What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-08-02 06:00:00 | Utilisez l'apprentissage ciblé pour réduire exponentiellement vos risques de cybersécurité Use Targeted Learning to Exponentially Reduce Your Cybersecurity Risks (lien direct) |
The days of a one-size fits all security awareness program are over. The State of the Phish report from Proofpoint notes that over 98% of businesses have a security awareness program. Yet a staggering 68% of users say they take risky actions despite knowing the risks. These statistics underscore the frustrations that we hear from prospective clients every day. They tell us that while they run a continuous educational program, they struggle to achieve the desired behavior improvements among their users. Some of the key challenges they face are: Not knowing who represents the greatest risk to the organization Not knowing what policies, threats and vulnerabilities to educate users about at any given moment Not being able to keep a program agile without exhausting resources, constantly updating user groups or continually tailoring curriculums These issues highlight the critical need to go beyond traditional security awareness and think holistically to build a human risk management program. A good place to start is focusing on highly targeted user groups. It\'s these users who are often the ones responsible for most of the security issues within a business. When you can tailor education to the specific needs of these users, you can mitigate individual vulnerabilities. You can also fortify your entire defense against potential attacks. A new workflow from Proofpoint focuses on these users to produce exponentially positive results in helping you reduce overall risk. In this blog, we\'ll explore why focusing on human risk management is so important. And we\'ll explain how Proofpoint can help you do just that. What is human risk management? Human risk management builds on existing security best practices to automate cyberattack prevention and response. What makes it different is that it places people at the center. Fundamental to a human risk management solution is an ability to ingest user event and identity activity across multiple security tools within a given environment. The solution will track: Attack risk. The likelihood a user will be attacked Vulnerability risk. The likelihood that the attack may be successful Privilege risk. The damage that a successful attack may cause the organization Then it quantifies an overall risk score for each individual. With this insight, companies and their security teams can: Gain visibility into which individuals or groups are prime targets and prioritize strategies to best protect them Intervene with technical controls to immediately prevent a risky action or provide contextual nudges that advise users about their risks and how to avoid them Automatically enroll risky users into tailored education curriculums, which empowers them to protect themselves and the company against future cyberattacks Easily track improvements in user behaviors and foster a positive security culture These are the issues that the new Adaptive Threat and User-Risk Response Workflow within Proofpoint Security Awareness is designed to address. In short, this new workflow lets you take advantage of everything that is great about Proofpoint. Our Adaptive Threat and User-Risk Response Workflow The new workflow integrates three core capabilities. It enables you to: Dynamically create and manage user groups based on the user risk profiles and groups derived from Proofpoint Nexus People Risk Explorer (NPRE) and Proofpoint Targeted Attack Protection (TAP) using Adaptive Groups Create a threat-driven educational curriculum based on the defined Threat Families tracked by our own Threat Research and reported via TAP Build an Adaptive Assignment to auto-enroll new users into the curriculum whenever a new user qualifies for the previously created Adaptive Group This adaptive learning approach prioritizes education for highly targeted groups. It helps to drive maximum user engagement, too, by enabling administrators to tailor | Tool Vulnerability Threat Cloud Technical | ||
 |
2024-08-01 15:19:00 | Google Chrome ajoute un cryptage lié à l'application pour protéger les cookies des logiciels malveillants Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware (lien direct) |
Google a annoncé qu'il ajoutait une nouvelle couche de protection à son navigateur Chrome à travers ce qui s'appelle le cryptage lié à l'application pour empêcher les logiciels malveillants de voler les informations de saisir des cookies sur les systèmes Windows.
"Sur Windows, Chrome utilise l'API de protection des données (DPAPI) qui protège les données au repos des autres utilisateurs sur le système ou les attaques de démarrage à froid", Will Harris de l'équipe de sécurité de Chrome
Google has announced that it\'s adding a new layer of protection to its Chrome browser through what\'s called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team |
Malware | ||
|
2024-08-01 12:02:00 | Les publicités Facebook conduisent à de faux sites Web volant des informations de carte de crédit Facebook Ads Lead to Fake Websites Stealing Credit Card Information (lien direct) |
Les utilisateurs de Facebook sont l'objectif d'un réseau de commerce électronique d'escroquerie qui utilise des centaines de faux sites Web pour voler des données personnelles et financières en utilisant une imitation de marque et des astuces de malvertisation.
L'équipe de renseignement sur la fraude de paiement de Future \\ de Future, qui a détecté la campagne le 17 avril 2024, lui a donné le nom Eriakos en raison de l'utilisation du même réseau de livraison de contenu (CDN) Oss.eriakos [.] Com.
