What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-10 12:00:00 | La moitié des cisos se rendent désormais au PDG à mesure que l'influence se développe Half of CISOs Now Report to CEO as Influence Grows (lien direct) |
La tendance est plus prononcée en Europe que l'Amérique
Trend is more pronounced in Europe than America |
Prediction | ★★★ | |
 |
2023-10-04 22:00:00 | Trend Micro Drive Dernière phase de la prospérité et de l'engagement des canaux Trend Micro Drives Latest Phase of Channel Prosperity and Engagement (lien direct) |
La tendance est plus prononcée en Europe que l'Amérique
Trend is more pronounced in Europe than America |
Prediction | ★★ | |
 |
2023-10-03 07:45:20 | Trend Micro : Etat des attaques de ransomware au premier semestre 2023 (lien direct) | Etat des attaques de ransomware au premier semestre 2023 par Trend Micro Les institutions américaines sont majoritairement prises pour cible par LockBit. • Le rapport de Trend Micro évalue le ratio d'attaque à une sur six. • Le volume de victimes de ransomware est en forte hausse : +47%. • LockBit, BlackCat et Clop sont les familles de ransonwares les plus actives.#Cybersecurité #Ransomware #LockBit - Investigations | Ransomware Studies Prediction | ★★★★ | |
 |
2023-09-30 15:19:00 | Le FBI met en garde contre la tendance à la hausse des attaques à double rançon ciblant les entreprises américaines FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies (lien direct) |
Le Federal Bureau of Investigation (FBI) des États-Unis met en garde contre une nouvelle tendance d'attaques à double ransomware ciblant les mêmes victimes, au moins depuis juillet 2023.
"Au cours de ces attaques, les acteurs de cyber-menaces ont déployé deux variantes de ransomware différentes contre les sociétés de victimes des variantes suivantes: Avoslocker, Diamond, Hive, Karakurt, Lockbit, Quantum et Royal", a déclaré le FBI dans une alerte."Variantes
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants |
Ransomware Threat Prediction | ★★ | |
|
2023-09-30 14:51:00 | Iranian APT Group OilRig Utilisation de nouveaux logiciels malveillants Menorah pour les opérations secrètes Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (lien direct) |
Les cyber-acteurs sophistiqués soutenus par l'Iran connu sous le nom de OilRig ont été liés à une campagne de phistes de lance qui infecte les victimes d'une nouvelle souche de malware appelé Menorah.
"Le malware a été conçu pour le cyberespionnage, capable d'identifier la machine, de lire et de télécharger des fichiers à partir de la machine, et de télécharger un autre fichier ou un malware", Trend Micro Researchers Mohamed Fahmy et Mahmoud Zohdy
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy |
Malware Prediction | APT 34 | ★★★ |
 |
2023-09-27 13:00:00 | Célébrer plus de 20 000 heures de formation de cyber-piratage via l'esprit de contrôle et le partenariat NotSosecure Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure Partnership (lien direct) |
> Notre rapport de cybersécurité en milieu d'année en 2023 a révélé que les cyberattaques avaient bondi de 8% au premier semestre de 2023, avec plus d'attaques que jamais.Les cybercriminels ne montrent aucun signe de ralentissement.Malheureusement, les chercheurs de ISC2 prédisent qu'en 2025, il y aura 3,5 millions de postes non remplis au sein de la main-d'œuvre de la cybersécurité.Laissez cela s'enfoncer un instant.Plus que toute autre chose, l'écart existant au sein de la main-d'œuvre de la cybersécurité est le principal défi de l'industrie.Il est si massif qu'aucune organisation ne peut l'attaquer à elle seule.Reconnaître ce point de contrôle de besoin croissant a développé l'organisation Mind, sous l'égide de [& # 8230;]
>Our 2023 Mid-Year Cybersecurity Report found that cyberattacks surged 8% in the first half of 2023, with more attacks than ever before. Cyber criminals show no signs of slowing down. Unfortunately, researchers at ISC2 predict that by 2025, there will be 3.5 million unfilled positions within the cybersecurity workforce. Let that sink in for a moment. More than anything else, the existing gap within the cyber security workforce is our industry’s main challenge. It\'s so massive that no single organization can tackle it on its own. Recognizing this growing need Check Point developed the MIND organization, under the umbrella of […] |
Prediction | ★★ | |
|
2023-09-26 14:31:49 | Guillaume Leseigneur, Cybereason : nous arrivons aujourd\'hui à un nouveau point de basculement dans le paysage des menaces (lien direct) | Guillaume Leseigneur, Cybereason : nous arrivons aujourd'hui à un nouveau point de basculement dans le paysage des menaces - Interviews | Threat Prediction | ★★★ | |
|
2023-09-22 07:17:18 | Les cybercriminels exploitent la tragédie marocaine dans une nouvelle campagne d\'escroquerie (lien direct) | Cédric Pernet, Senior Threat Researcher – Trend Micro, présente une escroquerie qui a profité du tremblement de terre au Maroc en trompant les donateurs pour qu'ils achètent du matériel de secours prétendument destiné à aider les victimes de ce séisme. Les fraudeurs ont enregistré deux noms de domaines, dont l'un usurpe l'identité de la Croix-Rouge française et redirige vers le second. - Malwares | Threat Prediction | ★★ | |
|
2023-09-21 14:15:00 | Les nouvelles victimes de ransomwares augmentent de 47% avec des gangs ciblant les petites entreprises New Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses (lien direct) |
Le Micro Report Trend a observé que les petites organisations sont de plus en plus ciblées par les gangs de ransomware, y compris Lockbit et Blackcat
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat |
Ransomware Prediction | ★★ | |
 |
2023-09-21 00:00:00 | Décodage Turla: Trend Micro \\'s Mitre Performance Decoding Turla: Trend Micro\\'s MITRE Performance (lien direct) |
Cette année, l'évaluation de l'ingéniosité à la mitre a testé les fournisseurs de cybersécurité contre des scénarios d'attaque simulés imitant le groupe adversaire «Turla».Renseignez-vous sur les performances de protection à 100% réussies de Trend Micro \\.
