What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-12 16:57:00 | (Déjà vu) Shellbot utilise des IPS hex ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers (lien direct) |
Les acteurs de la menace derrière Shellbot tirent parti des adresses IP transformés en sa notation hexadécimale pour infiltrer les serveurs Linux SSH mal gérés et déployer les logiciels malveillants DDOS.
"Le flux global reste le même, mais l'URL de téléchargement utilisé par l'acteur de menace pour installer Shellbot est passé d'une adresse IP ordinaire à une valeur hexadécimale", le centre d'intervention d'urgence de sécurité Ahnlab (ASEC)
The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC) |
Threat | ★★★ | |
|
2023-10-12 15:59:00 | Microsoft Defender contrecarte à grande échelle Akira Ransomware Attack Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack (lien direct) |
Microsoft a déclaré mercredi qu'une fonctionnalité de confinement des utilisateurs dans Microsoft Defender pour Endpoint a aidé à contrecarrer une "tentative de cryptage à grande échelle" effectuée par des acteurs de ransomware Akira ciblant une organisation industrielle inconnue début juin 2023.
L'équipe de renseignement sur les menaces du géant de la technologie suit l'opérateur en tant que Storm-1567.
Les dispositifs à levier d'attaque qui n'étaient pas à bord à Microsoft
Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant\'s threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded to Microsoft |
Ransomware Threat Industrial | ★★★ | |
 |
2023-10-12 13:07:52 | Étude mondiale Sage : les PME ont du mal à suivre le rythme des cyber menaces (lien direct) | >La moitié des PME interrogées a subi un incident de sécurité au cours de l’année écoulée. Sage présente aujourd'hui son étude mondiale pour comprendre comment les PME perçoivent la cybersécurité et quels sont les principaux obstacles auxquels elles sont confrontées dans ce domaine. Tribune – D'après le rapport, les PME en France montrent une certaine […] The post Étude mondiale Sage : les PME ont du mal à suivre le rythme des cyber menaces first appeared on UnderNews. | Threat | ★★ | |
 |
2023-10-12 13:00:00 | Comment j'ai commencé: Attack Surface Management How I got started: Attack surface management (lien direct) |
> Alors que le paysage des menaces se multiplie en sophistication et complexité, de nouveaux rôles dans la cybersécurité se présentent plus fréquemment que jamais.Par exemple, attaquez la gestion de la surface.Ces professionnels de la cybersécurité sont responsables de l'identification, de la cartographie et de la sécurisation de tous les actifs numériques externes auxquels l'organisation possède ou est connectée.Cela inclut les serveurs, les domaines, les actifs cloud et tout [& # 8230;]
>As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any […] |
Threat Cloud | ★★★ | |
 |
2023-10-12 11:33:00 | L'Agence finlandaise de renseignement avertit la Russie traitant la Finlande comme un pays hostile \\ '\\' Finnish intelligence agency warns Russia treating Finland as a \\'hostile country\\' (lien direct) |
«Les relations entre la Finlande et la Russie se sont considérablement détériorées», a averti jeudi le service finlandais de sécurité et de renseignement (SUPO), à la suite d'un acte présumé de sabotage ciblant l'infrastructure maritime du pays.Dans un aperçu de la sécurité nationale , Supo a déclaré: «Bien que la menace de la menace deLes opérations de renseignement et d'influence contre les infrastructures critiques ont augmenté, un effet paralysant
“Relations between Finland and Russia have significantly deteriorated,” warned the Finnish Security and Intelligence Service (Supo) on Thursday, in the wake of a suspected act of sabotage targeting the country\'s maritime infrastructure. In a national security overview, Supo said: “While the threat of intelligence and influencing operations against critical infrastructure has increased, a crippling effect |
Threat | ★★ | |
 |
2023-10-12 10:00:00 | L'évolution des attaques de phishing The evolution of phishing attacks (lien direct) |
A practical guide to phishing and best practices to avoid falling victim. Introduction Over the past several years, remote and hybrid work has quickly gained popularity amongst those seeking a to reduce the amount of time on the road or an improved work/life balance. To accomplish this, users are often working from multiple devices, some of which may be company issued, but others may be privately owned. Cyberattackers have leveraged this trend to bypass traditional security controls using social engineering, with phishing attacks being a favored tactic. In fact, the FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email. This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access. Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a | Ransomware Malware Tool Threat Prediction | ★★★ | |
 |
2023-10-12 09:27:20 | J'ai été frappé par les ransomwares-temps quoi?Étapes pour gérer les conséquences I\\'ve Been Hit by Ransomware-Now What? Steps for Dealing with the Aftermath (lien direct) |
The following is an excerpt from the Ransomware Survival Guide, our free handbook on preventing, managing and recovering from ransomware threats at every stage of the attack chain. This blog post provides general tips-it is not a substitute for professional cybersecurity and incident response services. The best ransomware strategy is to avoid it in the first place. But increasingly advanced attacks against the software supply chain and end users have shown that even the best-prepared companies can be caught out. Ransomware may not even be the first malware payload to infect your system, because many ransomware gangs now prefer to buy access to targets already infected with Trojans or loader malware. During an attack, you have short-term problems to resolve, like getting computers, phones and networks back online and dealing with ransom demands. But a panicked response won\'t help-and may make things worse. Here are some general steps you can take to contain the threat and start on the road to recovery. Questions to answer during a ransomware attack Before you react to an attack, it\'s important to take a step back and ask questions that will inform your response. Your answers should help network administrators scope the problem, devise an action plan and possibly curtail the spread. Who in your environment is compromised? How widespread are the infections? Is a threat actor actively scouting your environment, exfiltrating data or ready to drop ransomware on other devices? What network permissions do compromised accounts or devices have? Ransomware may have been installed only after attackers had already moved laterally within the network or stolen credentials and other data. What type of attack is it? Is this attack a secondary infection? Did it come from downloaders, remote access Trojans (RATs) or other malware installed on the infected machine or others on the network? Keep in mind that ransomware spreads quickly and is often a byproduct of other threats. If you see one infection, there are probably others that you don\'t see. Proactively look for other issues within your environment. Now as you take action, there are three general step to follow: Step 1: Isolate infected systems The second employees see the ransomware demand or notice something\'s odd-such as suddenly losing access to their own files-they should disconnect from the network and take the infected machine to the IT department. To prepare for this scenario, we recommend that you keep valuable data and systems separated so that a security issue on one system doesn\'t affect other systems. For example, your sensitive research or business data should not reside on the same server and network segment as your email environment. We advise against having employees reboot their system. Only the IT security team should attempt a reboot, and even that will work only in the event that it is “scareware,” or fake ransomware. "Scareware" is malware that appears to be ransomware but isn\'t. It may lock the user\'s screen with a ransom demand and payment instructions, but the data is not actually encrypted. In those scenarios, standard anti-malware tools can help. Knowing the difference isn\'t always easy. Determine the scope of the problem using threat intelligence and external incident responders or forensic analysts when necessary. While all ransomware is bad, some attacks are worse than others. Your response-including whether to pay the ransom-hinges on several factors. Step 2: Call law enforcement Ransomware-like other forms of theft and extortion-is a crime. Nobody has the right to seize devices, networks or data-let alone demand a ransom in exchange for it. Notifying the proper authorities is a necessary first step. Contact local or federal law enforcement right away. Special departments exist specifically to aid cyber crime victims, so do not be afraid to pick up your phone and call them. They are there to help you and may have access to decryption keys or information on payment recovery after | Ransomware Malware Tool Threat | ★★★ | |
 |
2023-10-12 08:13:11 | Shadow PC met en garde contre la violation de données alors que le pirate essaie de vendre des joueurs \\ ' Shadow PC warns of data breach as hacker tries to sell gamers\\' info (lien direct) |
Shadow PC, un fournisseur de services haut de gamme de cloud computing, avertit les clients d'une violation de données qui a exposé des informations privées aux clients \\ ', car un acteur de menace prétend vendre les données volées pour plus de 500 000 clients.[...]
