What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-20 10:00:00 | Préparez-vous pour RSA 2023: plus fort ensemble Get ready for RSA 2023: Stronger Together (lien direct) |
Going to RSA next week? If you don’t know, it’s a huge cybersecurity conference held at Moscone Center in San Francisco, CA. If you’re going, please stop by the AT&T Cybersecurity booth and check us out. It’s at #6245 in the North Hall. Remember to bring a picture ID for RSA check-in, otherwise you’ll have to go back to your hotel and get it. The RSA theme this year is “Stronger Together” which sounds like a great plan to me! The details So, the details: AT&T Cybersecurity will be at RSA Conference 2023 (San Francisco, April 24-27), in booth 6245 in the North Hall. We’ll have a 10’ digital wall, four demo stations, and a mini theatre for presentations. What can you expect to see in the AT&T Cybersecurity booth? The AT&T Cybersecurity booth will be a hub of activity with demo stations, presentations, and other social networking activities. Our goal is to help you address macro challenges in your organization such as: Pro-active and effective threat detection and response Modernizing network security Protecting web applications and APIs Engaging expert guidance on cybersecurity challenges Demo stations Come check out our four demo stations that will provide you an opportunity to meet and talk with AT&T Cybersecurity pros. Our demos are highlighting: Managed XDR Network Modernization Web Application and API Security (WAAP) AT&T Cybersecurity Consulting In-booth mini-theatre The AT&T Cybersecurity booth includes a mini-theater where you can relax and enjoy presentations every 15 minutes plus get one of our limited-edition AT&T Cybersecurity mini-backpacks for all of your RSA memorabilia Join us for presentations about: 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem Hot off the press for RSA, the 2023 AT&T Cybersecurity Insights Report is our annual thought leadership research. Learn how seven industries are using edge computing for competitive business advantages, what the perceived risks are, and how security is an integral part of the next generation of computing. The Endpoint Revolution Understand today’s “endpoint revolution” and the multi-layered preventative and detective controls that should be implemented to secure your organization. Modernizing Network Security Learn more about the modernization of enterprise security architectures and consolidation of multiple security controls, including those crucial to supporting hybrid work and the migration of apps and data to cloud services. Alien Labs Threat Intelligence Learn how the AT&T Alien Labs threat intelligence team curates intelligence based on global visibility of indicators of compromise into threats and tactics, techniques, and procedures of cybercriminals. Next Generation Web Application and API Protection (WAAP) Security Learn how WAAP is expanding to include additional features and how a service provider can help guide you to the right solution. The WAAP market is diverse and includes DDOS, bot management, web application protection and API security. Empowering the SOC with Next Generation Tools Learn how a new era of operations in security and networking is creating more efficiency in the SOC. Events Monday, April 24 | Threat Cloud Conference | ★★ | |
 |
2023-04-19 21:37:00 | 7 séances grésillantes à vérifier à la conférence RSA 2023 7 Sizzling Sessions to Check Out at RSA Conference 2023 (lien direct) |
Voici quelques-unes des sessions les plus intéressantes, peuvent \\ 'T-Miss lors du prochain spectacle de San Francisco.
Here are some of the most interesting, can\'t-miss sessions at the upcoming show in San Francisco. |
Conference | ★★ | |
 |
2023-04-19 13:39:31 | Pipus Security annonce la nouvelle gestion de la surface d'attaque et les capacités de gestion de la posture de sécurité du cloud Picus Security Announces New Attack Surface Management and Cloud Security Posture Management Capabilities (lien direct) |
PICUS SECURITY annonce une nouvelle gestion de la gestion de la surface d'attaque et des capacités de gestion de la posture de sécurité du cloud
élargit sa solution de gestion de l'exposition à la menace continue avant la conférence RSA 2023
-
revues de produits
Picus Security Announces New Attack Surface Management and Cloud Security Posture Management Capabilities Expands its Continuous Threat Exposure Management Solution in advance of RSA Conference 2023 - Product Reviews |
Threat Cloud Conference | ★★ | |
 |