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro\'s 100% successful protection performance. |
Prediction | ★ | |
 |
2023-09-20 11:06:33 | Sur la pénurie d'emplois de cybersécurité On the Cybersecurity Jobs Shortage (lien direct) |
En avril, Cybersecurity Ventures Sur la pénurie de travaux de cybersécurité extrême: | Prediction | ★★ | |
|
2023-09-20 10:58:00 | Trend Micro verse une solution urgente pour la vulnérabilité de sécurité critique exploitée activement Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability (lien direct) |
La société de cybersécurité Trend Micro a publié des correctifs et des hotfixs pour aborder un défaut de sécurité critique dans Apex One et des solutions de sécurité commerciale sans souci pour Windows qui ont été activement exploitées dans des attaques réelles.
Suivi comme CVE-2023-41179 (score CVSS: 9.1), il se rapporte à un module de désinstallation antivirus tiers qui a été emballé avec le logiciel.La liste complète des impacts
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that\'s bundled along with the software. The complete list of impacted |
Vulnerability Prediction | ★★ | |
 |
2023-09-20 05:00:47 | Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability (lien direct) |
If the history of cyber threats has taught us anything, it\'s that the game is always changing. The bad actors show us a move. We counter the move. Then, the bad actors show us a new one. Today, that “new move” is the vulnerable state of identities. Attackers realize that even if the network and every endpoint and device are secured, they can still compromise an enterprise\'s resources by gaining access to one privileged account. There is a lot of opportunity to do that, too. Within companies, one in six endpoints has an exploitable identity risk, as research for the Analyzing Identity Risks (AIR) Research Report from Proofpoint found. “Well, that escalated quickly.” The latest Data Breach Investigations Report from Verizon highlights the risks of complex attacks that involve system intrusion. It also underscores the need to disrupt the attacker once they are inside your environment. Once they have that access, they will look for ways to escalate privileges and maintain persistence. And they will search for paths that will allow them to move across the business so that they can achieve their goals, whatever they may be.hey may be. This problem is getting worse because managing enterprise identities and the systems to secure them is complex. Another complication is the constant changes to accounts and their configurations. Attackers are becoming more focused on privileged identity account takeover (ATO) attacks, which allow them to compromise businesses with ease and speed. At least, as compared with the time, effort and cost that may be required to exploit a software vulnerability (a common vulnerability and exposure or CVE). We should expect this trend to continue, given that ATOs have reduced attacker dwell times from months to days. And there is little risk that attackers will be detected before they are able to complete their crimes. How can IT and security leaders and their teams respond? A “back to the basics” approach can help. Shifting the focus to identity protection Security teams work to protect their networks, systems and endpoints in their infrastructure, and they have continued moving up the stack to secure applications. Now, we need to focus more on ways to improve how we protect identities. That is why an identity threat detection and response (ITDR) strategy is so essential today. We tend to think of security in battle terms; as such, identity is the next “hill” we need to defend. As we have done with the network, endpoint and application hills in the past, we should apply basic cyber hygiene and security posture practices to help prevent identity risk. There is value in using preventative and detective controls in this effort, but the former type of control is preferred. (It can cost less to deploy, too.) In other words, as we take this next hill to secure identity threats, we should keep in mind that an ounce of prevention is worth a pound of cure. Identity as a vulnerability management asset type Businesses should consider managing remediation of the identity vulnerabilities that are most often attacked in the same or a similar way to how they manage the millions of other vulnerabilities across their other asset types (network, host, application, etc.). We need to treat identity risk as an asset type. Its vulnerability management should be included in the process for prioritizing vulnerabilities that need remediation. A requirement for doing this is the ability to scan the environment on a continuous basis to discover identities that are vulnerable now-and learn why are at risk. Proofpoint SpotlightTM provides a solution. It enables: The continuous discovery of identity threats and vulnerability management Their automated prioritization based on the risk they pose Visibility into the context of each vulnerability And Spotlight enables fully automated remediation of vulnerabilities where the remediation creates no risk of business interruption. Prioritizing remediation efforts across asset types Most enterprises have millions of vulnerabilities across their | Data Breach Vulnerability Threat Prediction | ★★ | |
|