"Ces
Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future\'s Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS owing to the use of the same content delivery network (CDN) oss.eriakos[.]com. "These |
|||
|
2024-08-01 11:50:23 | Menace Actor abuse des tunnels Cloudflare pour livrer des rats Threat Actor Abuses Cloudflare Tunnels to Deliver RATs (lien direct) |
Key findings Proofpoint has observed an increase in malware delivery via TryCloudflare Tunnel abuse. The activity is financially motivated and delivers exclusively remote access trojans (RATs). Since initial observation, the threat activity set behind the campaigns has modified tactics, techniques, and procedures in attempts to bypass detection and improve efficacy. Proofpoint does not attribute this activity to a tracked TA, but research is ongoing. Overview Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual private network (VPN) or secure shell (SSH) protocol. First observed in February 2024, the cluster increased activity in May through July, with most campaigns leading to Xworm, a remote access trojan (RAT), in recent months. In most campaigns, messages contain a URL or attachment leading to an internet shortcut (.URL) file. When executed, it establishes a connection to an external file share, typically via WebDAV, to download an LNK or VBS file. When executed, the LNK/VBS executes a BAT or CMD file that downloads a Python installer package and a series of Python scripts leading to malware installation. In some cases, file staging leverages the search-ms protocol handler to retrieve the LNK from a WebDAV share. Typically in campaigns, a benign PDF is displayed to the user to appear legitimate. In June and July, nearly all observed campaigns delivered Xworm, but previous campaigns also delivered AsyncRAT, VenomRAT, GuLoader, and Remcos. Some campaigns will lead to multiple different malware payloads, with each unique Python script leading to the installation of a different malware. Malware observed in related campaigns leveraging “trycloudflare” tunnels. Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally. In addition to English, researchers observed French, Spanish, and German language lures. Xworm, AsyncRAT, and VenomRAT campaigns are often higher volume than campaigns delivering Remcos or GuLoader. Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries, and taxes. While the tactics, techniques and procedures (TTPs) of the campaigns remain consistent, the threat actor does appear to modify different parts of the attack chain to increase sophistication and defense evasion. For example, initial campaigns used little to no obfuscation in their helper scripts. The scripts often included detailed comments about the functionality of the code. However, this changed in June when the threat actors began to incorporate obfuscation in their code. Helper script without obfuscation (May 2024 campaign example). Helper script with obfuscation (June 2024 campaign example). Threat actor abuse of TryCloudflare tunnels became popular in 2023 and appears to be increasing among cybercriminal threat actors. Each use of TryCloudflare Tunnels will generate a random subdomain on trycloudflare[.]com, for example ride-fatal-italic-information[.]trycloudflare[.]com. Traffic to the subdomains is proxied through Cloudflare to the operators\' local server. Campaign examples AsyncRAT / Xworm Campaign 28 May 2024 Proofpoint observed a campaign on 28 May 2024 delivering AsyncRAT and Xworm. In this campaign, tax-themed messages contained URLs leading to a zipped .URL file. The campaign targeted organizations in law and finance and included less than 50 total messages. 28 May 2024 email lure using 2023 tax themes. The .URL file pointed to a remote .LNK file. If executed, it led to a CMD helper script w | Malware Threat | ||
 |
2024-08-01 11:00:24 | Revamping Email Security: Introducing SlashNext\'s Enhanced Administration Portal CMS (lien direct) | >In today's fast-paced digital landscape, ensuring robust email security while maintaining operational efficiency is paramount. At SlashNext, we are dedicated to providing cutting-edge solutions to keep your organization secure from advanced messaging threats across email, mobile/SMS, and browser. We are excited to announce a major overhaul of our administration portal CMS, designed to enhance user […] The post Revamping Email Security: Introducing SlashNext's Enhanced Administration Portal CMS first appeared on SlashNext. | |||
 |
2024-08-01 10:00:00 | Cencora confirme les données sur les patients volés en cyber-attaque Cencora Confirms Patient Data Stolen in Cyber-Attack (lien direct) |
La société pharmaceutique Cencora a confirmé dans un dossier mis à jour de la SEC que les données personnelles et de santé sensibles étaient exfiltrées par les attaquants dans un incident de février 2024
Pharma company Cencora confirmed in an updated SEC filing that sensitive personal and health data was exfiltrated by attackers in a February 2024 incident |
|||
|
2024-08-01 09:15:00 | La campagne de fraude du commerce électronique utilise plus de 600 sites faux E-Commerce Fraud Campaign Uses 600+ Fake Sites (lien direct) |
La campagne d'informations «Eriakos» utilise des centaines de fausses boutiques pour frauder les victimes
The “Eriakos” info-stealing campaign is using hundreds of fake web shops to defraud victims |
|||
 |
2024-08-01 08:34:47 | La révolution de l\'IA dans la lutte contre la fatigue des alertes : une nouvelle ère pour les SOC (lien direct) | Dans le monde de la cybersécurité, les centres opérationnels de sécurité (SOC) sont constamment sous pression. La surveillance continue, l'analyse des menaces et la réponse aux incidents sont autant de tâches critiques que les analystes doivent mener à bien pour protéger les infrastructures informatiques des entreprises. Cependant, un défi majeur persiste : l'alert fatigue. - Points de Vue | Threat | ||
|
2024-08-01 08:30:00 | BEC attaque surge 20% par an grâce à l'outillage de l'IA BEC Attacks Surge 20% Annually Thanks to AI Tooling (lien direct) |
Une étude vipre révèle une augmentation de 20% des attaques de compromis par e-mail commercial
A Vipre study reveals a 20% increase in business email compromise attacks |
Studies | ||
 |
2024-08-01 07:22:55 | Chat au coin du feu noir: les consommateurs demandent des applications mobiles sécurisées;Il est grand temps pour que les marques livrent Black Hat Fireside Chat: Consumers demand secure mobile apps; it\\'s high time for brands to deliver (lien direct) |
> Deux décennies plus de vagues durables après la vague de logiciels malveillants et de fraude de l'application mobile ont finalement fait des ravages sur les utilisateurs.
vient maintenant un enquête mondiale de appdome et owasp qui révèle que la grande majorité des consommateurs en sont marre.
i & # 8230; (plus…)
Le message Chat au coin du feu du chapeau noir: les consommateurs demandent des applications mobiles sécurisées;Il est grand temps pour que les marques livrent apparaissent d'abord sur le dernier chien de garde .
>Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. Now comes a global survey from Appdome and OWASP that reveals the vast majority of consumers are fed up. I … (more…) The post Black Hat Fireside Chat: Consumers demand secure mobile apps; it\'s high time for brands to deliver first appeared on The Last Watchdog. |
Malware Mobile | ||
 |
2024-08-01 07:00:00 | Github2file – Partagez votre code avec les chatbots IA (lien direct) | Github2file est un script Python qui facilite le partage de code avec les chatbots IA en exportant les dépôts GitHub dans un fichier texte unique, prêt à être uploadé ou copié-collé. | |||
 |
2024-08-01 05:59:59 | L'Allemagne nomme la Chine comme source d'attaque contre l'agence géospatiale du gouvernement Germany names China as source of attack on government geospatial agency (lien direct) |
Pendant ce temps, les États-Unis considèrent apparemment d'autres sanctions matérielles de l'IA Le gouvernement de l'Allemagne a nommé les acteurs contrôlés par la Chine comme les auteurs d'une cyberattaque en 2021 contre le Bureau fédéral de la cartographie et de la géodésie (BKG)& # 8211;L'agence de cartographie officielle.…
Meanwhile, US apparently considers further AI hardware sanctions Germany\'s government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy (BKG) – the official mapping agency.… |
|||
 |
2024-08-01 05:52:04 | Mendiant pour les bornes de soudures et plus d'informations Begging for Bounties and More Info Stealer Logs (lien direct) |
tl; dr & # x2014;Des dizaines de millions de références obtenues à partir de journaux d'info Stealer remplies de logiciels malveillants ont été publiés sur les canaux télégrammes le mois dernier et utilisés pour secouer les entreprises pour les primes de bogues sous la fausse déclaration Les données provenaient de leur service. Combien de tentatives d'escroqueries obtenez-vous chaque jour?
TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.How many attempted scams do you get each day? |
Malware | ||
 |
2024-08-01 01:09:55 | Sceau de menthe: une étude complète d'un voleur d'informations basé sur un python Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer (lien direct) |
## Snapshot Researchers at Cyfirma have identified Mint Stealer, an [information-stealing malware](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6) operating within a malware-as-a-service (MaaS) framework. Mint Stealer is designed to covertly exfiltrate a wide-range of sensitive data from compromised systems, including web browser data, cryptocurrency wallet details, gaming credentials, VPN client information, messaging app data, FTP client data, and more. ## Description Mint-stealer\'s capabilities include capturing system information, detecting debuggers and analysis tools, continuously capturing clipboard data through PowerShell commands, encrypting exfiltrated data, and communicating with its C2 server for updates and instructions. Mint Stealer is created using the Nuitka Python compiler and relies on Python dynamic modules to support its functionality. The initial payload acts as a dropper, with the main payload hidden in a compressed form within the resources section of the executable. It uploads stolen data to free file-sharing websites and communicates with its command-and-control server (C2) for updates and instructions. The threat actor behind Mint Stealer is associated with another malware-selling website, cashout\[.\]pw, and offers hosting services that do not respect DMCA requests. ## Microsoft Analysis In recent years, Microsoft has tracked the growing risk that infostealers pose to enterprise security. Infostealers are commodity malware used to steal information from a target device and send it to the threat actor. The popularity of this class of malware led to the emergence of an infostealer ecosystem and a new class of threat actors who leveraged these capabilities to conduct their attacks. Often, infostealers are advertised as a malware as a service (MaaS) offering – a business model where the developers lease the infostealer payload to distributers for a fee. The new class of actors enabled by the infostealer ecosystem demonstrate that it is possible to gain initial access to an organization with minimal native malware development skills, by purchasing tools already available. Information stealers are versatile and can be distributed in various forms including through phishing email campaigns, malvertising, and trojanized software, games and tools. They can target a range of information like session tokens and cookies, saved passwords, financial information, and credentials for internet-facing systems and applications. ## Detections/Hunting Queries ### Microsoft Defender Antivirus Microsoft Defender Antivirus detects threat components as the following malware: - Trojan:Win32/Casdet ### Microsoft Defender for Endpoint Alerts with the following titles in the security center can indicate threat activity on your network: - Information stealing malware activity ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magic | Ransomware Spam Malware Tool Threat Studies | ||
|
2024-08-01 00:12:30 | L'infection par ransomware réduit l'approvisionnement en sang à plus de 250 hôpitaux Ransomware infection cuts off blood supply to 250+ hospitals (lien direct) |
Scumbags opter pour l'attaque jugulaire une attaque de ransomware contre un seul organisme à but non lucratif de donation sanguine, qui dessert plus de 250 hôpitaux américains, a "considérablement réduit" la capacité de l'organisation, tester, tester,et distribuer du sang.…
Scumbags go for the jugular A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "significantly reduced" the org\'s ability to take, test, and distribute blood.… |
Ransomware | ||
 |
2024-08-01 00:00:00 | La campagne de malvertisation des médias sociaux promeut le faux site Web de l'éditeur d'IA pour le vol d'identification Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft (lien direct) |
Nous avons découvert une campagne de malvertising où l'acteur de menace détourne les pages de médias sociaux, les renommant pour imiter les éditeurs de photos populaires de l'IA, puis publie des liens malveillants vers de faux sites Web.
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites. |
Threat | ||
 |
2024-07-31 23:57:59 | Microsoft saisit le domaine utilisé par le groupe vietnamien pour vendre de faux comptes, services Microsoft seizes domain used by Vietnamese group to sell fake accounts, services (lien direct) |
> Les documents judiciaires révèlent la dernière décision de Microsoft \\ pour lutter contre une opération qui a utilisé des comptes frauduleux pour contourner les services CAPTCHA.
>Court documents reveal Microsoft\'s latest move to combat an operation that used fraudulent accounts to skirt CAPTCHA services. |
|||
 |
2024-07-31 23:29:11 | Les avantages d'approvisionnement et opérationnels d'une plateforme de cybersécurité The Procurement and Operational Benefits of a Cybersecurity Platform (lien direct) |
> La consolidation de plusieurs solutions dans une plate-forme unifiée comble les lacunes de sécurité qui augmentent lors du déploiement de produits de points individuels pour résoudre des problèmes spécifiques.