2023-04-18 23:01:00 | Le Royaume-Uni dit que les cyber-groupes de type Wagner \\ 'attaquent les infrastructures critiques UK says \\'Wagner-like cyber groups\\' attacking critical infrastructure (lien direct) |
Le gouvernement britannique avertira mercredi que «les cyber-groupes émergents de type Wagner tentent de causer un maximum de dommages aux infrastructures nationales critiques du Royaume-Uni».Dans un discours lors de la conférence Cyberuk à Belfast, le chancelier du duché de Lancaster, Oliver Dowden, annoncera que le National Cyber Security Center du Royaume-Uni a publié un officiel
The British government will warn on Wednesday that “emerging Wagner-like cyber groups are attempting to cause maximum damage to the UK\'s critical national infrastructure.” In a speech at the CyberUK conference in Belfast, the chancellor of the Duchy of Lancaster, Oliver Dowden, will announce that the U.K.\'s National Cyber Security Centre has issued an official |
Conference | ★★ | |
 |
2023-04-18 14:58:36 | All Things Cybereason à la conférence RSA 2023 All Things Cybereason at 2023 RSA Conference (lien direct) |
|
Conference | ★★ | |
 |
2023-04-18 08:30:00 | Cyberuk 23: Centres de conférence NCSC Cyber Collaboration CyberUK 23: NCSC conference centres cyber collaboration (lien direct) |
Pas de details / No more details | Conference | ★★★ | |
|
2023-04-17 20:00:00 | Le DOJ facture 34 avec l'exploitation de la ferme de trolls chinois qui a harcelé des dissidents DOJ charges 34 with operating Chinese gov\\'t troll farm that harassed dissidents (lien direct) |
Le ministère de la Justice a annoncé lundi les accusations contre 34 personnes impliquées dans un groupe de travail utilisé pour répandre la désinformation et harceler les dissidents chinois.Des responsables du bureau du procureur américain pour le district oriental de New York ont annoncé lors d'une conférence de presse trois cas différents centrés sur les efforts du gouvernement chinois pour cibler les gens de la
The Justice Department announced charges Monday against 34 people involved in a task force used to spread disinformation and harass Chinese dissidents. Officials from the U.S. Attorney\'s Office for the Eastern District of New York announced during a press conference three different cases centered on efforts by the Chinese government to target people in the |
Conference | ★★ | |
 |
2023-04-12 22:00:00 | Vulnérabilités de Pretalx: comment être accepté à chaque conférence Pretalx Vulnerabilities: How to get accepted at every conference (lien direct) |
Nous avons récemment découvert deux vulnérabilités dans Pretalx et trouvé une technique générique pour obtenir l'exécution de code à partir d'un fichier d'écriture.
We recently discovered two vulnerabilities in pretalx and found a generic technique to gain code execution from a file write. |
Vulnerability Conference | ★★ | |
|
2023-04-07 19:32:00 | Officiels de Tasmanie: 16 000 documents étudiants divulgués par le groupe de ransomwares CLOP Tasmania officials: 16,000 student documents leaked by Clop ransomware group (lien direct) |
Les représentants du gouvernement en Tasmanie ont confirmé vendredi que plus de 16 000 documents sensibles avaient été divulgués par le groupe de ransomware CLOP à la suite d'un incident de vol de données il y a deux semaines.Vendredi, lors d'une conférence de presse, le ministre des Sciences et de la Technologie Madeleine Ogilvie [a déclaré aux journalistes] (https://pulsehobart.com.au/news/hackers-release-personal-data-from-tasmanian-government-data-breach/)que les informations publiées comprennent des factures financières, des déclarations et des informations relatives à
Government officials in Tasmania confirmed on Friday that more than 16,000 sensitive documents were leaked by the Clop ransomware group following a data theft incident two weeks ago. During a press conference on Friday, Minister for Science and Technology Madeleine Ogilvie [told reporters](https://pulsehobart.com.au/news/hackers-release-personal-data-from-tasmanian-government-data-breach/) that the information released includes financial invoices, statements and information relating to |
Ransomware Conference | ★★★ | |
|
2023-04-06 14:00:00 | À quoi discuter à la conférence RSA - et ce n'est pas le chatpt What to Discuss at RSA Conference - and It\\'s Not ChatGPT (lien direct) |
Les conversations en personne sont un moyen productif de comprendre l'état de l'industrie et d'apprendre de nouvelles techniques.Profitez de l'expérience des pairs, comparez les notes et augmentez vos compétences.