2023-09-20 05:00:00 | Les logiciels malveillants chinois apparaissent sérieusement dans le paysage des menaces de cybercriminalité Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (lien direct) |
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators. Overview Since early 2023, Proofpoint observed an increase in the email distribution of malware associated with suspected Chinese cybercrime activity. This includes the attempted delivery of the Sainbox Remote Access Trojan (RAT) – a variant of the commodity trojan Gh0stRAT – and the newly identified ValleyRAT malware. After years of this malware not appearing in Proofpoint threat data, its appearance in multiple campaigns over the last six months is notable. The phrase “Chinese-themed” is used to describe any of the observed content related to this malicious activity, including lures, malware, targeting, and any metadata that contains Chinese language usage. Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses\' operations in China. Although most campaigns have targeted Chinese speaking users, Proofpoint observed one campaign targeting Japanese organizations, suggesting a potential expansion of activity. These recently identified activity clusters have demonstrated flexible delivery methods, leveraging both simple and moderately complex techniques. Commonly, the emails contain URLs linking to compressed executables that are responsible for installing the malware. However, Proofpoint has also observed Sainbox RAT and ValleyRAT delivered via Excel and PDF attachments containing URLs linking to compressed executables. Proofpoint researchers assess those multiple campaigns delivering Sainbox RAT and ValleyRAT contain some similar tactics, techniques, and procedures (TTPs). However, research into additional activity clusters utilizing these malwares demonstrate enough variety in infrastructure, sender domains, email content, targeting, and payloads that researchers currently conclude that all use of these malwares and associated campaigns are not attributable to the same cluster, but likely multiple distinct activity sets. The emergence and uptick of both novel and older Chinese-themed malware demonstrates a new trend in the overall 2023 threat landscape. A blend of historic malware such as Sainbox – a variant of the older Gh0stRAT malware – and the newly uncovered ValleyRAT may challenge the dominance that the Russian-speaking cybercrime market has on the threat landscape. However, the Chinese-themed malware is currently mostly targeted toward users that likely speak Chinese. Proofpoint continues to monitor for evidence of increasing adoption across other languages. For network defenders, we include several indicators of compromise and Emerging Threats detections to provide the community with the ability to cover these threats. Campaign Details Proofpoint has observed over 30 campaigns in 2023 leveraging malware typically associated with Chinese cybercrime activity. Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country. Gh0stRAT / Sainbox Proofpoint has observed an increase in a variant of Gh0stRAT Proofpoint researchers refer to as Sainbox. Sainbox was first i | Malware Tool Threat Prediction | ★★★ | |
|
2023-09-19 21:11:00 | L'acteur lié à la Chine puise la porte dérobée Linux dans une campagne d'espionnage énergique China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign (lien direct) |
"Sprysocks" mélange les fonctionnalités de plusieurs badware précédemment connus et ajoute à l'arsenal de logiciels malveillants croissants de la menace, dit Trend Micro.
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor\'s growing malware arsenal, Trend Micro says. |
Malware Threat Prediction | ★★★ | |
|
2023-09-19 20:20:00 | Trend micro patchs vulnérabilité de point final zéro jour Trend Micro Patches Zero-Day Endpoint Vulnerability (lien direct) |
La vulnérabilité critique implique une désinstallation de produits de sécurité tiers et a été utilisé dans les cyberattaques.
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks. |
Vulnerability Prediction | ★★ | |
|
2023-09-19 16:40:00 | Les nouvelles cotes de la terre de Lusca \\ ont cible la porte dérobée Linux cible les entités gouvernementales Earth Lusca\\'s New SprySOCKS Linux Backdoor Targets Government Entities (lien direct) |
L'acteur de menace lié à la Chine connue sous le nom de Lusca Earth Lusca a été observé ciblant les entités gouvernementales à l'aide d'une porte dérobée Linux jamais vue appelée Sprysocks.
Earth Lusca a été documenté pour la première fois par Trend Micro en janvier 2022, détaillant les attaques de l'adversaire contre les entités du secteur public et privé à travers l'Asie, l'Australie, l'Europe, l'Amérique du Nord.
Actif depuis 2021, le groupe s'est appuyé sur
The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary\'s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on |
Threat Prediction | ★★ | |
 |
2023-09-19 14:15:21 | CVE-2023-41179 (lien direct) | Une vulnérabilité dans le tiers du module de désinstallation AV contenu dans Trend Micro Apex One (sur site et SaaS), la sécurité commerciale sans inquiétude et les services de sécurité commerciale sans souci pourraient permettre à un attaquant de manipuler le module pour exécuter des commandes arbitraires sur un affecté d'un affecté concernéinstallation.
Notez qu'un attaquant doit d'abord obtenir un accès à la console administrative sur le système cible afin d'exploiter cette vulnérabilité.
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. |
Vulnerability Prediction | ||
|
2023-09-19 13:00:32 | Est-ce que le VRAI Slim Shady se lèvera?La recherche sur les points de contrôle expose le cybercriminé derrière un logiciel malveillant impactant EMEA et APAC Will the Real Slim Shady Please Stand Up? Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and APAC (lien direct) |
Bien que la RPR de profit ait identifié «Eminэm» comme l'un des cyberciminaux derrière la distribution Remcos et Guloader RCR a révélé ses conclusions à l'entité d'application de la loi pertinente que le logiciel «légitime» devient le choix de cyberclinal \\ 'dans une tendance alarmante mise en évidence par chèqueLe rapport de sécurité en milieu d'année en 2023 de Point \\, un logiciel apparemment légitime est devenu le choix préféré des cybercriminels.Les exemples notables sont [& # 8230;]
>Highlights: Advertised as legitimate tools, Remcos and GuLoader are malware in disguise, heavily utilized in cyberattacks Check Point Research (CPR) has uncovered evidence that the distributor is deeply entwined within the cybercrime scene, leveraging their platform to facilitate cybercrime, while making a profit CPR has identified “EMINэM” as one of the cyberciminals behind the distribution Remcos and GuLoader CPR has disclosed its findings to the relevant law enforcement entity “Legit” software becomes cybercrminals\' preferred choice In an alarming trend highlighted in Check Point\'s 2023 Mid-Year Security Report, seemingly legitimate software has become the preferred choice of cybercriminals. Notable examples are […] |
Malware Prediction | ★★ | |
|
2023-09-18 09:37:48 | Trend Micro rejoint le Hacking Policy Council (lien direct) | Trend Micro rejoint le Hacking Policy Council. • Le spécialiste de la cybersécurité renforce son engagement de protection cyber auprès des Etats-Unis. • Grâce à son programme Zero Day Initiative, Trend Micro aura la capacité de livrer des informations sur les menaces au consortium. - Business | Threat Prediction | ★★ | |
|
2023-09-18 05:00:09 | Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct) |
Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in | Ransomware Data Breach Malware Tool Threat Prediction Cloud | ★★★ | |
 |
2023-09-15 15:26:04 | Trend Micro protège l'Université de Kingston pendant la période de compensation de pointe Trend Micro Protects Kingston University During Peak Clearing Period (lien direct) |
Leur période la plus occupée de l'année pour le recrutement des étudiants.«La compensation universitaire est comme la course à Noël pour les détaillants.Et de la même manière, menace [& # 8230;]
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that it is supplying managed detection and response (MDR) capabilities to Kingston University free of charge to mitigate the threat of serious cyber disruption during their busiest time of year for student recruitment. “University clearing is like the run up to Christmas for retailers. And in the same way, threat […] |
Threat Prediction | ★★ | |
|
2023-09-15 14:19:00 | Les cybercriminels combinent des certificats de phishing et de véhicules électriques pour livrer les charges utiles des ransomwares Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (lien direct) |
Les acteurs de la menace derrière les voleurs d'informations Redline et Vidar ont été observés pivotant des ransomwares grâce à des campagnes de phishing qui répartissent les charges utiles initiales signées avec des certificats de signature de code de validation (EV) prolongés.
"Cela suggère que les acteurs de la menace rationalisent les opérations en faisant leurs techniques polyvalentes", a déclaré les micro-chercheurs Trend dans une nouvelle analyse publiée
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this |
Ransomware Threat Prediction | ★★ | |
 |
2023-09-13 10:00:00 | Eco-Hacks: l'intersection de la durabilité et des cyber-menaces Eco-hacks: The intersection of sustainability and cyber threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Environmental sustainability is more important than ever before for organizations across all sectors. Sustainability concerns including geopolitics, future-focused developments, advanced ESG reporting, and building sustainability into supply chains going forward are all significant trends shaping businesses in 2023 and beyond. While the shift towards environmental sustainability is a worthy pursuit no matter the industry, the trend towards adopting new technologies that provide more sustainability and eco-friendliness can have some unintended consequences on the realm of cybersecurity. Today we can see many hybrid endeavors that combine both cutting-edge technology and green, eco-friendly initiatives to create long-term ecologically sustainable solutions for businesses in all fields. But since these collaborations tend to utilize new technology, they may not provide the kind of advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities. In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production. 1. The unexpected cybersecurity risks of going green While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks. 2. New developments in green technology New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing. Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy. Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings. All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level | Vulnerability Threat Prediction Cloud | ★★★ | |
|
2023-09-12 10:00:00 | Réseaux résilients: éléments constitutifs de l'architecture de la cybersécurité moderne Resilient networks: Building blocks of modern Cybersecurity architecture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today\'s interconnected digital landscape, where data flows like a river through intricate networks, the importance of cybersecurity has never been more pronounced. As our reliance on digital networks grows, so do the threats that seek to exploit vulnerabilities in these very networks. This is where the concept of resilient networks steps in, acting as the guardians of our digital realms. In this article, we delve into the world of resilient networks, exploring their significance as the cornerstone of modern cybersecurity architecture. Understanding resilient networks Imagine a web of interconnected roads, each leading to a different destination. In the realm of cybersecurity, these roads are the networks that enable communication, data exchange, and collaboration. Resilient networks are like well-constructed highways with multiple lanes, built to withstand unexpected disruptions. They aren\'t just about preventing breaches; they\'re about enabling the network to adapt, recover, and continue functioning even in the face of a successful attack. Network resilience stands as a critical component in the realm of modern cybersecurity, complementing traditional security measures like utilizing proxy servers by focusing on the ability to endure and recover. Network security It\'s essential to distinguish between network security and network resilience. Network security involves fortifying the network against threats, employing firewalls, antivirus software, and encryption methods. On the other hand, network resilience goes beyond this, acknowledging that breaches might still occur despite stringent security measures. Resilience Resilience entails the ability to detect, contain, and recover from these breaches while minimizing damage. It\'s