What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-07 11:00:00 | Sécuriser l'IA Securing AI (lien direct) |
With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from | Tool Vulnerability Threat Mobile Medical Cloud Technical | ChatGPT | ★★ |
 |
2024-03-07 09:16:25 | ANY.RUN – La sandbox cloud des chasseurs de malwares (lien direct) | ANY.RUN est un service basé sur le cloud pour l'analyse des malwares sous Windows et Linux, aidant les analystes à étudier les menaces en toute sécurité. Offrant un contrôle total sur l'activité des malwares, la plateforme présente des avantages tels que l'accès instantané aux résultats et une structure arborescente visuelle interactive. ANY.RUN est compatible avec les navigateurs et systèmes d'exploitation populaires, et prend en charge l'analyse des malwares Linux. Il offre une solution rentable pour les organisations. | Threat Cloud | ★★ | |
 |
2024-03-07 08:00:00 | Les architectes de l'évasion: un paysage de menace des cryptères The Architects of Evasion: a Crypters Threat Landscape (lien direct) |
> Dans ce rapport, nous introduisons des concepts clés et analysons les différentes activités liées à Crypter et l'écosystème lucratif des groupes de menaces en les tirant parti des campagnes malveillantes.
la publication Suivante Les architectes de l'évasion: un paysage de menace des Crypte est un article de blog Sekoia.io .
>In this report, we introduce key concepts and analyse the different crypter-related activities and the lucrative ecosystem of threat groups leveraging them in malicious campaigns. La publication suivante The Architects of Evasion: a Crypters Threat Landscape est un article de Sekoia.io Blog. |
Threat | ★★★ | |
 |
2024-03-07 07:11:54 | Arrêt de cybersécurité du mois: détection d'une attaque de code QR malveillante multicouche Cybersecurity Stop of the Month: Detecting a Multilayered Malicious QR Code Attack (lien direct) |
This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Business email compromise (BEC) EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation Supply chain compromise In this post, we delve into a new and sophisticated QR code attack that we recently detected and stopped. It shows how attackers constantly innovate-and how Proofpoint stays ahead of the curve. The scenario Typically, in a QR code attack a malicious QR code is directly embedded in an email. But recently, attackers have come up with a new and sophisticated variation. In these multilayered attacks, the malicious QR code is hidden in what seems like a harmless PDF attachment. To slow down automated detection and confuse traditional email security tools, attackers use anti-evasion tactics like adding a Cloudflare CAPTCHA. This means that tools using traditional URL reputation detection face an uphill battle in trying to identify them. Proofpoint recently found one of these threats as it conducted a threat assessment at a U.S.-based automotive company with 11,000 employees. The company\'s incumbent security tools-an API-based email security tool and its native security-both boasted QR scanning capabilities. Yet both classified the email as clean and delivered it to the end user. The threat: How did the attack happen? Here\'s a closer look at how the attack unfolded. 1. A deceptive lure. The email was designed to appear legitimate, and it played on the urgency of tax season. This prompted the recipient to open an attached PDF. The initial email to the end user. 2. Malicious QR code embedded in the PDF. Unlike previous QR code attacks, the malicious URL in this attack was not directly visible in the email. Instead, it was hidden in the attached PDF. Given the ubiquity of QR codes, this might not have seemed suspicious to the recipient. The attached PDF with the embedded QR code (obscured). 3. Cloudflare CAPTCHA hurdle. The attacker added another layer of deception. They used a Cloudflare CAPTCHA on the landing page from the QR code URL to further hide the underlying threat. This step aimed to bypass security detection tools that rely solely on analyzing a URL\'s reputation. Cloudflare CAPTCHA on the QR code URL landing page. 4. Credential phishing endgame. Once the CAPTCHA was solved, the malicious QR code led to a phishing landing page set up to steal user credentials. The theft of user credentials can give a malicious actor access to a user\'s account to spread attacks internally for lateral movement. Or they might use them externally to deceive partners or suppliers as with supplier email compromise attacks. Detection: How did Proofpoint prevent this attack? The use of optical character recognition (OCR) or other QR code scanning techniques plays a vital role in defending against QR code threats. But QR code scanning is only the mechanism used to extract the hidden URL. It does not act as a detection mechanism to decipher between legitimate or malicious QR codes. Many tools, including the incumbent email security tools used by the automotive company, claim to parse QR codes and extract the URL for analysis. However, they lack the ability to scan URLs within an embedded image in an attachment. Few tools have engineered the ability to use in-depth URL analysis on a scale like Proofpoint. Proofpo | Tool Threat | ★★★ | |
 |
2024-03-07 06:27:08 | Ici \\, quelque chose d'autre peut faire: exposer Bad Infosec pour donner aux cyber-crims une orteil dans votre organisation Here\\'s something else AI can do: expose bad infosec to give cyber-crims a toehold in your organization (lien direct) |
Les chercheurs singapouriens notent la présence croissante de crédits de chatppt dans les journaux malwares infoséaler trouvé quelques 225 000 journaux de voleurs contenant des détails de connexion pour le service l'année dernière.…
Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year.… |
Malware Threat | ChatGPT | ★★★ |
 |
2024-03-06 22:28:00 | Les pirates exploitent le fil mal conçu, le docker, la confluence, les serveurs redis pour l'exploitation de cryptographie Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (lien direct) |
Les acteurs de la menace ciblent les serveurs erronés et vulnérables exécutant les services Apache Hadoop, Docker, Atlassian Confluence et Redis dans le cadre d'une campagne de logiciels malveillants émergente conçue pour fournir un mineur de crypto-monnaie et engendrer un coquille inverse pour un accès à distance persistant.
«Les attaquants tirent parti de ces outils pour émettre du code d'exploitation, en profitant des erreurs de configuration courantes et
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and |
Malware Tool Threat | ★★ | |
 |
2024-03-06 21:12:22 | Fil de spinning - Une nouvelle campagne de logiciels malveillants Linux cible Docker, Apache Hadoop, Redis et Confluence Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence (lien direct) |
#### Description
Les chercheurs de CADO Security Labs ont récemment rencontré une campagne de logiciels malveillants émergente ciblant des serveurs mal configurés exécutant des services orientés Web.