In-person conversations are a productive way to understand the state of the industry and learn new techniques. Take advantage of peers\' experience, compare notes, and boost your skill set. |
Conference | ChatGPT ChatGPT | ★★★ |
|
2023-04-01 22:25:00 | (Déjà vu) Février 2024 (lien direct) | 30 janvier - 1er février - Tel Aviv (Israël) Cybertech Goblal Tel Aviv Lieu : Tel Aviv Convention Center www.cybertechisrael.com/ 11 - 13 février Denvers (USA) Geo Week CONTACT : www.geo-week.com Hashtag : #geoweek Facebook : https://www.facebook.com/GeoWeekNews Twitter : https://twitter.com/GeoWeekExpo LinkedIn : https://www.linkedin.com/company/geoweek/ YouTube : https://www.youtube.com/c/GeoWeek Instagram (...) - Calendrier | Conference | ★★ | |
|
2023-04-01 18:56:00 | February 2024 (lien direct) | 30 January - 1st February - Tel Aviv (Israel) Cybertech Europe Place: Tel Aviv Convention Center https://www.cybertechisrael.com/ 11 - 13 February - Denvers (USA) Geo Week CONTACT: www.geo-week.com Hashtag: #geoweek Facebook: https://www.facebook.com/GeoWeekNews Twitter: https://twitter.com/GeoWeekExpo LinkedIn: https://www.linkedin.com/company/geoweek/ YouTube: https://www.youtube.com/c/GeoWeek (...) - Diary | Conference | ★★ | |
|
2023-04-01 13:00:00 | Februar 2024 (lien direct) | 30 januar - 1er Februar - Tel Aviv (Israel) Cybertech Goblal Tel Aviv Lieu : Tel Aviv Convention Center www.cybertechisrael.com/ 11 - 13 februar - Denvers (USA) Geo Week CONTACT: www.geo-week.com Hashtag: #geoweek Facebook: https://www.facebook.com/GeoWeekNews Twitter: https://twitter.com/GeoWeekExpo LinkedIn: https://www.linkedin.com/company/geoweek/ YouTube: https://www.youtube.com/c/GeoWeek (...) - Terminkalender | Conference | ★★ | |
|
2023-03-29 18:05:07 | 5-7 septembre, 2023 Las Vegas: Expo des UAV commerciaux [September 5-7, 2023 Las Vegas: Commercial UAV Expo] (lien direct) | Commercial UAV Expo est le premier salon et conférence du monde en matière de commerce sur l'intégration et le fonctionnement des UAS commerciaux avec plus d'exposants que tout autre événement de drone commercial.Les industries couvertes comprennent la construction;Livraison de drones;Énergie et services publics;Foresterie et agriculture;Infrastructure et transport;MINORAGE ET AGLÉGAGES;Services de sécurité publique et d'urgence;Sécurité;et l'arpentage et la cartographie.Lancé en 2015, Commercial UAV Expo rassemble l'écosystème de drones internationaux sous un même toit.Avec une éducation de premier ordre, un réseautage inégalé et plus d'expositions que tout autre événement de drones commerciaux, Commercial UAV Expo est l'événement incontournable si vous suivez la technologie et les développements les plus récents est une priorité.
-
événements
Commercial UAV Expo is the world\'s leading trade show and conference focusing on the integration and operation of commercial UAS with more exhibitors than any other commercial drone event. Industries covered include Construction; Drone Delivery; Energy & Utilities; Forestry & Agriculture; Infrastructure & Transportation; Mining & Aggregates; Public Safety & Emergency Services; Security; and Surveying & Mapping. Launched in 2015, Commercial UAV Expo gathers the international drone ecosystem under one roof. With top-notch education, unparalleled networking, and more exhibits than any other commercial drone event, Commercial UAV Expo is the must-attend event if keeping up with the newest technology and developments is a priority. - EVENTS |
Guideline Conference | ★★ | |
 |
2023-03-29 09:15:00 | Comment maintenir votre sécurité en ligne?(Édition 2023) [How to Maintain Your Online Security? (2023 Edition)] (lien direct) | > Si vous vous souciez de votre sécurité en ligne et que vous devenez plus nerveux à ce sujet, c'est entièrement ...
>If you’re concerned about your online security and getting more nervous about that, that’s entirely... |
Guideline Conference | ★★★ | |
 |
2023-03-27 11:03:13 | Hacks sur PWN2OWN VANCOUVER 2023 [Hacks at Pwn2Own Vancouver 2023] (lien direct) | Un éventail impressionnant de hacks a été démontré au Premier jour de la conférence PWN2OWN à Vancouver:
Le premier jour de PWN2OWN VANCOUVER 2023, les chercheurs en sécurité ont réussi à démontrer les exploits et les chaînes d'exploitation de Tesla Model 3, Windows 11 et MacOS pour gagner 375 000 $ et un Tesla Model 3.
Le premier à tomber a été le lecteur d'Adobe dans la catégorie des applications d'entreprise après Abdul Aziz Hariri ( @abdhariri ) utiliséUne chaîne d'exploitation ciblant une chaîne logique à 6 bug abusant plusieurs correctifs échoués qui ont échappé au bac à sable et contourné une liste d'API interdite sur macOS pour gagner 50 000 $ ...
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000... |
Conference | ★★★ | |
|
2023-03-23 20:35:42 | 20 avril Paris 8 heures 30 à 10 heures CyberCercle : Intelligence Artificielle : enjeux et nouveaux défis réglementation - éthique - sécurité - souveraineté (lien direct) | 20 avril 2023 de 8 heures 30 à 10 heures Paris Vous inscrire Bénédicte PILLIET, Présidente du CyberCercle, serait ravie de vous retrouver le jeudi 20 avril 2023 pour un échange privilégié autour de la thématique Intelligence Artificielle : enjeux et nouveaux défis réglementation - éthique - sécurité - souveraineté - Événements | Conference | ★★★ | |
|
2023-03-15 19:26:20 | CPX 360 Munich (lien direct) | Munich hosts this year's edition of Check Point's Cyber Security Summit CPX 360, giving an insight in new solutions and best practices Today, March 15, the 2023 edition of Check Point's Cyber Security Summit CPX 360 opened its doors for all interested parties. After a humorous introduction mentioning anomalies in work environments due to Covid-19 related problems, Check Point's CEO Gil Shwed got to the more serious challenge to keep businesses secure in the fast developing work environment, (...) - International News | Conference | ★★★ | |
 |
2023-03-15 00:00:00 | Meet Fortinet Experts at RSA Conference 2023 (lien direct) | Fortinet will once against be attending the RSA Conference in San Francisco. Come visit us at our booth (#5863) and see our feature demo kiosks, theater, and Experts Bar. | Conference | ★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
 |
2023-03-03 00:00:00 | S4x23 Review Part 1: What\'s New in OT Security (lien direct) | This blog introduces discussions from S4x23, the ICS security conference in Miami over several posts. The first installment will cover two topics from the academic interviews. | Conference | ★★★★ | |
 |
2023-02-28 16:30:00 | Perspectives mandiantes de la Munich Cyber Security Conference 2023 Mandiant Perspectives from the Munich Cyber Security Conference 2023 (lien direct) |
Les cyber-capacités sont un outil de plus en plus important de Statecraft avec les opérations d'aujourd'hui reflétant de plus en plus les ambitions stratégiques et géopolitiques des sponsors gouvernementaux.Il est essentiel de connecter les défenseurs et les décideurs du réseau.
La Conférence de cybersécurité de Munich (MCSC) fournit donc un échange de bienvenue pour discuter des défis naissants auxquels la communauté de la cybersécurité est confrontée.La vice-présidente de l'intelligence mandiante Sandra Joyce et Google Cloud Ciso Phil Venables ont pris la parole lors de l'événement de cette année.
Ce billet de blog décrit les plats à retenir de MCSC 2023 et comment mandiant, maintenant une pièce
Cyber capabilities are an increasingly important tool of statecraft with today\'s operations increasingly reflecting the strategic and geopolitical ambitions of government sponsors. This makes it essential to connect network defenders and policymakers. The Munich Cyber Security Conference (MCSC), therefore, provides a welcome exchange to discuss nascent challenges facing the cyber security community. Both Mandiant Intelligence VP Sandra Joyce, and Google Cloud CISO Phil Venables spoke at this year\'s event. This blog post outlines key takeaways from MCSC 2023 and how Mandiant, now a part |
Tool Cloud Conference | ★★ | |
|
2023-02-24 15:25:38 | 15th to 19th May - Amsterdam, The Netherlands: SGF-Cybersecurity Week 2023 (lien direct) | SGF-Cybersecurity Week 2023 Delivering next-level cybersecurity and cyber-resilience to the power grid to enable the energy transition 5-Day In-Person Conference, Exhibition & Networking Forum Monday 15th to Friday 19th May 2023 | Amsterdam, The Netherlands - EVENTS | Conference | ★★★ | |
 |
2023-01-30 13:52:25 | Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK (lien direct) |
The UK's National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia's SEABORGIUM threat actor and Iran's TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists." |
Threat Conference | APT 35 | ★★ |
|
2023-01-26 00:01:00 | British cyber agency issues warning over Russian and Iranian espionage campaigns (lien direct) |  Two separate but similar espionage campaigns from Russian and Iranian-linked groups have prompted a warning from Britain's National Cyber Security Centre. In a document published on Thursday local time the NCSC warned how instead of sending surprise phishing emails, the hacking groups – identified as “Russia-based” SEABORGIUM and “Iran-based” APT42, or Charming Kitten – are [… |
Conference | APT 35 APT 42 | ★★ |
 |
2023-01-07 11:15:08 | CVE-2018-25070 (lien direct) | A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | Vulnerability Guideline Conference | APT 35 | |
|
2022-12-14 10:20:58 | Iranian-state-aligned threat actor targets new victims in cyberespionage and kinetic campaigns – Proofpoint research (lien direct) | Iranian-state-aligned threat actor targets new victims in cyberespionage and kinetic campaigns – Proofpoint research Cybersecurity researchers at Proofpoint have released new threat intelligence into Iranian state-aligned threat actor TA453 (AKA Charming Kitten, PHOSPHORUS, APT42), showing how the group has deviated from its traditional phishing techniques and is targeting new victims. - Malware Update | Threat Conference | APT 35 APT 42 | ★★ |
|
2022-12-12 00:00:00 | Sonar @ PWN2OWN TORONTO 2022 (lien direct) | Les membres de l'équipe de recherche sur la vulnérabilité de Sonar ont participé à distance à Pwn2own Toronto 2022. Ce concours est assez spécial pour nous: nous nous concentrons généralement sur les vulnérabilités de code dans les projets d'application Web open source.
Members of the Sonar Vulnerability Research team remotely participated in Pwn2Own Toronto 2022. This competition is quite special for us: we usually focus on code vulnerabilities in open-source web application projects. |
Vulnerability Conference | ★★★ | |
 |
2022-12-07 16:00:00 | Security Risks Found in Millions of XIoT Devices (lien direct) | Phosphorus published a report encapsulating five years of security research and device testing. | Conference | APT 35 | ★★★ |
|
2022-11-29 00:00:00 | Code de la sécurité du code Calendrier 2022 Code Security Advent Calendar 2022 (lien direct) |
L'année touche lentement à sa fin et il est à nouveau le temps de regarder en arrière et de réfléchir sur le grand plaisir et les réalisations de l'année.C'est là que nous tenons à remercier notre communauté et à partager un petit cadeau, comme nous le faisons en décembre depuis 2016.
The year is slowly coming to an end and it\'s time again to look back and reflect on the great fun and achievements of the year. This is where we would like to thank our community and share a little gift, as we do every December since 2016. |
Conference | ★★★ | |
 |
2022-11-23 00:00:00 | Président de la cybersécurité chez MTU, Donna O \\\ 'Shea, décerné Confirmer Conference Epe Award Chair of Cybersecurity at MTU, Donna O\\\'Shea, awarded CONFIRM Conference EPE Award (lien direct) |
Président de la cybersécurité chez MTU et Project Lead à Cyber Skills, Donna O \\ 'Shea, Award Conference EPE Award avec les collègues du professeur Tom Newe et le Dr Alan McGibney.
Le prix reconnaît les récipiendaires pour avoir dépassé et au-delà en termes de développement et de livraison d'activités EPE en 2021. En tant que récipiendaire du prix, Donna, Tom et Alan sont considérés comme des champions de l'EPE au sein du centre de confirmation, non seulement en raison de leurs niveaux élevés d'engagement avecLe programme EPE, mais aussi parce qu'ils servent à informer davantage de membres juniors des avantages de l'engagement public et les inspirent à s'impliquer dans le programme.
Chair of Cybersecurity at MTU and Project Lead at Cyber Skills, Donna O\'Shea, awarded CONFIRM Conference EPE Award with colleagues Prof Tom Newe and Dr Alan McGibney. The award recognises recipients for going over and above in terms of developing and delivering EPE activities in 2021. As recipients of the award, Donna, Tom and Alan are considered EPE champions within the CONFIRM Centre, not only because of their high levels of engagement with the EPE programme, but also because they serve to inform more junior members of the benefits of public engagement and inspire them to get involved in the programme. |
Conference | ★★ | |
|
2022-11-21 00:00:00 | La première conférence de l'initiative du capital humain The First Human Capital Initiative Conference (lien direct) |
Le 17 novembre, la High Education Authority (HEA) a organisé la première conférence Initiative Capital Human (HCI) où toutes les initiatives ont été réunies pour la première fois pour discuter des défis et des projets.L'événement a été un grand succès, mettant en évidence l'impact et les opportunités pour l'Irlande pour offrir des programmes universitaires innovants et agiles.
On the 17th of November, the Higher Education Authority (HEA) hosted the first Human Capital Initiative (HCI) conference where all initiatives were brought together for the first time to discuss the challenges and projects. The event was a great success, highlighting the impact and opportunities for Ireland in delivering innovative and agile academic programmes. |
Conference | ★★★ | |
|
2022-11-10 00:00:00 | Un regard sur Kubecon 2022 A Look Back at KubeCon 2022 (lien direct) |
L'équipe de sonar a passé un bon moment à parrainer Kubecon 2022 à Détroit.Lisez nos plats à emporter de l'événement ...
The Sonar Team had a great time sponsoring KubeCon 2022 in Detroit. Read about our takeaways from the event... |
Conference | ★★★ | |
|
2022-10-25 00:00:00 | Bits de Hexacon 2022 Bits from Hexacon 2022 (lien direct) |
Nos équipes de recherche sur les applications et la vulnérabilité ont passé un bon moment à Hexacon 2022, ici ce que nous avons apprécié!
Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here\'s what we enjoyed! |
Vulnerability Conference | ★★★ | |
|
2022-10-17 07:00:00 | L'avantage du Defender \\ est l'avantage Cyber Snapshot Issue - Plus d'informations sur les fronts The Defender\\'s Advantage Cyber Snapshot Issue 2 - More Insights From the Frontlines (lien direct) |
Lorsque nous avons publié notre d'abord le défenseur \\ est avantageux cyber snapshot Lors de la conférence RSA 2022, notreL'objectif était simple: fournir un aperçu des sujets de cyber-défense d'une importance croissante en fonction de nos observations des fronts des dernières cyberattaques.
Au cours de la seconde moitié de cette année, nous avons rendu compte de plusieurs menaces, des campagnes d'opérations d'information à des campagnes généralisées ciblant Microsoft 365, l'authentification duo et les plateformes de crypto-monnaie, et notre suivi continu du suivi du suivi de la poursuite des plateformesActivité des groupes d'acteurs de menace avancés parrainés par l'État.
Ce paysage de menace varié demande
When we released our first The Defender\'s Advantage Cyber Snapshot during RSA Conference 2022, our goal was simple: to provide insight into cyber defense topics of growing importance based on our observations from the frontlines of the latest cyber attacks. In the latter half of this year we\'ve reported on a number of threats from information operations campaigns to widespread campaigns targeting Microsoft 365, Duo Authentication, and cryptocurrency platforms, and our continued tracking of activity from advanced state-sponsored threat actor groups. This varied threat landscape demands |
Threat Conference | ★★★ | |
|
2022-10-06 00:00:00 | La première conférence en personne de Cyber Ireland \\ Cyber Ireland\\'s First In-Person Conference (lien direct) |
Le 5 octobre, Cyber Ireland a organisé sa première conférence nationale en personne, a dirigé le directeur de cluster de Bycyber Ireland \\, le Dr Eoin Byrne et le directeur marketing, Fiona Kearney.
La professeure Donna O \\ 'Shea, présidente de la cybersécurité à MTU et chef de projet chez Cyber Skills, a déclaré: «En tant qu'institution académique hôte de Cyber Ireland, la Faculté de génie et de science de MTU \\ a été ravie de parrainer celaévénement.Avec plus de 300 participants, ce fut un succès fantastique. »
Le Cyber Skillsteam était également présent lors de la conférence, contribuant aux séances en petits groupes et à la tête de discussions sur des sujets importants tels que le # redflagsareabusecampaign avec @safe Ireland.
On the 5th of October, Cyber Ireland hosted its first in-person national conference, led by Cyber Ireland\'s Cluster Manager, Dr. Eoin Byrne and Marketing Manager, Fiona Kearney. Professor Donna O\'Shea, Chair of Cyber Security at MTU and Project Lead at Cyber Skills, said: “As the host academic institution of Cyber Ireland, MTU\'s Faculty of Engineering and Science Cork Campus was delighted to sponsor this event. With over 300 attendees, it was a fantastic success.” The Cyber Skills team was also present at the conference, contributing to the breakout sessions and leading discussions on important topics such as the #RedFlagsAreAbuse campaign with @Safe Ireland. |
Conference | ★★ | |
 |
2022-09-14 05:09:00 | Iranian cyberspies use multi-persona impersonation in phishing threads (lien direct) | One of the most prolific state-sponsored Iranian cyber espionage groups is targeting researchers from different fields by setting up sophisticated spear-phishing lures in which they use multiple fake personas inside the same email thread for increased credibility.Security firm Proofpoint tracks the group as TA453, but it overlaps with activity that other companies have attributed to Charming Kitten, PHOSPHORUS and APT42. Incident response company Mandiant recently reported with medium confidence that APT42 operates on behalf of the Islamic Revolutionary Guard Corps (IRGC)'s Intelligence Organization (IRGC-IO) and specializes in highly targeted social engineering.To read this article in full, please click here | Conference | APT 35 APT 42 | |
 |
2022-09-08 11:08:00 | Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (lien direct) | Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and | Ransomware Threat Conference | APT 35 | |
|
2022-08-23 07:50:00 | Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts (lien direct) | The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known | Malware Tool Threat Conference | Yahoo APT 35 | |
|
2022-08-04 09:00:00 | Roadsweep Ransomware - Un acteur de menace iranienne probable mène une activité perturbatrice à motivation politique contre les organisations gouvernementales albanaises ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (lien direct) |
résumé exécutif
Mandiant a identifié la famille des ransomwares routiers et un personnage télégramme qui a ciblé le gouvernement albanais dans une opération perturbatrice politiquement motivée avant une conférence de l'organisation d'opposition iranienne à la fin de juillet 2022.
Une chimneysweep de porte dérobée auparavant inconnue et une nouvelle variante de l'essuie-glace Zeroclear peuvent également avoir été impliquées.
Les données de distribution de logiciels malveillants Chimneysweep et le contenu de leurre, le timing de l'opération \\ et le contenu à thème politiquement, et l'implication possible de l'essuie-glace zérocléaire indique qu'un acteur de menace iranien est probablement responsable.
Executive Summary Mandiant identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization\'s conference in late July 2022. A previously unknown backdoor CHIMNEYSWEEP and a new variant of the ZEROCLEAR wiper may also have been involved. CHIMNEYSWEEP malware distribution data and decoy content, the operation\'s timing and politically themed content, and the possible involvement of the ZEROCLEAR wiper indicate an Iranian threat actor is likely responsible. |
Ransomware Malware Threat Conference | ★★★ | |
|
2022-06-21 15:03:00 | Anomali Cyber Watch: GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool, DragonForce Malaysia OpsPatuk / OpsIndia and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT35, CrescentImp, Follina, Gallium, Phosphorous, and Sandworm. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Update: The Phish Goes On - 5 Million Stolen Credentials and Counting
(published: June 16, 2022)
PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads.
Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204
Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo
F5 Labs Investigates MaliBot
(published: June 15, 2022)
F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services.
Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options.
MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204
Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES
Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa
(published: June 15, 2022)
On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | Yahoo APT 35 | |
 |
2022-06-15 10:41:47 | New Iranian Spear-Phishing Campaign Hijacks Email Conversations (lien direct) | A major new state-backed spear-phishing operation targeting multiple high-ranking Israeli and US officials has been uncovered by security researchers. The campaign has been traced to the Iranian Phosphorus ATP group, according to Check Point. It has targeted former Israeli foreign minister and deputy Prime Minister Tzipi Livni, a former US ambassador to Israel, and a […] | Conference | APT 35 | |
|
2022-06-06 09:00:00 | L'instantané du défenseur inaugural du défenseur The Inaugural Defender\\'s Advantage Cyber Snapshot (lien direct) |
La conférence RSA 2022 est enfin là!Les experts de Mandiant sont prêts à se joindre aux différentes conversations de cybersécurité qui auront lieu pendant l'événement, de tout ce qui, du plancher du vendeur, au stade d'ouverture.
Nous avons tellement de choses à partager sur ce que nous voyons de notre point de vue sur les fronts des dernières cyberattaques, et plusieurs de ces idées sont partagées dans notre rapport spécial, le cyberInstantané.
Le rapport de style magazine est disponible dès maintenant et contient des articles sur de nombreux sujets importants que nous traitons aujourd'hui, notamment:
commun
RSA Conference 2022 is finally here! The experts at Mandiant are ready to join in on the various cyber security conversations that will be taking place during the event-everywhere from the vendor floor to the keynote stage. We have so much to share about what we\'re seeing from our view on the frontlines of the latest cyber attacks, and several of those insights are being shared in our special report, The Defender\'s Advantage Cyber Snapshot. The magazine-style report is available now and contains articles on many important topics that we deal with today, including: Common |
Conference | ★★★ | |
|
2022-05-17 15:01:00 | Anomali Cyber Watch: Costa Rica in Ransomware Emergency, Charming Kitten Spy and Ransom, Saitama Backdoor Hides by Sleeping, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Conti ransomware, India, Iran, Russia, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
COBALT MIRAGE Conducts Ransomware Operations in U.S.
(published: May 12, 2022)
Secureworks researchers describe campaigns by Iran-sponsored group Cobalt Mirage. These actors are likely part of a larger group, Charming Kitten (Phosphorus, APT35, Cobalt Illusion). In 2022, Cobalt Mirage deployed BitLocker ransomware on a US charity systems, and exfiltrated data from a US local government network. Their ransomware operations appear to be a low-scale, hands-on approach with rare tactics such as sending a ransom note to a local printer. The group utilized its own custom binaries including a Fast Reverse Proxy client (FRPC) written in Go. It also relied on mass scanning for known vulnerabilities (ProxyShell, Log4Shell) and using commodity tools for encryption, internal scanning, and lateral movement.
