What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-05 19:38:00 | AI-AS-A-SERVICE Fournisseurs vulnérables aux attaques de PRIVSC et de locataires croisés AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (lien direct) |
De nouvelles recherches ont révélé que l'intelligence artificielle (IA) -as-un-service, comme les étreintes, est sensible à deux risques critiques qui pourraient permettre aux acteurs de menace de dégénérer les privilèges, d'obtenir un accès croisé à d'autres clients \\ ', etPrendre même les pipelines d'intégration continue d'intégration et de déploiement continu (CI / CD).
"Les modèles malveillants représentent un risque majeur pour les systèmes d'IA,
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers\' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems, |
Threat | ★★ | |
 |
2024-04-05 14:00:00 | Les acteurs de la menace chinoise déploient de nouveaux TTP pour exploiter les vulnérabilités ivanti Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities (lien direct) |
Mandiant Research Détails comment les groupes d'espionnage chinois déploient de nouveaux outils après l'exploitation des vulnérabilités ivanti récemment corrigées
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities |
Tool Vulnerability Threat | ★★ | |
 |
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
 |
2024-04-05 12:50:29 | Gouvernance de la cybersécurité: un chemin vers la cyber-maturité Cybersecurity Governance: A Path To Cyber Maturity (lien direct) |
> Cette semaine en cybersécurité des éditeurs du magazine Cybercrime & # 8211;Lisez l'histoire complète dans TechTarget Sausalito, Californie & # 8211;5 avril 2024 Dans un paysage de menace de plus en plus difficile, de nombreuses organisations ont du mal à développer et à mettre en œuvre une gouvernance efficace de cybersécurité.TechTarget rapporte & # 160; que & # 160; les dommages de la cybercriminalité sont projetés
>This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechTarget Sausalito, Calif. – Apr. 5, 2024 In an increasingly challenging threat landscape, many organizations struggle with developing and implementing effective cybersecurity governance. TechTarget reports that damages from cybercrime are projected |
Threat | ★★ | |
|
2024-04-05 12:45:00 | Les chercheurs identifient plusieurs groupes de pirates en Chine exploitant des défauts de sécurité Ivanti Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (lien direct) |
Plusieurs acteurs de menace en Chine-Nexus ont été liés à l'exploitation zéro-jour de trois défauts de sécurité ayant un impact sur les appareils Ivanti (CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893).
Les clusters sont suivis par Mandiant sous les surnoms & NBSP; UNC5221, UNC5266, UNC5291, & NBSP; UNC5325, UNC5330 et UNC5337.Un autre groupe lié à la série d'exploitation est & nbsp; unc3886.
Le cloud Google
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud |
Vulnerability Threat Cloud | ★★★ | |
 |
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 21:12:00 | Les pirates basés au Vietnam volent des données financières à travers l'Asie avec des logiciels malveillants Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (lien direct) |
Un acteur suspecté de menace d'origine vietnamienne a été observé ciblant les victimes dans plusieurs pays d'Asie et d'Asie du Sud-Est, des logiciels malveillants conçus pour récolter des données précieuses depuis au moins mai 2023.
Cisco Talos suit le cluster sous le nom et NBSP; Coralraider, le décrivant comme motivé financièrement.Les cibles de la campagne comprennent l'Inde, la Chine, la Corée du Sud, le Bangladesh, le Pakistan, l'Indonésie,
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia, |
Malware Threat | ★★ | |
 |
2024-04-04 21:00:27 | Le pouvoir des assistants de l'IA et la détection avancée des menaces The Power of AI Assistants and Advanced Threat Detection (lien direct) |
> Explorez les prédictions sur l'IA en cybersécurité et cultivant une culture cyber-consciente.Découvrez l'émergence d'assistants de cybersécurité alimentés par l'IA.
>Explore predictions on AI in cybersecurity and cultivating a cyber-aware culture. Discover the emergence of AI-powered cybersecurity assistants. |
Threat | ★★ | |
 |
2024-04-04 14:12:16 | Une fausse menace de procès expose les sites de phishing privé Fake Lawsuit Threat Exposes Privnote Phishing Sites (lien direct) |
Un CyberCrook qui a créé des sites Web qui imitent le service d'auto-destruction du service de messages Privnote.com a accidentellement exposé l'étendue de leurs opérations récemment lorsqu'ils ont menacé de poursuivre une société de logiciels.La divulgation a révélé un réseau rentable de sites de phishing qui se comportent et ressemblent au véritable privnote, sauf que tous les messages contenant des adresses de crypto-monnaie seront automatiquement modifiés pour inclure une adresse de paiement différente contrôlée par les escrocs.
A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. |
Threat | ★★ | |
 |
2024-04-04 13:19:05 | Choisir une entreprise de test de pénétration pour les environnements basés sur Mac Choosing a Penetration Testing Company for Mac-based Environments (lien direct) |
Threat | ★★ | ||
 |
2024-04-04 11:56:00 | Latrodectus: This Spider Bytes Like Ice (lien direct) | Pour cette recherche, nous nous sommes associés à l'équipe de recherche sur les menaces de Proofpoint \\ dans un effort de collaboration pour fournir un aperçu complet de ...