La campagne utilise un certain nombre de charges utiles uniques et non déclarées, dont quatre binaires Golang, qui servent d'outils pour automatiser la découverte et l'infection des hôtes exécutant les services ci-dessus.Les attaquants tirent parti de ces outils pour émettre du code d'exploitation, en profitant des erreurs de configuration courantes et en exploitant une vulnérabilité du jour, pour effectuer des attaques d'exécution de code distant (RCE) et infecter de nouveaux hôtes.
Une fois l'accès initial atteint, une série de scripts de coquille et de techniques d'attaque General Linux sont utilisées pour livrer un mineur de crypto-monnaie, engendrer une coquille inversée et permettre un accès persistant aux hôtes compromis.
#### URL de référence (s)
1. https://www.cadosecurity.com/spinning-yarn-a-new-Linux-Malware-Campaign-Targets-Docker-Apache-Hadoop-Redis-and-Confluence /
#### Date de publication
6 mars 2024
#### Auteurs)
Matt Muir
#### Description Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running web-facing services. The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services. The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts. Once initial access is achieved, a series of shell scripts and general Linux attack techniques are used to deliver a cryptocurrency miner, spawn a reverse shell and enable persistent access to the compromised hosts. #### Reference URL(s) 1. https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ #### Publication Date March 6, 2024 #### Author(s) Matt Muir |
Malware Tool Vulnerability Threat | ★★★ | |
|
2024-03-06 20:33:00 | Arnaque de sortie: Blackcat Ransomware Group disparaît après un paiement de 22 millions de dollars Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout (lien direct) |
Les acteurs de la menace derrière le & nbsp; BlackCat Ransomware & NBSP; ont fermé leur site Web Darknet et ont probablement tiré une arnaque de sortie après avoir téléchargé une bannière de crise d'application de la loi.
"Alphv / Blackcat n'a pas été saisi. Ils sont de sortie en escroquerie leurs sociétés affiliées", a déclaré le chercheur en sécurité Fabian Wosar & NBSP;"Il est manifestement évident lorsque vous vérifiez le code source du nouvel avis de retrait."
"Là
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There |
Ransomware Threat Legislation | ★★★★ | |
 |
2024-03-06 19:15:07 | Patch maintenant: Apple Zero-Day Exploits contourner la sécurité du noyau Patch Now: Apple Zero-Day Exploits Bypass Kernel Security (lien direct) |
Une paire de bogues critiques pourrait ouvrir la porte pour terminer le compromis du système, y compris l'accès aux informations de localisation, la caméra et le micro iPhone et les messages.Les attaquants de RootKited pourraient également effectuer des mouvements latéraux vers les réseaux d'entreprise.
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too. |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-03-06 18:41:16 | Fake Skype, Zoom, Google Meet Sites Infecting Devices avec plusieurs rats Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs (lien direct) |
> Par deeba ahmed
Menace de Troie à l'accès à distance: Méfiez-vous des téléchargements malveillants déguisés en applications de réunion.
Ceci est un article de HackRead.com Lire la publication originale: Fake Skype, Zoom, Google Rencontrez des sites infectieux avec plusieurs rats
>By Deeba Ahmed Remote Access Trojan Threat: Beware Malicious Downloads Disguised as Meeting Apps. This is a post from HackRead.com Read the original post: Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs |
Threat | ★★ | |
 |
2024-03-06 16:55:05 | Prise en charge de l'initiative de responsabilité spyware Support from the Spyware Accountability Initiative (lien direct) |
> Le laboratoire de sécurité d'Amnesty International a le plaisir d'annoncer qu'il fait partie de la cohorte inaugurale de groupes qui sera soutenue par la Spyware Accountability Initiative (SAI), dont la mission est de développer un domaine mondial des organisations de la société civile qui progressentRecherche de menace, plaidoyer et responsabilité pour résoudre l'utilisation et le commerce des logiciels espions. & # 160;[& # 8230;]
>Amnesty International\'s Security Lab is pleased to announce that it is part of the inaugural cohort of groups to be supported by the Spyware Accountability Initiative (SAI), whose mission is to grow a global field of civil society organizations who are advancing threat research, advocacy and accountability to address the use and trade of spyware. […] |
Threat | ★★ | |
 |
2024-03-06 15:00:00 | Mémo sur les menaces du cloud: Google Drive a abusé des organisations ciblées dans les pays asiatiques Cloud Threats Memo: Google Drive Abused to Target Organizations in Asian Countries (lien direct) |
> Le dernier exemple d'une menace persistante avancée exploitant un service cloud légitime pour fournir une charge utile malveillante a récemment été déterminé par les chercheurs de Trend Micro.En tant que suivi d'une campagne ciblant plusieurs pays européens, découvert en juillet 2023 et attribué à l'APT Earth Preta (également connu sous le nom de Mustang Panda et Bronze [& # 8230;]
>The latest example of an advanced persistent threat exploiting a legitimate cloud service to deliver a malicious payload was recently unearthed by researchers at Trend Micro. As a follow up of a campaign targeting several European countries, discovered in July 2023 and attributed to the APT Earth Preta (also known as Mustang Panda and Bronze […] |
Threat Prediction Cloud | ★★ | |
|
2024-03-06 14:38:08 | Cryptochameleon: de nouvelles tactiques de phishing exposées dans l'attaque ciblée par la FCC CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack (lien direct) |
#### Description
Des chercheurs en sécurité de Lookout ont récemment découvert un kit de phishing sophistiqué, connu sous le nom de cryptochameleon, utilisant de nouvelles techniques pour voler des données sensibles des plateformes de crypto-monnaie et de la Federal Communications Commission (FCC).Ce kit utilise des pages de connexion unique (SSO) personnalisées et des leurres téléphoniques / SMS pour extraire les informations d'identification de connexion, les jetons multi-facteurs et les identifiants photo des victimes, principalement sur les appareils mobiles.Notamment, le kit comprend une console administrative pour surveiller les tentatives de phishing et offre des redirections personnalisées basées sur les réponses des victimes, en mettant l'accent sur l'imitation des processus AMF authentiques.Les attaques ont réussi à compromettre des centaines de victimes, principalement aux États-Unis.Alors que les tactiques ressemblent à des acteurs précédents comme [dispersée Spider alias Octo Tempest] (https://ti.defender.microsoft.com/intel-profiles/205381037ed05d275251862061dd923309ac9ecdc2a9951d7c344d890a61101a), infrastructure.