>Consolidating multiple solutions into a unified platform closes security gaps that rise when deploying individual point products to address specific issues. |
|||
 |
2024-07-31 23:02:08 | Le géant pharmaceutique Cencora dit que les données de santé personnelles ont été divulguées au cours du cyber-incident de février Pharma giant Cencora says personal health data leaked during February cyber incident (lien direct) |
Pas de details / No more details | |||
 |
2024-07-31 23:00:00 | Épisode 39: Throwback jeudi!I \\ 'M UNIQUEMENT H.U.M.A.N (S): Pirater le système d'exploitation humain pour maîtriser la conformité à la cybersécurité EPISODE 39: Throwback Thursday! I\\'m Only H.U.M.A.N(S): Hacking the Human OS to Master Cybersecurity Compliance (lien direct) |
Bienvenue pour compromettre les positions! Le podcast technologique primé qui demande aux professionnels non-cybersécurité ce que nous, dans l'industrieCyber-menaces centrées sur l'homme! & nbsp; Cet épisode que nous retournons dans les coffres pour vous apporter la version inabris de notre interview fantastique et extrêmement populaire avec christian Hunt, Le fondateur de risque humain .Il a comportemental & nbsp; science expert et auteur du livre primé \\ 'Humaniser Rules \'. Takeways clés: L'importance de concevoir des choses sur la façon dont les gens se comportent réellement (par opposition à la façon dont nous voudrions qu'ils se comportent!) Les simulations de phishing sont-elles toujours adaptées à l'usage? L'éthique des simulations de phishing et comment mesurer le succès de la formation de sensibilisation à la cybersécurité f * ck vos règles! Nous entrons dans ce que les gens ressentent vraiment des règles qu'ils ne respectent pas et comment vous pouvez les empêcher de se rebeller contre vos contrôles de cybersécurité! Arrêtez de traiter tout le monde comme un maître criminel! Pourquoi une approche unique de la suspicion causera plus de mal que de bien pour votre posture de cybersécurité i \\ 'm seulement H.U.M.A.N (S) - Christian partage son cadre H.U.M.A.N.S à utiliser dans votre organisation aujourd'hui! Les liens vers tout ce dont nous avons discuté dans cet épisode peuvent être trouvés dans les notes de l'émission et si vous avez aimé le spectacle, veuillez nous laisser une revue . Suivez-nous sur toutes les bonnes plates-formes de podcasting et via notre chaîne YouTube, et n'oubliez pas de partager partager sur LinkedIn et dans vos équipes . Cela nous aide vraiment diffuser le mot et obtenir des invités de haute qualité, sur les épisodes futurs. & nbsp; Nous espérons que vous avez apprécié cet épisode - à la prochaine fois, restez en sécurité et n'oubliez pas de vous demander, \\ 'suis-je la position compromettante ici? \' & nbsp; Mots-clés: cybersécurité, phishing, science comportementale, règles, conformité, H.U.M.A.N.S Framework Afficher les notes le livre de Christian \\ (hautement recommandé) - Règles d'humanisation | |||
 |
2024-07-31 23:00:00 | Les entreprises australiennes devront bientôt signaler les paiements de rançon Australian Companies Will Soon Need to Report Ransom Payments (lien direct) |
Une législation importante à venir promet de resserrer les vis sur la réponse des cyber-incidents en Australie, en reflétant Circia aux États-Unis.
Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US. |
Legislation | ||
|
2024-07-31 22:40:07 | Rapport trimestriel de la cyber-menace: MITER ATT & CK Framework Trends in Osint (avril 2024 & # 8211; juin 2024) Quarterly cyber threat report: MITRE ATT&CK framework trends in OSINT (April 2024 – June 2024) (lien direct) |
## Snapshot This report presents an analysis of recent trends in cyber threats based on 111 articles published by threat researchers across the security community between April and June 2024. These articles are curated by Microsoft Threat Intelligence from across a number of trusted sources and included in Microsoft Defender Threat Intelligence as open source intelligence (OSINT) articles. The analysis focuses on the nearly 1,000 MITRE ATT&CK framework tags correlated to the content in each article. By distilling insights from these tags and the related intelligence, we can highlight prevalent tactics, techniques, and procedures (TTPs) observed in the cyber security landscape over the past quarter. This dataset is not exhaustive but represents a curated set of most high-profile cyber threat intelligence reporting from across the security community. When prioritizing cyber security efforts, it\'s essential to understand the trending TTPs observed in the wild. This knowledge helps defenders make informed decisions about the most effective strategies to implement, especially where to focus engineering efforts and finite resources. ## Activity Overview - **Initial access: Phishing**: Phishing remains a prevalent initial access method, mentioned in a third of reports, including spear-phishing attachments and links. The persistence of this technique underscores its effectiveness and the ongoing need for robust user education and email security measures. - **Defense evasion: Obfuscated files or information:** Over a third of reports highlighted the use of obfuscation techniques, such as dynamic API resolution and steganography, to evade detection. This trend is likely underpinned by factors such as the cybercrime market for obfuscating even basic credential theft malware as well as the growing sophistication in some malware to bypass traditional security measures. - **Command and control: Ingress tool transfer:** Ingress tool transfer was the most frequently referenced technique, involving the transfer of tools from an external system to a compromised one. Key threats driving the prevalence of this tactic included an increase in OSINT reporting on threat actors misusing the ms-appinstaller URI scheme (App Installer) to distribute malware. - **Execution: Command and scripting interpreter/PowerShell:** Execution through PowerShell was prominent, continuing its trend of broad adoption in attacks over the past decade. The widespread adoption of PowerShell to launch malicious code is in part due to numerous toolkits that have been developed to allow quick deployment of a wide range of attacks. - **Exfiltration: Exfiltration over C2 channel:** The most commonly referenced exfiltration method was over the command-and-control (C2) channel, highlighting the critical need for network monitoring and anomaly detection to identify and mitigate data breaches. The frequent reports on infostealers such as Lumma and DarkGate-commodity malware used to steal information from a target device and send it to the threat actor-are likely key drivers of this MITRE tag\'s prominence. - **Impact: Data encrypted for impact:** Ransomware involving data encryption was the most frequently observed impact technique, with LockBit and other groups exploiting vulnerabilities. The use of Bring Your Own Vulnerable Driver (BYOVD) tactics, such as Warp AV Killer, remained common. #### Initial access: Phishing Phishing remains a significant initial access method in open-source research, with a third of the reports mentioning its use. This includes both spear-phishing attachments and spear-phishing links. Phishing involves deceptive attempts to trick individuals into divulging sensitive information or installing malicious software, often through seemingly legitimate emails. The persistence of this technique underscores its effectiveness and the ongoing need for robust user education and email security measures. Phishing remains a dominant method for initial access in cyber threat landscapes due to its effective | Ransomware Spam Malware Tool Vulnerability Threat Legislation Prediction Cloud | ||
|
2024-07-31 21:21:59 | Les Nord-Coréens ciblent les développeurs du monde entier avec des logiciels espions, des offres d'emploi North Koreans Target Devs Worldwide With Spyware, Job Offers (lien direct) |
Dev # Popper est de retour, cherche à livrer un infostecteur complet et mis à jour pour coder les demandeurs d'emploi par le biais d'un gambit de génie social avisé.
DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit. |
|||
|
2024-07-31 21:17:43 | (Déjà vu) «Echospoofing» - une campagne de phishing massive exploitant la protection par e-mail de Proofpoint \\ pour envoyer des millions de courriels parfaitement usurpés “EchoSpoofing” - A Massive Phishing Campaign Exploiting Proofpoint\\'s Email Protection to Dispatch Millions of Perfectly Spoofed Emails (lien direct) |
## Snapshot In a coordinated report, Guardio Labs and Proofpoint detailed spam campaigns, which exploited weak permissions in Proofpoint\'s email protection service to send millions of spoofed emails impersonating major entities like Disney, Nike, IBM, and Coca-Cola to Fortune 100 companies. ## Description The campaign, which began in January 2024, involved an average of 3 million spoofed emails per day, peaking at 14 million emails in early June. Threat actors utilized their own SMTP (Simple Mail Transfer Protocol) servers to create spoofed emails with manipulated headers and relayed them through compromised or rogue Microsoft Office 365 accounts via Proofpoint\'s relay servers. As of July 30th, Guardio Labs reported that a number of the Microsoft accounts have been removed. The attackers leveraged Virtual Private Servers (VPS) hosted by OVHCloud and Centrilogic, as well as various domains registered through Namecheap to conduct the campaign. Proofpoint assesses that this activity was likely conducted by one actor, who is currently unknown. The phishing emails were designed to steal sensitive personal information and incur unauthorized charges, and they passed SPF and DKIM checks, allowing them to bypass spam filters and reach recipients\' inboxes. Proofpoint, after being notified by Guardio Labs, tightened security measures and provided new settings and advice to mitigate these attacks. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender for Endpoint. - Enable [network protection](https://learn.microsoft.com/en-us/defender-endpoint/enable-network-protection) in Microsoft Defender for Endpoint. - Follow the credential hardening recommendations in the [on-premises credential theft overview](https://security.microsoft.com/threatanalytics3/9382203e-5155-4b5e-af74-21562b1004d5/analystreport) to defend against common credential theft techniques like LSASS access. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#block-credential-stealing-from-the-windows-local-security-authority-subsystem) LSA protection. - Microsoft Defender XDR customers can turn on the following [attack surface reduction rule](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction) to prevent common attack techniques used for ransomware. - - [Block](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#block-executable-content-from-email-client-and-webmai | Ransomware Spam Tool Threat | ||
|
2024-07-31 21:03:41 | CISA, le FBI met en garde contre les attaques potentielles du DDOS lors des élections 2024 CISA, FBI warn of potential DDoS attacks on 2024 elections (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:30:20 | ESET révèle la dernière solution d'authentification native du cloud ESET Reveals Latest Cloud-Native Authentication Solution (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:25:25 | Protect AI acquiert des sydelabs pour l'équipe rouge de grande langue des modèles de langue Protect AI Acquires SydeLabs to Red Team Large Language Models (lien direct) |
Pas de details / No more details | |||
|
2024-07-31 20:17:42 | Les imitations des dirigeants dirigés par l'IA émergent comme une menace importante pour les processus de paiement commercial AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes (lien direct) |
Pas de details / No more details | Threat | ||
|
2024-07-31 20:02:49 | (Déjà vu) Socgholish malware attaquant les utilisateurs de Windows à l'aide d'une fausse mise à jour du navigateur SocGholish Malware Attacking Windows Users Using Fake Browser Update (lien direct) |
## Snapshot GData Software analysts found that the [SocGholish](https://security.microsoft.com/intel-profiles/7e30959d011aa33939afaa2477fd0cd097cee346fa3b646446a6b1e55f0c007f) malware, favored by threat groups like Evil Corp (tracked by Microsoft as [Manatee Tempest](https://security.microsoft.com/intel-profiles/1b66d1619b5365957ba8c785bfd7936bfa9cf8b58ad9f55b7987f7f3b390f4fc)) and TA569 (tracked by Microsft as [Mustard Tempest](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9)), is actively targeting Windows users with fake browser updates. ## Description This complex JavaScript downloader uses drive-by download techniques to silently install malware on user machines. It has evolved to exploit vulnerable WordPress plugins using the Keitaro traffic distribution system, with its infrastructure traced to Russian-hosted servers. The malware employs advanced techniques such as user profiling, browser fingerprinting, and fake browser update pages as lures. Potential payloads associated with SocGholish include backdoors, information stealers, remote access Trojans, and ransomware. Recent infections indicate the use of PowerShell scripts for persistence on compromised systems, enhancing its adaptability and evasion capabilities. ## Microsoft Analysis Microsoft researchers have investigated multiple incidents involving fake software updates served by the SocGholish malware distribution framework. [SocGholish](https://security.microsoft.com/intel-profiles/7e30959d011aa33939afaa2477fd0cd097cee346fa3b646446a6b1e55f0c007f) is an attack framework that malicious attackers have used since at least 2020. The attacker framework entices users to install fake software updates that eventually let attackers infiltrate target organizations. SocGholish can be tweaked to deliver any payload an attacker chooses. Threat actors [Mustard Tempest](https://security.microsoft.com/intel-profiles/79a9547522d81fe6c1f5e42d828009656892f3976c547360db52c33f0ba16db9?tab=tradeCraft) and [Manatee Tempest](https://security.microsoft.com/intel-profiles/1b66d1619b5365957ba8c785bfd7936bfa9cf8b58ad9f55b7987f7f3b390f4fc) use SocGholish/FakeUpdates as their primary technique to gain intial access. ## Detections/Hunting Queries Microsoft Defender Antivirus detects threat components as the following malware: - [TrojanDownloader:JS/FakeUpdates](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:JS/FakeUpdates.J&threatId=-2147133367?ocid=magicti_ta_ency) - [Behavior:Win32/FakeUpdates](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/FakeUpdates.A&threatId=-2147140656?ocid=magicti_ta_ency) - [Trojan:JS/FakeUpdate](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/FakeUpdate.C) - [Behavior:Win32/Socgolsh](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Socgolsh.SB&threatId=-2147152249?ocid=magicti_ta_ency) - [TrojanDownloader:JS/SocGholish](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:JS/SocGholish!MSR&threatId=-2147135220?ocid=magicti_ta_ency) - [Trojan:JS/Socgolsh.A](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/Socgolsh.A) - [Behavior:Win32/Socgolsh.SB](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Socgolsh.SB) - [Trojan:Win32/Blister](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Blister.A&threatId=-2147152044?ocid=magicti_ta_ency) - [Trojan:Win64/Blister](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Blister.A&threatId=-2147153518?ocid=magicti_ta_ency) - [Behavior:Win32/SuspRclone](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Sus | Ransomware Malware Tool Threat | ||
|
2024-07-31 20:02:24 | Cyber Bills on Federal Regs, Health Security and Workforce Clear Sénat Panel Cyber bills on federal regs, health security and workforce clear Senate panel (lien direct) |
> Les membres du comité ont voté 10-1 pour faire avancer les trois lois bipartisanes, ouvrant le terrain pour une considération complète du Sénat.
>Committee members voted 10-1 to advance all three bipartisan pieces of legislation, setting the stage for full Senate consideration. |
Legislation | ||
|
2024-07-31 19:50:19 | Bitgo signe la Cybersecurity and Infrastructure Security Agency (CISA) BitGo Signs the Cybersecurity and Infrastructure Security Agency (CISA) (lien direct) |
Bitgo Signe l'engagement de la Cybersecurity and Infrastructure Security Agency (CISA) pour améliorer la résilience de la cybersécurité
En tant que première entreprise de crypto à signer, Bitgo, le leader de la sécurité des actifs numériques, encourage les participants à l'industrie à s'engager dans les meilleures pratiques promues par CISA.
-
nouvelles commerciales
BitGo Signs the Cybersecurity and Infrastructure Security Agency (CISA) Pledge to Enhance Cybersecurity Resilience As the first crypto firm to sign, BitGo, the leader in digital asset security, encourages industry participants to commit to the best practices promoted by CISA. - Business News |
|||
|
2024-07-31 19:43:00 | Digicert pour révoquer plus de 83 000 certificats SSL en raison de la surveillance de la validation du domaine DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight (lien direct) |
Certificate Authority (CA) DiGinert a averti qu'elle révoquerait un sous-ensemble de certificats SSL / TLS dans les 24 heures en raison d'une surveillance de la façon dont il a vérifié si un certificat numérique est délivré au propriétaire légitime d'un domaine.
La société a déclaré qu'elle prendrait la mesure de révocation des certificats qui ne disposaient pas de validation appropriée de contrôle du domaine (DCV).
"Avant de délivrer un certificat à un
Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a |
|||
|
2024-07-31 19:42:21 | Norton dévoile Norton Ultra VPN (lien direct) | La nouvelle offre VPN de Norton assure un très haut niveau de protection Une offre VPN performante désormais disponible en trois formules tout-en-un, s'appuyant sur les solutions primées de Norton Cyber Safety - Produits | |||
|
2024-07-31 19:25:10 | Les expériences des utilisateurs sans friction face à la croissance des cyber-états: la biométrie comportementale pourrait-elle être la réponse? Frictionless user experiences in the face of growing cyberthreats: Could behavioral biometrics be the answer? (lien direct) |
Les expériences des utilisateurs sans frottement face à la croissance des cyber-états: la biométrie comportementale pourrait-elle être la réponse?
par Anthony Eaton, directeur de la technologie, IDEX Biometrics
-
opinion
/ /
affiche
Frictionless user experiences in the face of growing cyberthreats: Could behavioral biometrics be the answer? By Anthony Eaton, Chief Technology Officer, IDEX Biometrics - Opinion / affiche |
|||
 |
2024-07-31 19:22:21 | Evil certifié: enquêter sur les binaires malveillants signés Certified evil: Investigating signed malicious binaries (lien direct) |
Les adversaires signent souvent des binaires malveillants pour créer une façade de validité, mais un binaire signé n'est pas nécessairement sûr
Adversaries often sign malicious binaries to create a facade of validity, but a signed binary isn\'t necessarily a safe one |
|||
|
2024-07-31 19:17:20 | Siri Bug permet le vol de données sur les appareils Apple verrouillés Siri Bug Enables Data Theft on Locked Apple Devices (lien direct) |
Les acteurs malveillants pourraient potentiellement exploiter cette vulnérabilité si elles ont un accès physique à un appareil utilisateur.
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user\'s device. |
Vulnerability Threat | ||
|
2024-07-31 19:11:50 | Microsoft: Azure DDOS Attaque amplifiée par erreur de cyber-défense Microsoft: Azure DDoS Attack Amplified by Cyber Defense Error (lien direct) |
La cyberattaque soutenue, probablement aggravée par un SNAFU d'atténuation, a perturbé plusieurs services cloud Azure pendant près de huit heures le 30 juillet.