For this research, we partnered with Proofpoint\'s Threat Research team in a collaborative effort to provide a comprehensive overview of... |
Threat | ★★★★ | |
|
2024-04-04 11:47:34 | Latrodectus: ces octets d'araignée comme la glace Latrodectus: This Spider Bytes Like Ice (lien direct) |
Proofpoint\'s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the threat activity described. Key takeaways Proofpoint first observed new malware named Latrodectus appear in email threat campaigns in late November 2023. While use of Latrodectus decreased in December 2023 through January 2024, Latrodectus use increased in campaigns throughout February and March 2024. It was first observed in Proofpoint data being distributed by threat actor TA577 but has been used by at least one other threat actor, TA578. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. While similar to IcedID, Proofpoint researchers can confirm it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations. While investigating Latrodectus, researchers identified new, unique patterns in campaign IDs designating threat actor use in previous IcedID campaigns. Overview Proofpoint identified a new loader called Latrodectus in November 2023. Researchers have identified nearly a dozen campaigns delivering Latrodectus, beginning in February 2024. The malware is used by actors assessed to be initial access brokers (IABs). Latrodectus is a downloader with the objective of downloading payloads and executing arbitrary commands. While initial analysis suggested Latrodectus was a new variant of IcedID, subsequent analysis confirmed it was a new malware most likely named Latrodectus, based on a string identified in the code. Based on characteristics in the disassembled sample and functionality of the malware, researchers assess the malware was likely written by the same developers as IcedID. This malware was first observed being distributed by TA577, an IAB known as a prolific Qbot distributor prior to the malware\'s disruption in 2023. TA577 used Latrodectus in at least three campaigns in November 2023 before reverting to Pikabot. Since mid-January 2024, researchers observed it being used almost exclusively by TA578 in email threat campaigns. Campaign details TA577 TA577 was only observed using Latrodectus in three campaigns, all occurring in November 2023. Notably, a campaign that occurred on 24 November 2023 deviated from previously observed TA577 campaigns. The actor did not use thread hijacking, but instead used contained a variety of different subjects with URLs in the email body. The URLs led to the download of a JavaScript file. If executed, the JavaScript created and ran several BAT files that leveraged curl to execute a DLL and ran it with the export “scab”. Figure 1: Example TA577 campaign delivering Latrodectus. On 28 November 2023, Proofpoint observed the last TA577 Latrodectus campaign. The campaign began with thread hijacked messages that contained URLs leading to either zipped JavaScript files or zipped ISO files. The zipped JavaScript file used curl to download and execute Latrodectus. The zipped ISO file contained a LNK file used to execute the embedded DLL, Latrodectus. Both attack chains started the malware with the export “nail”. TA578 Since mid-January 2024, Latrodectus has been almost exclusively distributed by TA578. This actor typically uses contact forms to initiate a conversation with a target. In one campaign observed on 15 December 2023, Proofpoint observed TA578 deliver the Latrodectus downloader via a DanaBot infection. This December campaign was the first observed use of TA578 distributing Latrodectus. On 20 February 2024, Proofpoint researchers observed TA578 impersonating various companies to send legal threats about alleged copyright infringement. The actor filled out a contact form on multiple targets\' websites, with text containing unique URLs and included in the URI both the domain of the site that initiated the contact form (the target), and the name of the impersonated company (to further the legitimacy | Ransomware Malware Tool Threat Prediction | ★★★ | |
 |
2024-04-04 10:49:40 | Ransomware Gang a fait voler les résidents \\ 'Données confidentielles, le conseil municipal britannique admet Ransomware gang did steal residents\\' confidential data, UK city council admits (lien direct) |
La rançon Inc apparaît comme une menace croissante, car certains ex-affiliés de Lockbit / AlphV obtiennent de nouveaux concerts Le conseil municipal de Leicester admet enfin que son "cyber-incident" a été effectué par un gang de ransomware et que ces données étaientvolés, des heures après que les criminels ont forcé sa main.…
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.… |
Ransomware Threat | ★★ | |
|
2024-04-04 09:30:00 | Les affirmations de l'acteur de menace ont classé cinq yeux Vol de données Threat Actor Claims Classified Five Eyes Data Theft (lien direct) |
L'acteur de menace Intelbroker prétend que les renseignements classifiés volés au fournisseur de technologies du gouvernement américain acuisent
Threat actor IntelBroker claims to have classified intelligence stolen from US government tech supplier Acuity |
Threat | ★★★★ | |
 |
2024-04-04 01:13:01 | Rhadamanthys Malware déguisé en programme d'installation de groupware (détecté par MDS) Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) (lien direct) |
Récemment, Ahnlab Security Intelligence Center (ASEC) a découvert la distribution de Rhadamanthygroupware.L'acteur de menace a créé un faux site Web pour ressembler au site Web d'origine et exposé le site aux utilisateurs en utilisant la fonctionnalité publicitaire dans les moteurs de recherche.Le blog ASEC a précédemment couvert les logiciels malveillants distribués via ces fonctionnalités publicitaires des moteurs de recherche dans l'article intitulé & # 8220; Hé, ce n'est pas le bon site! & # 8221;Distribution des logiciels malveillants exploitant Google ADS Suivi [1].Le malware dans ...