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers\' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. [...] |
Data Breach Threat Cloud | ★★ | |
 |
2023-10-12 00:53:07 | Shellbot DDOS malware installé via des adresses de notation hexadécimale ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a récemment découvert un changement dans la méthode de distribution du shellbot malveillant malveillant les logiciels malveillants shellbot malveillants (ASEC), qui est installé sur des serveurs Linux SSH mal gérés.Le flux global reste le même, mais l'URL de téléchargement utilisé par l'acteur de menace pour installer Shellbot est passé d'une adresse IP ordinaire à une valeur hexadécimale.1. cas passé d'évasion de détection d'URL.format, avec des acteurs de menace utilisant des adresses ...
AhnLab Security Emergency response Center (ASEC) has recently discovered a change in the distribution method of the ShellBot malware, which is being installed on poorly managed Linux SSH servers. The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value. 1. Past Case of URL Detection Evasion Typically, IP addresses are used in the “dot-decimal notation” format, with threat actors using addresses... |
Malware Threat | ★★★ | |
 |
2023-10-11 23:05:33 | Nouveau rapport de renseignement sur le cyber-menace de Criticsstart & Reg;Met en évidence des menaces importantes et des tendances émergentes de cybersécurité avec des implications couvrant plusieurs industries New Cyber Threat Intelligence Report from CRITICALSTART® Highlights Prominent Threats and Emerging Cybersecurity Trends with Implications Spanning Multiple Industries (lien direct) |
Rapport de renseignement du cyber-menace de Criticsstart & Reg;Souligne des menaces importantes et des tendances émergentes de cybersécurité avec des implications couvrant plusieurs industries
Démarrage critique
La recherche révèle l'exploitation des codes QRTarget principal du secteur de l'éducation pour les acteurs de la menace;Groupes de ransomwares collaborant plus qu'auparavant
-
rapports spéciaux
New Cyber Threat Intelligence Report from CRITICALSTART® Highlights Prominent Threats and Emerging Cybersecurity Trends with Implications Spanning Multiple Industries Critical Start Research uncovers exploitation of QR codes growing area of concern; education sector prime target for threat actors; ransomware groups collaborating more than previously thought - Special Reports |
Ransomware Threat | ★★★★ | |
|
2023-10-11 21:53:46 | Les Assises : Tous unis pour lutter contre les menaces cyber (lien direct) | Prenons de la hauteur tél était le titre de la conférence plénière de al 23eme édition des Assises de la cybersécurité. La directrice des Assises Maria Iacono a débuté cet conférence en rappelant la nécessité de tous de travailler ensemble. Il faut intégrer de nouvelles technologies en harmonies avec les anciennes technologies en intégrant par exemple l'IA. Tous les intervenants ont insisté sur l'importance de la collaboration entre tous les acteurs entreprises de toutes tailles, collectivités, éditeurs service de l'Etat afin de lutter contre les menaces cyber. - Investigations / affiche, A2023 | Threat | ★★ | |
|
2023-10-11 17:23:36 | New WordPress Backdoor crée des sites Web d'administrateur voyou pour détourner New WordPress backdoor creates rogue admin to hijack websites (lien direct) |
Un nouveau logiciel malveillant se présente comme un plugin de mise en cache légitime pour cibler les sites WordPress, permettant aux acteurs de menace de créer un compte administrateur et de contrôler l'activité du site \\.[...]