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. |
Cloud | ||
|
2024-07-31 19:03:02 | Les voitures intelligentes partagent les données du conducteur, ce qui invite les appels à un examen fédéral Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny (lien direct) |
Deux sénateurs américains accusent les constructeurs automobiles de langage trompeur et de pratiques astucieuses dans le partage et la revente des données du conducteur.
Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data. |
|||
|
2024-07-31 19:00:02 | Stackhawk a annoncé une découverte d'API alimentée par Hawkai StackHawk announced API Discovery Powered by HawkAI (lien direct) |
Stackhawk améliore la découverte de l'API avec Hawkai pour révolutionner les tests de sécurité pour les applications modernes
La découverte d'API nouvellement introduite alimentée par Hawkai offre une visibilité complète pour rester en avance sur le développement des logiciels tout en prenant le contrôle total de votre surface d'attaque.
-
revues de produits
StackHawk Enhances API Discovery With HawkAI to Revolutionize Security Testing for Modern Applications Newly introduced API Discovery powered by HawkAI offers comprehensive visibility to stay ahead of software development while taking full control of your attack surface. - Product Reviews |
|||
|
2024-07-31 18:38:00 | Les logiciels malveillants liés à la Corée du Nord ciblent les développeurs sur Windows, Linux et MacOS North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS (lien direct) |
Les acteurs de la menace derrière une campagne de logiciels malveillants en cours ciblant les développeurs de logiciels ont démontré de nouveaux logiciels malveillants et tactiques, élargissant leur objectif pour inclure les systèmes Windows, Linux et MacOS.
Le groupe d'activités, surnommé Dev # Popper et lié à la Corée du Nord, s'est avéré avoir distingué les victimes en Corée du Sud, en Amérique du Nord, en Europe et au Moyen-Orient.
"Cette forme d'attaque est un
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an |
Malware Threat | ||
|
2024-07-31 18:17:54 | (Déjà vu) Donot APT GROUP ciblant le Pakistan Donot APT Group Targeting Pakistan (lien direct) |
#### Targeted Geolocations - United States - Eastern Europe - Northern Europe - Western Europe - Southern Europe - Central Asia - East Asia - South Asia - Southeast Asia #### Targeted Industries - Government Agencies & Services - Information Technology - Defense Industrial Base ## Snapshot Rewterz published a profile on APT-C-35, also known as the Donot APT group, a cyber espionage group active since at least 2013. ## Description The Donot APT group is known to target government and military organizations, as well as companies in the aerospace, defense, and high-tech industries. Their activities have been observed in several regions, including the United States, Europe, and Asia. The Donot group\'s motivations are information theft and espionage. The group is known for targeting Pakistani users with Android malware named StealJob, disguised under the name “Kashmiri Voice” to steal confidential information and intellectual property. In July 2022, they used Comodo\'s certificate to sign their spyware, demonstrating their high level of technical skill. The Donot APT group employs various tactics such as spear-phishing emails, malware, and custom-developed tools, often using third-party file-sharing websites for malware distribution. They are well-funded and use sophisticated techniques to evade detection, including encryption and file-less malware. ## Additional Analysis According to a number of additional sources, Donot group is likely [linked to the Indian government](https://socradar.io/apt-profile-apt-c-35-donot-team/). Initial access to victim environments is typically achieved through phishing campaigns and the group has been observed exploiting vulnerabilities in Microsoft Office, including [CVE-2018-0802](https://security.microsoft.com/intel-explorer/cves/CVE-2018-0802/), [CVE-2017-0199](https://security.microsoft.com/intel-explorer/cves/CVE-2017-0199/), and [CVE-2017-8570](https://security.microsoft.com/intel-explorer/cves/CVE-2017-8570/). Donot group is a persistent and consistent actor. [ESET researchers](https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/) note the group is known to repeatedly attacks the same target, even if they are removed fromt he victim environment. In some cases, the Donot group launched spearphishing campaigns against targets every two to four months. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection) is enabled in Microsoft Defender f | Ransomware Malware Tool Vulnerability Threat Mobile Industrial Technical | ||
|
2024-07-31 17:56:28 | La Russie légalise l'exploitation des crypto-monnaies alors que les sanctions mondiales servent les finances traditionnelles Russia legalizes cryptocurrency mining as global sanctions rattle traditional finances (lien direct) |
Pas de details / No more details | |||
 |
2024-07-31 17:52:40 | Microsoft dit que les groupes de ransomwares exploitent le défaut VMware ESXi nouvellement paralysé Microsoft Says Ransomware Groups Are Exploiting the Newly-Patched VMware ESXi Flaw (lien direct) |
La vulnérabilité CVE-2024-37085 est présente dans les hyperviseurs ESXi et peut être utilisée pour déployer des logiciels malveillants de données-exorsion.
The CVE-2024-37085 vulnerability is present in ESXi hypervisors and can be used to deploy data-extortion malware. |
Ransomware Malware Vulnerability | ||
 |
2024-07-31 17:31:00 | La première moitié de 2024 se traduit par plus d'un milliard de victimes de violation de données The First Half of 2024 Results in More Than 1 Billion Data Breach Victims (lien direct) |
|
Data Breach | ||
 |
2024-07-31 17:13:07 | L'attaque de ransomware frappe une banque de sang à un sang, perturbe les opérations médicales Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations (lien direct) |
> Oneblood, une banque de sang à but non lucratif desservant plus de 300 hôpitaux américains, a été frappée par une attaque de ransomware perturbatrice.