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered malware distributed through such ad features of search engines in the article titled “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking [1]. The malware in... |
Malware Threat | ★★ | |
|
2024-04-03 21:40:00 | Google Warns: Android Zero-Day Flaws in Pixel Phones exploité par des sociétés médico-légales Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (lien direct) |
Google a révélé que deux défauts de sécurité Android ayant un impact sur ses smartphones de pixels ont été exploités dans la nature par des sociétés médico-légales.
Les vulnérabilités de haute sévérité zéro sont les suivantes -
CVE-2024-29745 & NBSP; - un défaut de divulgation d'informations dans le composant de chargeur de démarrage
CVE-2024-29748 & NBSP; - un défaut d'escalade du privilège dans le composant du firmware
"Il y a des indications que le [
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [ |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-04-03 20:40:20 | Comment la Coupe du monde du football en 2022 au Qatar a été presque piratée How Soccer\\'s 2022 World Cup in Qatar Was Nearly Hacked (lien direct) |
Un acteur de menace lié à la Chine avait accès à une base de données de configuration de routeur qui aurait pu perturber complètement la couverture, selon un fournisseur de sécurité.
A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. |
Threat | ★★★★ | |
 |
2024-04-03 20:21:10 | Microsoft ne sait toujours pas comment les pirates ont volé la clé MSA en 2023 Attaque d'échange Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (lien direct) |
Le Cyber Sectean Review Board (CSRB) du Département américain de la sécurité intérieure a publié un rapport cinglant sur la façon dont Microsoft a géré son attaque en ligne échangeuse en 2023, avertissant que la société doit faire mieux pour sécuriser les données et être plus honnête sur la façon dont la menaceLes acteurs ont volé une clé de signature Azure.[...]
The U.S. Department of Homeland Security\'s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. [...] |
Threat | ★★★ | |
 |
2024-04-03 16:36:17 | Le nouveau rapport montre que les liens de phishing et les attachements malveillants sont les principaux points d'entrée des cyberattaques New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks (lien direct) |
Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.
New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. |
Threat Studies | ★★★ | |
|
2024-04-03 16:30:00 | Rapport du comité d'examen de la cyber-sécurité Slams Microsoft Security Échecs dans la violation par e-mail du gouvernement Cyber Safety Review Board Report Slams Microsoft Security Failures in Government Email Breach (lien direct) |
Un rapport a mis en évidence plusieurs défaillances de sécurité par Microsoft qui ont permis aux acteurs de la menace chinoise d'accéder aux représentants du gouvernement américain \\ 'des comptes de messagerie à l'été 2023
A report has highlighted multiple security failings by Microsoft that allowed Chinese threat actors to access US government officials\' email accounts in the Summer of 2023 |
Threat | ★★ | |
 |
2024-04-03 15:54:22 | Les botnets et les infosteaux IoT ciblent fréquemment le secteur de la vente au détail IoT Botnets and Infostealers Frequently Target Retail Sector (lien direct) |
La nouvelle recherche de NetSkope Threat Labs a révélé que les botnets IoT, les outils d'accès à distance et les infostateurs étaient les principales familles de logiciels malveillants déployés par des attaquants ciblant le secteur de la vente au détail au cours de la dernière année.Les résultats ont été révélés dans un nouveau rapport sur le secteur de la vente au détail.La vente au détail a également subi un changement au cours des 12 derniers mois [& # 8230;] Le post | Malware Tool Threat | ★★ | |
|
2024-04-03 14:55:21 | Le département d'État américain enquête sur un vol présumé de données gouvernementales US State Department investigates alleged theft of government data (lien direct) |
Le département d'État américain enquête sur les allégations d'un cyber-incident après qu'un acteur de menace a divulgué des documents qui auraient volé un entrepreneur du gouvernement.[...]
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...] |
Threat | ★★ | |
 |
2024-04-03 13:54:45 | Benjamin Duchet, HP France : Les technologies doivent évoluer avec des réponses pragmatiques face aux menaces émergentes (lien direct) | Benjamin Duchet, HP France : Les technologies doivent évoluer avec des réponses pragmatiques face aux menaces émergentes. Lors du Forum InCyber, HP a présenté sa suite de solutions HP Wolf Security qui vise à renforcer la sécurité et la résilience des postes de travail et solutions d'impression face aux attaques. - Interviews / INCYBER 2024 | Threat | ★★ | |
 |
2024-04-03 13:00:00 | Genai: La prochaine frontière des menaces de sécurité de l'IA GenAI: The next frontier in AI security threats (lien direct) |
> Les acteurs de la menace ne sont pas encore en train d'attaquer une IA générative (Genai) à grande échelle, mais ces menaces de sécurité de l'IA arrivent.Cette prédiction provient de l'indice de renseignement sur les menaces X 2024.Voici un examen des types de renseignements sur les menaces qui sous-tendent ce rapport.Les cyber-criminels changent la mise au point accrue des bavardages sur les marchés illicites et les forums Web sombres sont un signe [& # 8230;]
>Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report. Cyber criminals are shifting focus Increased chatter in illicit markets and dark web forums is a sign […] |
Threat Prediction | ★★★ | |
 |
2024-04-03 10:00:00 | Le rôle des contrôles d'accès dans la prévention des menaces d'initiés The role of access controls in preventing insider threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. If you’ve ever worked in an IT department, you know how easily a single misclick can lead to data breaches and system compromises. Preventive efforts are critical since there’s no reliable way to truly eliminate insider threats. Can robust access controls protect your organization? The impact of insider threats on organizations Insider threats are a prominent danger regardless of the industry you’re in. In fact, 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts. Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver. Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions. Access control mechanisms are crucial for threat mitigation The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems. No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated. If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else. Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact. With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack. Which access control systems should you implement? Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises. A standard system to consid | Tool Threat | ★★★ | |
 |
2024-04-03 09:27:23 | 7 conseils pour guider les développeurs dans leurs décisions de sécurité (lien direct) | La cybersécurité est une discipline qui évolue constamment au gré des nouvelles menaces. Certains développeurs trouvent cela fascinant : il convient de dénicher ces talents et de les former en priorité. | Threat | ★★ | |
 |
2024-04-03 07:52:55 | Pas de cybersécurité efficace sans défense en profondeur (lien direct) | >La vulnérabilité des entreprises n'a jamais été aussi importante et toutes les organisations sont désormais exposées aux risques cyber. Ainsi, les structures privées et publiques doivent repenser en profondeur leurs dispositifs existants pour se prémunir au mieux de menaces toujours plus complexes qui pourraient impacter fortement leur SI et compromettre leurs activités. C'est précisément dans […] The post Pas de cybersécurité efficace sans défense en profondeur first appeared on UnderNews. | Threat | ★★★ | |
|
2024-04-03 06:00:40 | Les acteurs de la menace offrent des logiciels malveillants via les fissures du jeu vidéo YouTube Threat Actors Deliver Malware via YouTube Video Game Cracks (lien direct) |
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of information stealers. The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers. Overview Threat actors often target home users because they do not have the same resources or knowledge to defend themselves from attackers compared to enterprises. While the financial gain might not be as large as attacks perpetrated on corporations, the individual victims likely still have data like credit cards, cryptocurrency wallets, and other personal identifiable information (PII) stored on their computers which can be lucrative to criminals. Proofpoint Emerging Threats has observed information stealer malware including Vidar, StealC, and Lumma Stealer being delivered via YouTube in the guise of pirated software and video game cracks. The videos purport to show an end user how to do things like download software or upgrade video games for free, but the link in the video descriptions leads to malware. Many of the accounts that are hosting malicious videos appear to be compromised or otherwise acquired from legitimate users, but researchers have also observed likely actor-created and controlled accounts that are active for only a few hours, created exclusively to deliver malware. Third-party researchers have previously published details on fake cracked software videos used to deliver malware. The distribution method is particularly notable due to the type of video games the threat actors appear to promote. Many of them appear to be targeted to younger users including games popular with children, a group that is less likely to be able to identify malicious content and risky online behaviors. During our investigation, Proofpoint Emerging Threats reported over two dozen accounts and videos distributing malware to YouTube, which removed the content. Example account The following is an example of a suspected compromised account (or potentially sold to a new “content creator”) used to deliver malware. Indicators of a suspected compromised or otherwise acquired account include significant gaps of time between the videos posted, content that vastly differs from previously published videos, differences in languages, and descriptions of the videos containing likely malicious links, among other indicators. The account has around 113,000 subscribers, and the account displays a grey check mark which indicates the account owner has met verified channel requirements including verifying their identity. Example of a verified YouTube account with a large following, suspected to be compromised. When Proofpoint researchers identified the account, the majority of the account\'s videos had been posted one year or more previously, and all had titles written in Thai. However, when the account was identified, twelve (12) new English language videos had been posted within a 24-hour period, all related to popular video games and software cracks. All of the new video descriptions included links to malicious content. Some of the videos had over 1,000 views, possibly artificially increased by bots to make the videos seem more legitimate. Screenshot of a suspected compromised YouTube account distributing malware comparing upload dates. In one example, a video purported to contain a character enhancement for a popular video game with a MediaFire link in the description. The MediaFire URL led to a password-protected file (Setup_Pswrd_1234.rar) containing an executable (Setup.exe) that, if executed, downloaded and installed Vidar Stealer malware. The video was uploaded to the suspected compromised account seven (7) hours prior to our investigation. Around the same time the video was posted, several comments purported to attest to the legitimacy of the software crack. It is likely those accounts and comments were created by the video | Malware Tool Threat | ★★★ | |
|
2024-04-02 23:05:39 | L'acteur de menace lié à la Chine Taps \\ 'Peculiar \\' malware pour échapper à la détection China-Linked Threat Actor Taps \\'Peculiar\\' Malware to Evade Detection (lien direct) |
Unapimon fonctionne en désactivant méticuleusement les crochets dans les API Windows pour détecter les processus malveillants.
UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes. |
Malware Threat | ★★ | |
|
2024-04-02 20:33:27 | Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) | #### Description
Check Point Research a analysé la dernière version Linux (V11) de Dinodasrat, qui est une porte dérobée multiplateforme qui a été observée dans les attaques de l'acteur de la menace chinoise Luoyu.
Le malware est plus mature que la version Windows, avec un ensemble de capacités adaptées spécifiquement pour les serveurs Linux.La dernière version introduit un module d'évasion distinct pour masquer les traces de logiciels malveillants dans le système en proxyant et en modifiant l'exécution des binaires système \\ '.Le malware est installé sur les serveurs Linux comme moyen pour les acteurs de la menace de prendre pied supplémentaires dans le réseau.
Dinodasrat était initialement basé sur le projet open source appelé SimplerMoter, un outil d'accès à distance basé sur le rat GH0ST, mais avec plusieurs mises à niveau supplémentaires.
#### URL de référence (s)
1. https://research.checkpoint.com/2024/29676/
#### Date de publication
31 mars 2024
#### Auteurs)
Recherche de point de contrôle
#### Description Check Point Research has analyzed the latest Linux version (v11) of DinodasRAT, which is a cross-platform backdoor that was observed in attacks by the Chinese threat actor LuoYu. The malware is more mature than the Windows version, with a set of capabilities tailored specifically for Linux servers. The latest version introduces a separate evasion module to hide any traces of malware in the system by proxying and modifying the system binaries\' execution. The malware is installed on Linux servers as a way for the threat actors to gain an additional foothold in the network. DinodasRAT was initially based on the open-source project called SimpleRemoter, a remote access tool based on the Gh0st RAT, but with several additional upgrades. #### Reference URL(s) 1. https://research.checkpoint.com/2024/29676/ #### Publication Date March 31, 2024 #### Author(s) Check Point Research |
Malware Tool Threat | ★★ | |
 |
2024-04-02 19:09:58 | Mémo sur les menaces cloud: plusieurs services de stockage cloud légitimes exploités pour cibler les organisations israéliennes Cloud Threats Memo: Multiple Legitimate Cloud Storage Services Exploited to Target Israeli Organizations (lien direct) |
> Selon nos dernières statistiques des laboratoires de menace pour février 2024, le nombre d'applications cloud a été maltraitée à des fins malveillantes a continué de croître, atteignant un nouveau sommet de 215 en février 2024. Et malgré cela, Onedrive est toujours le suspect habituel, continue d'être leTop application cloud exploitée pour fournir des logiciels malveillants.Menace opportuniste et ciblée [& # 8230;]
>According to our latest Threat Labs statistics for February 2024, the number of cloud apps abused for malicious purposes continued to grow, reaching a new high of 215 in February 2024. And despite this, OneDrive is still the usual suspect, continuing to be the top cloud app exploited to deliver malware. Opportunistic and targeted threat […] |
Malware Threat Cloud | ★★★ | |
 |
2024-04-02 17:03:04 | GCP-2024-020 (lien direct) | Publié: 2024-04-02 Description Description Gravité notes Les chercheurs ont découvert une vulnérabilité ( CVE-2023-48022 ) dans | Vulnerability Threat Cloud | ||
|
2024-04-02 16:30:00 | Des pirates liés à la Chine déploient de nouveaux \\ 'Unapimon \\' malware pour les opérations furtives China-linked Hackers Deploy New \\'UNAPIMON\\' Malware for Stealthy Operations (lien direct) |
Un cluster d'activités de menace suivi comme & nbsp; Earth Freybug & nbsp; a été observé en utilisant un nouveau malware appelé Unapimon pour voler sous le radar.
"Earth Freybug est un groupe de cyber-startere qui est actif depuis au moins 2012 qui se concentre sur l'espionnage et les activités financièrement motivées", le chercheur à la sécurité des micro-micro Christopher SO & NBSP; Said & NBSP; dans un rapport publié aujourd'hui.
"Il a été observé
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to |
Malware Threat Prediction | ★★ | |
|
2024-04-02 13:00:59 | IA, cybersécurité et ascension des modèles de grande langue AI, Cybersecurity and the Rise of Large Language Models (lien direct) |
> Découvrez comment l'IA a un impact sur la détection des menaces, la réponse aux incidents et la gestion des risques et découvrez les stratégies d'intégration d'IA sécurisée.
