What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-26 13:15:10 | CVE-2023-5780 (lien direct) | A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
|
2023-10-26 13:15:10 | CVE-2023-5781 (lien direct) | A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Vulnerability Threat | ||
 |
2023-10-26 13:08:32 | Exploring a crypto-mining campaign which used the Log4j vulnerability (lien direct) | This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation. |
Vulnerability Threat | ★★ | |
|
2023-10-26 13:08:32 | Sellen Construction \\'builds great\\' with Darktrace and Microsoft (lien direct) | Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business.
Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business. |
Threat Cloud | ★★ | |
 |
2023-10-26 13:00:35 | The Financial Implications of Cyber Security: How Catch Rates Impact Organizational Risk (lien direct) | >Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […]
>Despite its countless benefits, the internet can be a hostile place for business. As organizations continue to expand their digital footprints, moving workloads into the cloud and growing their network of devices, they leave themselves vulnerable to a rapidly evolving cyber threat landscape. Gartner\'s number one cybersecurity trend of 2022 was “attack surface expansion” – organizations increasing their digital presence to leverage new technologies and facilitate remote and hybrid working. As of 2023, almost 13% of full-time employees work from home, with over 28% working a hybrid model. At the same time, Check Point recorded a 38% uplift in global […] |
Threat Prediction Cloud | ★★ | |
 |
2023-10-26 12:54:00 | Le tortue de groupe iranien lance une nouvelle vague d'attaques de logiciels malveillants Imaploader Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (lien direct) |
L'acteur iranien des menaces connu sous le nom de tortue-tortue a été attribué à une nouvelle vague d'attaques d'arrosage conçues pour déployer un logiciel malveillant surnommé Imaploader.
"Imaploader est un malware .NET qui a la possibilité de systèmes de victime d'empreintes digitales en utilisant des utilitaires Windows natifs et agit comme téléchargeur pour de nouvelles charges utiles", a déclaré le PWC Threat Intelligence dans une analyse mercredi.
"Il utilise un e-mail
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email |
Malware Threat | ★★ | |
 |
2023-10-26 10:00:00 | Ensuring robust security of a containerized environment (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s rapidly evolving digital landscape, containerized microservices have become the lifeblood of application development and deployment. Resembling miniature virtual machines, these entities enable efficient code execution in any environment, be it an on-premises server, a public cloud, or even a laptop. This paradigm eliminates the criteria of platform compatibility and library dependency from the DevOps equation. As organizations embrace the benefits of scalability and flexibility offered by containerization, they must also take up the security challenges intrinsic to this software architecture approach. This article highlights key threats to container infrastructure, provides insights into relevant security strategies, and emphasizes the shared responsibility of safeguarding containerized applications within a company. Understanding the importance of containers for cloud-native applications Containers play a pivotal role in streamlining and accelerating the development process. Serving as the building blocks of cloud-native applications, they are deeply intertwined with four pillars of software engineering: the DevOps paradigm, CI/CD pipeline, microservice architecture, and frictionless integration with orchestration tools. Orchestration tools form the backbone of container ecosystems, providing vital functionalities such as load balancing, fault tolerance, centralized management, and seamless system scaling. Orchestration can be realized through diverse approaches, including cloud provider services, self-deployed Kubernetes clusters, container management systems tailored for developers, and container management systems prioritizing user-friendliness. The container threat landscape According to recent findings of Sysdig, a company specializing in cloud security, a whopping 87% of container images have high-impact or critical vulnerabilities. While 85% of these flaws have a fix available, they can’t be exploited because the hosting containers aren’t in use. That said, many organizations run into difficulties prioritizing the patches. Rather than harden the protections of the 15% of entities exposed at runtime, security teams waste their time and resources on loopholes that pose no risk. One way or another, addressing these vulnerabilities requires the fortification of the underlying infrastructure. Apart from configuring orchestration systems properly, it’s crucial to establish a well-thought-out set of access permissions for Docker nodes or Kubernetes. Additionally, the security of containers hinges on the integrity of the images used for their construction. Guarding containers throughout the product life cycle A container\'s journey encompasses three principal stages. The initial phase involves constructing the container and subjecting it to comprehensive functional and load tests. Subsequently, the container is stored in the image registry, awaiting its moment of execution. The third stage, container runtime, occurs when the container is launched and operates as intended. Early identification of vulnerabilities is vital, and this is where the shift-left security principle plays a role. It encourages an intensified focus on security from the nascent stages of the product life cycle, encompassing the design and requirements gathering phases. By incorporating automated security checks within the CI/CD pipeline, developers can detect security issues early and minimize the chance of security gap | Tool Vulnerability Threat Cloud | Uber | ★★★ |
|
2023-10-26 09:55:00 | Yorotrooper: les chercheurs mettent en garde contre le groupe de cyber-espionnage du Kazakhstan \\ YoroTrooper: Researchers Warn of Kazakhstan\\'s Stealthy Cyber Espionage Group (lien direct) |
Un acteur de menace relativement nouveau connu sous le nom de Yorotrooper est probablement composé d'opérateurs originaires du Kazakhstan.
L'évaluation, qui vient de Cisco Talos, est basée sur leur maîtrise du kazakh et du russe, l'utilisation de Tenge pour payer les infrastructures opérationnelles et le ciblage très limité des entités kazakhstani, sauf l'agence anti-corruption du gouvernement.