>OneBlood, a non-profit blood bank serving more than 300 U.S. hospitals, has been hit by a disruptive ransomware attack. |
Ransomware Medical | ||
|
2024-07-31 17:07:08 | Global SMS Stealer ciblant les utilisateurs d'Android via des applications et des annonces malveillantes Global SMS Stealer Targeting Android Users via Malicious Apps and Ads (lien direct) |
Nouvelle alerte de voleur SMS!La campagne massive cible les utilisateurs d'Android dans le monde.La portée de cette campagne est stupéfiante & # 8230;
New SMS Stealer Alert! The massive campaign targets Android users globally. The scope of this campaign is staggering… |
Mobile | ||
|
2024-07-31 16:59:58 | Coût de la violation des données en 2024: 4,88 millions de dollars, indique la dernière étude IBM Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study (lien direct) |
> Le coût moyen d'une violation de données a atteint 4,88 millions de dollars, contre 4,45 millions de dollars en 2023, un pic de 10%.
>The average cost of a data breach jumped to $4.88 million from $4.45 million in 2023, a 10% spike. |
Data Breach Studies | ||
|
2024-07-31 16:49:35 | Équipe NetControl, Nozomi pour fournir des services de cybersécurité avancés pour les environnements IoT, IoT Netcontrol, Nozomi team to deliver advanced cybersecurity services for OT, IoT environments (lien direct) |
NetControl Group, un fournisseur de services de sécurité géré (MSSP) et Nozomi Networks Inc., un fournisseur d'OT et IoT ...
Netcontrol Group, a managed security service provider (MSSP), and Nozomi Networks Inc., a vendor of OT and IoT... |
Industrial | ||
|
2024-07-31 16:49:07 | Armexa fait ses débuts sur la plate-forme d'opérations d'Iris pour les opérateurs industriels avec un support OT limité Armexa debuts IRIS Operations Platform for industrial operators with limited OT support (lien direct) |
Armexa a révélé mercredi le lancement de sa nouvelle plate-forme d'opérations d'iris développé pour répondre aux besoins de ...
Armexa revealed on Wednesday the launch of its new IRIS Operations Platform developed to address the needs of... |
Industrial | ||
|
2024-07-31 16:40:35 | (Déjà vu) Phishing targeting Polish SMBs continues via ModiLoader (lien direct) | #### Géolocations ciblées - Pologne - Roumanie - Italie ## Instantané Des chercheurs de l'ESET ont détecté des campagnes de phishing généralisées ciblant les petites et moyennes entreprises (PME) en Pologne, en Roumanie et en Italie en mai 2024. ## Description Les campagnes visant à distribuer diverses familles de logiciels malveillants, y compris les remcos à distance à distance (rat), [agent Tesla] (https://security.microsoft.com/intel-profiles/0116783AB9DA099992EC014985D7C56BFE2D8C360C6E7DD6CD39C8D6555555538) et FormBook) et Forme Modiloader (également connu sous le nom de dbatloader).Cela marque un changement de tactique comme dans les campagnes précédentes, les acteurs de la menace ont exclusivement utilisé l'accryptor pour offrir des charges utiles de suivi. Dans les campagnes les plus récentes, les attaquants ont utilisé précédemment les comptes de messagerie et les serveurs d'entreprise pour diffuser des e-mails malveillants, héberger des logiciels malveillants et collecter des données volées.Les e-mails de phishing contenaient des pièces jointes avec des noms comme RFQ8219000045320004.TAR ou ZAM & OACUTE; WIENIE \ _NR.2405073.IMG, qui ont été utilisés pour livrer Modiloader.Une fois lancé, Modiloader a téléchargé et exécuté la charge utile finale, qui variait entre les différentes campagnes.Les attaquants ont exfiltré des données utilisant différentes techniques, y compris SMTP et des serveurs Web compromis. ## Détections / requêtes de chasse ** Microsoft Defender Antivirus ** Microsoft Defender Antivirus détecte les composants de la menace comme le malware suivant: - [Trojan: Win32 / Modiloader] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojan:win32/modiloader) - [Backdoor: JS / REMCOS] (https://www.microsoft.com/en-us/wdsi/thereats/malware-encycopedia-dercription?name=backDoor:js/remcos) - [Backdoor: MSIL / REMCOS] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-description?name=backdoor: MSIL / REMCOS) - [Backdoor: Win32 / Remcos] (https://www.microsoft.com/en-us/wdsi/terats/malware-encycopedia-dEscription? Name = Backdoor: Win32 / Remcos) - [Trojan: Win32 / Remcos] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-d-dEscription? Name = Trojan: Win32 / Remcos) - [Trojan: win32 / agenttesla] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-description?name=trojan:win32/agenttesla) - [Trojanspy: MSIL / AgentTesla] (https://www.microsoft.com/en-us/wdsi/therets/malware-encycopedia-dercription?name=trojanspy:mil/agenttesla) - [Trojandownloader: MSIL / FormBook] (https://www.microsoft.com/en-us/wdsi/Threats/Malware-encyClopedia-Description?name=trojandownher:mil/formBook.kan!mtb&agne ;Threatid=-2147130651&ocid = magicti_ta_ency) ## Recommandations Microsoft recommande les atténuations suivantes to Réduire l'impact de cette menace. - Allumez [Protection en livraison du cloud] (https://learn.microsoft.com/en-us/defender-endpoint/linux-preférences) dans Microsoft Defender Antivirus ou l'équivalent de votre produit antivirus pour couvrir rapidement les outils d'attaquant en évolution et et et les outils d'attaquant en évolution rapide ettechniques.Les protections d'apprentissage automatique basées sur le cloud bloquent la majorité des menaces nouvelles et inconnues. - Exécuter [EDR en mode bloc] (https: //learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-lock-mode?view=o365-worldwide?ocid=Magicti_TA_LearnDoc) So que Microsoft Defender pour le point final peut bloquer les artefacts malveillants, même lorsque votre antivirus non microsoft ne détecte pas la menace ou lorsque Microsoft Defender Antivirus fonctionne en mode passif.EDR en mode bloc fonctionne dans les coulisses pour corriger les artefacts malveillants qui sont détectés post-abri. - Autoriser [Investigation and Remediation] (https://learn.microsoft.com/microsoft-365/security/defen | Ransomware Malware Tool Threat |
To see everything:
