What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-08-17 20:05:00 | Interpre: tirer le meilleur parti des ressources de renseignement sur les menaces Interpres: Getting the Most Out of Threat Intelligence Resources (lien direct) |
Dans ce segment Dark Reading News Desk, interpère Nick Lantuh de Security \\ explique comment les praticiens de la sécurité peuvent tirer le meilleur parti des diverses offres de renseignement sur les menaces.
In this Dark Reading News Desk segment, Interpres Security\'s Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings. |
Threat | ★★ | |
 |
2023-08-17 16:15:09 | CVE-2023-2915 (lien direct) | Le Thinserver Rockwell Automation ThinManager est affecté par une vulnérabilité de validation d'entrée incorrecte, en raison d'une mauvaise validation d'entrée, une vulnérabilité de traversée de chemin existe lorsque le logiciel ThinManager traite une certaine fonction.S'il est exploité, un acteur de menace à distance non authentifiée peut supprimer des fichiers arbitraires avec des privilèges système.Un utilisateur malveillant pourrait exploiter cette vulnérabilité en envoyant un message de protocole de synchronisation spécifiquement conçu résultant en une condition de déni de service.
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. |
Vulnerability Threat | ||
 |
2023-08-17 15:09:00 | Les pirates russes utilisent une application de chat Zulip pour C & C Covert dans les attaques de phishing diplomatique Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (lien direct) |
Une campagne en cours ciblant les ministères des affaires étrangères des pays alignés de l'OTAN souligne la participation des acteurs de la menace russe.
Les attaques de phishing présentent des documents PDF avec des leurres diplomatiques, dont certains sont déguisés en provenance d'Allemagne, pour livrer une variante d'un malware appelé Duke, qui a été attribué à l'APT29 (aka Bluebravo, Ursa enroulé, confortable, Hemlock, fer, Hemlock,
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, |
Malware Threat | APT 29 | ★★ |
 |
2023-08-17 12:00:00 | Les opérateurs d'influence en ligne continuent de régler l'utilisation de l'IA pour tromper leurs objectifs, disent les chercheurs Online influence operators continue fine-tuning use of AI to deceive their targets, researchers say (lien direct) |
> L'utilisation de l'intelligence artificielle à des fins malignes est limitée mais en croissance et en mûrisse de manière clé, ont déclaré les chercheurs avec Mandiant de Google \\.
>The use of artificial intelligence for malign purposes is limited but growing and maturing in key ways, researchers with Google\'s Mandiant said Thursday. |
Threat | ★★ | |
 |
2023-08-17 11:04:42 | Profil Web sombre: bjorka Dark Web Profile: Bjorka (lien direct) |
> Dans le paysage en constante évolution des cyber-menaces, la compréhension des profils des acteurs de menace individuelle est ...
>In the ever-evolving landscape of cyber threats, understanding the profiles of individual threat actors is... |
Threat | ★★ | |
 |
2023-08-17 10:51:12 | Des milliers d'Android APK utilisent une astuce de compression pour contrecarrer l'analyse Thousands of Android APKs use compression trick to thwart analysis (lien direct) |
Les acteurs de menace distribuent de plus en plus des APK Android malveillants (installateurs d'applications emballés) qui résistent à la décompilation à l'aide d'algorithmes de compression non pris en charge, inconnus ou fortement modifiés.[...]
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms. [...] |
Threat | ★★ | |
 |
2023-08-17 09:55:08 | Enchevêtrement chinois |Détournement de la DLL dans le secteur des jeux asiatiques Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector (lien direct) |
Les acteurs de la menace abusent d'Adobe Creative Cloud, Edge et d'autres exécutables vulnérables au détournement de la DLL dans la campagne ciblant le secteur du jeu d'Asie du Sud-Est.
Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector. |
Threat | ★★★ | |
 |
2023-08-17 08:01:00 | Cuba Ransomware déploie de nouveaux outils: BlackBerry découvre des cibles, y compris le secteur des infrastructures critiques aux États-Unis et l'intégrateur informatique en Amérique latine Cuba Ransomware Deploys New Tools: BlackBerry Discovers Targets Including Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America (lien direct) |
BlackBerry a découvert et documenté de nouveaux outils utilisés par le Cuba Ransomware Threat Group.La bonne nouvelle est que Blackberry protège contre les ransomwares de Cuba.
BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group. The good news is that BlackBerry protects against Cuba ransomware. |
Ransomware Tool Threat | ★★ | |
 |
2023-08-17 07:00:00 | Les acteurs de la menace sont intéressés par une IA générative, mais l'utilisation reste limitée Threat Actors are Interested in Generative AI, but Use Remains Limited (lien direct) |
Depuis au moins 2019, Mandiant a suivi l'intérêt des acteurs de la menace et des capacités d'IA pour faciliter une variété d'activités malveillantes.Sur la base de nos propres observations et comptes open source, l'adoption de l'IA dans les opérations d'intrusion reste limitée et principalement liée à l'ingénierie sociale.