"Yorotrooper tente d'obscurcir
A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government\'s Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the |
Threat | ★★ | |
 |
2023-10-26 08:49:41 | Increasing transparency in AI security (lien direct) | Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST)New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google\'s Secure AI Framework (SAIF) can help chart a path for creating AI applications that users can trust. Today, we\'re highlighting two new ways to make information about AI supply chain security universally discoverable and verifiable, so that AI can be created and used responsibly. The first principle of SAIF is to ensure that the AI ecosystem has strong security foundations. In particular, the software supply chains for components specific to AI development, such as machine learning models, need to be secured against threats including model tampering, data poisoning, and the production of harmful content. Even as machine learning and artificial intelligence continue to evolve rapidly, some solutions are now within reach of ML creators. We\'re building on our prior work with the Open Source Security Foundation to show how ML model creators can and should protect against ML supply chain attacks by using | Malware Tool Vulnerability Threat Cloud | ★★ | |
 |
2023-10-26 06:00:18 | Break the Attack Chain with Identity Threat Protection (lien direct) | “The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat | Ransomware Malware Tool Threat Prediction Cloud | ★★ | |
|
2023-10-26 01:15:07 | CVE-2023-46667 (lien direct) | Un problème a été découvert dans Fleet Server> = V8.10.0 et = v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch. | Threat | ||
 |
2023-10-25 23:59:00 | BHI Energy libère les détails de l'attaque des ransomwares Akira BHI Energy Releases Details of Akira Ransomware Attack (lien direct) |
L'acteur de menace a exfiltré 690 gigaoctets de données non compressées, ou 767 035 fichiers.
The threat actor exfiltrated 690 gigabytes of uncompressed data, or 767,035 files. |
Ransomware Threat | ★★ | |
|
2023-10-25 19:55:00 | Alors que Citrix exhorte ses clients à patcher, les chercheurs publient un exploit As Citrix Urges Its Clients to Patch, Researchers Release an Exploit (lien direct) |
Dans la course sur la dernière vulnérabilité de Citrix \\, les méchants ont une énorme longueur d'avance, avec de grandes implications pour les entreprises et les fournisseurs d'infrastructures critiques du monde entier.
In the race over Citrix\'s latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide. |
Threat | ★★★ | |
|
2023-10-25 19:38:00 | Alarme virtuelle: VMware émet un avis de sécurité majeur Virtual Alarm: VMware Issues Major Security Advisory (lien direct) |
Les serveurs VMware vCenter ont besoin d'un patch immédiat contre le bug de RCE critique à mesure que la race contre les acteurs de la menace commence.
VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins. |
Threat | ★★ | |
 |
2023-10-25 19:25:25 | Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers (lien direct) | #### Description
ESET Research découvre des campagnes par le groupe Winter Vivern APT qui exploite une vulnérabilité XSS zéro-jour dans le serveur de la carte Web Roundcube et cible les entités gouvernementales et un groupe de réflexion en Europe.Pour compromettre ses objectifs, le groupe utilise des documents malveillants, des sites Web de phishing et une porte dérobée PowerShell personnalisée.L'exploitation de la vulnérabilité XSS, attribuée CVE-2023-5631, peut se faire à distance en envoyant un e-mail spécialement conçu.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/winter-vivern-exploitts-zero-ay-vulnerabilité-loundcube-webmail-servers/
#### Date de publication
25 octobre 2023
#### Auteurs)
Matthieu faou
#### Description ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe. To compromise its targets, the group uses malicious documents, phishing websites, and a custom PowerShell backdoor. Exploitation of the XSS vulnerability, assigned CVE-2023-5631, can be done remotely by sending a specially crafted email message. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/ #### Publication Date October 25, 2023 #### Author(s) Matthieu Faou |
Vulnerability Threat | ★★★ | |
 |
2023-10-25 19:00:00 | Couverture des menaces de netskope: Menorah Netskope Threat Coverage: Menorah (lien direct) |
> Résumé En octobre 2023, Netskope a analysé un document de mots malveillant et le malware qu'il contenait, surnommé «Menorah».Le malware a été attribué à un groupe de menaces persistant avancé APT34 et aurait été distribué par phisse de lance.Le fichier de bureau malveillant utilise le code VBA dispersé et obscurci pour échapper à la détection.Le groupe avancé des menaces persistantes cible [& # 8230;]
>Summary In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets […] |
Malware Threat | APT 34 | ★★ |
|
2023-10-25 18:50:00 | Des pirates d'État nationaux exploitant zéro-jour dans un logiciel de cmaillé Roundcube Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software (lien direct) |
L'acteur de menace connu sous le nom de Winter Vivern a été observé exploitant un défaut zéro-jour dans le logiciel de la carte Web Roundcube le 11 octobre 2023 pour récolter les messages e-mail des comptes des victimes.
"Winter Vivern a intensifié ses opérations en utilisant une vulnérabilité zéro-jour dans Roundcube", a déclaré le chercheur en sécurité de l'ESET Matthieu Faou dans un nouveau rapport publié aujourd'hui.Auparavant, il utilisait connu
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims\' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known |
Vulnerability Threat | ★★ | |
|
2023-10-25 18:17:43 | CVE-2023-5568 (lien direct) | Un défaut de débordement de tampon basé sur un tas a été découvert en samba.Il pourrait permettre à un attaquant éloigné et authentifié d'exploiter cette vulnérabilité pour provoquer un déni de service.
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. |
Vulnerability Threat | ||
|
2023-10-25 18:17:43 | CVE-2023-5472 (lien direct) | Utiliser après gratuitement dans les profils dans Google Chrome avant 118.0.5993.117 a permis à un attaquant distant d'exploiter potentiellement la corruption de tas via une page HTML fabriquée.(Gravité de sécurité du chrome: élevée)
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Threat | ||
|
2023-10-25 18:17:29 | CVE-2023-39231 (lien direct) | PingFederate à l'aide de l'adaptateur MFA Pingone permet à un nouveau périphérique MFA d'être apparié sans nécessiter une authentification de deuxième facteur à partir d'un périphérique enregistré existant.Un acteur de menace peut être en mesure d'exploiter cette vulnérabilité pour enregistrer son propre appareil MFA s'ils ont connaissance des premières informations d'identification d'un facteur victime de l'utilisateur.
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user\'s first factor credentials. |
Vulnerability Threat | ||
|
2023-10-25 18:17:28 | CVE-2023-38041 (lien direct) | Un utilisateur enregistré peut élever ses autorisations en abusant d'un moment de vérification de la condition de course du temps d'utilisation (TOTOU).Lorsqu'un flux de processus particulier est initié, un attaquant peut exploiter cette condition pour gagner des privilèges élevés non autorisés sur le système affecté.
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. |
Threat | ||
|
2023-10-25 18:17:23 | CVE-2023-20273 (lien direct) | Une vulnérabilité dans la fonction d'interface utilisateur Web du logiciel Cisco IOS XE pourrait permettre à un attaquant distant authentifié d'injecter des commandes avec les privilèges de Root.
Cette vulnérabilité est due à une validation d'entrée insuffisante.Un attaquant pourrait exploiter cette vulnérabilité en envoyant une entrée fabriquée à l'interface utilisateur Web.Un exploit réussi pourrait permettre à l'attaquant d'injecter des commandes au système d'exploitation sous-jacent avec des privilèges racine.
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. |
Vulnerability Threat | ||
 |
2023-10-25 16:00:00 | Winter Vivern: Exploit XSS Zero-Day cible les serveurs Roundcube Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers (lien direct) |
ESET Research a rapporté la vulnérabilité à l'équipe Roundcube le 12 octobre
ESET Research reported the vulnerability to the Roundcube team on October 12 |
Vulnerability Threat | ★★ | |
|
2023-10-25 15:37:00 | Winter Vivern apt Blast webmail zéro-day bug avec un clic exploit Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit (lien direct) |
Une campagne ciblant les organisations gouvernementales européennes et un groupe de réflexion montrent la cohérence du groupe de menaces à profil bas, qui a des liens avec la Biélorussie et la Russie.
A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia. |
Threat | ★★ | |
|
2023-10-25 14:43:00 | La campagne de malvertisation cible le système de paiement Brazil \\'s Pix avec Gopix Malware Malvertising Campaign Targets Brazil\\'s PIX Payment System with GoPIX Malware (lien direct) |
La popularité du système de paiement instantané du Brésil \\ a en fait une cible lucrative pour les acteurs de menace qui cherchent à générer des bénéfices illicites en utilisant un nouveau malware appelé Gopix.
Kaspersky, qui a suivi la campagne Active depuis décembre 2022, a déclaré que les attaques sont réalisées à l'aide d'annonces malveillantes qui sont desservies lorsque les victimes potentielles recherchent "WhatsApp Web" sur les moteurs de recherche.
"Le
The popularity of Brazil\'s PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The |
Malware Threat | ★★ | |
 |
2023-10-25 12:00:00 | Espionage Group utilise le serveur Web Mail Zero-Day pour cibler les gouvernements européens Espionage group uses webmail server zero-day to target European governments (lien direct) |
Un groupe d'espionnage bien connu vu généralement soutenant la Russie et le Biélorussie a été surpris à exploiter une vulnérabilité zéro-jour affectant un service de messagerie Web populaire utilisé par les gouvernements à travers l'Europe.Des chercheurs de la société de sécurité ESET ont déclaré qu'ils avaient suivi une nouvelle campagne d'hiver Vivern - un groupe avancé de menace persistante (APT) précédemment impliquée dans les cyberattaques sur [le
A well-known espionage group typically seen supporting Russia and Belarus was caught exploiting a zero-day vulnerability affecting a popular webmail service used by governments across Europe. Researchers at security firm ESET said they have been tracking a new campaign by Winter Vivern -- an advanced persistent threat (APT) group previously implicated in cyberattacks on [the |
Vulnerability Threat | ★★ | |
 |
2023-10-25 11:35:37 | Sur les acteurs de menace \\ 'radar: exploits POC pour la vulnérabilité des opérations Aria VMware (CVE-2023-34051), et plus On Threat Actors\\' Radar: PoC Exploits for VMware Aria Operations Vulnerability (CVE-2023-34051), and More (lien direct) |
Les vulnérabilités nouvellement découvertes sont une source constante de préoccupation pour la communauté de la cybersécurité, en particulier lorsque ...
Newly discovered vulnerabilities are a constant source of concern for the cybersecurity community, particularly when... |
Vulnerability Threat | ★★ | |
 |
2023-10-25 11:10:31 | NETSCOUT: EMEA reçoit la plupart des attaques DDOS au milieu des troubles géopilitiques en cours Netscout : EMEA receives most DDOS attacks AMID ongoing geopilitical unrest (lien direct) |
Les cybercriminels ont augmenté leurs activités néfastes au cours de la première moitié de 2023. Selon le dernier rapport de renseignement sur les menaces de Netscout \\, les acteurs de la menace ont lancé environ 7,9 millions d'attaques de déni de service distribué (DDOS *) dans le monde en 1h 2023,Comparé à un peu plus de 6 millions de ces attaques au cours du 1h 2022. Cela représente une augmentation de 31% d'une année à l'autre et 44 000 attaques DDOS par jour.
Cette augmentation de la fréquence des attaques était également évidente en Europe, le milieu (...)
-
rapports spéciaux
Cybercriminals ramped up their nefarious activities during the first half of 2023. According to NETSCOUT\'s latest Threat Intelligence Report, threat actors launched approximately 7.9 million distributed denial-of-service (DDoS*) attacks globally in 1H 2023, compared to just over 6 million of these attacks during 1H 2022. This represents a 31 per cent increase year over year and a staggering 44,000 DDoS attacks per day. This increase in attack frequency was also evident in Europe, the Middle (...) - Special Reports |
Threat | ★★ | |
 |
2023-10-25 11:06:25 | Selon le classement Nalstiest Malware of 2023, l\'approche Ransomware-as-a-Service est largement plébiscitée (lien direct) | >Alors que le montant moyen des paiements effectués pour des ransomwares est en hausse, le pourcentage de payeurs n'a jamais été aussi bas. OpenText, annonce aujourd'hui la sortie du Nastiest Malware of 2023, son classement annuel des plus grandes menaces de logiciels malveillants. The post Selon le classement Nalstiest Malware of 2023, l'approche Ransomware-as-a-Service est largement plébiscitée first appeared on UnderNews. | Malware Threat | ★★ | |
|
2023-10-25 10:17:00 | Alerte: exploits POC publiés pour les vulnérabilités Citrix et VMware Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities (lien direct) |
Le fournisseur de services de virtualisation VMware a alerté les clients de l'existence d'un exploit de preuve de concept (POC) pour une faille de sécurité récemment corrigée dans les opérations ARIA pour les journaux.
Suivi en CVE-2023-34051 (score CVSS: 8.1), la vulnérabilité à haute sévérité est liée à un cas de contournement d'authentification qui pourrait conduire à l'exécution du code distant.
"Un acteur malveillant non authentifié peut injecter des fichiers
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files |
Vulnerability Threat | ★★★ | |
|
2023-10-25 10:00:00 | Ingénierie sociale: piratage d'esprit sur les octets Social engineering: Hacking minds over bytes (lien direct) |
In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives.
Our world has become more interconnected over time, and this has given rise to an entirely new breed of criminal masterminds: digital criminals with deep psychological insights who use technology as the ultimate battlefield for social engineering activities. Welcome to social engineering - where your mind becomes the battlefield!
Before the digital revolution, social engineering was practiced face-to-face and practitioners of this form were known as "con men," regardless of gender. Today however, cybercriminals use psychological methods to trick individuals into compromising their systems, divulging sensitive data, or participating in malicious activities unwittingly.
An unsuspecting employee receives an email purporting to be from an official subscription service for software used at their organization, prompting them to log-in as quickly as possible and avoid having their account frozen due to inactivity. Following a link in this email leading them directly to a convincing fake login page, unknowingly giving away their credentials which give a threat actor access to company systems and confidential data. This deception was an ideal example of Business Email Compromise (BEC). An attacker created an urgent phishing email designed to distort employee judgment. There was reconnaissance conducted beforehand by threat actors, so they already possessed information regarding both an employee\'s email address and web-based applications, making the attack became even more effective.
Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust to convince the unsuspecting victim to hand over sensitive or confidential information.
Here are some books that offer a range of perspectives and insights into the world of social engineering, from the psychology behind it to practical defenses against it. Reading them can help you better understand the tactics used by social engineers and how to protect yourself and your organization.
1. Influence: The Psychology of Persuasion" by Robert B. Cialdini
Robert Cialdini\'s classic book explores the six key principles of influence: reciprocity, commitment and consistency, social proof, liking, authority, and scarcity. While not solely focused on social engineering, it provides valuable insights into the psychology of persuasion that are highly relevant to understanding and defending against social engineering tactics.
2. "The Art of Deception: Controlling the Human Element of Security" by Kevin D. Mitnick
A former hacker turned cybersecurity consultant, delves into the art of deception and social engineering. He shares real-life examples of social engineering attacks and provides practical advice on how to protect yourself and your organization from such threats.
3. "Ghost in the Wires: My Adventures as the World\'s Most Wanted Hacker" by Kevin D. Mitnick In this autobiography, Kevin Mitnick recounts his personal experiences as a hacker and social engineer. He provides a fascinating insider\'s perspective on the tactics used by hackers to manipulate people and systems, shedding light on the world of cybercrime and social engineering.
4. "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy Summary: A comprehensive guide to social engineering techniques and strategies. It co |
Vulnerability Threat | ★★ | |
|
2023-10-25 08:20:54 | SentinelOne lance Singularity Threat Intelligence (lien direct) | SentinelOne® renforce ses capacités de renseignement sur les cybermenaces avec Singularity™ Threat Intelligence Cette solution accroît la faculté de l'éditeur à fournir les informations détaillées indispensables à la protection proactive contre les menaces et à la neutralisation des risques. - Produits | Threat | ★★ | |
|
2023-10-24 20:14:00 | 1Password devient la dernière victime de la violation du service client OKTA 1Password Becomes Latest Victim of Okta Customer Service Breach (lien direct) |
La plate-forme IAM d'Okta \\ se trouve à nouveau dans les viseurs des cyberattaques \\ ', alors que les acteurs de la menace montent une attaque de chaîne d'approvisionnement ciblant les engagements de support client OKTA.
Okta\'s IAM platform finds itself in cyberattackers\' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements. |
Threat | ★★★ | |
|
2023-10-24 19:50:31 | Technique de téléchargement à double DLL de Quasar Rat \\ Quasar RAT\\'s Dual DLL Sideloading Technique (lien direct) |
#### Description
Quasarrat, également connu sous le nom de Cinarat ou Yggdrasil, est un outil d'administration à distance léger écrit en C #.Cet outil est ouvertement accessible en tant que projet GitHub.Cet outil est capable de diverses fonctions telles que la collecte de données système, l'exécution d'applications, le transfert de fichiers, l'enregistrement des touches, la prise de captures d'écran ou les captures de caméra, la récupération de mots de passe du système et la supervision des opérations comme le gestionnaire de fichiers, le gestionnaire de startup, le bureau distant et l'exécution de commandes de shell.
Dans la phase initiale, l'attaquant exploite "ctfmon.exe", qui est un fichier Microsoft authentique.Ce faisant, ils chargent une DLL malveillante qui, à l'œil non formé, semblerait bénin en raison de son nom déguisé.Lors de l'exécution du binaire "ctfmon.exe", l'étape est définie lorsque l'attaquant acquiert une charge utile de stade 1 \\ '.Cette charge utile initiale est cruciale, agissant comme la passerelle pour les actions malveillantes suivantes.À ce stade, l'acteur de menace met en jeu le fichier "calcc.exe" qui, dans ce contexte, n'est pas juste une application de calculatrice simple.Parallèlement à "Calc.exe", la DLL malveillante est également mise en mouvement.Lors de l'exécution de «calcc.exe», la DLL malveillante est déclenchée.Cette action se termine dans l'infiltration de la charge utile "quasarrat" dans la mémoire de l'ordinateur, reflétant la sensibilité de l'attaquant à contourner les mécanismes de sécurité.
#### URL de référence (s)
1.Hets: //www.uptcs.kum/blag/koker-rut
#### Date de publication
Octobre ౨౪, ౨౦౨౩
#### థ థ థ థ థ థ థ థ థ థ థ థ థ థ
Tejaswini Sandapolla
#### Description QuasarRAT, also known as CinaRAT or Yggdrasil, is a lightweight remote administration tool written in C#. This tool is openly accessible as a GitHub project. This tool is capable of various functions such as gathering system data, running applications, transferring files, recording keystrokes, taking screenshots or camera captures, recovering system passwords, and overseeing operations like File Manager, Startup Manager, Remote Desktop, and executing shell commands. In the initial phase, the attacker harnesses "ctfmon.exe," which is an authentic Microsoft file. By doing so, they load a malicious DLL which, to the untrained eye, would seem benign because of its disguised name. Upon execution of the "ctfmon.exe" binary, the stage is set as the attacker acquires a \'stage 1\' payload. This initial payload is crucial, acting as the gateway for the subsequent malicious actions. At this juncture, the threat actor brings into play the "calc.exe" file, which in this context, isn\'t just a simple calculator application. Alongside "calc.exe," the malicious DLL is also set into motion. On executing "calc.exe," the malicious DLL is triggered. This action culminates in the infiltration of the "QuasarRAT" payload into the computer\'s memory, reflecting the attacker\'s adeptness at circumventing security mechanisms. #### Reference URL(s) 1. https://www.uptycs.com/blog/quasar-rat #### Publication Date October 24, 2023 #### Author(s) Tejaswini Sandapolla |
Tool Threat | ★★★ | |
|
2023-10-24 16:45:00 | La campagne d'influence liée à la Chine cible les législateurs canadiens, Premier ministre China-linked influence campaign targets Canadian lawmakers, prime minister (lien direct) |
 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> "wiffrth =" 1085
Le Canada a accusé des acteurs de menace liés à la Chine de répandre la désinformation et la propagande concernant ses politiciens sur les réseaux sociaux.La campagne dite de «spamouflage» de la Chine a prétendument ciblé des dizaines de députés canadiens, le Premier ministre Justin Trudeau, et plusieurs représentants du gouvernement, a déclaré le ministère canadien des Affaires étrangères.Canada.ca/en/global-affairs/news/2023/10/rapid-response-mechanism-canada-dects-spamouflage-campaign-targeting-members-of-pariement.html"> statement .Le spamouflage est une tactique qui utilise des réseaux de nouveaux
Canada has accused China-linked threat actors of spreading disinformation and propaganda about its politicians on social media. China\'s so-called “spamouflage” campaign has purportedly targeted dozens of Canadian members of parliament, Prime Minister Justin Trudeau, and several government officials, the Canadian foreign ministry said in a statement. Spamouflage is a tactic that uses networks of new |
Threat | ★★ | |
|
2023-10-24 16:08:00 | Les conflits israélo-hamas épellent les escrocs en ligne Israeli-Hamas Conflict Spells Opportunity for Online Scammers (lien direct) |
Alors que le conflit au Moyen-Orient fait rage, les acteurs malveillants cherchent à exploiter la situation avec de faux sites caritatifs encourageant les dons.
As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations. |
Threat | ★★ | |
|
2023-10-24 12:59:50 | Le point de contrôle dévoile quantum robuste 1595r: fortifier l'infrastructure critique et les réseaux OT avec sécurité AI et connectivité 5G Check Point Unveils Quantum Rugged 1595R: Fortifying Critical Infrastructure and OT Networks with AI Security and 5G Connectivity (lien direct) |
> La lutte contre la hausse des menaces pour les réseaux de systèmes de contrôle industriel (ICS) et les réseaux de technologie opérationnelle (OT), Check Point introduit son haut de gamme de passerelles robustes conçues spécifiquement pour les environnements difficiles et les réseaux OT jouent un rôle vital dans notre monde modernemais sont également des cibles prises pour les cyberattaques.Les acteurs de menace sont attirés par les infrastructures critiques et SCADA / ICS en raison de leur capacité inhérente à provoquer des perturbations économiques, de l'espionnage, du vol de propriété intellectuelle et des motifs géopolitiques.Les vulnérabilités et les menaces des systèmes ICS / OT ICS et les systèmes OT existent depuis longtemps, en hiérarchisant les processus de production sur [& # 8230;]
> Addressing the rising threats to Industrial Control Systems (ICS) and Operational Technology (OT) networks, Check Point introduces its top of the range ruggedized gateways designed specifically for harsh environments ICS and OT networks play a vital role in our modern world but are also prime targets for cyberattacks. Threat actors are drawn to critical infrastructure and SCADA/ICS due to their inherent ability to cause economic disruption, espionage, intellectual property theft, and for geopolitical motives. The Vulnerabilities and Threats of ICS/OT Systems ICS and OT systems have been in existence for a long period of time, prioritizing production processes over […] |
Vulnerability Threat Industrial | ★★ | |
|
2023-10-24 12:03:00 | Implant de porte dérobée sur les appareils cisco piratés modifiés pour échapper à la détection Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection (lien direct) |
La porte dérobée implantée sur les appareils Cisco en exploitant une paire de défauts zéro jour dans le logiciel iOS XE a été modifié par l'acteur de menace afin d'échapper à la visibilité via des méthodes d'empreinte digitale précédentes.
"Le trafic réseau étudié vers un appareil compromis a montré que l'acteur de menace a mis à niveau l'implant pour effectuer un contrôle d'en-tête supplémentaire", a déclaré l'équipe Fox-it de NCC Group \\."Ainsi, pour beaucoup d'appareils
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group\'s Fox-IT team said. "Thus, for a lot of devices |
Threat | ★★ | |
|
2023-10-24 07:48:01 | Au-delà du statu quo, partie 2: 6 approches percutantes pour maintenir les personnes engagées dans la sensibilisation à la sécurité Beyond the Status Quo, Part 2: 6 Impactful Approaches to Keeping People Engaged in Security Awareness (lien direct) |
This is the second installment of a three-part blog series where we cover topics from our Wisdom 2023 sessions. In each blog, we explore creative techniques for inspiring engagement in security awareness and building a strong security culture. In the first article, we covered how to personalize and invigorate your curriculum for your users using threat intelligence. Every October, security professionals use Cybersecurity Awareness Month to promote best practices and the shared responsibility for behaving safely. But to stay safe, you have to stay vigilant. And that requires people to constantly be engaged. So in our second Wisdom session, we explored ways to inspire engagement in security awareness for both users and practitioners. Typically, when we\'re talking about engagement, we mean end users-and we all know how challenging it is to keep them engaged. In our 2023 State of the Phish Report, for instance, over 30% said security isn\'t priority at work for them. That\'s why in this session we discussed three ways to motivate and inspire your employees. We also addressed a group of people who are typically overlooked-security awareness practitioners! When you push yourself to find enthusiasm in security awareness, your attitude can have a cascading effect on how your employees engage. So we also covered three ways to find inspiration. This article recaps the insights we gained in conversation with Janet Roberts, former SVP/global head of security education and awareness at Zurich Insurance Company, and Brian Roberts (no relation), solution manager of information security awareness for Campbell\'s Soup Company. (Quotes have been lightly edited for clarity.) 3 impactful ways to engage employees If you\'re looking for creative ways to motivate and inspire your employees, Janet Roberts and Brian Roberts have some tips: 1: Build and nurture an ambassador program At Zurich, Janet launched an ambassador program that is now used by 32 of the company\'s teams around the globe. Every month, her security awareness team creates a toolkit to distribute “grass roots,” always covering one simple topic that is customizable to the ambassadors\' culture, language and policies. Zurich has five regional CISOs and a global CISO, each of whom decide the strategy for delivering this material within their region. in their region. When it comes to measuring program outcomes, metrics will most likely be qualitative not quantitative because when it\'s done right it will be highly tailored to people and places. According to Janet, “[An ambassador] program helps you to meet people where they go for their daily information. Make sure you map it to the structure of your company…and [make sure] your ambassadors are working within their regional strategy or country strategy.” Brian agreed the ambassador program should target a local audience. At Campbell\'s, his security awareness team reaches both inside and outside the organization to cultivate a group of volunteers. Brian\'s advice is to start small, create a volunteer pathway, and build each relationship as you scale up. “The more you make that personal, the more you drive an organization that will create change. When you see ambassadors sharing stuff they did in their communities and at home, that\'s when you know it\'s connecting.” When asked by attendees during the Q&A about how to get those first volunteers, Brian said, “Be very open so people feel you\'re approachable and they can bring personal stories to you. That\'s where you find that first pool of people that you can then send out to find more people.” Janet added that at Zurich, “We started with people whose job was to lower the human risk factor, like security officers and service executives. From there, they added their own connections and built their teams.” 2: Create a people-focused messaging strategy In this part of the session, our panelists shared ideas about how to build effective messaging and tailor the content so that everyone can und | Tool Threat | ★★ | |
 |
2023-10-24 00:00:00 | WatchGuard lance un service de MDR destiné aux MSP (lien direct) | Paris, le 24 octobre 2023 – WatchGuard® Technologies, l\'un des leaders mondiaux de la cybersécurité unifiée, annonce le lancement de WatchGuard MDR, un nouveau service de cybersécurité 24/7 conçu pour rendre le MDR beaucoup plus accessible aux fournisseurs de services managés (MSP) s\'efforçant de répondre à la demande croissante de leurs clients. Ce nouveau service est géré par une équipe d\'experts en cybersécurité de pointe et alimenté par l\'IA. Pour les MSP, le service WatchGuard MDR ne nécessite aucun investissement dans une infrastructure SOC (Centre d\'pérations de sécurité) ou dans des technologies avancées, ni le recrutement d\'experts. Raul Zayas, président de ZTek Solutions, MSP partenaire de WatchGuard explique : " La nouvelle solution de WatchGuard a dynamisé notre activité de services de sécurité infogérés en nous permettant de mettre à profit sans effort l\'immense potentiel du MDR et de la proposer à nos clients en tant que service à valeur ajoutée. En nous déchargeant de la création d\'un SOC moderne, WatchGuard MDR a accéléré notre aptitude à offrir à nos clients ce qui leur manque le plus : une cybersécurité complète et de haut niveau, soutenue par les meilleurs cyber-experts du secteur, garantissant ainsi une défense résiliente contre les cybermenaces. Non seulement WatchGuard nous a permis d\'avancer par la voie rapide dans ce domaine, mais il a rendu tout cela étonnamment simple grâce à l\'architecture de sa plateforme de sécurité unifiée qui nous permet de rester à la pointe de la technologie ". Hautement personnalisable et évolutif, ce nouveau service MDR vient encore renforcer l\'architecture de la plateforme de sécurité unifiée de WatchGuard. En plus de WatchGuard EDR, EPDR et Advanced EPDR, qui permettent aux MSP de construire des offres de sécurité robustes et complètes pour leurs clients, le service MDR procure également des capacités avancées de détection et de réponse aux menaces. Cette offre bénéficie en outre de l\'appui du service automatisé Zero-Trust Application de WatchGuard, du service Threat Hunting, d\'analyses de sécurité avancées, de renseignements sur les menaces et d\'une équipe dédiée d\'analystes experts en cybersécurité qui surveillent, détectent et répondent aux menaces 24 heures sur 24, 7 jours sur 7. Andrew Young, Chief Product Officer chez WatchGuard Technologies ajoute : " Nous nous engageons à soutenir notre communauté de MSP. Le lancement de WatchGuard MDR représente une nouvelle étape dans les relations de confiance à long terme que nous nous efforçons de construire avec nos partenaires. Non seulement ce service aide les MSP à franchir les barrières existantes à l\'entrée pour la fourniture de services de sécurité infogérés, mais il leur permet également de capitaliser sur une opportunité de croissance avec une nouvelle solution innovante que nous avons spécialement conçue pour eux. " Fonctionnalités et avantages clés WatchGuard MDR est le choix idéal pour les fournisseurs de services qui souhaitent améliorer la posture de sécurité de leurs clients, élargir leur portefeuille et générer des flux de revenus récurrents. Tout cela sans avoir à investir dans un SOC moderne, une technologie à base d\'IA aussi sophistiquée que coûteuse et dans les rares experts en cybersécurité. | Threat | ★★ | |
|
2023-10-23 17:04:00 | La nouvelle porte dérobée de Firebird de Donot Team \\ frappe le Pakistan et l'Afghanistan DoNot Team\\'s New Firebird Backdoor Hits Pakistan and Afghanistan (lien direct) |
L'acteur de menace connu sous le nom d'équipe de Donot a été lié à l'utilisation d'une nouvelle porte dérobée basée à .NET appelée Firebird ciblant une poignée de victimes au Pakistan et en Afghanistan.
La société de cybersécurité Kaspersky, qui a divulgué les résultats dans son rapport APT Trends Q3 2023, a déclaré que les chaînes d'attaque sont également configurées pour livrer un téléchargeur nommé CSVTyrei, ainsi nommé pour sa ressemblance avec Vtyrei.
"Quelques
The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so named for its resemblance to Vtyrei. "Some |
Threat | ★★ | |
|
2023-10-23 16:15:09 | CVE-2023-43067 (lien direct) | Dell Unity Avant 5.3 contient une vulnérabilité d'injection d'externes externes XML.Une attaque XXE pourrait potentiellement exploiter cette vulnérabilité divulguant des fichiers locaux dans le système de fichiers.
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. |
Vulnerability Threat | ||
|
2023-10-23 16:15:09 | CVE-2023-43066 (lien direct) | Dell Unity avant 5.3 contient une vulnérabilité de dérivation de coquille restreinte.Cela pourrait permettre à un attaquant local authentifié d'exploiter cette vulnérabilité en s'authentifiant au CLI de l'appareil et en émettant certaines commandes.
Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. |
Vulnerability Threat | ||
|
2023-10-23 16:00:00 | Nouvelle variante de logiciels malveillants Grandoreiro cible l'Espagne New Grandoreiro Malware Variant Targets Spain (lien direct) |
Proofpoint a déclaré que cette variante est attribuée à l'acteur de menace TA2725
Proofpoint said this variant is attributed to the threat actor TA2725 |
Malware Threat | ★★ | |
|
2023-10-23 15:15:09 | CVE-2023-43065 (lien direct) | Dell Unity Avant 5.3 contient une vulnérabilité de script inter-sites.Un attaquant authentifié peu privilégié peut exploiter ces problèmes pour obtenir des privilèges croissants.
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. |
Threat | ||
|
2023-10-23 15:15:09 | CVE-2023-43074 (lien direct) | Dell Unity 5.3 Contient (s) une vulnérabilité arbitraire de création de fichiers.Un attaquant non authentifié distant pourrait potentiellement exploiter cette vulnérabilité en fabriquant des fichiers arbitraires via une demande au serveur.
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. |
Vulnerability Threat | ||
|
2023-10-23 14:30:00 | New York Health Network restaure les services après une cyberattaque paralysante New York health network restores services after crippling cyberattack (lien direct) |
Un réseau hospitalier à New York a pu restaurer ses systèmes en ligne samedi après une semaine de problèmes causés par une cyberattaque.Westchester Medical Center Health Network libéré Une déclaration le 16 octobre,AVERTISSEMENT que l'hôpital Healthalliance, l'hôpital Margaretville et le centre de soins résidentiels à flanc de montagne «connaissaient une menace potentielle de cybersécurité et un informatique
A hospital network in New York was able to restore its online systems on Saturday after a week of issues caused by a cyberattack. Westchester Medical Center Health Network released a statement on October 16, warning that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were “experiencing a potential cybersecurity threat and an IT |
Threat Medical | ★★ | |
 |
2023-10-23 13:44:48 | The Silent Stalker dans votre appareil: 10 raisons choquantes pour lesquelles les logiciels espions sont votre pire cauchemar The Silent Stalker in Your Device: 10 Shocking Reasons Why Spyware is Your Worst Nightmare (lien direct) |
Intro: la menace invisible se cache dans nos appareils, que nous parlons de logiciels espions.C'est ce mot que vous
Intro: The Unseen Threat Lurking in Our Devices Alright, let’s talk about spyware. It’s that word you’ve probably heard thrown |
Threat | ★★★ | |
|
2023-10-23 10:00:00 | Planification de la continuité des activités: en regardant en arrière ou à l'avance Business continuity planning: Looking back or ahead (lien direct) |
In September 2023, cybercriminals launched an extensive ransomware attack that disrupted several major businesses in the Las Vegas Casino Business/District. The attack shook the city and stopped consumer goods and services for several hours. The attack influenced security, visitor services, and financial activities. Businesses lost money and long-term reputational risks ensued. Increasing op tempo A company can keep running after a disruption if it has a comprehensive Business Continuity Plan (BCP) that includes risk assessments, Business Impact Assessments (BIAs), and recovery strategies. A BCP is needed to minimize risk apprehensions, reduce financial loss, and maintain continuous business operations. A business impact analysis (BIA) must be part of Business Continuity Plans (BCPs). The plan sets recovery time and point goals, ranks the most important processes, and figures out how delays will affect business functions. BIAs help organizations figure out what tools and plans they need for recovery. Disaster Recovery Plans, or DRPs, lay out how a business will handle and rebound from a disaster. It includes tools for recovering systems, data, and infrastructure. A complete, well-tested DRP is necessary to keep problems to a minimum and get services back up and running quickly. To stay safe from cyber threats, businesses need to put their operating security footprint at the top of their list of priorities. In this way, networks, systems, apps, and data are kept safe. Data breaches and unauthorized access are less likely to happen with firewalls, intrusion detection systems, and encryption methods. Rearview The ransomware attack on the Las Vegas Casino Business/District in September 2023 shows that current risk management methods need to be looked at and updated. These steps cut down on operational disruptions, keep customer goods and services safe, and speed up the recovery of mission-critical systems. Being operationally ready is important for protecting your business and preparing for the unexpected. The most common way for threat players to take over a company\'s resources, assets, and people is through ransomware attacks. Recent statistics show that strong holding the most sought-after security principles can disrupt present business operations: The State of Ransomware Report in the US says that the average ransomware attack costs $8.1 million and takes 287 days to fix (Emsisoft, 2021). The number of ransom payments made by victims rose by 311% in 2020 (Crypto Crime Report, 2021). Going forward Ransomware attacks affect people all over the world, resulting in huge financial losses costs - compiled worldwide topping $20 billion in 2020. The COVID-19 pandemic has given hackers new avenues and threat vectors to hack, crack, and exploit. It is imperative for businesses to strengthen the home front to gain home-field advantage against cyber threat actors. Having a comprehensive, repeatable, verifiable disaster recovery and business continuity plan minimizes the economic im | Ransomware Tool Vulnerability Threat | ★★ | |
|
2023-10-23 09:31:38 | 23 octobre & # 8211;Rapport de renseignement sur les menaces 23rd October – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violations des attaquants ont eu accès à des parties du réseau du géant de l'authentification de l'identité cloud Okta.Les pirates ont réussi à accéder à l'unité de support de l'entreprise pendant au moins deux semaines et [& # 8230;]
>For the latest discoveries in cyber research for the week of 23rd October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Attackers have gained access to parts of the network of the cloud identity authentication giant Okta. The hackers managed to gain access to the firm’s support unit for at least two weeks and […] |
Threat Cloud | ★★ |
To see everything:
Our RSS (filtrered)