#### URL de référence (s)
1. https://www.lookout.com/Threat-intelligence/article/cryptochameleon-fcc-phishing-kit
#### Date de publication
29 février 2024
#### Auteurs)
David Richardson
Savio Lau
#### Description Security researchers from Lookout recently uncovered a sophisticated phishing kit, known as CryptoChameleon, utilizing novel techniques to steal sensitive data from cryptocurrency platforms and the Federal Communications Commission (FCC). This kit employs custom single sign-on (SSO) pages and phone/SMS lures to extract login credentials, multi-factor tokens, and photo IDs from victims, primarily on mobile devices. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. Attacks have successfully compromised hundreds of victims, primarily in the United States. While tactics resemble previous actors like [Scattered Spider AKA Octo Tempest](https://ti.defender.microsoft.com/intel-profiles/205381037ed05d275251862061dd923309ac9ecdc2a9951d7c344d890a61101a), infrastructure differences suggest a distinctly different threat group. #### Reference URL(s) 1. https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit #### Publication Date February 29, 2024 #### Author(s) David Richardson Savio Lau |
Threat Mobile | ★★★ | |
|
2024-03-06 14:24:33 | La montée de la fraude de l'ingénierie sociale dans le compromis des e-mails commerciaux The Rise of Social Engineering Fraud in Business Email Compromise (lien direct) |
En examinant les tactiques d'ingénierie sociale communes et quatre des groupes de menaces les plus sournois, les organisations peuvent mieux se défendre.
By examining common social engineering tactics and four of the most devious threat groups, organizations can better defend themselves. |
Threat | ★★ | |
|
2024-03-06 13:55:16 | TA4903: acteur usurpation du gouvernement américain, petites entreprises en phishing, BEC BIDS TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids (lien direct) |
Key takeaways TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2) business email compromise (BEC). TA4903 routinely conducts campaigns spoofing various U.S. government entities to steal corporate credentials. The actor also spoofs organizations in various sectors including construction, finance, healthcare, food and beverage, and others. The campaign volumes range from hundreds of messages to tens of thousands of messages per campaign. The messages typically target entities in the U.S., although additional global targeting has been observed. TA4903 has been observed using the EvilProxy MFA bypass tool. In late 2023, TA4903 began adopting QR codes in credential phishing campaigns. Overview TA4903 is a financially motivated cybercriminal threat actor that spoofs both U.S. government entities and private businesses across many industries. The actor mostly targets organizations located in the United States, but occasionally those located globally, with high-volume email campaigns. Proofpoint assesses with high confidence the objectives of the campaigns are to steal corporate credentials, infiltrate mailboxes, and conduct follow-on business email compromise (BEC) activity. Proofpoint began observing a series of campaigns spoofing federal U.S. government entities in December 2021. The campaigns, which were subsequently attributed to TA4903, first masqueraded as the U.S. Department of Labor. In 2022 campaigns, the threat actors purported to be the U.S. Departments of Housing and Urban Development, Transportation, and Commerce. During 2023, the actor began to spoof the U.S. Department of Agriculture. In mid-2023 through 2024, Proofpoint observed an increase in credential phishing and fraud campaigns using different themes from TA4903. The actor began spoofing various small and medium-sized businesses (SMBs) across various industries including construction, manufacturing, energy, finance, food and beverage, and others. Proofpoint observed an increase in the tempo of BEC themes as well, including using themes such as “cyberattacks” to prompt victims to provide payment and banking details. Most credential phishing messages associated with this actor contain URLs or attachments leading to credential phishing websites. In some cases, including the government-themed campaigns, messages contain PDF attachments that contain embedded links or QR codes leading to websites that appear to be direct clones of the spoofed government agency. Based on Proofpoint\'s research and tactics, techniques, and procedures (TTPs) observed in open-source intelligence, activity related to TA4903\'s impersonation of U.S. government entities goes back to at least mid-2021. TTPs associated with the actor\'s broader credential phishing and BEC activities are observable as long ago as 2019. Campaign details Government bid spoofing Historically, Proofpoint mostly observed TA4903 conducting credential theft campaigns using PDF attachments leading to portals spoofing U.S. government entities, typically using bid proposal lures. In late 2023, TA4903 began spoofing the USDA and began incorporating QR codes into their PDFs, a technique previously unobserved by this actor. Messages may purport to be, for example: From: U.S. Department of Agriculture Subject: Invitation To Bid Attachment: usda2784748973bid.pdf Example of one page of a multi-page PDF spoofing the USDA. The “Bid Now” button is hyperlinked to the same URL as the QR code. In these campaigns, the PDF attachments are typically multiple pages long and have both embedded URLs and QR codes that lead to government-branded phishing websites. Example credential phishing website operated by TA4903, designed to capture O365 and other email account credentials. In 2023, Proofpoint observed TA4903 spoof the U.S. Department of Transportation, the U.S. Small Business Administration (SBA), and the USDA us | Tool Threat Medical | ★★★ | |
 |
2024-03-06 13:02:10 | Que.Prairie.Weekly # 61 - ALPHV SORK SPAMMED ?? Det. Eng. Weekly #61 - AlphV exit scammed?? (lien direct) |
Et tout ce que j'ai eu était une menace de merde Intel
And all I got was crappy threat intel takes |
Threat | ★★★ | |
|
2024-03-06 13:01:19 | Gestion des risques de vulnérabilité pour les actifs externes Vulnerability Risk Management for External Assets (lien direct) |
> Par uzair amir
Gestion des risques de vulnérabilité, contrairement aux approches traditionnelles, les facteurs de criticité de la vulnérabilité, de la probabilité de l'exploitation et de l'impact commercial, de l'amélioration des stratégies d'évaluation des risques et d'atténuation.