En revanche, les acteurs des opérations de l'information de diverses motivations et capacités ont de plus en plus exploité le contenu généré par l'IA, en particulier l'imagerie et la vidéo, dans leurs campagnes, probablementDû au moins en partie aux applications facilement apparentes de ces fabrications dans la désinformation
Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on our own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering. In contrast, information operations actors of diverse motivations and capabilities have increasingly leveraged AI-generated content, particularly imagery and video, in their campaigns, likely due at least in part to the readily apparent applications of such fabrications in disinformation |
Threat | ★★★ | |
 |
2023-08-16 21:14:00 | CISA, les experts mettent en garde contre les vulnérabilités Citrix exploitées par des pirates CISA, experts warn of Citrix vulnerabilities being exploited by hackers (lien direct) |
Des alarmes ont été soulevées sur plusieurs vulnérabilités affectant les produits de Citrix qui sont largement exploités par une variété d'acteurs de menace.Mercredi, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure a déclaré qu'une vulnérabilité affectant l'outil de collaboration de contenu Citrix avait été exploitée et a obligé aux agences civiles fédérales américaines [corriger le problème d'ici septembre
Alarms have been raised about several vulnerabilities affecting products from Citrix that are being exploited widely by a variety of threat actors. On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency said a vulnerability affecting the Citrix Content Collaboration tool had been exploited and mandated that U.S. federal civilian agencies [patch the issue by September |
Tool Vulnerability Threat | ★★ | |
 |
2023-08-16 18:00:17 | Ransomware attaque la montée en flèche alors que l'IA génératrice devient un outil de marchandise dans l'arsenal de l'acteur de menace Ransomware Attacks Surge as Generative AI Becomes a Commodity Tool in the Threat Actor\\'s Arsenal (lien direct) |
|
Ransomware Tool Threat | ★★ | |
|
2023-08-16 17:26:00 | Les experts découvrent les faiblesses de la galerie PowerShell permettant des attaques de chaîne d'approvisionnement Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (lien direct) |
Les défauts actifs de la galerie PowerShell pourraient être armées par les acteurs de la menace pour réaliser des attaques de chaîne d'approvisionnement contre les utilisateurs du Registry \\.
"Ces défauts rendent les attaques de typosquat inévitables dans ce registre, tout en rendant extrêmement difficile pour les utilisateurs d'identifier le véritable propriétaire d'un pack
Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry\'s users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared |
Threat | ★★★★★ | |
|
2023-08-16 13:00:00 | L'Iran et la montée des opérations d'influence cyber-compatibles Iran and the Rise of Cyber-Enabled Influence Operations (lien direct) |
Les acteurs de la menace iranienne combinent des opérations de réseau offensive avec la messagerie et l'amplification pour manipuler les cibles \\ 'perceptions et comportements.Voici trois exemples.
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets\' perceptions and behavior. Here are three examples. |
Threat | ★★ | |
 |
2023-08-16 12:59:41 | Les forces de police anglaises admettent à une erreur de traitement des données affectant plus de 1 000 personnes English Police Forces Admit to Data Handling Blunder Affecting Over 1,000 People (lien direct) |
Les incidents récents mettent en évidence un modèle de violations de données dans les services de police.Deux principaux forces de police en Angleterre, Norfolk et Suffolk, ont publiquement reconnu les données sensibles à la mauvaise gége.Cette violation a affecté 1 230 personnes, notamment des victimes, des témoins et des suspects liés à des affaires allant de la violence domestique et des infractions sexuelles aux agressions, aux vols et aux crimes de haine.Ces révélations sont venues [& # 8230;]
Recent incidents highlight a pattern of data breaches in police departments. Two leading police forces in England, Norfolk and Suffolk, have publicly acknowledged mishandling sensitive data. This breach affected 1,230 individuals, including victims, witnesses, and suspects related to cases ranging from domestic abuse and sexual offences to assaults, thefts, and hate crimes. These revelations came […] |
Threat | ★★★ | |
 |
2023-08-16 11:00:00 | Proxynation: le lien sombre entre les applications proxy et les logiciels malveillants ProxyNation: The dark nexus between proxy apps and malware (lien direct) |
Executive summary
AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad.
In this research, Alien Labs identified a company that offers proxy services, wherein proxy requests are rerouted through compromised systems that have been transformed into residential exit nodes due to malware infiltration. Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems. In addition, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies.
In this follow up article we explore the dramatic rise in Windows malware delivering the same payload to create a 400,000 proxy botnet.
Key takeaways:
In just one week AT&T Alien Labs researchers observed more than a thousand new malware samples in the wild delivering the proxy application.
According to the proxy website, there are more than 400,000 proxy exit nodes, and it is not clear how many of them were installed by malware.
The application is silently installed by malware on infected machines without user knowledge and interaction.
The proxy application is signed and has zero anti-virus detection.
The proxy is written in Go programming language and is spread by malware both on Windows and macOS.
Analysis
In the constantly evolving landscape of cyber threats, malicious actors continuously find new and ingenious ways to exploit technology for their own gain. Recently Alien Labs has observed an emerging trend where malware creators are utilizing proxy applications as their tool of choice. Different malware strains are delivering the proxy - relying on users looking for interesting things, like cracked software and games.
The proxy is written in the Go programming language, giving it the flexibility to be compiled into binaries compatible with various operating systems, including macOS and Windows. Despite the fact that the binaries originated from the same source code, macOS samples are detected by numerous security checks while the Windows proxy application skirts around these measures unseen. This lack of detection is most likely due to the application being signed. (Figure 1)
Figure 1. As on Virus Total: Proxy application – zero detections.
After being executed on a compromised system, the malware proceeds to quietly download and install the proxy application. This covert process takes place without requiring any user interaction and often occurs alongside the installation of additional malware or adware elements. The proxy application and most of the malware delivering it are packed using Inno Setup, a free and popular Windows installer.
Figure 2. As observed by Alien Labs: Malware embedded script to install the proxy silently.
As shown in the figure 2 above, the malware uses specific Inno |
Malware Tool Threat Prediction | ★★ | |
|
2023-08-16 10:00:00 | Histoires du SOC - dévoiler les tactiques furtives du malware aukill Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (lien direct) |
Executive summary
On April 21st, 2023, AT&T Managed Extended Detection and Response (MXDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the client\'s print server to disable the server\'s installed EDR solution, SentinelOne, by brute forcing an administrator account and downgrading a driver to a vulnerable version.
AuKill, first identified by Sophos X-Ops researchers in June 2021, is a sophisticated malware designed to target and neutralize specific EDR solutions, including SentinelOne and Sophos. Distributed as a dropper, AuKill drops a vulnerable driver named PROCEXP.SYS (from Process Explorer release version 16.32) into the system\'s C:\Windows\System32\drivers folder. This malware has been observed in the wild, utilized by ransomware groups to bypass endpoint security measures and effectively spread ransomware variants such as Medusa Locker and Lockbit on vulnerable systems.
In this case, SentinelOne managed to isolate most of the malicious files before being disabled, preventing a full-scale ransomware incident. As a result, AT&T MXDR found no evidence of data exfiltration or encryption. Despite this, the client opted to rebuild the print server as a precautionary measure. This study provides an in-depth analysis of the attack and offers recommendations to mitigate the risk of future attacks.
Investigating the first phase of the attack
Initial intrusion
The targeted asset was the print server, which we found unusual. However, upon further investigation we concluded the attacker misidentified the asset as a Domain Controller (DC), as it had recently been repurposed from a DC to a print server. The attacker needed both local administrator credentials and kernel-level access to successfully run AuKill and disable SentinelOne on the asset. To gain those local administrator credentials, the attacker successfully brute-forced an administrator account. Shortly after the compromise, this account was observed making unauthorized registry changes.
Establishing a beachhead
After compromising the local administrator account, the attackers used the "\Users\Administrator\Music\aSentinel" folder as a staging area for subsequent phases of their attack. All AuKill-related binaries and scripts were executed from this path, with the innocuous "Music" folder name helping to conceal their malicious activities.
AuKill malware has been found to operate using two Windows services named "aSentinel.exe" and "aSentinelX.exe" in its SentinelOne variant. In other variants, it targets different EDRs, such as Sophos, by utilizing corresponding Windows services like "aSophos.exe" and "aSophosX.exe".
Establishing persistence
We also discovered "aSentinel.exe" running from "C:\Windows\system32", indicating that the attackers attempted to establish a foothold on the compromised server. Malware authors frequently target the system32 folder because it is a trusted location, and security software may not scrutinize files within it as closely as those in other locations. This can help malware bypass security measures and remain hidden. It is likely that the malware was initially placed in the "\Users\Administrator\Music\aSentinel" direct |
Ransomware Malware Tool Threat Studies | ★★★★ | |
 |
2023-08-16 08:09:42 | BeyondTrust annonce la sortie de sa solution Identity Security Insights (lien direct) | La solution Identity Security Insights de BeyondTrust offre une visibilité sans précédent sur les menaces liées à l'identité. • Cette solution, la première du genre, permet de détecter les menaces liées à l'identité et de remédier à celles qui sont difficiles à détecter. • Offre aux entreprises une vue à 360 degrés de toutes les identités et de tous les privilèges afin d'éliminer les angles morts et de fermer les voies d'attaque. - Produits | Threat | ★★ | |
 |
2023-08-16 06:46:45 | Rapport de tendance des menaces sur les groupes APT & # 8211;Juin 2023 Threat Trend Report on APT Groups – June 2023 (lien direct) |
Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT
APT Group Trends – June 2023 1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups |
Threat Prediction | APT 38 APT 37 APT 37 APT 35 APT 35 APT 32 APT 32 APT 28 APT 28 APT 15 APT 15 APT 25 | ★★ |
|
2023-08-16 06:46:19 | Rapport sur la tendance des menaces Web Deep & Dark & # 8211;Juin 2023 Deep Web & Dark Web Threat Trend Report – June 2023 (lien direct) |
Ce rapport de tendance sur le Web Deep et le réseau sombre de juin 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) CLOP (2) Lockbit (3) Snatch (4) groupe RA (5) groupes de ransomwares & # 8217;Recrutement affilié ADS 2) Forum & # 38;Marché noir (1) Le marché du monopole & # 8217; S'exploitant arrêté (2) Suspension des exposés pour pour les forums (3) la renaissance de BreachForums 3) Menace ...
This trend report on the deep web and dark web of June 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) CLOP (2) LockBit (3) Snatch (4) RA Group (5) Ransomware Groups’ Affiliate Recruitment Ads 2) Forum & Black Market (1) Monopoly Market’s Operator Arrested (2) Suspension of ExposedForums (3) Rebirth of BreachForums 3) Threat... |
Ransomware Threat Prediction | ★★ | |
|
2023-08-16 06:45:59 | Rapport de tendance des menaces sur Kimsuky & # 8211;Juin 2023 Threat Trend Report on Kimsuky – June 2023 (lien direct) |
Les activités du groupe Kimsuk observées en juin 2023 ont montré une légère augmentation du nombre global de domaine entièrement qualifié entièrement qualifiéNoms (FQDN), avec plus de types d'applications détectés par rapport aux activités du groupe en mai.À un moment donné, la fonction de collecte d'informations a été retirée du type de fleurs, mais quelques jours plus tard, les échantillons ont été équipés de ladite fonctionnalité.De plus, le type RandomQuery a montré des tentatives pour se transformer en un nouveau système après mars 2023, mais il semble ...
Activities of the Kimsuky group observed during June 2023 showed a slight increase in the overall number of fully qualified domain names (FQDNs), with more AppleSeed types detected in comparison to the group’s activities in May. At one point, the information collection feature was removed from the FlowerPower type, but a few days later, samples were equipped with the said feature again. Also, the RandomQuery type showed attempts to change into a new system after March 2023, but it seems... |
Threat Prediction | ★★ | |
|
2023-08-16 06:45:39 | Rapport de tendance des menaces sur les ransomwares & # 8211;Juin 2023 Threat Trend Report on Ransomware – June 2023 (lien direct) |
Ce rapport fournit des statistiques sur de nouveaux échantillons de ransomware, des systèmes attaqués et des entreprises ciblées en juin 2023, ainsi queEn tant que problèmes de ransomware notables en Corée et dans d'autres pays.D'autres problèmes et statistiques majeurs pour les ransomwares qui ne sont pas mentionnés dans le rapport peuvent être trouvés en recherchant les mots clés suivants ou via le menu Statistiques de la plate-forme AHNLAB Threat Intelligence (ATIP).Les statistiques des ransomwares en tapant le nombre d'échantillons de ransomware et de systèmes ciblés sont basés sur les noms de détection désignés ...
This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in June 2023, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the detection names designated... |
Ransomware Threat Prediction | ★★ | |
|
2023-08-15 23:44:00 | Les cybercriminels abusant de Cloudflare R2 pour l'hébergement de pages de phishing, avertissent les experts Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (lien direct) |
Les acteurs de la menace \\ 'l'utilisation de CloudFlare R2 pour héberger des pages de phishing ont connu une augmentation de 61 fois au cours des six derniers mois.
"La majorité des campagnes de phishing ciblent les informations d'identification de Microsoft, bien qu'il existe des pages ciblant Adobe, Dropbox et d'autres applications cloud", a déclaré Jan Michael, chercheur en sécurité de Nettskope.
CloudFlare R2, analogue à Amazon Web Service S3, Google Cloud Storage, et
Threat actors\' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and |
Threat Cloud | ★★★ | |
|
2023-08-15 23:02:00 | Hakuna Matata Ransomware ciblant les entreprises coréennes Hakuna Matata Ransomware Targeting Korean Companies (lien direct) |
Récemment, Ahnlab Security Emergency Response Center (ASEC) a identifié que les ransomwares de Hakuna Matata sont utilisés pourAttaquez les entreprises coréennes.Hakuna Matata est un ransomware qui a été développé relativement récemment.Le premier rapport lié à Hakuna Matata a été identifié le 6 juillet 2023 sur Twitter.[1] Le 14 juillet 2023, un poste d'acteur de menace faisant la promotion de Hakuna Matata sur le Dark Web a également été partagé sur Twitter.[2] Aussi, des souches de ransomware téléchargées sur Virustotal, ...
Recently, AhnLab Security Emergency response Center (ASEC) has identified that the Hakuna Matata ransomware is being used to attack Korean companies. Hakuna Matata is a ransomware that has been developed relatively recently. The first report related to Hakuna Matata was identified on July 6th, 2023 on Twitter. [1] On July 14th, 2023, a post of a threat actor promoting Hakuna Matata on the dark web was shared on Twitter as well. [2] Also, out of the ransomware strains uploaded on VirusTotal,... |
Ransomware Threat | ★★ | |
|
2023-08-15 22:00:36 | 3 Les principaux normes de sécurité des e-mails s'avèrent trop poreuses pour la tâche 3 Major Email Security Standards Prove Too Porous for the Task (lien direct) |
Près de 90% des e-mails malveillants parviennent à dépasser SPF, DKIM ou DMARC, car les acteurs de la menace utilisent apparemment les mêmes filtres que les utilisateurs légitimes.
Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users. |
Threat | ★★★★ | |
|
2023-08-15 19:41:00 | Monti Ransomware revient avec de nouvelles variantes Linux et des tactiques d'évasion améliorées Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (lien direct) |
Les acteurs de la menace derrière le ransomware de Monti ont refait surface après une pause de deux mois avec une nouvelle version Linux de l'encrypteur dans ses attaques ciblant le gouvernement et les secteurs juridiques.
Monti a émergé en juin 2022, des semaines après que le groupe de ransomwares continu a fermé ses opérations, imitant délibérément les tactiques et les outils associés à ce dernier, y compris son code source divulgué.Pas plus.
The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore. |
Ransomware Tool Threat | ★★ | |
|
2023-08-15 17:45:00 | MALWORED Unleashed: le secteur public a frappé dans une surtension soudaine, révèle un nouveau rapport Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (lien direct) |
Le rapport de renseignement sur les menaces BlackBerry Global qui vient d'être publié révèle une augmentation de 40% des cyberattaques contre le gouvernement et les organisations de service public par rapport au trimestre précédent.Cela comprend les transports en commun, les services publics, les écoles et autres services gouvernementaux sur lesquels nous comptons quotidiennement.
Avec des ressources limitées et des programmes de cyberdéfense souvent immatures, ces organisations financées par le public ont du mal
The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling |
Malware Threat | ★★ | |
|
2023-08-15 15:41:38 | Près de 2 000 serveurs Citrix Netscaler dans une campagne de piratage Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (lien direct) |
Un acteur de menace a compromis près de 2 000 mille serveurs Citrix NetScaler dans une campagne massive exploitant l'exécution de code distant de la sévérité critique suivie comme CVE-2023-3519.[...]
A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. [...] |
Threat | ★★★ | |
|
2023-08-15 13:01:00 | Catching the Catphish: Rejoignez le webinaire d'experts sur la lutte contre les informations d'identification Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing (lien direct) |
Votre organisation est-elle constamment menacée par le phishing des diplômes?Même avec une formation complète à la sensibilisation à la sécurité, de nombreux employés sont toujours victimes d'escroqueries de phishing d'identification.
Le résultat?Les cybercriminels gagnent un accès immédiat et sans entrave à des données sensibles, des comptes de messagerie et d'autres applications.Mais que se passe-t-il si vous pouviez déjouer ces criminels et protéger votre organisation?
Rejoindre
Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join |
Threat | ★★ | |
 |
2023-08-15 13:00:00 | Menace de chasse 101: comment dépasser les attaquants Threat hunting 101: How to outthink attackers (lien direct) |
> La chasse aux menaces implique la recherche de menaces et d'adversaires dans une infrastructure numérique de l'organisation que les outils de sécurité existants ne détectent pas.Il recherche de manière proactive des menaces dans l'environnement en supposant que l'adversaire est en train de compromettre l'environnement ou a compromis l'environnement.Les chasseurs de menaces peuvent avoir des objectifs et des mentalités différents tandis que [& # 8230;]
>Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don’t detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the environment or has compromised the environment. Threat hunters can have different goals and mindsets while […] |
Tool Threat | ★★ | |
|
2023-08-15 12:38:00 | Hackers nord-coréens soupçonnés de New Wave de packages NPM malveillants North Korean Hackers Suspected in New Wave of Malicious npm Packages (lien direct) |
Le registre des packages NPM est devenu la cible d'une autre campagne d'attaque hautement ciblée qui vise à inciter les développeurs à télécharger des modules malveillants.
La société de sécurité de la chaîne d'approvisionnement des logiciels, Phylum, a déclaré au Hacker News que l'activité présente des comportements similaires à celui d'une vague d'attaque précédente découverte en juin, qui a depuis été liée à des acteurs de la menace nord-coréenne.
Jusqu'à neuf
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine |
Threat | ★★ | |
|
2023-08-15 10:00:00 | Pourquoi la sécurité de l'API est-elle la prochaine grande chose en cybersécurité? Why is API security the next big thing in Cybersecurity? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. APIs, formally known as application programming interfaces, occupy a significant position in modern software development. They revolutionized how web applications work by facilitating applications, containers, and microservices to exchange data and information smoothly. Developers can link APIs with multiple software or other internal systems that help businesses to interact with their clients and make informed decisions. Despite the countless benefits, hackers can exploit vulnerabilities within the APIs to gain unauthorized access to sensitive data resulting in data breaches, financial losses, and reputational damage. Therefore, businesses need to understand the API security threat landscape and look out for the best ways to mitigate them. The urgent need to enhance API security APIs enable data exchanges among applications and systems and help in the seamless execution of complex tasks. But as the average number of APIs rises, organizations often overlook their vulnerabilities, making them a prime target of hackers. The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data. API sprawl | Malware Tool Vulnerability Threat Cloud | Uber | ★★★ |
|
2023-08-14 21:24:00 | Qwixxrat: le nouveau cheval de Troie à distance émerge via le télégramme et la discorde QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord (lien direct) |
Un nouveau cheval de Troie à distance (rat) appelé Qwixxrat est annoncé à la vente par son acteur de menace via Telegram et Discord Plateformes.
"Une fois installé sur les machines de plate-forme Windows de la victime, le rat recueille furtivement des données sensibles, qui est ensuite envoyée au bot télégramme de l'attaquant \\, leur fournissant un accès non autorisé aux informations sensibles de la victime, la victime,"Les meurtriers ont dit dans un nouveau
A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim\'s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker\'s Telegram bot, providing them with unauthorized access to the victim\'s sensitive information," Uptycs said in a new |
Threat | ★★ | |
 |
2023-08-14 17:28:10 | Le point de contrôle remporte Gold Stevie International Business Award Check Point Wins Gold Stevie International Business Award (lien direct) |
> & # 160;Le point de chèque est ravi d'accepter le prix international Business Awards \\ 'Gold Stevie pour notre plateforme de sécurité quantique Titan!Au point de contrôle, nous transformons comment les organisations sécurisent leurs réseaux dans les environnements sur site, cloud et IoT.Propulsé par ThreatCloud AI, Quantum Titan fournit une prévention avancée des menaces et une protection contre les cyberattaques les plus sophistiquées, y compris les exploits de système de phishing et de nom de domaine zéro-jour.Alors que les cyberattaques sont devenues plus sophistiquées avec une fréquence et un coût accrus, l'expansion des appareils IoT sur les réseaux et les environnements multi-clouds a créé plus de complexité des réseaux et de menaces pour une organisation.Quantum Titan répond à la nécessité d'une meilleure sécurité et [& # 8230;]
> Check Point is thrilled to accept the International Business Awards\' Gold Stevie award for our Quantum Titan security platform! At Check Point, we are transforming how organizations secure their networks across on-premise, cloud and IoT environments. Powered by ThreatCloud AI, Quantum Titan provides advanced threat prevention and protection against the most sophisticated cyberattacks, including zero-day phishing and domain name system exploits. While cyberattacks have become more sophisticated with increased frequency and cost, IoT device expansion on networks and multi-cloud environments have created more network complexity and threats to an organization. Quantum Titan addresses the need for better security and […] |
Threat Cloud | ★★ | |
|
2023-08-14 16:43:00 | Détection et réponse de la menace d'identité: déchire votre tissu d'identité Identity Threat Detection and Response: Rips in Your Identity Fabric (lien direct) |
Pourquoi la sécurité SaaS est un défi
Dans le paysage numérique d'aujourd'hui, les organisations comptent de plus en plus sur les applications logicielles en tant que service (SaaS) pour stimuler leurs opérations.Cependant, cette adoption généralisée a également ouvert les portes à de nouveaux risques de sécurité et vulnérabilités.
La surface d'attaque de sécurité SaaS continue de s'élargir.Cela a commencé par gérer des erreurs de condamnation et nécessite maintenant un
Why SaaS Security Is a Challenge In today\'s digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a |
Threat Cloud | ★★ | |
 |
2023-08-14 15:01:22 | La plate-forme OpenXDR stellar Cyber \\ est désormais disponible sur Oracle Cloud Infrastructure Stellar Cyber\\'s OpenXDR Platform Now Available On Oracle Cloud Infrastructure (lien direct) |
Silicon Valley-based cybersecurity company, Stellar Cyber, announced today that their OpenXDR platform is now accessible to those that use Oracle Cloud Infrastructure (OCI). Customers who have adopted the cloud and seek simpler and smarter solutions to improve their security can now purchase Stellar Cyberr\'s platform via the Oracle Cloud Marketplace, applying Oracle Universal Credits (OUCs) toward the purchase price. How does OpenXDR technology help businesses to better manage the security of their cloud structures, and what does this new partnership mean for Oracle Cloud users? Table Of ContentsCapabilities of Stellar Cyber\'s OpenXDR PlatformNow Available on Oracle Cloud InfrastructureThe Future of Cloud Security Capabilities of Stellar Cyber\'s OpenXDR Platform Stellar Cyber has developed Open Extended Detection and Response (OpenXDR) to facilitate security for both companies facing a large volume of attacks and overwhelmed security professionals. To achieve this, it unites the capabilities of several tools that are essential for security - many of which used to be incompatible. Some of the security solutions that are currently integrated into the platform are NextGen SIEM and Network Detection and Response (NDR). One of the key issues that the company has focused on since its beginning is the large quantity of data that is incoming from versatile incompatible security tools. Today, the issue of having to manage and make sense of large amounts of data is more emphasized than ever before. Why? Because organizations have added more security points to their systems - mostly to protect the new cloud technology that is now a regular part of their network. For instance, the data management solution integrated within OpenXDR can gather insights that are generated from versatile tools the platform supports. To make the reports more accurate and comprehensive, it can correlate the findings gathered from the tools it supports. As a result, the professionals retain visibility of ever-growing attack surfaces and get correct as well as actionable reports on the state of security in real-time. This helps them to react to sophisticated threats early - before they escalate into major security incidents. The tools that can be found under Stellar Cyber\'s umbrella platform are AI and machine-learning-powered. This means that they promptly and automatically mitigate well-known threats, but they continually learn about the company and use the findings to detect anomalies early. Also, they\'re available from a single dashboard since the platform unites the capabilities of versatile previously siloed solutions in one place. For those that already use Oracle Cloud, the new collaborations mean they\'ll now have the capabilities of the OpenXDR platform at their disposal as well. “Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes-all for a single license and price on a single platform,” said Jim O\'Hara, Chief Revenue Officer at Stellar Cyber. “This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI.” Now Available on Oracle Cloud Infrastructure Oracle Clou | Tool Threat Cloud | ★★ | |
|
2023-08-14 14:30:00 | Indicateurs du scanner de compromis pour Citrix ADC Zero-Day (CVE-2023-3519) Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519) (lien direct) |
mandiant a récemment publié un Article de blog sur le compromis de Citrix NetScaler Delivery Controller (ADC) et des appareils de passerelle NetScaler liés à la vulnérabilité du jour zéro suivi sous le nom de cve-2023-3519 .Le CVE-2023-3519 est une vulnérabilité zéro-jour qui peut permettre l'exécution du code distant, et a été observé exploité dans la nature par un acteur de menace cohérent avec une Chine-Nexus basée sur des capacités connues et une histoire de ciblage des ADC Citrix.Récemment, la preuve de concepts pour exploiter cette vulnérabilité a été publiquement posté .
Aujourd'hui, nous publions un outil pour aider
Mandiant recently published a blog post about the compromise of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances related to the zero-day vulnerability tracked as CVE-2023-3519. CVE-2023-3519 is a zero-day vulnerability that can enable remote code execution, and has been observed being exploited in the wild by a threat actor consistent with a China-nexus based on known capabilities and history of targeting Citrix ADCs. Recently, proof-of-concepts to exploit this vulnerability have been publicly posted. Today we are releasing a tool to help |
Tool Vulnerability Threat | ★★★ | |
 |
2023-08-14 14:05:39 | La campagne de phishing évasive vole les informations d'identification cloud à l'aide de CloudFlare R2 et de tourniquet Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (lien direct) |
> De février à juillet 2023, Netskope Threat Labs a suivi une augmentation stupéfiante de 61 fois le trafic vers les pages de phishing hébergées dans CloudFlare R2.La majorité des campagnes de phishing ciblent les informations d'identification de connexion Microsoft, bien qu'il existe des pages ciblant Adobe, Dropbox et d'autres applications cloud.Les attaques ont ciblé les victimes principalement dans le nord [& # 8230;]
>From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North […] |
Threat Cloud | ★★ | |
|
2023-08-14 11:52:38 | 14 août & # 8211;Rapport de renseignement sur les menaces 14th August – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 14 août, veuillez télécharger nos principales attaques de menace_ingence et violation de la Belt Railway Company de Chicago, le plus grand chemin de fer de la terminale intermédiaire, mène actuellement une enquête sur une attaque intermédiaireExécuté par le groupe Akira Ransomware.Ce groupe a [& # 8230;]
>For the latest discoveries in cyber research for the week of 14th August, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The Belt Railway Company of Chicago, the largest intermediate switching terminal railroad in the United States, is currently conducting an investigation into an attack executed by the Akira ransomware group. This group has […] |
Ransomware Threat | ★★ | |
|
2023-08-14 11:46:00 | La Chine pour divulguer le système de reconnaissance secrète secrète, \\ 'affirme que le fonctionnaire China to disclose secret US \\'global reconnaissance system,\\' claims official (lien direct) |
Les autorités chinoises se sont engagées à «divulguer publiquement un système de reconnaissance mondial hautement secret» exploité par le gouvernement américain à la suite d'une enquête sur le piratage présumé de l'équipement de surveillance des tremblements de terre à Wuhan.La réclamation marque la dernière d'une série de tentatives de la République de Chine du peuple pour mettre en évidence les efforts de collecte de renseignement de Washington en réponse à
Chinese authorities have pledged to “publicly disclose a highly secretive global reconnaissance system” operated by the U.S. government following an investigation into the alleged hacking of earthquake monitoring equipment in Wuhan. The claim marks the latest of a series of attempts by the People\'s Republic of China to highlight Washington\'s intelligence-gathering efforts in response to |
Threat | ★★ | |
|
2023-08-14 11:41:12 | La MFA résout-elle la menace de rachat du compte? Does MFA Solve the Threat of Account Takeover? (lien direct) |
La MFA résout-elle la menace de rachat du compte?Par Jim Downey, directeur du marketing de produit senior, F5
Pour les criminels qui tentent de procéder à une fraude à la prise de contrôle du compte via une farce des diplômes, l'authentification multifactorielle (MFA) ajoute des obstacles, mais les attaquants ont découvert des moyens de contourner le MFA.Les entreprises doivent donc prendre des mesures supplémentaires pour renforcer la sécurité du MFA, y compris l'atténuation des bot et la surveillance du risque contextuel.
-
opinion
Does MFA Solve the Threat of Account Takeover? by Jim Downey, Senior Product Marketing Manager, F5 For criminals trying to conduct account takeover fraud via credential stuffing, multifactor authentication (MFA) adds hurdles, but attackers have discovered ways to bypass MFA. Enterprises therefore need to take additional measures to bolster the security of MFA, including bot mitigation and the monitoring of contextual risk. - Opinion |
Threat | ★★ | |
|
2023-08-14 10:00:00 | Construire la cybersécurité dans la chaîne d'approvisionnement est essentiel à mesure que les menaces montent Building Cybersecurity into the supply chain is essential as threats mount (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The supply chain, already fragile in the USA, is at severe and significant risk of damage by cyberattacks. According to research analyzed by Forbes, supply chain attacks now account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t | Threat Cloud | APT 28 ChatGPT | ★★ |
 |
2023-08-14 08:00:00 | Fortiguard AI détecte la chaîne d'approvisionnement OSS continue cachée dans l'indice de package Python FortiGuard AI Detects Continued OSS Supply Chain Hidden in Python Package Index (lien direct) |
Lisez comment les attaques de la chaîne d'approvisionnement dans PYPI sont détectées par un assistant moteur d'IA.Voyez comment un auteur de menace distribue des packages Python malveillants en utilisant différents ID de compte PYPI.