A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site\'s activity. [...] |
Malware Threat | ★★ | |
|
2023-10-11 17:00:26 | Google et Yahoo ont défini un court terme pour répondre aux nouvelles exigences d'authentification par e-mail.Es-tu prêt? Google and Yahoo Set a Short Timeline to Meet New Email Authentication Requirements. Are You Ready? (lien direct) |
If you have a Gmail or Yahoo account, you probably know how cluttered your inbox can get with unsolicited email and other email that is clearly trying to defraud you. If you have ever thought to yourself “why can\'t these companies do a better job blocking these fraudulent messages and make it easier for me to receive less unsolicited mail?”, you are not alone. The good news is: Google and Yahoo are doing something about it, and things are about to change. The bad news is: If your company sends email to Google and Yahoo users, you may have some work to do and not a lot of time to do it. Google has announced that starting February 2024, Gmail will require email authentication to be in place when sending messages to Gmail accounts. If you\'re a bulk sender who sends more than 5,000 emails per day to Gmail accounts, you\'ll have even more requirements to meet. You\'ll also need to have a DMARC policy in place, ensure SPF or DKIM alignment, and you\'ll need to make it easy for recipients to unsubscribe (one-click unsubscribe). (You can access Google\'s detailed Email Sender Guidelines here.) Yahoo is rolling out similar requirements. The company recently announced that it will require strong email authentication to be in place by early 2024 to help stem the flow of malicious messages and reduce the amount of low value emails cluttering users\' inboxes. Are you prepared to meet these requirements? Here\'s what you should know. New Google and Yahoo email requirements The new requirements are broken down into two categories. All senders will need to follow the first set. Depending on how much email you send per day, there are also additional rules. Applicable to all senders: Email authentication. This is a critical measure to help prevent threat actors from sending email under the pretense of being from your organization. This tactic is referred to as domain spoofing and, if left unprotected, allows cyber criminals to weaponize sending domains for malicious cyber attacks. SPF is an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam. As an integral part of email cybersecurity, SPF enables the receiving mail server to check whether incoming email comes from an IP address authorized by that domain\'s administrator. DKIM is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. Low SPAM rates. If recipients report your messages as SPAM at a rate that exceeds the new .3% requirement, your messages could be blocked or sent directly to a SPAM Folder. Requirements for senders of more than 5,000 messages per day: SPF and DKIM must be in place. Companies that send to Gmail or Yahoo must have Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) authentication methods implemented. Companies must have a DMARC policy in place. DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, is an email authentication standard that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks. DMARC builds on the existing standards of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It is the first and only widely deployed technology that can make the header “from” domain trustworthy. The domain owner can publish a DMARC record in the Domain Name System (DNS) and create a policy to tell receivers what to do with emails that fail authentication Messages must pass DMARC alignment. This means that the sending Envelope From domain is the same as the Header From domain, or that the DKIM domain is the same as the Header From domain. Messages must include one-click unsubscribe. For s | Spam Threat | Yahoo | ★★ |
 |
2023-10-11 12:59:49 | Présentation du point de contrôle Point Quantum Sase: changement de jeu, 2x Sécurité Internet plus rapide pour une entreprise hybride Introducing Check Point Quantum SASE: Game-Changing, 2x Faster Internet Security for a Hybrid Business (lien direct) |
> Aujourd'hui, nous avons annoncé que Check Point Quantum Sase, apportant une solution puissante et unique de service d'accès sécurisé (SASE) aux clients du monde entier.Quantum Sase est la seule solution hybride du monde \\, combinant des protections sur les appareils et basés sur le cloud.Il offre une sécurité Internet 2x plus rapide, un accès complet à Mesh Zero Trust et SD-WAN.Et parce qu'il est de Check Point, il offre la prévention des menaces la plus efficace de l'industrie.Il est unique en résolvant pour l'expérience utilisateur fragmentée et frustrante d'autres solutions Sase, offrant une gestion simplifiée et une expérience de navigation supérieure.Pourquoi SASE?Le monde est hybride.La transformation numérique a alimenté l'adoption [& # 8230;]
>Today, we announced Check Point Quantum SASE, bringing a powerful and unique Secure Access Service Edge (SASE) solution to customers around the world. Quantum SASE is the world\'s only hybrid solution, combining on-device and cloud-based protections. It delivers 2x faster internet security, full mesh Zero Trust Access, and SD-WAN. And because it\'s from Check Point, it offers the most effective threat prevention in the industry. It is unique in solving for the fragmented and frustrating user experience of other SASE solutions, providing simplified management and superior browsing experience. Why SASE? The world is hybrid. The digital transformation has fueled adoption […] |
Threat | ★★ | |
 |
2023-10-11 12:00:00 | Un rapport de première ligne des tactiques et techniques des acteurs de la menace chinoise A Frontline Report of Chinese Threat Actor Tactics and Techniques (lien direct) |
Les experts Intel de menace voient une concentration réduite sur les logiciels malveillants de bureau, car les groupes de menaces hiérarchisent les mots de passe et les jetons qui leur permettent d'accéder aux mêmes systèmes que les travailleurs à distance.
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers. |
Malware Threat | ★★★ | |
|
2023-10-11 09:42:00 | Microsoft met en garde contre les pirates d'État-nation exploitant la vulnérabilité critique de la confluence atlasienne Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability (lien direct) |
Microsoft a lié l'exploitation d'une faille critique récemment divulguée dans le centre de données et un serveur Atlassian Confluence à un acteur d'État-nation, It suit comme Storm-0062 (aka Darkshadow ou Oro0LXY).
L'équipe du renseignement des menaces du géant de la technologie a déclaré qu'elle avait observé l'abus de la vulnérabilité dans la vulnérabilité depuis le 14 septembre 2023.
"CVE-2023-22515 est une vulnérabilité essentielle d'escalade du privilège en
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant\'s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in |
Vulnerability Threat | ★★★ | |
 |
2023-10-11 04:11:02 | Top 7 fournisseurs de ressources techniques pour les professionnels de la sécurité ICS Top 7 Technical Resource Providers for ICS Security Professionals (lien direct) |
Les attaques contre les systèmes de contrôle industriel (CI) sont en augmentation.Les cyberattaques sont plus répandues, créatives et plus rapides que jamais.Ainsi, la compréhension des attaquants \\ 'tactiques est cruciale.L'indice IBM Security X-Force Threat Intelligence Index 2023 souligne que les déploiements de porte dérobée permettant un accès à distance aux systèmes ICS étaient le type d'action d'attaquant le plus courant en 2022. La nouvelle positive est que 67% des tentatives de déploiement des ransomwareperturbé la porte dérobée avant que le ransomware ne puisse être exécuté.Lorsque les attaquants voient une faiblesse, ils l'exploitent.Selon...
Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers\' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022. The positive news is that 67% of attempts to deploy ransomware through backdoors were foiled by defenders who disrupted the backdoor before the ransomware could be executed. When attackers see a weakness, they exploit it. According to... |
Ransomware Threat Industrial | ★★★★ | |
|
2023-10-11 03:00:22 | Le rapport explore les entreprises britanniques \\ 'lutte pour lutter contre les menaces de cybersécurité croissantes Report Explores UK Companies\\' Struggle to Address Growing Cybersecurity Threats (lien direct) |
L'une des constantes les plus fiables du monde de la cybersécurité est que les menaces augmentent toujours à mesure que les cybercriminels font progresser leurs tactiques et en développent de nouveaux.Il peut s'agir d'une tâche intimidante pour les organisations de rester continuellement au courant de ces menaces, de protéger leurs propres données et d'actifs et de surveiller le paysage des menaces pour les changements.Un récent rapport du groupe de conseil en cybersécurité britannique Savanti détaille les défis auxquels les entreprises britanniques sont confrontées dans ce domaine - les menaces croissantes et les difficultés auxquelles les conseils sont confrontés à la compréhension et à la mise en œuvre des politiques de cybersécurité - ainsi que pour un plan de cinq points pour ...
One of the most reliable constants in the cybersecurity world is that threats are always increasing as cybercriminals advance their tactics and develop new ones. It can be a daunting task for organizations to continually stay on top of these threats, protect their own data and assets, and monitor the threat landscape for changes. A recent report from UK cybersecurity consultancy group Savanti details the challenges facing UK companies in this area-the growing threats and the difficulties that boards face in understanding and implementing cybersecurity policies-as well as a five-point plan to... |
Threat | ★★★ | |
 |
2023-10-10 20:05:50 | L'acteur de la triade de la triade saliss Smishing Triad Threat Actor Sets Its Sights on the UAE (lien direct) |
Resesecurity avertit que l'acteur de la triade de smirage a «largement élargi son empreinte d'attaque» aux Émirats arabes unis (EAU).
Resecurity warns that the Smishing Triad threat actor has “vastly expanded its attack footprint” in the United Arab Emirates (UAE). |
Threat | APT 15 | ★★★ |
 |
2023-10-10 19:59:48 | Obtenir de la valeur de vos journaux proxy avec Falcon Logscale Getting Value from Your Proxy Logs with Falcon LogScale (lien direct) |
Tout le trafic Web qui découle de votre réseau d'entreprise devrait passer par un proxy Web.Ces journaux de proxy sont une excellente ressource pour les enquêtes sur la chasse aux menaces et la sécurité, mais elles se traduisent souvent par des volumes de données extrêmement importants.Dans un article de blog précédent, nous avons partagé la valeur des journaux de proxy dans l'adresse d'une gamme [& # 8230;]
All web traffic flowing out of your company network should be passing through a web proxy. These proxy logs are a great resource for threat hunting and security investigations, yet they often translate into extremely large volumes of data. In a previous blog post, we shared the value of proxy logs in addressing a range […] |
Threat | ★★ | |
|
2023-10-10 17:00:00 | Le nouveau rapport Ponemon montre que les organisations de soins de santé font peu de progrès dans la protection des patients contre les dommages des cyberattaques New Ponemon Report Shows Healthcare Organizations Are Making Little Progress in Protecting Patients from the Harms of Cyber Attacks (lien direct) |
The healthcare sector is finally acknowledging that cyber attacks affect more than just the financial bottom line. Providers are starting to understand that a weak cybersecurity posture puts patients\' safety and well-being at risk-and may endanger lives. Despite this growing understanding, however, little progress has been made in the past year to improve organizational security. The Ponemon Institute\'s second annual Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023 report, commissioned by Proofpoint, shows that healthcare businesses have made no strides in protecting patients from the physical harm of cyber attacks. The survey found that 88% of healthcare companies experienced an average of 40 attacks in the past 12 months. Among the 653 healthcare and IT security practitioners surveyed: 66% said cyber attacks targeting their business disrupted patient care 50% experienced an increase in complications from medical procedures 23% saw an increase in mortality rates These numbers are similar to last year\'s report and confirm what\'s already well-known in the industry: Change is slow in healthcare, especially when it comes to IT investments. The devastating impacts of various attacks on patient safety The most common types of attacks examined in the Ponemon report are: Cloud compromise Ransomware Supply chain Business email compromise (BEC) We learned that supply chain attacks are the most likely to disrupt patient care (77%, up from 70% in 2022). However, when it comes to specific repercussions, BEC leads in three of five categories. This is the type of attack most likely to cause poor outcomes due to: Delays in tests and procedures (71%) An increase in complications from medical procedures (56%) A longer length of stay (55%) What may surprise healthcare leaders and clinicians is the impact of data loss or exfiltration. When protected health information (PHI) is compromised, most think in terms of the impact to patient privacy. However, the report shows that the implications are far more dangerous. Forty-three percent of survey participants said a data loss or exfiltration incident affected patient care. Of those that experienced this impact, 46% saw an increase in mortality rates, and 38% noted an increase in medical procedure complications. Cloud risk on the rise as adoption grows The healthcare sector has lagged behind most other industries in cloud adoption. It took a global pandemic to shake things up: Sixty-two percent of surveyed physicians said the pandemic forced them to make upgrades to technology that would have taken years to accomplish otherwise. But with the broad adoption of cloud apps, care providers are more vulnerable to cloud threats. ECRI (an independent authority on healthcare technology and safety) ranked care disruption due to the failure to manage cyber risk of cloud-based clinical systems as one of the top 10 healthcare technology hazards for 2023. Given the high rate of adoption, it\'s not surprising the Ponemon report found that cloud compromise is now the top concern for healthcare companies. Cloud compromise rose to first place this year from fifth last year-with 63% of respondents expressing this concern, compared with 57% in 2022. Likewise, healthcare businesses are feeling the most vulnerable to a cloud compromise than other types of attacks, with 74% of respondents in agreement. Ransomware remains ever-present, despite decreased concerns One surprising finding from the survey is the significant decrease in concerns about ransomware attacks. Although 54% of respondents reported that their business had experienced a ransomware attack (up from 41% in 2022), they\'re the least worried about this type of threat. Only 48% of those surveyed said ransomware was a concern-a big decline from last year\'s 60%. Based on recent events, we know that the impacts of ransomware incidents are getting worse. In August, for example, a ransomware attack on a California-based health system | Ransomware Threat Medical Cloud | ★★★★ | |
|
2023-10-10 16:30:00 | Alerte Vert Threat: Octobre 2023 Patch mardi Analyse VERT Threat Alert: October 2023 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de Microsoft \\ sont des mises à jour de sécurité d'octobre 2023 de Microsoft, qui comprend un format de notes de version récemment introduit.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1077 le mercredi 11 octobre.CVE CVE-2023-41763 du CVE-2023-41763 dans le cas, bien que cette vulnérabilité soit étiquetée comme un Skype pour l'élévation des privilèges de la vulnérabilité des privilèges, les détails se lisent davantage comme une divulgation d'informations.Selon Microsoft, l'exploitation réussie de cette vulnérabilité «pourrait divulguer des adresses IP ou des numéros de port ou les deux à l'attaquant».Microsoft ...