Ceci est un article de HackRead.com Lire le post original: Gestion des risques de vulnérabilité pour les actifs externes
>By Uzair Amir Vulnerability risk management, unlike traditional approaches, factors in vulnerability criticality, exploit likelihood, and business impact, enhancing risk assessment and mitigation strategies. This is a post from HackRead.com Read the original post: Vulnerability Risk Management for External Assets |
Vulnerability Threat | ★★ | |
|
2024-03-06 12:31:00 | Nouveau groupe apt \\ 'Lotus Bane \\' derrière les attaques récentes contre les entités financières du Vietnam \\ New APT Group \\'Lotus Bane\\' Behind Recent Attacks on Vietnam\\'s Financial Entities (lien direct) |
Une entité financière au Vietnam a été la cible d'un acteur de menace auparavant sans papiers appelé & nbsp; Lotus Bane & Nbsp; qui a été détecté pour la première fois en mars 2023.
Le groupe de Singapour, dont le siège social, a décrit la tenue de piratage comme un groupe de menaces persistant avancé qui aurait été actif depuis au moins 2022.
Les spécificités exactes de la chaîne d'infection restent encore inconnues, mais elle implique le
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that\'s believed to have been active since at least 2022. The exact specifics of the infection chain remain unknown as yet, but it involves the |
Threat | ★★★ | |
 |
2024-03-06 12:16:22 | Cyber Insights 2024: OT, ICS et IIOT Cyber Insights 2024: OT, ICS and IIoT (lien direct) |
> À l'ère de l'augmentation des tensions géopolitiques causées par les guerres réelles et la menace d'une action chinoise contre Taïwan, l'OT est une cible qui ne peut être ignorée par les États-nations.
>In an age of increasing geopolitical tensions caused by actual wars, and the threat of Chinese action against Taiwan, OT is a target that cannot be ignored by nation states. |
Threat Industrial | ★★ | |
|
2024-03-06 11:24:00 | Urgent: Apple émet des mises à jour critiques pour les défauts nuls exploités activement Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (lien direct) |
Apple a publié des mises à jour de sécurité pour aborder plusieurs défauts de sécurité, dont deux vulnérabilités qui, selon elle, ont été activement exploitées dans la nature.
Les lacunes sont répertoriées ci-dessous -
CVE-2024-23225 & NBSP; - un problème de corruption de mémoire dans le noyau qu'un attaquant avec une capacité de lecture et d'écriture arbitraire peut exploiter pour contourner les protections de la mémoire du noyau
CVE-2024-23296 & NBSP; - une mémoire
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296 - A memory |
Vulnerability Threat | ★★★ | |
|
2024-03-06 11:00:00 | Les escroqueries «Phantom Hacker» ciblant les seniors sont en augmentation “Phantom hacker” scams targeting seniors are on the rise (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. “Phantom hacker” scams — tech support-style scams that trick people into transferring money by falsely claiming their computer or online security is compromised — are on the rise, and “significantly impacting senior citizens, who often lose their entire bank, savings, retirement or investment accounts to such crime”, CNBC reports. Notably, as of August 2023, damages stemming from tech support scams surged by 40%, compared to the corresponding period in 2022, a recent FBI public advisory reveals (specifics on the total financial impact, however, weren’t disclosed). 50% of people targeted were over 60 years old, accounting for 66% of the total financial damages. Financial predation: exploiting seniors\' savings Ample financial resources, technological unfamiliarity, and a generally trusting nature collectively makes the elderly a prime target for phantom hacker scams. “Older adults have generally amassed a larger nest egg than younger age groups, and therefore pose a more lucrative target for criminals. Older adults are also particularly mindful of potential risks to their life savings,” Gregory Nelsen, FBI Cleveland special agent in charge, said in a statement. “These scammers are cold and calculated,” he added. “The criminals are using the victims’ own attentiveness against them”. Additionally, older adults may be less familiar with the intricacies of technology and cybersecurity, making them more susceptible to manipulation and deception. And, due to the generally polite and trusting nature of seniors, scammers can have an easier time establishing rapport and gaining the trust needed to pull off their scams. | Threat | ★★★ | |
 |
2024-03-06 11:00:00 | Skype, Google Meet et Zoom utilisés dans une nouvelle campagne d'escroquerie de Troie Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign (lien direct) |
Un nouvel acteur de menace a été observé par Zscaler distribuant des chevaux de Troie (rats) d'accès à distance via des leurres de réunion en ligne
A new threat actor has been observed by Zscaler distributing remote access Trojans (RATs) via online meeting lures |
Threat | ★★ | |
 |
2024-03-06 10:47:10 | Pourquoi les tests de pénétration annuels pour l'industrie des médias doivent évoluer Why annual penetration testing for the media industry must evolve (lien direct) |
> L'industrie des médias est un objectif majeur pour les cyberattaques.Avec l'évolution constante de la technologie, les cybercriminels développent des méthodes de plus en plus sophistiquées pour exploiter les vulnérabilités et les systèmes de compromis.Les mesures de sécurité traditionnelles, telles que les tests de pénétration annuelle, ne sont plus suffisantes pour protéger les organisations des médias contre ces menaces en évolution.Il est clair que les tests de sécurité pour les organisations de médias [& # 8230;]
>The media industry is a major target for cyberattacks. With the constant evolution of technology, cybercriminals are developing increasingly sophisticated methods to exploit vulnerabilities and compromise systems. Traditional security measures, such as annual penetration tests, are no longer sufficient to protect media organizations from these evolving threats. It’s clear that security testing for media organizations […] |
Vulnerability Threat | ★★ | |
 |
2024-03-06 09:42:13 | Rapports de tendances de menace de vérification de vérification des menaces de février Checkmarx February Threat Trends Report (lien direct) |
CheckMarx vient de publier son rapport sur les tendances des menaces de sécurité de la chaîne d'approvisionnement de février.
Les recherches effectuées par l'équipe de recherche sur la sécurité de CheckMarx en février ont rencontré de nouveaux cas des types d'attaques suivants, qui représentent la continuation des techniques d'attaque observées pour la première fois en 2023 et plus tôt.
