des organisations basées aux États-Unis et dans d'autres parties du monde.
Les grappes d'activités ont été nommées par codé interview et Wagemole, respectivement, par Palo Alto Networks Unit 42.
Tandis que la première série d'attaques
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks |
Malware Threat | ★★★ | |
|
2023-11-22 17:00:00 | Flaw in Apache ActiveMQ expose les systèmes Linux à la pavage de logiciels malveillants Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware (lien direct) |
Identifié comme CVE-2023-46604, la vulnérabilité a un score CVSS de 9,8
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8 |
Malware Vulnerability | ★★ | |
|
2023-11-22 16:41:22 | Sekoia: Dernier paysage cyber-menace du secteur financier Sekoia: Latest in the Financial Sector Cyber Threat Landscape (lien direct) |
Le phishing, les logiciels malveillants, les ransomwares, les attaques de chaîne d'approvisionnement, les violations de données et les attaques liées à la crypto figurent parmi les menaces les plus évolutives du secteur financier, explique Sekoia.
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia. |
Ransomware Malware Threat Studies | ★★★ | |
|
2023-11-22 13:06:25 | Microsoft: les pirates de Lazarus violant le cyberlink dans l'attaque de la chaîne d'approvisionnement Microsoft: Lazarus hackers breach CyberLink in supply chain attack (lien direct) |
Microsoft affirme qu'un groupe de piratage nord-coréen a violé la société de logiciels multimédias taïwanais Cyberlink et a traditionnel l'un de ses installateurs pour pousser les logiciels malveillants dans une attaque de chaîne d'approvisionnement ciblant les victimes potentielles du monde entier.[...]
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...] |
Malware | APT 38 APT 38 | ★★★ |
|
2023-11-22 12:39:04 | New Botnet Malware exploite deux jours zéro pour infecter les NVR et les routeurs New botnet malware exploits two zero-days to infect NVRs and routers (lien direct) |
Un nouveau botnet malware basé sur Mirai nommé \\ 'InfectedSlurs \' a exploité deux vulnérabilités d'exécution de code distant (RCE) à deux jours zéro jour pour infecter les routeurs et les enregistreurs vidéo (NVR).[...]
A new Mirai-based malware botnet named \'InfectedSlurs\' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. [...] |
Malware Vulnerability | ★★ | |
|
2023-11-22 11:00:00 | Cyber Fête de Thanksgiving: sauvegarde contre les escroqueries saisonnières Thanksgiving Cyber feast: Safeguarding against seasonal scams (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As the Thanksgiving season rapidly approaches, many look forward to the warmth of family gatherings, the aroma of roasted turkey, and the joy of gratitude. Yet, just as we prepare our homes and hearts for this festive season, cybercriminals are gearing up to unleash a different kind of feast—a cyber feast—rife with sophisticated scams targeting unsuspecting individuals and businesses alike. This article will take a closer look at various Thanksgiving-themed cyber threats, illuminating the nature and impact of devious digital deceptions while unpacking the methodologies these digital bad actors try to use. But fear not, because we’ll also offer some key strategies to help you secure and fortify your digital domains throughout the holidays. The rise of seasonal cyber threats As November and the holiday season roll around, a surge in online activity sweeps across the United States, both good and bad. Thanksgiving not only signifies a time of family gatherings and festive meals but also marks the beginning of the holiday shopping season, especially with Black Friday and Cyber Monday right around the corner—in response to this, cybercriminals see a ripe opportunity to scam. According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in. However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds. Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand | Malware Tool Vulnerability Threat | ★★ | |
|
2023-11-21 21:19:53 | Agent Tesla: le format d'archive ZPAQ inhabituel fournit des logiciels malveillants Agent Tesla: Unusual ZPAQ Archive Format Delivers Malware (lien direct) |
#### Description
Une nouvelle variante de l'agent Tesla a été découverte qui utilise l'extension de fichier archive ZPAQ et .wav pour infecter les systèmes et voler des informations à environ 40 navigateurs Web et divers clients de messagerie.ZPAQ est un format de compression de fichiers qui offre un meilleur rapport de compression et une fonction de journalisation par rapport à des formats largement utilisés comme ZIP et RAR.Cependant, le ZPAQ a un support logiciel limité, ce qui rend difficile le travail, en particulier pour les utilisateurs sans expertise technique.Le fichier exécutable .NET est gonflé avec zéro octets, ce qui permet aux acteurs de menace de contourner les mesures de sécurité traditionnelles et d'augmenter l'efficacité de leur attaque.
L'utilisation du format de compression ZPAQ soulève plus de questions que de réponses.Les hypothèses ici sont que les acteurs de la menace ciblent un groupe spécifique de personnes qui ont des connaissances techniques ou utilisent des outils d'archives moins connus, ou ils testent d'autres techniques pour diffuser plus rapidement les logiciels malveillants et contourner les logiciels de sécurité.
Le malware utilise Telegram en tant que C&C en raison de son utilisation juridique généralisée et du fait que son trafic est souvent autorisé à travers des pare-feu, ce qui en fait un support utile pour une communication secrète.Comme tout autre voleur, l'agent Tesla peut nuire non seulement aux particuliers mais aussi aux organisations.Il a gagné en popularité parmi les cybercriminels pour de nombreuses raisons, notamment la facilité d'utilisation, la polyvalence et l'abordabilité sur le Dark Web.
#### URL de référence (s)
1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-Tesla-zpaq
#### Date de publication
20 novembre 2023
#### Auteurs)
Anna Lvova
#### Description A new variant of Agent Tesla has been discovered that uses the ZPAQ archive and .wav file extension to infect systems and steal information from approximately 40 web browsers and various email clients. ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR. However, ZPAQ has limited software support, making it difficult to work with, especially for users without technical expertise. The .NET executable file is bloated with zero bytes, which allows threat actors to bypass traditional security measures and increase the effectiveness of their attack. The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software. The malware uses Telegram as a C&C due to its widespread legal usage and the fact that its traffic is often allowed through firewalls, making it a useful medium for covert communication. Like any other stealer, Agent Tesla can harm not only private individuals but also organizations. It has gained popularity among cybercriminals for many reasons including ease of use, versatility, and affordability on the Dark Web. #### Reference URL(s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq #### Publication Date November 20, 2023 #### Author(s) Anna Lvova |
Malware Tool Threat Technical | ★★★ | |
|
2023-11-21 19:30:00 | Les pirates créent de fausses applications bancaires pour voler les données financières des utilisateurs indiens Hackers create fake banking apps to steal financial data from Indian users (lien direct) |
Les chercheurs ont découvert une campagne en cours de vol d'information ciblant les clients des banques indiennes avec des logiciels malveillants mobiles.Les cybercriminels derrière la campagne induisent des utilisateurs pour installer des applications bancaires frauduleuses sur leurs appareils en usurpant l'identité d'organisations légitimes, telles que les institutions financières, les services gouvernementaux et les services publics.Une fois installés, ces applications exfiltraient divers types de données sensibles des utilisateurs, y compris
Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware. The cybercriminals behind the campaign trick users into installing fraudulent banking apps on their devices by impersonating legitimate organizations, such as financial institutions, government services, and utilities. Once installed, these apps exfiltrate various types of sensitive data from users, including |
Malware | ★★★ | |
|
2023-11-21 17:27:00 | Nouvel agent Tesla Malware Variant à l'aide de la compression ZPAQ dans les attaques par e-mail New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks (lien direct) |
Une nouvelle variante de l'agent Tesla Malware a été observée livrée via un fichier de leurre avec le format de compression ZPAQ pour récolter les données de plusieurs clients de messagerie et près de 40 navigateurs Web.
"ZPAQ est un format de compression de fichiers qui offre un meilleur rapport de compression et une fonction de journalisation par rapport à des formats largement utilisés comme ZIP et RAR", a déclaré Anna Lvova, analyste des logiciels malveillants de données, dans une analyse du lundi.
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis. |
Malware | ★★★ | |
|
2023-11-21 15:30:00 | Darkgate et Pikabot Activity Surge à la suite du démontage de Qakbot DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown (lien direct) |
Les acteurs de la menace se sont déplacés vers d'autres chargeurs de logiciels malveillants après le retrait du FBI de Qakbot
Threat actors have shifted to other malware loaders following QakBot FBI takedown |
Malware Threat | ★★ |
To see everything:
Our RSS (filtrered)