>Discover how AI impacts threat detection, incident response and risk management, and learn about strategies for secure AI integration. |
Threat | ★★ | |
 |
2024-04-02 13:00:04 | Agent Tesla Targeting United States & Australia: Revealing the Attackers\' Identities (lien direct) |  Souleveillance La recherche sur le point de contrôle (RCR) a découvert trois campagnes malveillantes récentes de l'un des logiciels malveillants les plus répandus du marché & # 8211;Agent Tesla.These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating fromvictimes des entreprises, le groupe maintient un grand nombre de serveurs, qui sont utilisés pour la protection de leur identité malgré les efforts des acteurs de la menace pour maintenir leur anonymat, [& # 8230;]
 Highlights Check Point Research (CPR) uncovered three recent malicious campaigns of one of the most prevalent malware in the market – Agent Tesla. These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating from victims of companies, the group maintains a large number of servers, which are used for protection of their identity Despite the efforts of threat actors to keep their anonymity, […]
|
Malware Threat | ★★ | |
|
2024-04-02 13:00:00 | L'évolution d'un CISO: comment le rôle a changé The evolution of a CISO: How the role has changed (lien direct) |
> Dans de nombreuses organisations, le directeur de la sécurité de l'information (CISO) se concentre principalement & # 8212;et parfois exclusivement & # 8212;sur la cybersécurité.Cependant, avec les menaces sophistiquées d'aujourd'hui et le paysage des menaces évolutives, les entreprises changent de nombreux rôles & # 8217;Responsabilités et élargir le rôle du CISO est à la pointe de ces changements.Selon Gartner, la pression réglementaire et l'expansion de la surface d'attaque seront [& # 8230;]
>In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will […] |
Threat | ★★ | |
|
2024-04-02 10:24:00 | La campagne de phishing massive frappe l'Amérique latine: Venom Rat ciblant plusieurs secteurs Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (lien direct) |
L'acteur de menace connu sous le nom de & NBSP; TA558 & NBSP; a été attribué à une nouvelle campagne de phishing massive qui cible un large éventail de secteurs en Amérique latine dans le but de déployer Venom Rat.
Les attaques ont principalement distingué l'hôtel, les voyages, le commerce, les finances, la fabrication, l'industrie et le gouvernement en Espagne, au Mexique, aux États-Unis, en Colombie, au Portugal, au Brésil, à la République dominicaine, et
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and |
Threat Industrial | ★★★ | |
|
2024-04-02 10:00:00 | Arrestations numériques: la nouvelle frontière de la cybercriminalité Digital Arrests: The New Frontier of Cybercrime (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as "digital arrests." In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike. What are Digital Arrests? Digital arrests refer to a type of a sophisticated cyber fraud where cyber-criminals impersonate law enforcement officials or other authorities. The targets of these scams are often contacted out of the blue usually on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims\' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don\'t cooperate with a series of urgent demands. Fraudsters behind digital arrests are masters of psychological manipulation. They understand that fear and urgency are powerful motivators that can cloud judgment and lead people to act against their best interests. By creating a fabricated sense of crisis, they pressure victims into making hasty decisions without the chance for rational thought or verification. The techniques used in digital arrests are diverse and constantly evolving. Here\'s how they typically unfold: Impersonation: Criminals pose as law enforcement, bank representatives, or other authoritative figures, using forged documents and spoofed phone numbers to create a convincing facade of legitimacy. False Accusations: Victims are accused of involvement in illegal activities, money laundering, identity theft, or other serious crimes. Demands and Threats: Scammers demand sensitive information like banking credentials, passwords, and personal identification details. They instil fear with threats of arrest, hefty fines, or the release of compromising information. Technological Trickery: Fraudsters often trick victims into downloading remote access software like TeamViewer or AnyDesk, inadvertently giving criminals extensive control over their devices. Monitored \'Interrogation\': Criminals may insist on video calls to maintain their illusion of authority and monitor victims. They may threaten to fabricate and disseminate compromising evidence to extort large sums of money. Some real-life incidents as to understand these cybercrimes are given below: Case I: A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection. Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money | Vulnerability Threat Legislation Prediction Cloud | ★★ | |
|
2024-04-02 09:34:09 | ProofPoint en tête de KuppingerCole Leadership Compass pour la sécurité des e-mails Proofpoint Tops KuppingerCole Leadership Compass for Email Security (lien direct) |
Email is the primary threat vector for cybersecurity threats. And these days, many malware, phishing and social engineering schemes target your people. The 2023 Verizon Data Breach Investigations Report notes that 74% of all data breaches include a human element. Threats are constantly evolving, too. It doesn\'t matter how sophisticated or complex your business is, it is a daunting task to protect your people from modern threats. At Proofpoint, we understand how critical it is for any business to protect its people from today\'s email threats. That\'s why we innovate every day. Recently, the industry has once again recognized our efforts to help our customers protect their people and their businesses. This time, our email security was recognized by major industry analyst firm KuppingerCole. Here is what they said about Proofpoint Threat Protection-and what makes it stand out from the competition. Proofpoint named an Overall Leader KuppingerCole just named Proofpoint an Overall Leader in the KuppingerCole Leadership Compass for Email Security Report, 2023. This is the third time in the past year that our email security has been named a leader by a major industry analyst firm. This recognition “triple crown” is the direct result of our commitment to helping businesses protect their people from modern email threats and change user behavior for the better. It keeps us innovating year after year. In the report from KuppingerCole, Proofpoint Threat Protection received the highest “strong positive” rating in all categories, including: Security Functionality Deployment Interoperability Usability With its ratings, KuppingerCole positioned Proofpoint as a leader in all evaluation categories, including product, technology, innovation and market. KuppingerCole named Proofpoint a leader in the product, technology, innovation and market categories. What makes Proofpoint stand out Here is a closer look at how we can help you protect your people from advanced email threats. Stop the widest variety of threats with accuracy Proofpoint uses a multilayered detection stack to identify a wide array of email threats with accuracy. Because we have a broad set of detection technology, we can apply the right technique to the right threat. For example, we have robust sandbox technology to detect URL-based threats, like quick response codes (QR Codes) and behavioral analysis for business email compromise (BEC) and telephone-oriented attack delivery (TOAD) threats. Our machine learning (ML) and artificial intelligence (AI) models are trained by our experts using one of the richest sets of data in the industry. This ensures we provide superior accuracy. Every year, we analyze more than 3 trillion messages across our 230,000+ customer, global ecosystem. Our modular detection stack enables agility and speed to adapt to changes in the threat landscape. It allows us to quickly deploy new models to address new threats like BEC, TOAD and QR Codes. And it enables us to tune our existing detection models more frequently. Prevent email threats before they reach your people\'s inboxes Predelivery detection from Proofpoint stops known and emerging threats at the front door of your business-not after they are delivered. Proofpoint threat intelligence and research found that nearly 1 in 7 malicious URL clicks happen within one minute of an email\'s arrival. That\'s why predelivery protection is so critical. If a threat ends up in your users\' inboxes, it increases your risk of a cyberattack or data breach. We analyze all messages, links and attachments with our robust detection stack before they can reach an inbox. This analysis, combined with our predelivery sandboxing and behavioral analysis of suspicious QR codes, allows us to stop malicious messages before they become a risk to your business. Gain actionable insights into your human risks Proofpoint quantifies your people\'s risk so that you can prioritize budget and resources to focus o | Data Breach Malware Threat Mobile Commercial | ★★★ | |
 |
2024-04-02 09:30:00 | Des logiciels malveillants se cachent dans les photos?Plus probable que vous ne le pensez Malware hiding in pictures? More likely than you think (lien direct) |
Il y a plus dans certaines images qui rencontrent l'œil & # 8211;Leurs fa & ccedil apparemment innocents; Ade peut masquer une menace sinistre.
There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat. |
Malware Threat | ★★★ | |
 |
2024-04-02 02:56:47 | Qu'est-ce qui est nouveau dans le cadre de cybersécurité de NIST \\. What\\'s New in NIST\\'s Cybersecurity Framework 2.0? (lien direct) |
Le cadre du National Institute of Standards and Technology Cybersecurity (NIST CSF) a été publié en 2014 dans le but de fournir des conseils de cybersécurité aux organisations dans les infrastructures critiques.Au cours des années qui ont suivi, beaucoup de choses ont changé dans le paysage des menaces, les types de technologie que les organisations utilisent et les façons dont la technologie opérationnelle (OT) et les technologies de l'information (TI) fonctionnent et interagissent.Dans un effort pour mettre à jour le NIST CSF pour un public plus large et plus actuel, l'agence a finalisé et publié CSF 2.0, le premier changement majeur au LCR.Il y a une vaste ...
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that operational technology (OT) and information technology (IT) work and interact. In an effort to update NIST CSF for a broader and more current audience, the agency has finalized and released CSF 2.0 , the first major change to the CSF. There are extensive... |
Threat | ★★ | |
 |
2024-04-02 00:00:00 | Embrasser l'innovation: la transition de Derrick \\ de l'équipe de renseignement des menaces de Microsoft \\ Embracing innovation: Derrick\\'s transition from banking to Microsoft\\'s Threat Intelligence team (lien direct) |
Rencontrez Derrick, un responsable de programme senior au sein de l'équipe de renseignement sur les menaces opérationnelles de Microsoft.Le rôle de Derrick \\ implique la compréhension et la carte de route de l'ensemble complet d'outils que les analystes d'Intel menacent pour collecter, analyser, traiter et diffuser l'intelligence des menaces à travers Microsoft.
L'amour de Derrick de l'apprentissage et sa curiosité naturelle l'ont conduit à une carrière dans la technologie et, finalement, à son rôle actuel chez Microsoft.
Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick\'s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick\'s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft. |
Tool Threat | ★★ | |
|
2024-04-01 20:52:40 | Les cybercriminels pèsent les options pour l'utilisation de LLMS: acheter, construire ou casser? Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break? (lien direct) |
Bien que certains cybercriminels aient contourné les garde-corps pour forcer les modèles d'IA légitimes pour devenir mauvais, construire leurs propres plates-formes de chatbot malveillantes et l'utilisation de modèles open source est une plus grande menace.