-
revues de produits
Checkmarx just released its February Supply Chain Security Threat Trends report. Research performed by the Checkmarx security research team in February encountered new cases of the following types of attacks, which represent the continuation of attack techniques first seen in 2023 and earlier. - Product Reviews |
Threat | ★★ | |
|
2024-03-06 08:56:56 | Microsoft Windows Security Update Advisory (CVE-2024-21338) (lien direct) | aperçu du 13 février 2024, Microsoft a annoncé une élévation du noyau Windows des privilèges Vulnérabilité CVE-2012-21338correctif.La vulnérabilité se produit à certains ioctl de & # 8220; appid.sys & # 8221;Connu sous le nom de pilote AppLocker, l'une des fonctionnalités Windows.L'acteur de menace peut lire et écrire sur une mémoire de noyau aléatoire en exploitant la vulnérabilité, et peut soit désactiver les produits de sécurité ou gagner le privilège du système.Avast a rapporté que le groupe de menaces Lazarus a récemment utilisé la vulnérabilité CVE-2024-21338 à désactiver les produits de sécurité.Ainsi, les utilisateurs de Windows OS sont ...
Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users are... |
Vulnerability Threat | APT 38 | ★★ |
 |
2024-03-06 01:38:41 | Aucun problème de sécurité alors que Super Mardi tire à sa fin, dit le responsable de la CISA No security issues as Super Tuesday draws to a close, CISA official says (lien direct) |
Les menaces de cyber et d'influence ne se sont pas concrétisées comme le plus grand jour du calendrier primaire présidentiel se sont terminés, selon un responsable américain.«Nous n'avons observé aucun problème de l'ordinaire aujourd'hui.Nous continuons avec l'évaluation qu'il n'y a aucune menace connue, crédible ou spécifique aux opérations du jour du scrutin d'aujourd'hui »,"
Cyber and influence threats did not materialize as the biggest day of the presidential primary calendar drew to a close, according to a U.S. official. “We did not observe any issues out of the ordinary today. We continue with the assessment that there is no known, credible or specific threat to today\'s election day operations,” |
Threat | ★★★ | |
|
2024-03-06 01:26:31 | Z0miner exploite les serveurs Web coréens pour attaquer le serveur WebLogic z0Miner Exploits Korean Web Servers to Attack WebLogic Server (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a trouvé de nombreux cas d'acteurs de menace attaquant les serveurs coréens vulnérables.Ce post présente l'un des cas récents dans lesquels l'acteur de menace \\ 'z0min \' a attaqué des serveurs coréens Weblogic.Z0miner a été présenté pour la première fois par Tencent Security, un fournisseur de services Internet chinois.https://s.tencent.com/research/report/1170.html (ce lien n'est disponible qu'en chinois.) Ces acteurs de menace ont une histoire de distribution de mineurs contre les serveurs vulnérables (Atlassian Confluence, Apache ActiveMq, Log4J, etc.), et ils étaient fréquemment mentionnés dans l'ASEC ...
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor \'z0Miner\' attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is only available in Chinese.) These threat actors have a history of distributing miners against vulnerable servers (Atlassian Confluence, Apache ActiveMQ, Log4J, etc.), and they were frequently mentioned in the ASEC... |
Threat | ★★★ | |
|
2024-03-06 01:05:06 | Faits saillants hebdomadaires d'osint, 4 mars 2024 Weekly OSINT Highlights, 4 March 2024 (lien direct) |
## Weekly OSINT Highlights, 4 March 2024 Ransomware loomed large in cyber security research news this week, with our curated OSINT featuring research on Abyss Locker, BlackCat, and Phobos. Phishing attacks, information stealers, and spyware are also in the mix, highlighting the notable diversity in the cyber threat landscape. The OSINT reporting this week showcases the evolving tactics of threat actors, with operators increasingly employing multifaceted strategies across different operating systems. Further, the targets of these attacks span a wide range, from civil society figures targeted by spyware in the Middle East and North Africa to state and local governments victimized by ransomware. The prevalence of attacks on sectors like healthcare underscores the significant impact on critical infrastructure and the potential for substantial financial gain through ransom payments. 1. [**Abyss Locker Ransomware Evolution and Tactics**](https://ti.defender.microsoft.com/articles/fc80abff): Abyss Locker ransomware, derived from HelloKitty, exfiltrates victim data before encryption and targets Windows systems, with a subsequent Linux variant observed. Its capabilities include deleting backups and employing different tactics for virtual machines, indicating a growing sophistication in ransomware attacks. 2. [**ALPHV Blackcat Ransomware-as-a-Service (RaaS)**:](https://ti.defender.microsoft.com/articles/b85e83eb) The FBI and CISA warn of ALPHV Blackcat RaaS, which targets multiple sectors, particularly healthcare. Recent updates to ALPHV Blackcat include improved defense evasion, encryption capabilities for Windows and Linux, reflecting the increasing sophistication in ransomware operations. 3. [**Phobos RaaS Model**](https://ti.defender.microsoft.com/articles/ad1bfcb4): Phobos ransomware, operating as a RaaS model, frequently targets state and local governments. Its use of accessible open-source tools enhances its popularity among threat actors, emphasizing the ease of deployment and customization for various environments. 4. [**TimbreStealer Phishing Campaign**](https://ti.defender.microsoft.com/articles/b61544ba): Talos identifies a phishing campaign distributing TimbreStealer, an information stealer disguised as Mexican tax-related themes. The threat actor was previously associated with banking trojans, underscoring the adaptability and persistence of malicious actors. 5. [**Nood RAT Malware Features and Stealth**](https://ti.defender.microsoft.com/articles/cc509147): ASEC uncovers Nood RAT, a Linux-based variant of Gh0st RAT, equipped with encryption and disguised as legitimate software. The malware\'s flexibility in binary creation and process naming underscores the threat actor\'s intent to evade detection and carry out malicious activities with sophistication. 6. [**Predator Spyware Infrastructure and Targeting**](https://ti.defender.microsoft.com/articles/7287eb1b): The Insikt Group\'s discovery highlights the widespread use of Predator spyware, primarily targeting journalists, politicians, and activists in various countries. Despite its purported use for counterterrorism and law enforcement, Predator is employed by threat actors outside these contexts, posing significant privacy and safety risks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following | Ransomware Spam Malware Tool Threat Legislation Medical | ★★★★ | |
 |
2024-03-06 00:00:00 | Dévoiler la Terre Kapre AKA AKE REDCURL \\'s Cyberspionage Tactics with Trend Micro MDR, Mende Intelligence Unveiling Earth Kapre aka RedCurl\\'s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence (lien direct) |
Cette entrée de blog examinera l'enquête de Trend Micro MDR Team \\ qui a réussi à découvrir les ensembles d'intrusion employés par Earth Kapre dans un incident récent, ainsi que sur la façon dont l'équipe a exploité les renseignements sur les menaces pour attribuer les preuves extraites au groupe de menaces de Cyberespionage.