Today\'s VERT Alert addresses Microsoft\'s October 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2023-41763 While this vulnerability is labeled as a Skype for Business Elevation of Privilege Vulnerability, the details read more like an Information Disclosure. According to Microsoft, successful exploitation of this vulnerability “could disclose IP addresses or port numbers or both to the attacker.” Microsoft... |
Vulnerability Threat | ★★ | |
|
2023-10-10 16:02:37 | Cybersécurité : que faire contre la menace intérieure ? Almond publie la première édition de son rapport " Insider Threat " (lien direct) | Cybersécurité : que faire contre la menace intérieure ? Almond publie la première édition de son rapport " Insider Threat " - Investigations | Threat Studies | ★★★★ | |
|
2023-10-10 15:55:00 | Les chercheurs découvrent la campagne d'attaque en cours de Grayling APT \\ dans toutes les industries Researchers Uncover Grayling APT\\'s Ongoing Attack Campaign Across Industries (lien direct) |
Un acteur de menace sans papiers auparavant de la provenance inconnue a été lié à un certain nombre d'attaques ciblant les organisations dans les secteurs de la fabrication, de l'informatique et de la biomédicale à Taïwan.
L'équipe Symantec Threat Hunter, qui fait partie de Broadcom, a attribué les attaques à une menace persistante avancée (APT) qu'il suit sous le nom de Grayling.Les preuves montrent que la campagne a commencé en février 2023 et
A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name Grayling. Evidence shows that the campaign began in February 2023 and |
Threat Industrial | ★★★ | |
|
2023-10-10 15:54:13 | NETSCOUT obtient la compétence " sécurité " d\'AWS pour sa solution Omnis Cyber Intelligence (OCI) (lien direct) | NETSCOUT obtient la compétence " sécurité " d'AWS pour sa solution Omnis Cyber Intelligence (OCI) Cette certification valide les capacités techniques de l'entreprise et son succès auprès des organisations du domaine de la détection et de la réponse aux menaces réseau. - Business | Threat | ★★ | |
|
2023-10-10 15:50:59 | NetScout Systems, Inc. a annoncé qu'il avait obtenu la compétence de sécurité des services Web d'Amazon pour Omnis & Reg;Cyber-intelligence NETSCOUT SYSTEMS, INC. announced it has achieved Amazon Web Services Security Competency for Omnis® Cyber Intelligence (lien direct) |
NetScout Systems, Inc. a annoncé qu'il avait obtenu la compétence de sécurité des services Web d'Amazon Services (AWS) pour son produit NDR avancé, Omnis & Reg;Cyber-intelligence
Affirme la compétence technique de l'entreprise et la classe prouvée
Succès du client pour la détection et la réponse des menaces
-
nouvelles commerciales
NETSCOUT SYSTEMS, INC. announced it has achieved Amazon Web Services (AWS) Security Competency for its advanced NDR product, Omnis® Cyber Intelligence Affirms the company\'s technical proficiency and proven customer success for threat detection and response - Business News |
Threat | ★★ | |
|
2023-10-10 14:55:00 | La nouvelle technique conduit à des attaques DDOS les plus importantes jamais, Google et Amazon disent New technique leads to largest DDoS attacks ever, Google and Amazon say (lien direct) |
Amazon, Google et Cloudflare ont déclaré avoir détecté les plus grandes attaques de déni de service distribué (DDOS) en août en raison d'une vulnérabilité nouvellement découverte.Les entreprises ont expliqué mardi matin qu'un bogue suivi en tant que CVE-2023-44487 a permis aux acteurs de la menace un nouveau angle pour des sites Web écrasants avec un flot de trafic, ce qui les rend temporairement indisponibles pour les utilisateurs.
Amazon, Google and Cloudflare said they detected the largest distributed denial-of-service (DDoS) attacks on record in August due to a newly discovered vulnerability. The companies explained on Tuesday morning that a bug tracked as CVE-2023-44487 allowed threat actors a fresh angle for overwhelming websites with a flood of traffic, making them temporarily unavailable to users. |
Threat | ★★ | |
 |
2023-10-10 12:09:54 | La chasse aux menaces avec LogPoint (lien direct) | >La chasse aux menaces est une expression très tendance dans l'univers de la cybersécurité, mais de quoi s'agit-il réellement? Les fonctionnalités proposées par LogPoint permettant cette chasse aux menaces, notamment l'analyse avancée, l'enrichissement, les corrélations, l'UEBA et la création de rapports, vous permettront de renforcer votre stratégie globale en matière de sécurité en utilisant une [...] | Threat | ★★ | |
|
2023-10-10 11:22:00 | Dispositifs Citrix sous attaques: Netscaler Flaw exploité pour capturer les informations d'identification de l'utilisateur Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials (lien direct) |
Une faille critique récemment divulguée dans Citrix Netscaler ADC et Gateway Devices est exploitée par les acteurs de la menace pour mener une campagne de récolte d'identification.
IBM X-Force, qui a découvert l'activité le mois dernier, a déclaré que les adversaires ont exploité "CVE-2023-3519 pour attaquer les passerelles NetScaler non corrigées pour insérer un script malveillant dans le contenu HTML de la page Web d'authentification pour capturer l'utilisateur
A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user |
Threat | ★★ | |
|
2023-10-10 10:00:00 | & timide; histoires du SOC: Quishing & # 8211;Combattre les codes QR malveillants intégrés Stories from the SOC: Quishing – Combatting embedded malicious QR codes (lien direct) |
James Rodriguez – Senior Specialist, Cybersecurity
Executive summary
Over the past several months, AT&T Managed Detection and Response (MTDR) security operations center (SOC) analysts have seen an increase in the usage of phishing emails containing malicious QR codes. In a recent example, a customer that was victimized by a phishing attempt provided the AT&T analysts with an email that was circulated to several of its internal users. The analysts reviewed the email and its included attachment, a PDF containing a QR code and an urgent message claiming to be from Microsoft.
When the targeted user scanned the QR code, they were directed to a counterfeit Microsoft login page designed to harvest usernames and passwords. This type of attack is called “quishing.”