like preparing for a storm by not only building strong walls but also having an emergency plan in case the walls are breached. Resilient networks aim to reduce downtime, data loss, and financial impact, making them a critical investment for organizations of all sizes. Key components of resilient networks Consider your home\'s architecture. You have multiple exits, fire alarms, and safety measures in place to ensure your well-being in case of emergencies. Similarly, resilient networks are built with specific components that enable them to weather the storms of cyber threats. Redundancy, diversity, segmentation and isolation, and adaptive monitoring and threat detection are the pillars of network resilience. Redundancy Redundancy involves creating backup systems or pathways. It\'s like having alternate routes to reach your destination in case one road is blocked. In the digital realm, redundant systems ensure that if one part of the network fails, traffic is seamlessly rerouted, minimizing disruptions. Diversity Diversity, on the other hand, means not putting all your eggs in one basket. A diverse network employs various hardware, software, and protocols, reducing the risk of a single point of failure. Think of it as a portfolio of investments – if one fails, the others remain intact. Segmentation and isolation Segmentation and Isolation play a crucial role in containing potential threats. Imagine a building with multiple compartments, each serving a different purpose. If a fire breaks out in one compartment, it\'s isolated, preventing the entire building from | Tool Vulnerability Threat Prediction Medical | ★★ | |
 |
2023-09-11 05:05:00 | Rapport de tendance des menaces sur les ransomwares & # 8211;Juillet 2023 Threat Trend Report on Ransomware – July 2023 (lien direct) |
Ce rapport fournit des statistiques sur le nombre de nouveaux échantillons de ransomware, des systèmes ciblés et des entreprises ciblées en juillet 2023, ainsi que des problèmes de ransomware notables en Corée et dans d'autres pays.Tendances clés 1) Plus d'entreprises affectées par l'exploitation des ransomwares de Clop & # 8217;Problèmes
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in July 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) More businesses affected by CLOP ransomware’s exploitation of MOVEit zero-day vulnerability 2) Big Head ransomware disguised as an emergency Windows update 3) Detection names for ransomware disguised as Sophos file ATIP_2023_Jul_Threat Trend Report on Ransomware Statistics and Major Issues |
Ransomware Vulnerability Threat Prediction | ★★ | |
|
2023-09-11 05:02:48 | Rapport de tendance des menaces sur les groupes APT & # 8211;Juillet 2023 Threat Trend Report on APT Groups – July 2023 (lien direct) |
juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT
July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups |
Threat Prediction | APT 38 APT 37 APT 37 APT 35 APT 35 APT 29 APT 29 APT 28 APT 28 APT 31 | ★★ |
|
2023-09-11 05:02:13 | Rapport sur la tendance du Web Deep et Dark WEB & # 8211;Juillet 2023 Deep Web and Dark Web Threat Trend Report – July 2023 (lien direct) |
Ce rapport de tendance sur le Web Deep et le réseau sombre de juillet 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Cactus (3) Clop (4) Monti 2) Forum & # 38;Black Market (1) La vente de Genesis Market (2) Base de données pour violation de la base de données (3) US Medical Institution & # 8217; s Base de données 3) Acteur de menace (1) ...
This trend report on the deep web and dark web of July 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) Cactus (3) CLOP (4) Monti 2) Forum & Black Market (1) The Sale of Genesis Market (2) BreachedForums Database on Sale (3) US Medical Institution’s Database Breached 3) Threat Actor (1)... |
Ransomware Threat Prediction Medical | ★★ | |
|
2023-09-11 05:01:36 | Rapport de tendance des menaces sur le groupe Kimsuky & # 8211;Juillet 2023 Threat Trend Report on Kimsuky Group – July 2023 (lien direct) |
Les activités de Kimsuky Group & # 8217;diversifie simultanément leurs méthodes d'attaque.De plus, il n'y avait pas de problèmes particuliers concernant les types d'applications et RandomQuery car ils sont désormais moins utilisés.Le type BabyShark qui sera décrit en détail sur ce rapport sera inclus dans les statistiques de juillet.ATIP_2023_JUL_TRÉTERAT RAPPORT DE TRENDE SUR LE GROUPE KIMSUKY
The Kimsuky group’s activities in July 2023 showed that FlowerPower is gaining traction, and the group is simultaneously diversifying their attack methods. Additionally, there were no particular issues regarding AppleSeed and RandomQuery types as they are now less used. The BabyShark type to be described in detail further on this report will be included in the statistics from July thereon. ATIP_2023_Jul_Threat Trend Report on Kimsuky Group |
Threat Prediction | ★★ | |
|
2023-09-07 10:00:00 | Le jeu du chat et de la souris: rester en avance sur l'évolution des menaces de cybersécurité The cat and mouse game: Staying ahead of evolving cybersecurity threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure. And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large. Individuals face risks of identity theft, financial loss, and invasion of privacy. Businesses can suffer from data breaches, financial damages, and reputational harm. Societal consequences include compromised infrastructure, erosion of trust in digital systems, and potential disruptions to essential services. As technology becomes increasingly integrated into our lives, understanding and addressing cyber threats is crucial for safeguarding personal, economic, and societal well-being. The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe. The dynamic nature of cyber threats The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data. In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats. They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides. What cybersecurity pros have at their disposal Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection. This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors. The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems. The evolution of cyber threats The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet. The early days We have gone from: Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems. Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information. Current threats What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening. Contemporary threats include: Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or click | Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2023-09-01 13:30:00 | Groupe de cyber-espionnage sophistiqué Earthing Exposed Sophisticated Cyber-Espionage Group Earth Estries Exposed (lien direct) |
Trend Micro a noté que les «œstries de la Terre» employaient des tactiques avancées pour infiltrer les réseaux
Trend Micro noted that “Earth Estries” employed advanced tactics to infiltrate networks |
Prediction | ★★★ | |
 |
2023-09-01 00:00:00 | Revisiter le kit de phishing 16Shop, Trend-Interpol Partnership Revisiting 16shop Phishing Kit, Trend-Interpol Partnership (lien direct) |
Dans cette entrée, nous résumons les analyses de sécurité et les enquêtes effectuées sur le 16shop de phishing en tant que service au fil des ans.Nous décrivons également le partenariat entre Trend Micro et Interpol pour éliminer les principaux administrateurs et serveurs de cette campagne de phishing massive.
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign. |
Prediction | ★★★ | |
|
2023-08-30 10:28:07 | CERTFR-2023-AVI-0699 : Multiples vulnérabilités dans Trend Micro Mobile Security (30 août 2023) (lien direct) | De multiples vulnérabilités ont été découvertes dans Trend Micro Mobile Security. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS). - Vulnérabilités | Prediction | ★ | |
|
2023-08-29 00:00:00 | Le logiciel malveillant Android furtif MMRat effectue une fraude bancaire via de faux magasins d'applications Stealthy Android Malware MMRat Carries Out Bank Fraud Via Fake App Stores (lien direct) |
L'équipe MARS (Mobile Application Reputation Service) de Trend Micro a découvert un nouveau cheval de Troie bancaire Android totalement non détecté, baptisé MMRat, qui cible les utilisateurs mobiles d'Asie du Sud-Est depuis fin juin 2023.
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023. |
Malware Prediction | ★★ | |
|
2023-08-28 16:57:00 | Cyberattaques ciblant les applications de commerce électronique Cyberattacks Targeting E-commerce Applications (lien direct) |
Les cyberattaques contre les applications de commerce électronique sont une tendance courante en 2023, à mesure que les entreprises de commerce électronique deviennent de plus en plus omnicanales, elles créent et déploient de plus en plus d'interfaces API, les acteurs malveillants explorant constamment de nouvelles façons d'exploiter les vulnérabilités.C'est pourquoi des tests réguliers et une surveillance continue sont nécessaires pour protéger pleinement les applications Web, en identifiant les faiblesses afin qu'elles puissent être
Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be |
Threat Prediction | ★★ | |
|
2023-08-24 17:15:08 | CVE-2023-34973 (lien direct) | Il a été rapporté qu'une vulnérabilité d'entropie insuffisante affecte les systèmes d'exploitation QNAP.S'il est exploité, la vulnérabilité permet peut-être aux utilisateurs distants de prédire le secret via des vecteurs non spécifiés.
Nous avons déjà corrigé la vulnérabilité dans les versions suivantes:
QTS 5.0.1.2425 Build 20230609 et plus tard
QTS 5.1.0.2444 Build 20230629 et plus tard
Quts Hero H5.1.0.2424 Build 20230609 et plus tard
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later |
Vulnerability Prediction | ||
|
2023-08-23 00:00:00 | Interpol + tendance pour lutter contre les réseaux de cybercriminalité africains INTERPOL + Trend to Fight African Cybercrime Networks (lien direct) |
Global Threat Intelligence aide à perturber des milliers de réseaux de cybercrimes africains
Global threat intelligence helps to disrupt thousands of African cyber crimes networks |
Threat Prediction | ★★ | |
|
2023-08-21 00:00:00 | Ex-uss CISO explique les agences \\ 'lutte avec Biden Eo Ex-USSS CISO Explains Agencies\\' Struggle with Biden EO (lien direct) |
Ed Cabrera, ancien CISO des services secrets américains et chef de la cybersécurité actuel pour Trend Micro, explique pourquoi les agences fédérales sont lentes à se conformer au décret exécutif de la cybersécurité de Biden \\.
Ed Cabrera, former CISO of the US Secret Service and current Chief Cybersecurity Officer for Trend Micro, explains why Federal agencies are slow to comply with Biden\'s cybersecurity executive order. |
Prediction | ★★ | |
|
2023-08-16 11:00:00 | Proxynation: le lien sombre entre les applications proxy et les logiciels malveillants ProxyNation: The dark nexus between proxy apps and malware (lien direct) |
Executive summary
AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad.
In this research, Alien Labs identified a company that offers proxy services, wherein proxy requests are rerouted through compromised systems that have been transformed into residential exit nodes due to malware infiltration. Although the proxy website claims that its exit nodes come only from users who have been informed and agreed to the use of their device, Alien Labs has evidence that malware writers are installing the proxy silently in infected systems. In addition, as the proxy application is signed, it has no anti-virus detection, going under the radar of security companies.
In this follow up article we explore the dramatic rise in Windows malware delivering the same payload to create a 400,000 proxy botnet.
Key takeaways:
In just one week AT&T Alien Labs researchers observed more than a thousand new malware samples in the wild delivering the proxy application.
According to the proxy website, there are more than 400,000 proxy exit nodes, and it is not clear how many of them were installed by malware.
The application is silently installed by malware on infected machines without user knowledge and interaction.
The proxy application is signed and has zero anti-virus detection.
The proxy is written in Go programming language and is spread by malware both on Windows and macOS.
Analysis
In the constantly evolving landscape of cyber threats, malicious actors continuously find new and ingenious ways to exploit technology for their own gain. Recently Alien Labs has observed an emerging trend where malware creators are utilizing proxy applications as their tool of choice. Different malware strains are delivering the proxy - relying on users looking for interesting things, like cracked software and games.
The proxy is written in the Go programming language, giving it the flexibility to be compiled into binaries compatible with various operating systems, including macOS and Windows. Despite the fact that the binaries originated from the same source code, macOS samples are detected by numerous security checks while the Windows proxy application skirts around these measures unseen. This lack of detection is most likely due to the application being signed. (Figure 1)
Figure 1. As on Virus Total: Proxy application – zero detections.
After being executed on a compromised system, the malware proceeds to quietly download and install the proxy application. This covert process takes place without requiring any user interaction and often occurs alongside the installation of additional malware or adware elements. The proxy application and most of the malware delivering it are packed using Inno Setup, a free and popular Windows installer.
Figure 2. As observed by Alien Labs: Malware embedded script to install the proxy silently.
As shown in the figure 2 above, the malware uses specific Inno |
Malware Tool Threat Prediction | ★★ | |
|
2023-08-16 06:46:45 | Rapport de tendance des menaces sur les groupes APT & # 8211;Juin 2023 Threat Trend Report on APT Groups – June 2023 (lien direct) |
Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT
APT Group Trends – June 2023 1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups |
Threat Prediction | APT 38 APT 37 APT 37 APT 35 APT 35 APT 32 APT 32 APT 28 APT 28 APT 15 APT 15 APT 25 | ★★ |
|
2023-08-16 06:46:19 | Rapport sur la tendance des menaces Web Deep & Dark & # 8211;Juin 2023 Deep Web & Dark Web Threat Trend Report – June 2023 (lien direct) |
Ce rapport de tendance sur le Web Deep et le réseau sombre de juin 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteur de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) CLOP (2) Lockbit (3) Snatch (4) groupe RA (5) groupes de ransomwares & # 8217;Recrutement affilié ADS 2) Forum & # 38;Marché noir (1) Le marché du monopole & # 8217; S'exploitant arrêté (2) Suspension des exposés pour pour les forums (3) la renaissance de BreachForums 3) Menace ...
This trend report on the deep web and dark web of June 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) CLOP (2) LockBit (3) Snatch (4) RA Group (5) Ransomware Groups’ Affiliate Recruitment Ads 2) Forum & Black Market (1) Monopoly Market’s Operator Arrested (2) Suspension of ExposedForums (3) Rebirth of BreachForums 3) Threat... |
Ransomware Threat Prediction | ★★ | |
|
2023-08-16 06:45:59 | Rapport de tendance des menaces sur Kimsuky & # 8211;Juin 2023 Threat Trend Report on Kimsuky – June 2023 (lien direct) |
Les activités du groupe Kimsuk observées en juin 2023 ont montré une légère augmentation du nombre global de domaine entièrement qualifié entièrement qualifiéNoms (FQDN), avec plus de types d'applications détectés par rapport aux activités du groupe en mai.À un moment donné, la fonction de collecte d'informations a été retirée du type de fleurs, mais quelques jours plus tard, les échantillons ont été équipés de ladite fonctionnalité.De plus, le type RandomQuery a montré des tentatives pour se transformer en un nouveau système après mars 2023, mais il semble ...
Activities of the Kimsuky group observed during June 2023 showed a slight increase in the overall number of fully qualified domain names (FQDNs), with more AppleSeed types detected in comparison to the group’s activities in May. At one point, the information collection feature was removed from the FlowerPower type, but a few days later, samples were equipped with the said feature again. Also, the RandomQuery type showed attempts to change into a new system after March 2023, but it seems... |
Threat Prediction | ★★ | |
|
2023-08-16 06:45:39 | Rapport de tendance des menaces sur les ransomwares & # 8211;Juin 2023 Threat Trend Report on Ransomware – June 2023 (lien direct) |
Ce rapport fournit des statistiques sur de nouveaux échantillons de ransomware, des systèmes attaqués et des entreprises ciblées en juin 2023, ainsi queEn tant que problèmes de ransomware notables en Corée et dans d'autres pays.D'autres problèmes et statistiques majeurs pour les ransomwares qui ne sont pas mentionnés dans le rapport peuvent être trouvés en recherchant les mots clés suivants ou via le menu Statistiques de la plate-forme AHNLAB Threat Intelligence (ATIP).Les statistiques des ransomwares en tapant le nombre d'échantillons de ransomware et de systèmes ciblés sont basés sur les noms de détection désignés ...
This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in June 2023, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the detection names designated... |
Ransomware Threat Prediction | ★★ | |
|
2023-08-09 10:00:00 | Attention à l'écart (d'interprétation): une autre raison pour laquelle la modélisation des menaces est importante Mind the (Interpretation) gap: Another reason why threat modeling is important (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Where do vulnerabilities fit with respect to security standards and guidelines? Was it a coverage issue or an interpretation and implementation issue? Where does a product, environment, organization, or business vertical fail the most in terms of standards requirements? These questions are usually left unanswered because of the gap between standards or regulations on the one hand, and requirements interpretation and implementation, on the other. Certified products and environments often suffer from security issues that were supposed to be covered by the requirements of the standard. In [1], for instance, the authors give examples of vulnerable products that were IEC 62443 certified. In [2], SANS discusses the case of PCI-certified companies and why they are still being breached. This “interpretation gap,” whether it manifests in the implementation of requirements or in the assessment process, hinders security and leads to the fact that being compliant is not necessarily the same as being secure. Admittedly, the interpretation of guidelines and requirements in standards, which have a descriptive approach in general, is not an easy task. Requirements can be rather generic and wide open to interpretation depending on the context, resources, the current threat landscape, the underlying technologies, etc. Specific requirements might also lead to conflicting interpretations depending on the type of stakeholder, which will inevitably affect the implementation side. Threat modeling is one way to avoid shortcomings (or even possible shortcuts) in the implementation of standards, and the organization\'s own security policies. Think of threat modeling as an enforcement mechanism for the proper implementation of requirements. The reason this is the case is simple; threat modeling thinks of the requirements in terms of relevant threats to the system, and determines mitigations to reduce or completely avoid the associated risks. Consequently, each requirement is mapped to a set of threats and mitigations that covers relevant use cases under specific conditions or context, e.g., what are the trust boundaries, protocols and technologies under use or consideration, third-party interactions, dataflows, data storage, etc. This is becoming a must-have nowadays since, when it comes to technical requirements, the concern about their interpretation still persists even when companies have been audited against them. In the following, the presented data analysis makes the link between disclosed vulnerabilities in Industrial Control Systems (ICS) and the technical requirements reported in the ‘gold standard’ of standards in this area, namely the IEC 62443. It shows the difficulty of satisfying the requirements in broad terms and the need for more specific context and processes. CISA ICS advisories’ mapping The analysis of CISA ICS advisories data, representing close to 2,5K advisories released between 2010 and mid-2023 [3], reveals the extent of the challenge an implementer or an assessor is faced with. Table 1 presents the top weaknesses and the associated count of advisories as well as IEC 62443 requirements’ mapping. Affected sectors, the CVSS severity distribution, and top weaknesses per sector are also reported; in Figures 1 and 2, and Table 2. Table 1. Top weaknesses in CISA’s ICS advisories and their IEC 62443 mapping. Weakness Name | Tool Vulnerability Threat Industrial Prediction | ★★ | |
 |
2023-08-08 13:33:00 | Chute et zenbleed: Googlers aide à sécuriser l'écosystème Downfall and Zenbleed: Googlers helping secure the ecosystem (lien direct) |
Tavis Ormandy, Software Engineer and Daniel Moghimi, Senior Research ScientistFinding and mitigating security vulnerabilities is critical to keeping Internet users safe. However, the more complex a system becomes, the harder it is to secure-and that is also the case with computing hardware and processors, which have developed highly advanced capabilities over the years. This post will detail this trend by exploring Downfall and Zenbleed, two new security vulnerabilities (one of which was disclosed today) that prior to mitigation had the potential to affect billions of personal and cloud computers, signifying the importance of vulnerability research and cross-industry collaboration. Had these vulnerabilities not been discovered by Google researchers, and instead by adversaries, they would have enabled attackers to compromise Internet users. For both vulnerabilities, Google worked closely with our partners in the industry to develop fixes, deploy mitigations and gather details to share widely and better secure the ecosystem.What are Downfall and Zenbleed?Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593) are two different vulnerabilities affecting CPUs - Intel Core (6th - 11th generation) and AMD Zen2, respectively. They allow an attacker to violate the software-hardware boundary established in modern processors. This could allow an attacker to access data in internal hardware registers that hold information belonging to other users of the system (both across different virtual machines and different processes). These vulnerabilities arise from complex optimizations in modern CPUs tha | Vulnerability Prediction Cloud | ★★ | |
|
2023-08-08 00:54:00 | Les utilisateurs d'Apple voient Big Mac Attack, explique Accenture Apple Users See Big Mac Attack, Says Accenture (lien direct) |
L'unité du renseignement du cyber-menace d'Accenture \\ a observé une augmentation dix fois des acteurs de la menace du Web sombre ciblant les macos depuis 2019, et la tendance est prête à se poursuivre.
Accenture\'s Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue. |
Threat Prediction | ★★ | |
|
2023-08-07 00:00:00 | Les dernières campagnes Batloader utilisent Pyarmor Pro pour l'évasion Latest Batloader Campaigns Use Pyarmor Pro for Evasion (lien direct) |
En juin 2023, Trend Micro a observé une mise à niveau des techniques d'évasion utilisées par le malware d'accès initial d'accès Batloader, que nous avons couvert dans les entrées de blog précédentes.
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we\'ve covered in previous blog entries. |
Prediction | ★★ | |
|
2023-08-01 20:21:32 | GuardZ identifie les nouveaux logiciels malveillants macOS HVNC, révélant la tendance émergente des outils d'attaque de macOS en tant que service Guardz Identifies New macOS hVNC Malware, Revealing Emerging Trend of macOS Attack-as-a-Service Tools (lien direct) |
Guardz identifie les nouveaux logiciels malveillants MacOS HVNC, révélant la tendance émergente des outils d'attaque macOS en tant que service
Pour la deuxième fois en un mois, l'équipe de recherche GuardZ révèle l'existence d'un autre logiciel malveillant ciblant les appareils MacOS disponibles sur le Web Dark, qui permet aux acteurs malveillants d'obtenir un accès furtif et continu aux systèmes infectés
-
mise à jour malveillant
Guardz Identifies New macOS hVNC Malware, Revealing Emerging Trend of macOS Attack-as-a-Service Tools For the second time in one month, the Guardz research team discloses the existence of another malware targeting macOS devices available on the dark web, which enables malicious actors to obtain stealthy and continuous access to infected systems - Malware Update |
Malware Tool Prediction | ★★ | |
|
2023-07-31 14:00:00 | Meilleures pratiques pour la sécurité privée de l'entreprise 5G Best Practices for Enterprise Private 5G Security (lien direct) |
Les dernières recherches d'Omdia \\ avec Trend Micro et CTone mettent la lumière sur les défis de sécurité 5G et les moyens d'étendre efficacement la sécurité de qualité d'entreprise vers les réseaux 5G
Omdia\'s latest research with Trend Micro and CTOne sheds light on 5G security challenges and ways to effectively extend enterprise-grade security to 5G networks |
Prediction | ★★ | |
|
2023-07-28 00:00:00 | Cherryblos connexes et logiciels malveillants Android associés impliqués dans des campagnes d'escroquerie Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns (lien direct) |
L'équipe du Service de réputation d'application mobile de Trend Micro \'s Mobile a découvert deux nouvelles familles de logiciels malveillants Android impliqués dans des crypto-monnaies et des campagnes d'escroquerie motivées financièrement ciblant les utilisateurs d'Android.
Trend Micro\'s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. |
Malware Mobile Prediction | ★★ |
To see everything:
Our RSS (filtrered)