Analyst Comment: However small your government or NGO organization is, it still needs protection from advanced cyber actors. Keep your system updated, and employ mitigation strategies when updates for critical vulnerabilities are not available.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Cobalt Mirage, Phosphorous, Cobalt Illusion, TunnelVision, Impacket, wmiexec, Softperfect network scanner, LSASS, RDP, Powershell, BitLocker, Ransomware, Fast Reverse Proxy client, FRP, FRPC, Iran, source-country:IR, USA, target-country:US, Cyberespionage, Government, APT, Go, Log4j2, ProxyShell, CVE-2021-34473, CVE-2021-45046, CVE-2021-44228, CVE-2020-12812, CVE-2021-31207, CVE-2018-13379, CVE-2021-34523, CVE-2019-5591
SYK Crypter Distributing Malware Families Via Discord
(published: May 12, 2022)
Morphisec researchers discovered a new campaign abusing popular messaging platform Discord content distribution network (CDN). If a targeted user activates the phishing attachment, it starts the DNetLoader malware that reaches out to the hardcoded Discord CDN link and downloads a next stage crypter such as newly-discovered SYK crypter. SYK crypter is being loaded into memory where it decrypts its configuration and the next stage payload using hardcoded keys and various encryption methods. It detects and impairs antivirus solutions and checks for d |
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 15 APT 34 | |
 |
2022-05-12 13:18:29 | Iranian Cyberspy Group Launching Ransomware Attacks Against US (lien direct) | Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports. | Ransomware Threat Conference | APT 35 APT 35 | ★★★ |
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-04-26 10:00:00 | Annotation des fonctions de démontage de logiciels malveillants utilisant la traduction de la machine neuronale Annotating Malware Disassembly Functions Using Neural Machine Translation (lien direct) |
Les binaires de logiciels malveillants peuvent contenir des milliers à des millions d'instructions exécutables, et même les ingénieurs inversés de niveau expert peuvent passer des jours à analyser le démontage pour reconstituer la fonctionnalité du code.L'annulation itérative des fonctions est une stratégie qu'un analyste malveillant peut utiliser pour décomposer l'analyse en morceaux plus gérables.Cependant, l'annotation peut être un processus fastidieux qui entraîne souvent des choix de syntaxe et de fonction incohérents entre les différents analystes.La science des données mandiantes (MDS) et Flare Les équipes ont publié ce billet de blog pour accompagner notre récente conférence de technologie GPU NVIDIA (GTC)
Malware binaries may contain thousands to millions of executable instructions, and even expert-level reverse engineers can spend days analyzing disassembly to piece together code functionality. Iteratively annotating functions is one strategy that a malware analyst can use to break analysis down into more manageable chunks. However, annotation can be a tedious process that often results in inconsistent syntax and function choices among different analysts. The Mandiant Data Science (MDS) and FLARE teams released this blog post to accompany our recent NVIDIA GPU Technology Conference (GTC) |
Malware Conference | ★★★ | |
|
2022-03-24 07:00:00 | Mwise: une évolution du sommet de la cyber-défense mandiante mWISE: An Evolution of Mandiant Cyber Defense Summit (lien direct) |
J'ai commencé à travailler dans la cybersécurité il y a plus de 20 ans - je faisais partie de la sécurité RSA, et j'étais responsable du marketing sortant pour les Amériques, ainsi qu'un événement peu connu à laTemps appelé RSA Conference (RSAC).Après ma première année, j'ai élargi l'attention et j'ai aidé à développer l'événement à l'échelle mondiale, atteignant un pic de 50 000 participants.
Avant de rejoindre Mandiant, j'ai vu la société comme unique et axée sur la mission pour rendre le monde plus sûr des menaces.En particulier, l'industrie a vraiment pris note des activités néfastes de l'État-nation avec la recherche en profondeur Mandiant publié en 2013 sur Apt1
I started working in cyber security over 20 years ago-I was part of RSA Security, and was responsible for outbound marketing for the Americas, as well as a little-known event at the time called RSA Conference (RSAC). After my first year, I expanded the focus and helped to grow the event globally, reaching a peak of 50,000 attendees. Before joining Mandiant, I saw the company as unique and mission-focused-aspiring to make the world safer from threats. In particular, the industry really took notice of nefarious nation-state activities with the deep research Mandiant published in 2013 on APT1 |
Conference | APT 1 | ★★★ |
|
2022-02-22 15:18:36 | Enterprise IoT Security Firm Phosphorus Raises $38 Million (lien direct) | Nashville, TN-based IoT security firm Phosphorus Cybersecurity has raised $38 million in a Series A funding round led by SYN Ventures and MassMutual Ventures. Phosphorus discovers, delivers timely and automated patching and credential rotation for IoT devices in what it calls the 'Security of Things'. | Patching Conference | APT 35 APT 35 | |
 |
2022-02-18 15:21:14 | Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability (lien direct) | Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […] | Ransomware Vulnerability Conference | APT 35 |
To see everything:
Our RSS (filtrered)