Unfortunately, several users fell victim to the attack, and their credentials were compromised. However, our analysts were able to engage with the customer and guide them through the proper remediation steps.
Encouraging targeted users to act quickly and scan the code using their phone (which often is not as secure as the rest of a company’s network) is a standard tactic employed by threat actors. By doing this, they hope to convince the user to act without thinking and forgo proper security practices allowing the threat actor to bypass traditional security measures in place on a company network.
Threat actor tactics
The threat actor used a Windows authentication setup for multi-factor authentication (MFA) to initiate the attack. The targeted users received a phishing email indicating MFA needed to be set up on their account. The email included a PDF attachment with instructions directing them to scan the included QR code, which was malicious.
Once the users scanned the QR code, they were redirected to a fake Microsoft sign-in page on their phone. Here, they entered their legitimate login credentials,which were then stored and made available to the threat actor.
Investigation
Once the customer suspected the email was malicious, they contacted the AT&T team and provided a copy of the PDF file with the included QR code. The team analyzed the file and the QR code (see Image 1) and identified the associated destination as “srvc1[.]info/mcrsft2fasetup/index.html.”
Image 1: PDF file from customer containing malicious QR code
The QR codes associated URL sends the user to a credential harvester masquerading as a Microsoft login page. (See Image 2.)
Image 2: Credential harvester masquerading as login page
AT&T SOC analysts analyzed the credential harvester using a fake email and the Google Chrome Inspector tool to record any outbound connections when clicking the “Sign In” button (see Image 2). Only one network connection was made, which resulted in a 404 HTTP response code to the external domain “logo.clearbit[.]com/email.com.” Research into clearbit[.]com found it is associated with Clearbit B2B Marketing Intelligence, which is listed as a legitimate marketing tool for identifying customers and sales exchanges.
Analysts used open-source intelligence (OSINT) to further research the initial associated domain “srvc1[.]info” but found no additional information as the domain was recently purchased. Further investigation revealed that the owner’s identity was hidden, and there was no additional data available. The customer confirmed that neither the Clearbit nor the srvc1 external domains were known or a part of normal business use within their environment.
Remediation
AT&T SOC analysts worked closely with the customer to identify w |
Tool Threat | ★★★★ | |
 |
2023-10-10 10:00:00 | Nouvel acteur de menace «Grayling» blâmé pour l'espionnage Campaign New Threat Actor “Grayling” Blamed For Espionage Campaign (lien direct) |
Symantec met en évidence une technique distinctive de téléchargement de touche
Symantec highlights distinctive DLL sideloading technique |
Threat | ★★ | |
|
2023-10-10 07:16:32 | Au-delà du statu quo, partie 1: le rôle vital des menaces de renseignement dans la sensibilisation à la sécurité Beyond the Status Quo, Part 1: The Vital Role Threat Intelligence Plays in Security Awareness Education (lien direct) |
Welcome to the first installment of a three-part blog series that is focused on how to inspire engagement in security awareness for both users and practitioners. It will also explore creative techniques you can use to build a security culture that go beyond traditional security awareness training. Cybersecurity Awareness Month is an excellent time to rejuvenate your security awareness program. But how can you sustain the momentum of Cybersecurity Awareness Month beyond October? Try adding threat intelligence to your program. It can personalize and invigorate your curriculum for your users. Integrating threat intelligence into security awareness seems intuitive-and many practitioners claim to do it. But data suggests otherwise. Research Proofpoint conducted for our 2023 State of the Phish report found that while 75% of businesses faced business email compromise (BEC) attacks, a mere 31% trained their users about this threat. This indicates that while many businesses are aware of emerging threats, they struggle to weave this information into their training modules. This blog post delves into best practices for using threat intelligence to raise security awareness with users. It includes insights from a customer session we held during Proofpoint Wisdom 2023 entitled “Utilizing Threat Intel to Design a Program that Works.” During that session, I spoke with Andrew Munson, senior manager of information risk management and governance at McDonald\'s Corporation, and Shaun Holmberg, IT security analyst at Commercial Metals Corporation. Both provided insights into how they infuse threat intelligence into their global security awareness initiatives. Understanding threat intelligence Threat intelligence is the knowledge and analysis of cyber threats and vulnerabilities that can pose a risk to a business. This information includes details about the attack lifecycle, network architecture vulnerabilities and which users are being targeted. The intel should also provide details of the risk level or the consequential impact that a successful cyber attack may have on a business. This information can be gathered from various sources. According to Shaun and Andrew, examples of optimal sources for intelligence are: Research reports. These resources include, but are not limited to: State of the Phish from Proofpoint Verizon\'s Data Breach Investigations Report (DBIR) FBI Internet Crime Report (Internet Crime Complaint Center) Coalition\'s Cyber Claims Report Security feeds. Proofpoint threat intelligence services, Rapid7 and Cyber Reasons are examples of providers of these feeds. Incident reports from products. These reports include Proofpoint Targeted Attack Protection reports, Proofpoint Closed Loop Email Analysis (CLEAR) and other reports related to the penetration testing of a company\'s infrastructure. Why is threat intelligence crucial for a security awareness program? Let\'s dive deeper into this subject using insights from the recent discussion with Andrew and Shaun. Making threat intelligence actionable At McDonald\'s, Andrew works with departments across the globe. Each region has its own requirements and is targeted with threats specific to an office. This is where working with a resource like the Proofpoint threat intelligence service team can create significant benefits for security teams. Andrew described how working with our team gives him an advantage. He said the Proofpoint threat intelligence service team can analyze data across the globe to correlate attacks that may be affecting a single region. For example, they can recognize a targeted attack specific to Germany, which differs from an active attack they\'ve identified targeting Austria. Andrew said he uses this data to build separate simulations that mimic the active attack for each region and launches an auto-enrollment training session tuned to recognizing the attack indicators. He can also provide resources like notifications or informative newsletters, all within the region\'s native l | Ransomware Data Breach Vulnerability Threat Studies | ★★ | |
|
2023-10-10 07:11:01 | Nutanix annonce l\'ajout de nouvelles fonctionnalités aux solutions Data Lens and Nutanix Unified Storage (lien direct) | Nutanix renforce la cyber-résilience avec la détection et la récupération accélérées des ransomwares Nutanix Data Lens peut détecter les menaces en moins de 20 minutes et permet une récupération rapide. Nutanix Objects augmente la visibilité des données à travers le multicloud hybride. - Produits | Threat | ★★ | |
 |
2023-10-10 07:00:00 | Évalué la cyber-structure et les alignements de la Corée du Nord en 2023 Assessed Cyber Structure and Alignments of North Korea in 2023 (lien direct) |
résumé exécutif
Le programme offensif de DPRK \\ continue d'évoluer, montrant que le régime est déterminé à continuer à utiliser des cyber-intrusions pour mener les deuxEspionage et crime financier pour projeter le pouvoir et financer à la fois leurs capacités cyber et cinétiques.
Les dernières opérations de Nexus DPRK font allusion à une augmentation de l'adaptabilité et de la complexité, y compris une attaque de chaîne d'approvisionnement en cascade vue pour la première fois, et ciblant régulièrementBlockchain et fintech verticals.
Alors que différents groupes de menaces partagent des outils et du code, l'activité de menace nord-coréenne continue de s'adapter et de changer
Executive Summary The DPRK\'s offensive program continues to evolve, showing that the regime is determined to continue using cyber intrusions to conduct both espionage and financial crime to project power and to finance both their cyber and kinetic capabilities. Latest DPRK nexus operations hint at an increase in adaptability and complexity, including a cascading software supply chain attack seen for the first time, and consistently targeting blockchain and fintech verticals. While different threat groups share tooling and code, North Korean threat activity continues to adapt and change |
Threat | ★★★ | |
|
2023-10-10 03:28:13 | Les tendances de la cybersécurité à regarder aux États-Unis au cours des 5 prochaines années Cybersecurity Trends to Watch in the US in the Next 5 Years (lien direct) |
À mesure que les cybermenaces deviennent plus fréquentes et sophistiquées, la nécessité d'une défense vigilante est primordiale et la cybersécurité est en tête pour les organisations à l'échelle nationale.Comprendre le paysage des menaces et les tendances actuelles et futures est cruciale pour la conception de stratégies de sécurité efficaces pour atténuer les risques et garder les entreprises, leurs employés et leurs données sûres.Les tendances des menaces suivantes sont particulièrement importantes, affectant les organisations de toutes tailles.L'estimation de leurs délais d'impact et la fourniture d'informations exploitables permettra aux entreprises de se préparer à protéger leurs actifs numériques ...
As cyber threats grow more frequent and sophisticated, the need for vigilant defense is paramount, and cybersecurity is top of mind for organizations nationwide. Understanding the threat landscape and current and future trends is crucial to designing effective security strategies to mitigate risk and keep companies, their employees, and their data safe. The following threat trends are of particular importance, affecting organizations of all sizes. Estimating their impact timelines and providing actionable insights will allow businesses to prepare themselves to safeguard their digital assets... |
Threat | ★★★ | |
|
2023-10-09 21:37:00 | Peachpit: botnet de fraude publicitaire massive propulsé par des millions d'Android piraté et iOS PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS (lien direct) |
Un botnet de fraude publicitaire surnommé Peachpit a exploité une armée de centaines de milliers d'appareils Android et iOS pour générer des bénéfices illicites pour les acteurs de la menace derrière le programme.
Le botnet fait partie d'une plus grande opération basée sur la Chine, le nom de code Badbox, qui implique également de vendre des appareils mobiles et connectés sur marque (CTV) sur les détaillants en ligne populaires et les sites de revente qui sont arrière avec un
An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an |
Threat | ★★★ | |
|
2023-10-09 15:21:57 | Dévoilant \\ 'STESIN \\' Alive \\ ': un examen plus approfondi d'une campagne en cours en Asie ciblant les télécommunications et les entités gouvernementales Unveiling \\'Stayin\\' Alive\\': A Closer Look at an Ongoing Campaign in Asia Targeting Telecom and Governmental Entities (lien direct) |
 Faits saillants: Check Point Research a suivi "STESHIN \\ 'Alive", une campagne d'espionnage en cours opérant en Asie, et ciblant principalement l'industrie des télécommunications, ainsi que des organisations gouvernementales.La campagne «Stayin \\ 'Alive» utilisée contre des organisations asiatiques de grande envergure, ciblait initialement des organisations au Vietnam, en Ouzbékistan et au Kazakhstan.Alors que nous effectuons notre analyse, nous avons réalisé que cela faisait partie d'une campagne beaucoup plus large ciblant la région.Les outils observés dans la campagne sont liés à \\ 'Toddycat \' - un acteur affilié chinois opérant dans la région des clients de point de contrôle en utilisant le point final de Check Point Harmony et l'émulation de menace restent protégés contre la campagne détaillée dans ce rapport [& # 8230;]
 Highlights: Check Point Research has been tracking “Stayin\' Alive”, an ongoing espionage campaign operating in Asia, and primarily targeting the Telecom industry, as well as government organizations. The “Stayin\' Alive” campaign used against high-profile Asian organizations, initially targeted organizations in Vietnam, Uzbekistan, and Kazakhstan. As we conducted our analysis, we realized that it is part of a much wider campaign targeting the region. Tools observed in the campaign are linked to \'ToddyCat\'- a Chinese affiliated actor operating in the region Check Point customers using Check Point Harmony Endpoint and Threat Emulation remain protected against the campaign detailed in this report […]
|
Tool Threat | ★★ | |
 |
2023-10-09 12:37:08 | 7 façons de tirer le meilleur parti du mois de sensibilisation à la cybersécurité 7 Ways to Make the Most of Cybersecurity Awareness Month (lien direct) |
> Octobre est un mois souvent associé à la fantaisie d'Halloween, mais pour la technologie, elle marque également le mois de la sensibilisation à la cybersécurité.Fondée en 2004 par la National Cyber Security Alliance, ce mois-ci est désigné pour faire la lumière sur l'importance croissante de la cybersécurité.Dans notre monde de plus en plus interconnecté, la menace des cyberattaques se profile plus grande que & # 8230;
>October is a month often associated with the spookiness of Halloween, but for the tech-savvy, it also marks Cybersecurity Awareness Month. Founded in 2004 by the National Cyber Security Alliance, this month is designated to shed light on the growing importance of cybersecurity. In our increasingly interconnected world, the threat of cyberattacks looms larger than … |
Threat | ★★★ | |
 |
2023-10-09 12:16:20 | Accédez aux ventes pour les sociétés MediaMarkt, UE / États-Unis, et des fuites de base de données indonésienne, Hellokitty Ransomware Access Sales for MediaMarkt, EU/US Companies, and Leaks of Indonesian Database, HelloKitty Ransomware (lien direct) |
Alors que le paysage complexe du Web sombre se déroule, les acteurs de la menace persistent dans leurs opérations secrètes.Dans ...
As the dark web’s intricate landscape unfolds, threat actors persist in their covert operations. In... |
Ransomware Threat | ★★ | |
|
2023-10-09 11:25:29 | 9 octobre & # 8211;Rapport de renseignement sur les menaces 9th October – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 9 octobre, veuillez télécharger notre bulletin Threat_Intelligence.Les meilleures attaques et violation du département de santé publique du comté d'American Rock, qui dessert plus de 160 000 personnes dans la région du Wisconsin, a été victime d'une attaque de ransomware qui a forcé les responsables à retirer certains systèmes hors ligne.Cuba [& # 8230;]
>For the latest discoveries in cyber research for the week of 9th October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The American Rock County Public Health Department, which serves more than 160K people across Wisconsin area, has been a victim of a ransomware attack that forced officials to take some systems offline. Cuba […] |
Ransomware Threat | ★★ | |
 |
2023-10-09 10:31:29 | Oteria Cyber Cup : CTF spécial maritime (lien direct) | Retour de l'Oteria Cyber Cup, le 16 décembre 2023, autour du thème de la Cyber Threat Maritime.... | Threat | ★★ | |
|
2023-10-09 09:30:00 | ADN Tester 23andMe frappé par la campagne de fourrure des informations d'identification DNA Tester 23andMe Hit By Credential Stuffing Campaign (lien direct) |
L'acteur de menace propose de vendre des profils d'ADN de \\ 'millions \'
Threat actor offers to sell DNA profiles of \'millions\' |
Threat | ★★ | |
|
2023-10-09 08:45:00 | L'acteur de cyber-menace lié à Gaza cible les secteurs israéliens de l'énergie et de la défense Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors (lien direct) |
Un acteur de menace basé à Gaza a été lié à une série de cyberattaques visant les organisations israéliennes du secteur privé, de la défense et des télécommunications.
Microsoft, qui a révélé des détails sur l'activité dans son quatrième rapport annuel de défense numérique, suit la campagne sous le nom de Storm-1133.
"Nous évaluons ce groupe s'efforce de poursuivre les intérêts du Hamas, un groupe militant sunnite qui est
A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of the activity in its fourth annual Digital Defense Report, is tracking the campaign under the name Storm-1133. "We assess this group works to further the interests of Hamas, a Sunni militant group that is |
Threat | ★★★ | |
 |
2023-10-07 01:19:17 | La menace cachée dans votre poche: dévoiler la réalité des ransomwares mobiles The Hidden Threat in Your Pocket: Unveiling the Reality of Mobile Ransomware (lien direct) |
Introduction: Votre smartphone est-il un canard assis?Vous êtes-vous déjà arrêté pour considérer la quantité de votre vie stockée
Introduction: Is Your Smartphone a Sitting Duck? Have you ever stopped to consider how much of your life is stored |
Ransomware Threat | ★★ | |
|
2023-10-06 22:00:00 | Matthieu Trivier, Semperis : Les RSSI doivent se préparer dès à présent à la directive NIS 2 (lien direct) | Pour sa nouvelle participation aux Assises, Semperis ses solutions de au monitoring des vulnérabilités d'AD en temps réel, de a défense automatique d'AD face aux attaques et de restauration de l'AD. Ces solutions permettent de sensibiliser sur les stratégies de détection et de réponse aux menaces liées à l'identité (ITDR) et sur l'importance de protéger Active Directory, porte d'entrée de 90% des cyberattaques. Pour Matthieu Trivier, Directeur Avant-Vente de Semperis, les RSSI doivent se préparer dès à présent à la directive NIS 2 et aux renforcements des mesures de sécurité. - Cyber Securité / cybersecurite_home_droite, A2023 | Threat | ★★ | |
|
2023-10-06 20:20:00 | Le rapport WatchGuard Threat Lab Lab trouve des volumes de logiciels malveillants en termes de terminaison diminuant malgré les campagnes de plus en plus vastes WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive (lien direct) |
Pas de details / No more details | Malware Threat | ★★ | |
|
2023-10-06 19:07:50 | D.C. Board of Elections Confirme les données des électeurs volées dans le piratage du site D.C. Board of Elections confirms voter data stolen in site hack (lien direct) |
Le District of Columbia Board of Elections (DCBOE) sonde actuellement une fuite de données impliquant un nombre inconnu de dossiers d'électeurs à la suite de réclamations de violation d'un acteur de menace connu sous le nom de RansomEdVC.[...]
The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. [...] |
Hack Threat | ★★ | |
 |
2023-10-06 18:42:08 | CISA révèle \\ 'admin123 \\' en tant que la principale menace de sécurité dans le tableau des cyber-négligences CISA reveals \\'Admin123\\' as top security threat in cyber sloppiness chart (lien direct) |
Les appels à une adoption plus large des principes de sécurité par conception continuent de sonner à haute voix de l'oncle Sam L'Agence américaine de sécurité de la cybersécurité et des infrastructures (CISA) et la National Security Agency (NSA) blâment défaut inchangée par défaut incomparableLes informations d'identification comme une mauvaise configuration de sécurité qui mène à des cyberattaques…
Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks.… |
Threat | ★★★ | |
 |
2023-10-06 18:13:06 | Conseil de sécurité des laboratoires de menace: Nouvelle campagne d'attaque Stark # Vortex: les acteurs de la menace utilisent des leurres manuels de drones pour livrer des charges utiles de Merlinagent Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (lien direct) |
Securonix Threat Labs Security Advisory: New Stark # Vortex Attack Campagne: les acteurs de la menace utilisent des leurres manuels de drones pour livrer des charges utiles Merlinagent
Securonix Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads |
Threat | ★★ | |
 |
2023-10-06 17:53:23 | Analyse des menaces: prendre des raccourcis… en utilisant des fichiers LNK pour l'infection initiale et la persistance THREAT ANALYSIS: Taking Shortcuts… Using LNK Files for Initial Infection and Persistence (lien direct) |
|
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