This blog entry will examine Trend Micro MDR team\'s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group. |
Threat Prediction | ★★ | |
|
2024-03-05 21:48:00 | Les pirates exploitent ConnectWise Screenconnect Flaws pour déployer des logiciels malveillants Toddlershark Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (lien direct) |
Les acteurs de la menace nord-coréenne ont exploité les défauts de sécurité récemment divulgués dans ConnectWise ScreenConnect pour déployer un nouveau malware appelé & nbsp; Toddlershark.
Selon un rapport partagé par Kroll avec The Hacker News, Toddlershark chevauche des logiciels malveillants Kimsuky connus tels que BabyShark et Reonshark.
«L'acteur de menace a eu accès au poste de travail de victime en exploitant l'assistant de configuration exposé
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard |
Malware Threat | ★★ | |
 |
2024-03-05 20:00:39 | Félicitations à Check Point \\'s CPX Americas Partner Award Gainters Congratulating Check Point\\'s CPX Americas Partner Award Winners (lien direct) |
> 2023 a été l'année des attaques de méga ransomwares et des cybermenaces alimentées par l'IA avec 1 organisation sur 10 dans le monde en proie à des tentatives de ransomware.Nos partenaires étaient là pour soutenir et guider les clients au milieu du paysage des menaces croissantes et de nouvelles cyber-réglementations.Nous remercions tous nos partenaires pour leur dévouement continu à assurer la meilleure sécurité aux organisations de toutes tailles.Cette année, nous sommes fiers d'annoncer les prix des partenaires Amériques CPX suivants et de célébrer les gagnants: Americas Partner of the Year: Sayers Distributeur de l'année: licence en ligne GSI partenaire de l'année: DXC Technology Harmony Partner of the Year:Gotham [& # 8230;]
>2023 was the year of mega ransomware attacks and AI-fueled cyber threats with 1 in 10 organizations worldwide plagued by attempted ransomware attacks. Our partners were there to support and guide customers amidst the growing threat landscape and new cyber regulations. We thank all of our partners for their continued dedication to providing the best security to organizations of all sizes. This year, we\'re proud to announce the following CPX Americas Partner awards and celebrate the winners: Americas Partner of the Year: Sayers Distributor of the Year: Licensias OnLine GSI Partner of the Year: DXC Technology Harmony Partner of the Year: Gotham […] |
Ransomware Threat | ★★ | |
|
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical | APT 28 ChatGPT APT 4 | ★★ |
|
2024-03-05 18:04:52 | Le groupe de ransomware RA à croissance rapide devient global Fast-Growing RA Ransomware Group Goes Global (lien direct) |
Le groupe de menaces en évolution rapide utilise des tactiques à fort impact qui incluent la manipulation de la politique de groupe pour déployer des charges utiles dans les environnements.
The rapidly evolving threat group uses high-impact tactics that include manipulating group policy to deploy payloads across environments. |
Ransomware Threat | ★★ | |
|
2024-03-05 16:23:00 | Cybercriminels utilisant une nouvelle technique de détournement de DNS pour les escroqueries d'investissement Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams (lien direct) |
Un nouvel acteur de menace DNS surnommé & nbsp; Savvy Seahorse & nbsp; tire des techniques sophistiquées pour attirer des cibles dans de fausses plateformes d'investissement et voler des fonds.
"Savvy Seahorse est un acteur de menace DNS qui convainc les victimes de créer des comptes sur de fausses plateformes d'investissement, de faire des dépôts sur un compte personnel, puis transfère ces dépôts à une banque en Russie", InfoBlox & Nbsp; Said & Nbsp; dans un rapport
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report |
Threat | ★★ | |
|
2024-03-05 15:55:00 | AVERTISSEMENT: l'attaque de détournement de fil cible les réseaux, le vol de hachages NTLM Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes (lien direct) |
L'acteur de menace connu sous le nom de & nbsp; TA577 & nbsp; a été observé à l'aide de pièces jointes d'archives Zip dans les e-mails de phishing dans le but de voler les hachages de gestionnaire LAN NT (NTLM).
La nouvelle chaîne d'attaque «peut être utilisée à des fins de collecte d'informations sensibles et pour permettre l'activité de suivi», la société de sécurité d'entreprise Proofpoint & NBSP; a déclaré & nbsp; dans un rapport lundi.
Au moins deux campagnes en profitant
The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this |
Threat | ★★ | |
 |
2024-03-05 15:20:56 | SilobReaker s'intègre à la matrice d'attr & ck mitre Silobreaker integrates with MITRE ATT&CK Matrix to elevate threat intelligence for Enterprises and ICS (lien direct) |
La société de technologie de sécurité et de menace Silobreaker a annoncé une intégration avec Mitre Att & # 38; CK Matrix for Enterprise, Industrial Control ...
Security and threat intelligence technology company Silobreaker announced an integration with MITRE ATT&CK Matrix for Enterprise, Industrial Control... |
Threat Industrial | ★★★ | |
 |
2024-03-05 14:41:54 | Débloquer Snake - Python InfostEaler qui se cache à travers les services de messagerie Unboxing Snake - Python Infostealer Lurking Through Messaging Services (lien direct) |
Les services de sécurité de la cyberison des problèmes d'analyse des menaces pour informer les menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat | ★★ | |
|
2024-03-05 14:38:09 | Dell Technologies et CrowdStrike étendent leur partenariat (lien direct) | Dell Technologies et CrowdStrike étendent leur partenariat pour offrir des solutions complètes de détection et de réponse managées. Le service Dell MDR est désormais disponible avec la plateforme CrowdStrike Falcon® XDR basée sur l'IA, offrant la rapidité, l'expertise et la flexibilité dont les clients ont besoin pour faire face aux menaces. - Business | Threat | ★★★ | |
|
2024-03-05 12:13:26 | Les chercheurs testent des vers zéro cliquez Researchers Test Zero-click Worms that Exploit Generative AI Apps (lien direct) |
> Par waqas
Les chercheurs ont créé des vers d'ordinateur avec des capacités d'autopropagation qui ciblent les applications Genai.