While some cybercriminals have bypassed guardrails to force legitimate AI models to turn bad, building their own malicious chatbot platforms and making use of open source models are a greater threat. |
Threat | ★★ | |
|
2024-04-01 20:02:08 | Rescoms monte des vagues de spam d'acceptor Rescoms Rides Waves of AceCryptor Spam (lien direct) |
#### Description
ESET Research partage des informations sur l'accryptor, l'une des Cryptors-as-a-Service les plus populaires et les plus répandues en seconde période de 2023, en mettant l'accent sur les campagnes de rescoms dans les pays européens.Même si bien connu selon les produits de sécurité, la prévalence d'Acecryptor \\ ne montre pas les indications de déclin: au contraire, le nombre d'attaques a considérablement augmenté en raison des campagnes Rescoms.
L'acteur de menace derrière ces campagnes dans certains cas a abusé des comptes a compromis les comptes pour envoyer des e-mails de spam afin de les rendre aussi crédibles que possible.L'objectif des campagnes de spam était d'obtenir des titres de compétences stockés dans des navigateurs ou des clients de messagerie, ce qui, en cas de compromis réussi, ouvrirait des possibilités d'attaques supplémentaires.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
#### Date de publication
20 mars 2024
#### Auteurs)
Jakub Kaloč
#### Description ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries. Even though well known by security products, AceCryptor\'s prevalence is not showing indications of decline: on the contrary, the number of attacks significantly increased due to the Rescoms campaigns. The threat actor behind those campaigns in some cases abused compromised accounts to send spam emails in order to make them look as credible as possible. The goal of the spam campaigns was to obtain credentials stored in browsers or email clients, which in case of a successful compromise would open possibilities for further attacks. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/ #### Publication Date March 20, 2024 #### Author(s) Jakub Kaloč |
Spam Threat | ★★ | |
|
2024-04-01 15:40:00 | Les applications malveillantes ont été capturées secrètement transformant les téléphones Android en procurations pour les cybercriminels Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals (lien direct) |
Plusieurs applications Android malveillantes qui transforment les appareils mobiles exécutant le système d'exploitation en proxys résidentiels (RESIP) pour d'autres acteurs de menace ont été observés sur le Google Play Store.
Les résultats proviennent de l'équipe de renseignement sur les menaces Satori de Human \\, qui a déclaré que le cluster d'applications VPN était équipé d'une bibliothèque Golang qui a transformé l'appareil de l'utilisateur \\ en un nœud proxy à leur insu.
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN\'s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user\'s device into a proxy node without their knowledge. |
Threat Mobile | Satori | ★★ |
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★ | |
|
2024-04-01 11:00:28 | Plateforme d'achat Pandabuy La fuite des données a un impact de 1,3 million d'utilisateurs Shopping platform PandaBuy data leak impacts 1.3 million users (lien direct) |
Les données appartenant à plus de 1,3 million de clients de la plate-forme d'achat en ligne Pandabuy ont été divulguées, prétendument après que deux acteurs de menace ont exploité de multiples vulnérabilités aux systèmes de violation.[...]
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [...] |
Vulnerability Threat | ★★ | |
|
2024-04-01 08:18:43 | 1er avril & # 8211;Rapport de renseignement sur les menaces 1st April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 1er avril, veuillez télécharger notre bulletin Threat_Intelligence.Les meilleures attaques et violations que les gouvernements américains et britanniques ont annoncé un acte d'accusation criminel et des sanctions contre l'APT31, un groupe de pirates chinois, pour leur rôle dans les attaques prétendument contre des entreprises aux États-Unis, ainsi que [& # 8230;]
>For the latest discoveries in cyber research for the week of 1st April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The US and UK governments have announced a criminal indictment and sanctions against APT31, a group of Chinese hackers, for their role in allegedly conducting attacks against companies in the US, as well […] |
Threat | APT 31 | ★★ |
|
2024-03-31 18:01:02 | Spotlight malware: linodas aka dinodasrat pour Linux Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) |
> Introduction Au cours des derniers mois, Check Point Research (RCR) a surveillé de près l'activité d'un acteur de menace de cyber-espionnage chinois-nexus qui se concentre sur l'Asie du Sud-Est, l'Afrique et l'Amérique du Sud.Cette activité s'aligne considérablement sur les idées que les micro-chercheurs de tendance ont publiquement partagées dans leur analyse complète d'un acteur de menace appelé & # 160; Terre Krahang.Ce [& # 8230;]
>Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insights the Trend Micro researchers publicly shared in their comprehensive analysis of a threat actor called Earth Krahang. This […] |
Malware Threat Prediction | ★★ | |
 |
2024-03-31 10:00:00 | Vous devez mettre à jour Apple iOS et Google Chrome dès que possible You Should Update Apple iOS and Google Chrome ASAP (lien direct) |
Plus: Microsoft patch sur 60 vulnérabilités, Mozilla corrige deux bogues de Firefox Zero-Day, Google patchs 40 problèmes dans Android, et plus encore.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more. |
Vulnerability Threat Mobile | ★★ |
To see everything:
Our RSS (filtrered)