Read how supply chain attacks in PyPI are detected by an AI engine assistant. See how a threat author distributes malicious python packages using different PyPI account IDs. |
Threat | ★★ | |
|
2023-08-11 19:53:00 | Les chercheurs découvrent le cyber-espionnage d'une décennie sur les ambassades étrangères au Bélarus Researchers Uncover Decade-Long Cyber Espionage on Foreign Embassies in Belarus (lien direct) |
Un acteur de menace jusqu'à présent sans papiers opérant depuis près d'une décennie et le nom de codé Moustachedbouner a été attribué à des attaques de cyber-espionnage destinées aux ambassades étrangères au Bélarus.
"Depuis 2020, MoustachedBouncer a probablement pu effectuer des attaques d'adversaire dans le milieu (AITM) au niveau du FAI, au sein du Bélarus, afin de compromettre ses objectifs", a déclaré le chercheur de la sécurité ESET Matthieu
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu |
Threat | ★ | |
|
2023-08-11 18:50:00 | Les efforts de renseignement sur les menaces, l'investissement en retard, explique Opswat Threat Intelligence Efforts, Investment Lagging, Says Opswat (lien direct) |
Dans une enquête annuelle, 62% des répondants ont admis que leurs efforts de menace devaient intensifier.
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up. |
Threat | ★★ | |
|
2023-08-11 15:42:00 | Les chercheurs mettent en lumière les déposées avancées et les tactiques d'exfiltration des données d'APT31 \\ Researchers Shed Light on APT31\\'s Advanced Backdoors and Data Exfiltration Tactics (lien direct) |
L'acteur de menace chinois connue sous le nom d'APT31 (alias Bronze Vinewood, Judgment Panda ou Violet Typhoon) a été lié à un ensemble de déambulations avancées qui sont capables d'exfiltration d'informations sensibles récoltées à Dropbox.
Le malware fait partie d'une collection plus large de plus de 15 implants qui ont été utilisés par l'adversaire dans les attaques ciblant les organisations industrielles en Europe de l'Est
The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe |
Malware Threat Industrial | APT 31 APT 31 | ★★ |
|
2023-08-11 15:10:00 | Nouvelle variante de logiciels malveillants SystemBC cible la compagnie d'électricité sud-africaine New SystemBC Malware Variant Targets South African Power Company (lien direct) |
Un acteur de menace inconnu a été lié à une cyberattaque contre une entreprise de production d'électricité en Afrique du Sud avec une nouvelle variante du malware SystemBC appelé Droxidat comme précurseur d'une attaque suspectée de ransomware.
"La porte dérobée compatible par procuration a été déployée aux côtés de balises de frappe Cobalt dans une infrastructure critique d'une nation sud-africaine", Kurt Baumgartner, chercheur principal en sécurité chez
An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation\'s critical infrastructure," Kurt Baumgartner, principal security researcher at |
Ransomware Malware Threat | ★★★★ | |
|
2023-08-11 12:00:00 | Le rapport de renseignement néo-zélandais accuse la Chine des interférences cyberlatives New Zealand intelligence report accuses China of cyber-enabled interference (lien direct) |
Vendredi, la principale agence nationale de renseignement nationale de la Nouvelle-Zélande a accusé la Chine de «des activités continues en Nouvelle-Zélande» dans un rapport non classifié décrivant l'environnement de menace du pays.Le rapport de 53 pages du NZ Security Intelligence Service (NZSIS) a décrit l'activité chinoise comme« un préoccupation complexe de renseignement pour la Nouvelle-Zélande », l'agence notant que« les groupes
New Zealand\'s primary national intelligence agency on Friday accused China of “ongoing activity in and against New Zealand” in an unclassified report describing the country\'s threat environment. The 53-page report from the NZ Security Intelligence Service (NZSIS) described the Chinese activity as “a complex intelligence concern for New Zealand,” with the agency noting that “groups |
Threat | ★★ | |
 |
2023-08-11 10:30:00 | #Bhusa: les risques de sécurité à exploser à l'ère de l'adoption générative de l'IA génératrice #BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption (lien direct) |
Les usages d'entreprise de l'IA générative sont ce qui va renverser le modèle de menace de nombreuses organisations à l'envers, a expliqué Maria Markstedter lors de son discours chez Black Hat USA
Enterprise usages of generative AI are what is going to turn the threat model of many organizations upside down, Maria Markstedter argued during her speech at Black Hat USA |
Threat | ★★ | |
|
2023-08-11 08:30:00 | Les chercheurs suggèrent des moyens de lutter contre les attaques thermiques Researchers Suggest Ways to Tackle Thermal Attacks (lien direct) |
Les fabricants et les utilisateurs d'appareils ont un rôle à jouer dans l'atténuation de la menace
Device manufacturers and users have a role to play in mitigating the threat |
Threat | ★★ | |
|
2023-08-11 02:23:46 | Lapsus $ pirates ont pris des attaques d'échange de simulation au niveau supérieur Lapsus$ hackers took SIM-swapping attacks to the next level (lien direct) |
Le gouvernement américain a publié un rapport après avoir analysé des techniques simples, par exempleÉchange de sim, utilisé par le groupe d'extorsion de lapsus $ pour enfreindre des dizaines d'organisations avec une forte posture de sécurité.[...]
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. [...] |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