Ceci est un article de HackRead.com Lire le post original: Les chercheurs testent des vers zéro cliquez en œuvre qui exploite les applications AI génératives
>By Waqas Researchers have created computer worms with self-propagation capabilities that target GenAI applications. This is a post from HackRead.com Read the original post: Researchers Test Zero-click Worms that Exploit Generative AI Apps |
Threat | ★★ | |
|
2024-03-05 09:04:00 | Critical JetBrains TeamCity sur site Les défauts pourraient conduire à des prises de contrôle du serveur Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers (lien direct) |
Une nouvelle paire de vulnérabilités de sécurité a été divulguée dans les logiciels sur site de JetBrains TeamCity qui pourraient être exploités par un acteur de menace pour prendre le contrôle des systèmes affectés.
Les défauts, suivis en CVE-2024-27198 (score CVSS: 9.8) et CVE-2024-27199 (score CVSS: 7.3), ont été abordés dans la version 2023.11.4.Ils ont un impact sur toutes les versions sur site de TeamCity jusqu'en 2023.11.3.
"Le
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. “The |
Vulnerability Threat | ★★ | |
 |
2024-03-05 06:11:30 | Que sont les attaques de commande et de contrôle? What Are Command and Control Attacks? (lien direct) |
Dans le paysage cyber-menace en expansion d'aujourd'hui, l'infiltration d'un système va au-delà de l'accès non autorisé ou de l'installation de logiciels malveillants.Pour atteindre leurs objectifs ultimes, les cybercriminels doivent maintenir une présence non détectée dans le système ou le réseau pour contrôler ou extraire des données en fonction de leurs besoins.Les attaques de commande et de contrôle, également appelées attaques C & C ou C2, créent un lien secret entre le système compromis et un serveur C2.Cette connexion de porte dérobée permet un accès prolongé, permettant le vol de données, les attaques de déni de service distribuées (DDOS), la crypto-exploitation ou même le compromis total du réseau par menace ...
In today\'s expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to their needs. Command and Control attacks, also known as C&C or C2 attacks, create a covert link between the compromised system and a C2 server. This backdoor connection allows prolonged access, enabling data theft, Distributed Denial of Service (DDoS) attacks, crypto-mining, or even total network compromise by threat... |
Malware Threat | ★★★ | |
|
2024-03-05 01:14:24 | Wograt Malware exploite AnotePad (Windows, Linux) WogRAT Malware Exploits aNotepad (Windows, Linux) (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment découvert la distribution des logiciels malveillants de secours via Anotepad, un en ligne gratuit en lignePlateforme de blocs-notes.Ledit malware prend en charge à la fois le format PE qui cible le système Windows et le format ELF qui cible le système Linux.Comme l'acteur de menace a utilisé la chaîne & # 8216; wingofgod & # 8217;Pendant le développement des logiciels malveillants, il est classé comme Wograt.& # 160;1. Cas de distribution, il est supposé que le WOGRAT a été continu en continu dans les attaques depuis la fin 2022 jusqu'à ...
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT. 1. Distribution Cases It is assumed that the WogRAT has continuously been used in attacks since late 2022 until... |
Malware Threat | ★★ | |
|
2024-03-04 23:05:43 | Critical TeamCity Bugs met en danger la chaîne d'approvisionnement des logiciels Critical TeamCity Bugs Endanger Software Supply Chain (lien direct) |
Les clients doivent immédiatement corriger les vulnérabilités critiques dans les déploiements sur site de l'outil de pipeline CI / CD JetBrains TeamCity qui pourrait permettre aux acteurs de menace de prendre le contrôle des administrateurs sur les serveurs.
Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers. |
Tool Vulnerability Threat | ★★ | |
 |
2024-03-04 15:52:38 | Les acteurs de l'État du pays chinois pour accélérer les tentatives de cyber-espionnage en 2024 Chinese nation state actors to ramp up cyber espionage attempts in 2024 (lien direct) |
Cyjax, un fournisseur de renseignements sur les menaces, annonce aujourd'hui ses dernières recherches, Broken China, analysant la situation socio-économique turbulente en Chine et comment cela entraînera probablement une augmentation des activités de cyber-espionnage par la RPC pour donner aux entreprises chinoises une compétitivité compétitivebord.Le rapport constate que la Chine est confrontée à des pressions économiques majeures de toutes les côtés.[& # 8230;]
Le message Les acteurs de l'État du pays chinois pour accélérer les tentatives de cyber-espionnage en 2024 sont apparus pour la première fois sur gourou de la sécurité informatique .
CYJAX, a threat intelligence provider, today announces its latest research, Broken China, analysing the turbulent socio-economic situation in China and how this will likely lead to an increase in cyber espionage activities by the PRC to give Chinese businesses a competitive edge. The report finds that China is facing major economic pressures from all sides. […] The post Chinese nation state actors to ramp up cyber espionage attempts in 2024 first appeared on IT Security Guru. |
Threat | ★★★ | |
|
2024-03-04 13:59:28 | 4 mars & # 8211;Rapport de renseignement sur les menaces 4th March – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 4 mars, veuillez télécharger notre bulletin Threat_Intelligence.Les meilleures attaques et violations UnitedHealth Group ont confirmé que sa filiale avait été attaquée par le gang de ransomware Alphv.6 téraoctets de données ont été volés dans l'attaque et Change Healthcare, un intermédiaire crucial entre les pharmacies et les compagnies d'assurance, était [& # 8230;]
>For the latest discoveries in cyber research for the week of 4th March, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES UnitedHealth Group confirmed its subsidiary was attacked by the ALPHV ransomware gang. 6 terabytes of data were stolen in the attack, and Change Healthcare, a crucial intermediary between pharmacies and insurance companies, was […] |
Ransomware Threat Medical | ★★ | |
|
2024-03-04 11:00:00 | Naviguer dans le paysage de la cybersécurité: une plongée profonde dans des stratégies efficaces SIEM Navigating the Cybersecurity landscape: A deep dive into effective SIEM strategies (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Comprehending and effectively addressing cybersecurity threats is paramount to organizational security. As artificial intelligence continues to evolve, how companies respond to cybersecurity threats and how they take proactive steps to mitigate them will factor heavily into profitability, reputation and long-term success. Within this context, Security Information and Event Management (SIEM) emerges as a critical tool for fortifying your defense against cyber threats. This deep dive aims to guide you through the foundational concepts, the pivotal role of SIEM in cybersecurity, and strategies to ensure its effectiveness. SIEM stands at the forefront, offering a centralized solution for monitoring, analyzing, and responding to security events across your network. This article is designed to be your guide, providing insights into the components of SIEM, the challenges it addresses, and most importantly, how to wield it effectively. Understanding the foundations | Tool Threat | ★★ | |
|
2024-03-04 10:54:00 | Phobos Ransomware ciblant agressivement l'infrastructure critique américaine Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (lien direct) |
Les agences de cybersécurité et de renseignement des États-Unis ont mis en garde contre & nbsp; phobos ransomware & nbsp; attaques ciblant le gouvernement et les entités d'infrastructure critiques, décrivant les diverses tactiques et techniques de menace que les acteurs ont adoptées pour déployer les logiciels malveillants de cryptage des fichiers.
