What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-09 01:02:00 | ALPHV / Blackcat Takedown semble être lié aux forces de l'ordre ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related (lien direct) |
Les sources Intel de menace confirment que le site de Ransomware Group \\ a été fermé par les forces de l'ordre.
Threat intel sources confirm the ransomware group\'s site has been shuttered by law enforcement. |
Ransomware Threat | ★★★ | |
 |
2023-12-08 20:40:05 | Presque tous les DSI identifient au moins une cyber-menace comme un risque pour leur entreprise Nearly Every CIO Identifies at Least One Cyber Threat as a Risk to their Business (lien direct) |
|
Threat | ★★ | |
 |
2023-12-08 19:03:00 | N. Corée Kimsuky ciblant les instituts de recherche sud-coréens avec des attaques de porte dérobée N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks (lien direct) |
L'acteur de menace nord-coréenne connue sous le nom de & nbsp; Kimsuky & nbsp; a été observé ciblant les instituts de recherche en Corée du Sud dans le cadre d'une campagne de phisces de lance dans l'objectif ultime de distribuer des déambulations sur des systèmes compromis.
"L'acteur de menace utilise finalement une porte dérobée pour voler des informations et exécuter des commandes", le centre d'intervention d'urgence de sécurité AHNLAB (ASEC) & NBSP; dit & nbsp; dans un
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal information and execute commands," the AhnLab Security Emergency Response Center (ASEC) said in an |
Threat | APT 43 | ★★★ |
|
2023-12-08 16:38:00 | Ransomware-as-a-Service: la menace croissante que vous ne pouvez pas ignorer Ransomware-as-a-Service: The Growing Threat You Can\\'t Ignore (lien direct) |
Les attaques de ransomwares et NBSP; sont devenues une menace importante et omniprésente dans le domaine en constante évolution de la cybersécurité.Parmi les différentes itérations des ransomwares, une tendance qui a pris de l'importance est le ransomware en tant que service (RAAS).Ce développement alarmant a transformé le paysage de la cybercriminalité, permettant aux personnes ayant une expertise technique limitée de mener des attaques dévastatrices.
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks. |
Ransomware Threat Prediction Technical | ★★ | |
 |
2023-12-08 15:16:00 | Plus de preuves du renseignement russe exploitant de vieilles perspectives de faille More evidence of Russian intelligence exploiting old Outlook flaw (lien direct) |
Les chercheurs en cybersécurité ont découvert une autre campagne dans laquelle les pirates associés aux renseignements militaires de la Russie exploitent une vulnérabilité dans les logiciels Microsoft pour cibler des entités critiques, y compris celles des pays membres de l'OTAN.Selon un Rapport par Palo Alto Networks \\ 'Unit 42, l'acteur de menace russe connue sous le nom de Fancy Bear ou APT28 a violé Microsoft Outlook sur
Cybersecurity researchers have discovered another campaign in which hackers associated with Russia\'s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries. According to a report by Palo Alto Networks\' Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over |
Vulnerability Threat | APT 28 | ★★ |
|
2023-12-08 15:00:00 | Russian Espionage Group Hammers zéro cliquez sur Microsoft Outlook Bug Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug (lien direct) |
Les acteurs parrainés par l'État continuent d'exploiter le CVE-2023-23397, une vulnérabilité dangereuse sans interaction dans le client de messagerie Outlook de Microsoft \\ qui a été corrigé en mars, dans une campagne mondiale généralisée.
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft\'s Outlook email client that was patched in March, in a widespread global campaign. |
Vulnerability Threat | ★★★ | |
|
2023-12-08 15:00:00 | Les 3 cyber-menaces les plus répandues des vacances The 3 Most Prevalent Cyber Threats of the Holidays (lien direct) |
Le chaos et le volume des ventes de saison des fêtes font une parfaite tempête d'opportunités de menace.Les entreprises doivent se préparer et pratiquer!- Plans d'action, identifier les principales parties prenantes et considérer la cyberintimidation.
Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare - and practice! - action plans, identify key stakeholders, and consider cyber insurance. |
Threat | ★★ | |
|
2023-12-08 14:53:00 | WordPress releve la mise à jour 6.4.2 pour aborder la vulnérabilité critique d'attaque à distance WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability (lien direct) |
WordPress a publié la version 6.4.2 avec un correctif pour un défaut de sécurité critique qui pourrait être exploité par les acteurs de la menace en le combinant avec un autre bogue pour exécuter un code PHP arbitraire sur des sites vulnérables.
"Une vulnérabilité d'exécution du code distant qui n'est pas directement exploitable dans Core; cependant, l'équipe de sécurité estime qu'il existe un potentiel de gravité élevée lorsqu'il est combiné avec certains plugins,
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins, |
Vulnerability Threat | ★★ | |
 |
2023-12-08 13:38:44 | La vulnérabilité de la passerelle Syrus4 IoT pourrait permettre une exécution de code sur des milliers de véhicules, simultanément (CVE-2023-6248) Syrus4 IoT Gateway Vulnerability Could Allow Code Execution on Thousands of Vehicles, Simultaneously (CVE-2023-6248) (lien direct) |
Une vulnérabilité significative affectant la passerelle IoT Syrus4 est apparue, constituant une menace sérieuse pour le ...
A significant vulnerability affecting Syrus4 IoT Gateway has emerged, posing a serious threat to the... |
Vulnerability Threat Industrial | ★★★★ | |
 |
2023-12-08 11:31:35 | L'influence russe et les cyber-opérations s'adaptent à long terme et exploitent la fatigue de la guerre Russian influence and cyber operations adapt for long haul and exploit war fatigue (lien direct) |
L'influence russe et les cyber-opérations s'adaptent pour la fatigue de la guerre à long terme et exploitent
Clint Watts - Directeur général, Microsoft Threat Analysis Center
-
mise à jour malveillant
Russian influence and cyber operations adapt for long haul and exploit war fatigue Clint Watts - General Manager, Microsoft Threat Analysis Center - Malware Update |
Threat | ★★ | |
 |
2023-12-08 10:37:54 | Les hackers Star Blizzard améliorent la sophistication, les techniques d'évasion dans les cyberattaques en cours, révèle Microsoft Star Blizzard hackers improve sophistication, evasion techniques in ongoing cyber attacks, Microsoft reveals (lien direct) |
Microsoft Threat Intelligence a révélé qu'il surveillait activement et contrecarne des activités malveillantes menées par un russe ...
Microsoft Threat Intelligence revealed that it is actively monitoring and thwarting malicious activities carried out by a Russian... |
Threat | ★★ | |
 |
2023-12-08 10:00:00 | Géopolitique à blâmer pour la surtension DOS en Europe, dit Enisa Geopolitics to Blame For DoS Surge in Europe, Says ENISA (lien direct) |
L'Agence européenne de sécurité prétend que la menace DDOS «nouvelle et massive» est motivée par la motivation politique
European security agency claims “novel and massive” DDoS threat is driven by political motivation |
Threat | ★★ | |
 |
2023-12-08 06:00:37 | Protéger les identités: comment ITDR complète EDR et XDR pour garder les entreprises plus en sécurité Protecting identities: How ITDR Complements EDR and XDR to Keep Companies Safer (lien direct) |
Defenders who want to proactively protect their company\'s identities have no shortage of security tools to choose from. There are so many, in fact, that it seems like a new category of tool is invented every few months just to help keep them all straight. Because most security teams are finding it increasingly difficult to stop attackers as they use identity vulnerabilities to escalate privilege and move laterally across their organization\'s IT environment, some of today\'s newest tools focus on this middle part of the attack chain. Endpoint detection and response (EDR) and extended detection and response (XDR) are two tools that claim to cover this specialized area of defense. But unfortunately, because of their fundamental architecture and core capabilities, that\'s not really what they do best. That\'s why a new category of tool-identity threat detection and response (ITDR)-is emerging to fill the gaps. In this blog post, we\'ll explain the difference between EDR, XDR and ITDR so that you can understand how these tools complement and reinforce each other. They each have strengths, and when they\'re combined they provide even better security coverage. But first, let\'s rewind the cybersecurity evolution timeline back to the 1980s to understand why ITDR has emerged as a critical defense measure in today\'s threat landscape. The rise of antivirus software and firewalls We\'re starting in the 1980s because that\'s the decade that saw the advent of computer networks and the proliferation of personal computers. It also saw the rapid rise of new threats due to adversaries taking advantage of both trends. There were notable computer threats prior to this decade, of course. The “Creeper” self-replicating program in 1971 and the ANIMAL Trojan in 1975 are two examples. But the pace of development picked up considerably during the 1980s as personal computing and computer networking spread, and bad actors and other mischief-makers sought to profit from or simply break into (or break) devices and systems. In 1987, the aptly named Bernd Robert Fix, a German computer security expert, developed a software program to stop a virus known as Vienna. This virus destroyed random files on the computers it infected. Fix\'s program worked-and the antivirus software industry was born. However, while early antivirus tools were useful, they could only detect and remove known viruses from infected systems. The introduction of firewalls to monitor and control network traffic is another security advancement from the decade. Early “network layer” firewalls were designed to judge “packets” (small chunks of data) based on simple information like the source, destination and connection type. If the packets passed muster, they were sent to the system requesting the data; if not, they were discarded. The internet explosion-and the escalation of cybercrime The late 1990s and early 2000s witnessed the explosive growth of the internet as a key business platform, kicking off an era of tremendous change. It brought new opportunities but also many new security risks and threats. Cybercrime expanded and became a more formalized and global industry during this time. Bad actors focused on developing malware and other threats. Email with malicious attachments and crafty social engineering strategies quickly became favorite tools for adversaries looking to distribute their innovations and employ unsuspecting users in helping to activate their criminal campaigns. As cyberthreats became more sophisticated, defenders evolved traditional detective security tools to feature: Signature-based detection to identify known malware Heuristic analysis to detect previously difficult to detect threats based on suspicious behavioral patterns All of these methods were effective to a degree. But once again, they could not keep in step with cybercriminal innovation and tended to generate a lot of false positives and false negatives. Enter the SIEM Around 2005, security information and event management (SIEM) tools emerged to enhance | Ransomware Malware Tool Vulnerability Threat Studies Cloud | ★★★ | |
 |
2023-12-08 05:05:57 | Kimsuky Group utilise AutOIT pour créer des logiciels malveillants (RFTRAT, AMADEY) Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey) (lien direct) |
Présentation de l'accès….2.1.Attaque de phishing de lance….2.2.LNK Malwareremote Control MALWWare….3.1.Xrat (chargeur)….3.2.Amadey….3.3.Derniers cas d'attaque …… ..3.3.1.Autoit Amadey …… .. 3.3.2.Rftratpost-infection….4.1.Keylogger….4.2.Infostaler….4.3.Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Cases ofLes attaques contre des pays autres que la Corée du Sud ont ...
OverviewInitial Access…. 2.1. Spear Phishing Attack…. 2.2. LNK MalwareRemote Control Malware…. 3.1. XRat (Loader)…. 3.2. Amadey…. 3.3. Latest Attack Cases…….. 3.3.1. AutoIt Amadey…….. 3.3.2. RftRATPost-infection…. 4.1. Keylogger…. 4.2. Infostealer…. 4.3. Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Cases of attacks against countries other than South Korea have... |
Malware Threat | ★★ | |
|
2023-12-08 05:00:33 | 2023 octobre & # 8211;Rapport de tendance des menaces sur les groupes APT 2023 Oct – Threat Trend Report on APT Groups (lien direct) |
Dans ce rapport, nous couvrons des groupes de menaces dirigés par la nation présumés de mener du cyber-espionnage ou du sabotage sous le soutien du soutiendes gouvernements de certains pays, appelés groupes de menace persistante avancés (APT) & # 8221;Pour des raisons pratiques.Par conséquent, ce rapport ne contient pas d'informations sur les groupes de cybercrimins visant à obtenir des bénéfices financiers.Nous avons organisé des analyses liées aux groupes APT divulgués par des sociétés de sécurité et des institutions, notamment AHNLAB au cours du mois précédent;Cependant, le contenu de certains groupes APT peut ne pas ...
In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions including AhnLab during the previous month; however, the content of some APT groups may not... |
Threat Prediction | ★★ | |
|
2023-12-08 05:00:12 | 2023 octobre & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Oct – Deep Web and Dark Web Threat Trend Report (lien direct) |
Ce rapport de tendance sur le Web Deep et le réseau sombre d'octobre 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.Ransomware & # 8211;Regard de la ruche?Hunters International & # 8211;NOESCAPE Ransomware Gang & # 8211;Ragnarlocker DLS fermé & # 8211;Trigona disparaît Forum & # 38;Marché noir & # 8211;La base de données 23andMe a fui et vendu & # 8211;Violation du système de support d'Okta \\ détecté ...
This trend report on the deep web and dark web of October 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – Rebrand of Hive? Hunters International – NoEscape Ransomware Gang – RagnarLocker DLS Shut Down – Trigona Disappears Forum & Black Market – 23andMe Database Leaked and Being Sold – Breach of Okta\'s Support System Detected... |
Ransomware Threat Prediction | ★★★ | |
|
2023-12-08 04:59:47 | 2023 octobre & # 8211;Rapport de tendance des menaces sur le groupe Kimsuky 2023 Oct – Threat Trend Report on Kimsuky Group (lien direct) |
Les activités de Kimsuky en octobre 2023 ont légèrement diminué par rapport à leurs activités globales en septembre en septembre.Un domaine de phishing a été découvert, mais parce qu'il utilise l'infrastructure BabyShark, il a été classé comme type BabyShark.Il y avait aussi un type composé où Flowerpower et RandomQuery étaient distribués simultanément.Enfin, davantage de changements dans le système de fleurs via une fragmentation du script ont été observés.2023_OCT_THREAT TREND RAPPORT SUR KIMSUKY GROUP
The Kimsuky group’s activities in October 2023 decreased slightly in comparison to their overall activities in September. One phishing domain was discovered, but because it uses the BabyShark infrastructure, it was classified as the BabyShark type. There was also a compound type where FlowerPower and RandomQuery were distributed simultaneously. Finally, more changes to the FlowerPower system via script fragmentation were observed. 2023_Oct_Threat Trend Report on Kimsuky Group |
Threat Prediction | ★★★ | |
|
2023-12-08 04:58:39 | 2023 octobre & # 8211;Rapport de tendance des menaces sur les statistiques des ransomwares et les problèmes majeurs 2023 Oct – Threat Trend Report on Ransomware Statistics and Major Issues (lien direct) |
Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en octobre 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Hellokitty Ransomware & # 8217; s Code source fuite 2) Attaques de ransomware contre le serveur WS_FTP non corrigé 3) BlackCat Ransomware utilise & # 8216; Munchkin & # 8217;Alpine Linux VM 4) Autres 2023_OCT_THERAT RAPPORT DE TENDANCE SUR LES STATISTIQUES RANSOMWAGIES ET LES MAJEURS INSCULTATIONS
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in October 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) HelloKitty Ransomware’s Source Code Leaked 2) Ransomware Attacks Against Unpatched WS_FTP Server 3) BlackCat Ransomware Uses ‘Munchkin’ Alpine Linux VM 4) Others 2023_Oct_Threat Trend Report on Ransomware Statistics and Major Issues |
Ransomware Threat Prediction | ★★ | |
 |
2023-12-08 01:56:36 | Bras?|La Corée du Nord compromet la société de génie de missiles russes sanctionné Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company (lien direct) |
> Les acteurs de la menace nord-coréenne tentent de poursuivre le programme de missiles en compromettant la société de défense russe sanctionnée avec OpenCarrot Backdoor.
>North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor. |
Threat | ★★★ | |
|
2023-12-07 23:18:00 | Cybersixgill annonce un module de renseignement d'identité pour l'analyse des menaces Cybersixgill Announces Identity Intelligence Module for Threat Analysis (lien direct) |
Pas de details / No more details | Threat | ★★ | |
 |
2023-12-07 20:52:27 | Nouveau chargeur Bluenoroff pour macOS New BlueNoroff Loader for MacOS (lien direct) |
#### Description
Les chercheurs de Kaspersky ont découvert une nouvelle variété de chargeurs malveillants qui ciblent MacOS, qui serait lié au gang Bluenoroff Apt et à sa campagne en cours appelée RustBucket.L'acteur de menace est connu pour attaquer les organisations financières, en particulier les entreprises dont l'activité est en quelque sorte liée à la crypto-monnaie, ainsi qu'aux personnes qui détiennent des actifs cryptographiques ou s'intéressent au sujet.
La nouvelle variété a été trouvée à l'intérieur d'une archive zip qui contenait un fichier PDF nommé «Crypto-Assets et leurs risques pour la stabilité financière», avec une miniature qui montrait une page de titre correspondante.Les métadonnées conservées à l'intérieur des archives zip suggèrent que l'application a été créée le 21 octobre 2023. Les cybercriminels pourraient l'avoir envoyé par e-mail aux cibles comme ils l'ont fait avec les campagnes passées.L'application avait une signature valide lors de sa découverte, mais le certificat a depuis été révoqué.L'exécutable est un fichier de format universel qui contient des versions pour les puces Intel et Apple Silicon.Le décryptage de la charge utile cryptée XOR est géré par la fonction principale, calculExtamegcd.Pendant que le processus de décryptage est en cours d'exécution, l'application publie des messages non apparentés au terminal pour essayer d'obtenir la vigilance de l'analyste \\.La charge utile déchiffrée a le format Applescript.Le Trojan s'attend à l'une des trois commandes suivantes en réponse: Enregistrez la réponse au fichier et exécutez, supprimez la copie locale et fermez-vous, ou continuez à attendre la commande.Le Troie peut désormais être détecté par la plupart des solutions anti-malware.
#### URL de référence (s)
1. https: //securelist.com/bluenoroff-new-macos-malware/111290/
#### Date de publication
5 décembre 2023
#### Auteurs)
Sergey Puzan
#### Description Kaspersky researchers have discovered a new variety of malicious loader that targets macOS, which is believed to be linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies whose activity is in any way related to cryptocurrency, as well as individuals who hold crypto assets or take an interest in the subject. The new variety was found inside a ZIP archive that contained a PDF file named “Crypto-assets and their risks for financial stability”, with a thumbnail that showed a corresponding title page. The metadata preserved inside the ZIP archive suggests the app was created on October 21, 2023. The cybercriminals might have emailed it to targets as they did with past campaigns. The app had a valid signature when it was discovered, but the certificate has since been revoked. The executable is a universal format file that contains versions for both Intel and Apple Silicon chips. Decryption of the XOR-encrypted payload is handled by the main function, CalculateExtameGCD. While the decryption process is running, the app puts out unrelated messages to the terminal to try and lull the analyst\'s vigilance. The decrypted payload has the AppleScript format. The Trojan expects one of the following three commands in response: Save response to file and run, Delete local copy and shut down, or Keep waiting for command. The Trojan can now be detected by most anti-malware solutions. #### Reference URL(s) 1. https://securelist.com/bluenoroff-new-macos-malware/111290/ #### Publication Date December 5, 2023 #### Author(s) Sergey Puzan |
Threat | ★★★ | |
|
2023-12-07 20:06:00 | Microsoft met en garde contre les tactiques d'évasion et de vol d'identification de Coldriver \\ Microsoft Warns of COLDRIVER\\'s Evolving Evading and Credential-Stealing Tactics (lien direct) |
L'acteur de menace connu sous le nom de Coldriver a continué de se livrer à des activités de vol d'identification contre des entités qui sont des intérêts stratégiques pour la Russie tout en améliorant simultanément ses capacités d'évasion de détection.
L'équipe de Microsoft Threat Intelligence suit sous le cluster comme & nbsp; Star Blizzard & nbsp; (anciennement Selorgium).Il est également appelé Blue Callisto, Bluecharlie (ou TAG-53),
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It\'s also called Blue Callisto, BlueCharlie (or TAG-53), |
Threat | ★★★ | |
|
2023-12-07 19:00:00 | Ransomware, les violations de données sont inondées de l'OT et du secteur industriel Ransomware, Data Breaches Inundate OT & Industrial Sector (lien direct) |
En raison de la criticité des sociétés opérationnelles et des services publics restants, sont beaucoup plus susceptibles de payer, attirant encore plus de groupes de menaces et l'accent mis sur les systèmes OT.
Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems. |
Ransomware Threat Industrial | ★★★ | |
|
2023-12-07 17:16:00 | Nouveau défaut Bluetooth, laissez les pirates prendre le contrôle des appareils Android, Linux, MacOS et iOS New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (lien direct) |
Une faille de sécurité Bluetooth critique pourrait être exploitée par les acteurs de la menace pour prendre le contrôle des appareils Android, Linux, MacOS et iOS.
Suivi en tant que & nbsp; CVE-2023-45866, le problème se rapporte à un cas de contournement d'authentification qui permet aux attaquants de se connecter à des appareils sensibles et d'injecter des frappes pour atteindre l'exécution du code en tant que victime.
"Plusieurs piles Bluetooth ont un contournement d'authentification
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass |
Threat Mobile | ★★ | |
|
2023-12-07 16:21:00 | Construire une renseignement de menaces robuste avec Wazuh Building a Robust Threat Intelligence with Wazuh (lien direct) |
Le renseignement des menaces fait référence à la collecte, au traitement et à l'analyse des cybermenaces, ainsi que des mesures défensives proactives visant à renforcer la sécurité.Il permet aux organisations d'acquérir un aperçu complet des menaces historiques, présentes et anticipées, fournissant un contexte sur le paysage des menaces en constante évolution.
Importance de l'intelligence des menaces dans l'écosystème de cybersécurité
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the constantly evolving threat landscape. Importance of threat intelligence in the cybersecurity ecosystem |
Threat | ★★ | |
|
2023-12-07 15:54:00 | Les gouvernements peuvent vous espionner en demandant des notifications push à Apple et Google Governments May Spy on You by Requesting Push Notifications from Apple and Google (lien direct) |
Les gouvernements non spécifiés ont exigé les enregistrements de notification de push mobile des utilisateurs d'Apple et de Google pour poursuivre des personnes d'intérêt, selon le sénateur américain Ron Wyden.
"Les notifications push sont des alertes envoyées par les applications téléphoniques aux smartphones des utilisateurs", a déclaré Wyden & NBSP;
"Ces alertes passent par un bureau de poste numérique géré par le fournisseur de systèmes d'exploitation téléphonique - à une Apple ou à Google.
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users\' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of |
Threat Mobile | ★★★★ | |
|
2023-12-07 15:30:00 | Le gouvernement britannique met en garde contre les cyber campagnes russes contre la démocratie UK Government Warns of Russian Cyber Campaigns Against Democracy (lien direct) |
Le NCSC a identifié le groupe de menaces responsable comme Star Blizzard, lié au Centre FSB de Russie 18
The NCSC identified the threat group responsible as Star Blizzard, linked to Russia\'s FSB Center 18 |
Threat | ★★ | |
|
2023-12-07 15:00:00 | Dragos étend le programme de défense pour les petits services publics Dragos Expands Defense Program for Small Utilities (lien direct) |
Le programme de défense communautaire de Dragos offre aux petits services publics d'eau, de gaz et d'électricité avec accès à la plate-forme Dragos, aux ressources de formation et aux renseignements sur les menaces.
The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence. |
Threat | ★★★ | |
|
2023-12-07 14:29:12 | Gen révèle ses prédictions en cybersécurité pour 2024 (lien direct) | Gen révèle ses prédictions en cybersécurité pour 2024 Avec une IA de plus en plus sophistiquée, les menaces deviendront plus personnalisées aussi bien pour les personnes que les petites entreprises. - Points de Vue | Threat Prediction | ★★★ | |
 |
2023-12-07 13:23:31 | État des vulnérabilités log4j: combien Log4Shell a-t-il changé? State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (lien direct) |
Le 9 décembre, deux ans depuis que le monde a été très alerte en raison de ce qui a été considéré comme l'une des vulnérabilités les plus critiques de tous les temps: log4shell.La vulnérabilité qui a porté la cote de gravité la plus élevée possible (10,0) était dans Apache Log4J, un cadre de journalisation Java omniprésent que Veracode a estimé à l'époque a été utilisé dans 88% des organisations.
Si exploité, la vulnérabilité du jour zéro (CVE-2021-44228) dans les versions log4j log4j2 2.0-beta9 à 2.15.0 (excluant les versions de sécurité 2.12.2, 2.12.3 et 2.3.1) permettrait aux attaquants une télécommande une télécommande 2.12.2, 2.12.3 et 2.3.1) permettrait aux attaquants une télécommande une distance à distanceExécution de code (RCE) Attaquez et compromettez le serveur affecté.
Il a déclenché un effort massif pour corriger les systèmes affectés, estimés à des centaines de millions.L'apocalypse que beaucoup craignait ne se produisait pas, mais compte tenu de son omniprésence, le comité d'examen du cyber-sécurité du département américain de la sécurité intérieure \\ a déterminé que la correction de Log4Shell prendrait une décennie.
L'anniversaire de deux ans de Log4Shell est un bon…
December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations. If exploited, the zero-day vulnerability (CVE-2021-44228) in Log4j versions Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) would allow attackers to perform a remote code execution (RCE) attack and compromise the affected server. It triggered a massive effort to patch affected systems, estimated to be in the hundreds of millions. The apocalypse that many feared didn\'t happen, but given its pervasiveness, the U.S. Department of Homeland Security\'s Cyber Safety Review Board determined that fully remediating Log4Shell would take a decade. The two-year anniversary of Log4Shell is a good… |
Vulnerability Threat | ★★ | |
|
2023-12-07 11:45:00 | Nouveau furtif \\ 'Krasue \\' Linux Trojan ciblant les entreprises de télécommunications en Thaïlande New Stealthy \\'Krasue\\' Linux Trojan Targeting Telecom Firms in Thailand (lien direct) |
Un cheval de Troie à distance à distance auparavant inconnu appelé Krasue a été observé ciblant les sociétés de télécommunications en Thaïlande par des acteurs de menace de l'accès secret principal aux réseaux de victimes au bail depuis 2021.
Nommé d'après A & NBSP; Esprit féminin nocturne & NBSP; du folklore d'Asie du Sud-Est, le malware est "capable de cacher sa propre présence pendant la phase d'initialisation", groupe-ib & nbsp; dit & nbsp; dans un rapport
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report |
Malware Threat | ★★ | |
 |
2023-12-07 11:00:21 | Securonix Threat Labs Monthly Intelligence Insights & # 8211;Novembre 2023 Securonix Threat Labs Monthly Intelligence Insights – November 2023 (lien direct) |
Les informations de renseignement mensuelles fournissent un résumé des principales menaces organisées, surveillées et analysées par Securonix Threat Labs en novembre.
The Monthly Intelligence Insights provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in November. |
Threat | ★★ | |
 |
2023-12-07 11:00:00 | Casinos de Las Vegas ciblés par des attaques de ransomwares Las Vegas casinos targeted by ransomware attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Introduction: Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the Worldwide Web, cybercriminals have a variety of different methodologies and toolkits that they use on a daily basis to leverage vulnerabilities and commit crime. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks. Las Vegas hacks: In mid-September 2023, two of the biggest Las Vegas casino and hotel chains found themselves to be victims of ransomware attacks. The two organizations that were targeted were Caesars Entertainment and MGM Resorts International. MGM Resorts International: The attack against MGM was first reported on September 11, 2023, when MGM personnel put out a public statement stating that a “cyber security incident” had affected some of its systems. On the days following this statement many guests reported numerous problems with the casino and the hotel operations of the company. On the casino side, many guests reported problems with slot machines and payout receipts. The slot machines in some of the MGM casinos were completely inoperable and, in the casinos, where they were operational, the machines were not able to print out the cash-out vouchers. On the hotel side, many of the organization\'s websites were inaccessible for a while after the attack. Guests across multiple MGM hotels reported issues with their mobile room keys not functioning, and new arrivals reported wait times of up to six hours to check in. A hacking group known as Scattered Spider has taken credit for the ransomware attack against MGM Resorts International. Scattered Spider first appeared in the cyber threat landscape in May 2022 and is thought to be individuals ages 19-22 and based out of the UK and USA. The attackers carried this attack out in three phases. The first phase was reconnaissance, in which they stalked the company’s LinkedIn Page and the employees that work there. The second phase of the attack was a vishing attack against MGM’s IT help desk. A vishing attack is when someone uses phone calls or voice communication to trick the victim into sharing personal information, credit card numbers, or credentials. Using the information they gathered on LinkedIn; the attackers were able to impersonate an MGM employee and tricked the help desk into giving them credentials into MGM systems. The attack\'s third phase was launching ransomware developed by another hacker group, ALPHAV. Scattered Spider rendered multiple systems throughout the organization useless unless the ransom is paid. Currently it is not known if MGM paid the ransom, but all casinos are once again fully operational. Caesars Entertainment: Days after MGM reported it had been hacked, Caesars Entertainment group disclosed to the SEC that they were also victims of a cyberattack around the same time as MGM. In a statement to the SEC, Caesar’s reported that confidential information about members of its customer loyalty program was stolen. Caesar’s representatives stated that the hackers were able to break into computer systems through a social engineering attack on an IT support contractor. Not much information is available about the execution of this attack. The use of a social engineering attack has led many people to believe that Scattered Spider was also behind this attack. The hackers demanded that Caesar’s pay a ransom of $30 million. It is reported that the organization paid $15million to the hackers and the company has “taken steps to ensure the stolen information is deleted by the hacker but canno | Ransomware Vulnerability Threat Mobile Technical | ★★★ | |
|
2023-12-07 08:52:37 | France Verif déploie une bulle de sécurité (lien direct) | France Verif déploie une bulle de sécurité unique au monde avec un taux d'efficacité à 99,86% 53% de ces attaques sont indirectes... Votre pharmacien, vos commerçants et vos réseaux sociaux se font régulièrement hacker. Les cybercriminels mettent la main sur vos emails, mot de passe, numéros de cartes bleues ou encore RIBs, et attendent le moment opportun pour vous causer le maximum de dommages. Sécuriser ses appareils avec un simple antivirus ne suffit plus. Seule une bulle de protection globale assure une protection vraiment fiable. Parce qu'il faut identifier toutes les menaces (piratages indirects, vol de données, malwares, virus, vols de données, arnaques, faux SMS...) d'où qu'elles viennent afin de les bloquer. France Verif lance la 1ère protection globale grâce à son IA fruit de 5 ans de R&D, au soutien de la Banque Publique d'Investissement et la collaboration entre plus de 43 chercheurs issus de Polytechnique, Corps des Mines et Pierre-Et-Marie-Curie. - Produits | Threat | ★★ | |
 |
2023-12-07 03:15:27 | Comment éviter et prévenir le vol d'identité How to Avoid and Prevent Identity Theft (lien direct) |
Le vol d'identité est comme un voleur dans la nuit;Cela peut arriver à n'importe qui, n'importe où, à tout moment.C'est une véritable menace pour tout le monde.Nous vivons à une époque où tant d'informations personnelles sont stockées en ligne, ce qui permet aux cybercriminels de le voler et de l'utiliser pour leur gain.Un rapport de la Federal Trade Commission montre que plus d'un million de personnes ont été victimes de vol d'identité en 2022. Les types de vol d'identité les plus courants sont la fraude par carte de crédit, la fraude bancaire et la fraude de prêt ou de location.Mais, la bonne nouvelle est que vous pouvez éviter le vol d'identité.Laissez \\ découvrir les meilleures pratiques à suivre pour éloigner les voleurs d'identité ...
Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows cybercriminals to steal it and use it for their gain. A Federal Trade Commission report shows that over 1 million people fell victim to identity theft in 2022. The most common types of identity theft are credit card fraud, bank fraud, and loan or lease fraud. But, the good news is that you can avoid identity theft. Let\'s discover the best practices to follow to keep identity thieves away... |
Threat | ★★★ | |
|
2023-12-07 00:00:00 | Épisode 11: Êtes-vous expérimenté par utilisateur?Appliquer les principes d'Ux & Ur au parcours de cybersécurité EPISODE 11: Are You User Experienced? Applying The Principles of UX & UR To The Cybersecurity Journey (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants. In this episode, we explore the fascinating topic of UX and cybersecurity.We\'re going to learn from the UX function to see how we can create a better user experience for people on their security journey, learn how to get buy-in from the business about implementing controls such as MFA, and how to \'sell\' our security value offering as a positive user experience. And of course, crucially, how to take those first few steps to engage with the UX team! Key Takeaways for this episode are:UX and Cybersecurity share the same challenge of educating and getting buy-in from the organization to elevate their importance on the business agenda.Understanding the user journey is crucial for both UX and Cybersecurity teams to build a better usable security journey.Empathy mapping helps build a picture of a person and understand their needs and expectations.Leveraging user expectations and their ease of use thresholds can help create appropriate security controls.Collaboration between UX/UR and Cybersecurity teams can lead to innovation in the security space and improve the user experience.This is the first of our two part conversation with Helena, next week we will be talking about her other specialism in AI, which kicks off our Christmas miniseries on AI Links to everything Helena discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, like Helena, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Show NotesWhat is a Persona Non Grata? Developed at DePaul University, the Persona non-grata approach makes threat modelling more tractable by asking users to focus on attackers, their motivations, and their abilities. Once this step is completed, users are asked to brainstorm about targets and likely attack mechanisms that the attackers would deploy. Read more: Cyber Threat Modelling: An Evaluation of Three Methods by FORREST SHULL AND NANCY R. MEAD | Threat Studies | ★★ | |
|
2023-12-06 22:26:00 | CISA: L'acteur de menace a violé les systèmes fédéraux via Adobe Coldfusion Flaw CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw (lien direct) |
Adobe a corrigé CVE-2023-26360 en mars au milieu d'une activité d'exploit active ciblant la faille.
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw. |
Threat | ★★ | |
|
2023-12-06 19:08:00 | Alerte: les acteurs de la menace peuvent tirer parti des AWS ST pour infiltrer les comptes de cloud Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (lien direct) |
Les acteurs de la menace peuvent profiter du service de token de sécurité des services Web d'Amazon (AWS STS) afin d'infiltrer les comptes cloud et d'effectuer des attaques de suivi.
Le service permet aux acteurs de la menace d'identifier les identités et les rôles des utilisateurs dans les environnements cloud, les chercheurs de canaries rouges Thomas Gardner et Cody Betsworth & NBSP; Said & NBSP; dans une analyse mardi.
AWS STS est a & nbsp; Web Service & nbsp; qui permet
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables |
Threat Cloud | ★★★ | |
|
2023-12-06 17:14:00 | Nouveau rapport: dévoiler la menace des extensions de navigateur malveillant New Report: Unveiling the Threat of Malicious Browser Extensions (lien direct) |
Compromettre le navigateur est une cible à rendement élevé pour les adversaires.Les extensions du navigateur, qui sont de petits modules logiciels qui sont ajoutés au navigateur et peuvent améliorer les expériences de navigation, sont devenus un vecteur d'attaque de navigateur populaire.En effet, ils sont largement adoptés parmi les utilisateurs et peuvent facilement devenir malveillants grâce à des actions de développeur ou à des attaques contre des extensions légitimes.
Incidents récents comme
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like |
Threat | ★★★ | |
|
2023-12-06 16:31:55 | Flaw Coldfusion Adobe Utilisé par les pirates pour accéder aux serveurs Govt Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers (lien direct) |
> Par deeba ahmed
CISA met en garde contre la vulnérabilité critique de l'adobe froide exploitée activement par les acteurs de la menace.
Ceci est un article de HackRead.com Lire le post original: flaw Coldfusion Adobe utilisé par les pirates pour accéder aux serveurs Govt
>By Deeba Ahmed CISA Warns of Critical Adobe ColdFusion Vulnerability Actively Exploited by Threat Actors. This is a post from HackRead.com Read the original post: Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers |
Vulnerability Threat | ★★★ | |
|
2023-12-06 16:30:00 | La menace de Troie-Proxy se développe à travers MacOS, Android et Windows Trojan-Proxy Threat Expands Across macOS, Android and Windows (lien direct) |
Kaspersky a trouvé plusieurs variantes, mais aucune n'est marquée comme malveillante par des fournisseurs anti-malware
Kaspersky found multiple variants, but none are being marked as malicious by anti-malware vendors |
Threat Mobile | ★★ | |
|
2023-12-06 15:40:00 | Les pirates ont exploité la vulnérabilité de Coldfusion à la violation des serveurs d'agence fédéraux Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a mis en garde contre l'exploitation active de A & NBSP; vulnérabilité à haute sévérité d'Adobe Coldfusion et NBSP; par des acteurs de menace non identifiés pour accéder initial aux serveurs gouvernementaux.
"La vulnérabilité dans Coldfusion (CVE-2023-26360) se présente comme un problème de contrôle d'accès inapproprié et l'exploitation de ce CVE peut entraîner une exécution de code arbitraire" "
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution," |
Vulnerability Threat | ★★★ | |
 |
2023-12-06 15:20:30 | Trail of Bits Spinout iVify s'attaque Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat (lien direct) |
> IVERIFY, une startup au stade de graine sorti de la piste de bits, expédie une plate-forme de chasse aux menaces mobiles pour neutraliser iOS et Android Zero-Days.
>iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days. |
Threat Mobile | ★★ | |
|
2023-12-06 13:48:02 | Nouveau avis de la CISA: les acteurs de la menace ont exploité la vulnérabilité Adobe Coldfusion (CVE-2023-26360) pour cibler les serveurs gouvernementaux New CISA Advisory: Threat Actors Exploited Adobe ColdFusion Vulnerability (CVE-2023-26360) to Target Government Servers (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a émis un avis de cybersécurité (CSA), concernant l'exploitation ...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Cybersecurity Advisory (CSA), regarding exploitation... |
Vulnerability Threat | ★★★ | |
|
2023-12-06 12:16:11 | Phishing dans le commerce électronique: comprendre efficacement les menaces numériques Phishing in E-commerce: Understanding Digital Threats Effectively (lien direct) |
> Sur le marché numérique en évolution rapide, la menace de phishing dans le commerce électronique est devenue un ...
>In the rapidly evolving digital marketplace, the threat of phishing in e-commerce has become a... |
Threat | ★★★ | |
|
2023-12-06 11:30:00 | Lockbit reste une menace de ransomware mondiale supérieure LockBit Remains Top Global Ransomware Threat (lien direct) |
La tension était responsable de plus d'un quart des attaques mondiales de ransomware entre janvier 2022 et septembre 2023
The strain was responsible for over a quarter of global ransomware attacks between January 2022 and September 2023 |
Ransomware Threat | ★★★ | |
|
2023-12-06 09:50:39 | Les cybercriminels ont libéré 411 000 fichiers malveillants par jour en 2023 (lien direct) | Les systèmes de détection de Kaspersky ont identifié en moyenne 411 000 fichiers malveillants par jour, soit une augmentation de près de 3 % par rapport à 2022. Certains types de menaces ont également connu une véritable montée en puissance : les experts ont observé une hausse considérable - 53 % - des attaques impliquant des fichiers malveillants, notamment des fichiers Microsoft Office. - Malwares | Threat | ★★★ | |
|
2023-12-06 08:57:28 | Veeam® Software lance la nouvelle mise à jour de Veeam Data Platform 23H2 (lien direct) | Veeam annonce l'extension de ses capacités de cyberprotection et intègre l'assistance par l'IA à la nouvelle mise à jour Veeam Data Platform 23H2 disponible immédiatement La mise à jour et l'extension des capacités de cyberprotection, qui intègrent le nouveau Threat Center, la sauvegarde du stockage objet et l'assistance par l'intelligence artificielle à Veeam Backup & Replication v12.1, permettront aux entreprises de préserver leur continuité d'activité face aux cyberattaques telles que les ransomwares. - Produits | Threat | ★★★ | |
|
2023-12-06 08:21:09 | Cyber Threat Alliance ajoute l'OT-ISAC comme un partenaire allié contribuant Cyber Threat Alliance adds OT-ISAC as a contributing ally partner (lien direct) |
> L'organisation à but non lucratif Cyber Threat Alliance (CTA) a annoncé que l'OT-ISAC rejoigne l'alliance en tant qu'allié contribuant ...
>Non-profit organization Cyber Threat Alliance (CTA) announced that the OT-ISAC is joining the alliance as a Contributing Ally... |
Threat Industrial | ★★★ | |
|
2023-12-06 08:01:35 | Conscience de sécurité et renseignement sur la sécurité: le jumelage parfait Proofpoint Security Awareness and Threat Intelligence: The Perfect Pairing (lien direct) |
Just like peanut butter and chocolate, when you add threat intelligence to a security awareness program, it\'s the perfect pairing. Together, they can help you efficiently train one of your most important yet most attacked lines of defense-your people. A robust security awareness program that is tailored, defined and driven by real-world threat insights and context is one of the strongest defenses you can implement. Every week, the Proofpoint Security Awareness team gets regular updates about new and emerging threats and social engineering trends from the Proofpoint Threat Intelligence Services team. This helps drive the development of our security awareness platform. Likewise, our customers can generate daily, weekly, monthly and ad-hoc threat intelligence reports to boost the efficacy of their security awareness programs. In this blog, we will discuss some ways that security awareness teams (SATs) can use threat intelligence from Proofpoint to supercharge their awareness programs. Tailor your program to defend against the latest threats Not all people within a company see the same threats. And the response to threats differs greatly across teams-even within the same business. That\'s why security awareness programs shouldn\'t a take one-size-fits-all approach. Here\'s where Proofpoint Threat Intelligence Services can help. Our team regularly briefs customers about which threat actors are targeting their business and industry, who within their company is clicking, which users and departments are attacked most, and what threats they\'re being targeted with. Proofpoint gives SAT teams the data they need so they can tailor the modules, training and phishing simulations to match those that their users face. Threats in the wild are converted to valuable, tailored awareness materials. Use cases Our threat intelligence services team analyzes exactly what threat actors are targeting when they go after a customer-both in terms of volume, but also at a granular department level. We regularly observe that it\'s more common for specific actors to target users within a specific department. Are threat actors targeting a specific department? This is a good example of how SAT teams can use threat intelligence to identify departments that are at risk and help keep them safe. In this case study, Proofpoint Threat Intelligence Services revealed that TA578-an initial access broker-was frequently targeting marketing and corporate communications departments with a standard copyright violation message lure. We highlighted this trend for a particular customer as we reviewed their TAP data. This Proofpoint threat actor victimology report shows that TA578 is targeting a marketing address. Proofpoint Threat Intelligence Services identified what was happening and also provided additional context about the threat actor, including: Tactics, techniques and procedures (TTPs) Malware payloads Attack chains Specific examples of message lures and landing pages Plus, Proofpoint offered recommendations for remediation and proactive, layered protection. Proofpoint Threat Intelligence Services report on TA578. The SAT team used this information in its Proofpoint Security Awareness program to train the marketing department about specific message lures. The team also created a phishing simulation that used a similar-style lure and content to educate those users about this unique threat. Are threat actors targeting specific people? Another use case for Proofpoint Threat Intelligence Services is that it can help SAT teams understand who at their company is clicking-and what types of message themes they are clicking on. Proofpoint Threat Intelligence Services report for a large healthcare customer. Proofpoint Threat Intelligence Services report shows which users are repeat clickers. This data is compiled from real threats that users have clicked on. SAT teams can use it to prioritize these users for additional awareness training. They can also pi | Tool Threat Studies Prediction | ★★★ |
To see everything:
Our RSS (filtrered)