«Structuré comme un modèle de ransomware en tant que service (RAAS), les acteurs de ransomware de Phobos ont ciblé des entités, notamment municipal et
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and |
Ransomware Malware Threat | ★★ | |
|
2024-03-04 06:00:36 | La chaîne d'attaque inhabituelle de TA577 \\ mène au vol de données NTLM TA577\\'s Unusual Attack Chain Leads to NTLM Data Theft (lien direct) |
Ce qui s'est passé Proofpoint a identifié l'acteur de menace cybercriminale notable TA577 en utilisant une nouvelle chaîne d'attaque pour démontrer un objectif inhabituellement observé: voler des informations d'authentification NT LAN Manager (NTLM).Cette activité peut être utilisée à des fins de collecte d'informations sensibles et pour permettre l'activité de suivi. Proofpoint a identifié au moins deux campagnes en tirant parti de la même technique pour voler des hachages NTLM les 26 et 27 février 2024. Les campagnes comprenaient des dizaines de milliers de messages ciblant des centaines d'organisations dans le monde.Les messages sont apparus sous forme de réponses aux e-mails précédents, appelés détournement de fil, et contenaient des pièces jointes HTML zippées. Exemple de message utilisant le détournement de thread contenant une pièce jointe zippée contenant un fichier HTML. Chaque pièce jointe .zip a un hachage de fichiers unique, et les HTML dans les fichiers compressés sont personnalisés pour être spécifiques pour chaque destinataire.Lorsqu'il est ouvert, le fichier HTML a déclenché une tentative de connexion système à un serveur de blocs de messages (SMB) via un actualisation Meta à un schéma de fichier URI se terminant par .txt.Autrement dit, le fichier contacterait automatiquement une ressource SMB externe appartenant à l'acteur de menace.ProofPoint n'a pas observé la livraison de logiciels malveillants de ces URL, mais les chercheurs évaluent à la grande confiance que l'objectif de Ta577 \\ est de capturer les paires de défi / réponse NTLMV2 du serveur SMB pour voler des hachages NTLM en fonction des caractéristiques de la chaîne d'attaque et des outils utilisés. Exemple HTML contenant l'URL (en commençant par «File: //») pointant vers la ressource SMB. Ces hachages pourraient être exploités pour la fissuration du mot de passe ou faciliter les attaques "pass-the-hash" en utilisant d'autres vulnérabilités au sein de l'organisation ciblée pour se déplacer latéralement dans un environnement touché.Les indications à l'appui de cette théorie comprennent des artefacts sur les serveurs SMB pointant vers l'utilisation de l'impaquette de boîte à outils open source pour l'attaque.L'utilisation d'Impacket sur le serveur SMB peut être identifiée par le défi du serveur NTLM par défaut "aaaaaaaaaaaaaaaaa" et le GUID par défaut observé dans le trafic.Ces pratiques sont rares dans les serveurs SMB standard. Capture de paquets observée (PCAP) de la campagne TA577. Toute tentative de connexion autorisée à ces serveurs SMB pourrait potentiellement compromettre les hachages NTLM, ainsi que la révélation d'autres informations sensibles telles que les noms d'ordinateurs, les noms de domaine et les noms d'utilisateur dans un texte clair. Il est à noter que TA577 a livré le HTML malveillant dans une archive zip pour générer un fichier local sur l'hôte.Si le schéma de fichiers URI était envoyé directement dans l'organisme de messagerie, l'attaque ne fonctionnerait pas sur les clients d'Outlook Mail patchés depuis juillet 2023. La désactivation de l'accès des clients à SMB n'atteint pas l'attaque, car le fichier doit tenter de s'authentifier auprès du serveur externe SMB ServerPour déterminer s'il doit utiliser l'accès des clients. Attribution TA577 est un acteur de menace de cybercriminalité éminent et l'un des principaux affiliés de QBOT avant la perturbation du botnet.Il est considéré comme un courtier d'accès initial (IAB) et Proofpoint a associé des campagnes TA577 avec des infections de ransomware de suivi, notamment Black Basta.Récemment, l'acteur favorise Pikabot comme charge utile initiale. Pourquoi est-ce important Proof Point observe généralement TA577 menant des attaques pour livrer des logiciels malveillants et n'a jamais observé cet acteur de menace démontrant la chaîne d'attaque utilisée pour voler des informations d'identification NTLM observées le 26 février.Récemment, TA577 a été observé pour fou | Ransomware Malware Tool Vulnerability Threat | ★★ | |
 |
2024-03-04 00:00:00 | Le ransomware mondial à plusieurs étages utilise des tactiques anti-AV, exploite GPO Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO (lien direct) |
L'équipe de chasse aux micro-menaces tendance est tombée sur une attaque mondiale de RA impliquant des composants à plusieurs degrés conçus pour assurer un impact maximal.
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. |
Ransomware Threat Prediction | ★★ | |
|
2024-03-02 13:12:49 | Nouveau cible de variantes de rat Bifrost Targets Linux, imite le domaine VMware New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain (lien direct) |
>By Waqas
Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004.
This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
>By Waqas Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004. This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
