What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-09 10:00:00 | La menace cachée à la vue: analyse des attaques sous-textuelles dans les communications numériques The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we\'re facing a new kind of cyber threat that\'s just as sneaky as it is harmful: subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua | Ransomware Tool Vulnerability Threat Medical | ★★ | |
 |
2024-04-09 09:05:00 | Plus de 90 000 appareils Nas en D-Link sont attaqués Over 90,000 D-Link NAS Devices Are Under Attack (lien direct) |
Les acteurs de la menace ciblent une vulnérabilité à forte gravité dans près de 100 000 appareils D-Link
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices |
Vulnerability Threat | ★★ | |
 |
2024-04-09 08:00:06 | Securonix Threat Labs Monthly Intelligence Insights & # 8211;Mars 2024 Securonix Threat Labs Monthly Intelligence Insights – March 2024 (lien direct) |
Securonix Threat Labs Monthly Intelligence Insights mars 2024 fournit un résumé des principales menaces organisées, surveillées et analysées par Securonix Threat Labs.
Securonix Threat Labs Monthly Intelligence Insights March 2024 provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs. |
Threat | ★★★ | |
 |
2024-04-09 06:00:39 | 3 raisons pour lesquelles l'objectivité dans vos tests de phishing réduit le risque 3 Reasons Why Objectivity in Your Phishing Tests Reduces Risk (lien direct) |
Phishing attacks are a constant challenge for businesses everywhere. As threat actors increase the sophistication of their methods, security awareness teams can use phishing simulations to help train employees to recognize and respond safely to real-life phishing attempts. This approach can be especially effective when the difficulty level of a simulated phishing scenario fits each person. That\'s why security practitioners need to make impartial, data-driven decisions when they choose those difficulty levels. In this post, we discuss the importance of objectivity-both for security practitioners who send phishing tests and for security leaders who evaluate the outcomes. With a reliable way to score phishing simulations, you can: Efficiently test and find your employees\' knowledge gaps Reliably target and improve user behavior on an ongoing basis Report a trusted big picture of human risk reduction 1: Efficiently test and find your employees\' knowledge gaps The big question is, how do you find the right phishing difficulty level for each person? Security practitioners must have a reliable, consistent way to evaluate the phishing simulation templates. And they must avoid subjective guesswork. It is vital to be correct in your assessments of the difficulty levels of phishing templates. Otherwise, the templates may be too easy or too challenging for people. And that will make it hard for you to know what your employees will do in real-world attack scenarios. An objectively measured difficulty scale is a must. It sets the foundation for sending phishing tests that fit the right level of difficulty for each employee so that you can assess what they do and don\'t know. Once you can effectively evaluate their knowledge gaps about cybersecurity, you have reliable context that will help you decide what targeted training each person requires. With Proofpoint Security Awareness, we run a machine-learning algorithm that automatically calculates the difficulty level of our phishing templates. Difficulty cues are based on the NIST PhishScale. This is an industry-accepted rating by the National Institute of Standards and Technology (NIST), which was created through rigorous research and analysis. Our Machine-Learning Leveled Phishing uses this combined methodology to avoid the errors that come from manual calculation and subjective assumptions. For instance, if security practitioners manually rate the difficulty level of phishing templates, they might each evaluate the suspicious cues with degrees of variance. They might use personal judgment that has logical mistakes or inadvertently apply their own biases, or they might interpret the cues from a limited viewpoint. Also, since many people typically run an awareness program, each person\'s definition of easy versus difficult will be different. 2: Reliably target and improve user behavior on an ongoing basis How do you know whether a phishing simulation is effective? When you trust the objectivity of a difficulty scoring system, you can trust that a phishing template is accurately rated as low, medium or high difficulty. This gives context to why a phishing campaign has a low or high click rate, or a low or high reporting rate. A low click rate for a high-difficulty simulation means that your employees are resilient about those cues for spotting a phish. A decrease over time in the click rate for that template shows an improvement in people\'s resilience. Security practitioners have predictable baseline data to help target and change people\'s behavior on an ongoing basis. You can look at who falls for each difficulty level and know that the metrics are a reliable analysis of the user\'s performance. That, in turn, makes you more effective in your efforts to target performance outcomes. In contrast, if you take a subjective approach when you rate the difficulty scoring, the effectiveness of a phishing template could be murky. When people score based on their perception and judgment, the assessment becomes inherently flawed. And when | Threat | ★★ | |
 |
2024-04-08 20:36:41 | ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins (lien direct) | ## Instantané
L'article de Fortiguard Labs Threat Research révèle une distribution récente de Venomrat et d'autres plugins par un acteur de menace via un e-mail de phishing contenant des fichiers de graphiques vectoriels évolutifs malveillants (SVG).
## Description
L'e-mail incite les victimes à cliquer sur une pièce jointe, qui télécharge un fichier zip contenant un fichier batch obstiné avec l'outil BATCLOAK.Par la suite, Scrubcrypt est utilisé pour charger la charge utile finale, Venomrat, tout en maintenant une connexion avec un serveur de commande et de contrôle (C2) pour installer des plugins sur les environnements victimes.Les fichiers de plugin téléchargés à partir du serveur C2 incluent Venomrat version 6, Remcos, Xworm, Nanocore et un voleur conçu pour des portefeuilles cryptographiques spécifiques.
## Les références
[https://www.fortinet.com/blog/thereat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins dedéploie-venomrat-avec-arsenal-de-plugins)
## Snapshot The article from FortiGuard Labs Threat Research uncovers a recent threat actor\'s distribution of VenomRAT and other plugins through a phishing email containing malicious Scalable Vector Graphics (SVG) files. ## Description The email entices victims to click on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool. Subsequently, ScrubCrypt is used to load the final payload, VenomRAT, while maintaining a connection with a command and control (C2) server to install plugins on victims\' environments. The plugin files downloaded from the C2 server include VenomRAT version 6, Remcos, XWorm, NanoCore, and a stealer designed for specific crypto wallets. ## References [https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins](https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins) |
Tool Threat | ★★ | |
 |
2024-04-08 18:47:15 | XZ Utils Supply Chain Attack: Un acteur de menace a passé deux ans pour mettre en œuvre une porte dérobée Linux XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (lien direct) |
Parlez d'une attaque de chaîne d'approvisionnement qui implique XZ Utils, un compresseur de données largement utilisé dans les systèmes Linux et apprenez à protéger de cette menace.
Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat. |
Threat | ★★ | |
 |
2024-04-08 16:59:00 | Attention à \\ 'latrodectus \\' - ce malware pourrait être dans votre boîte de réception Watch Out for \\'Latrodectus\\' - This Malware Could Be In Your Inbox (lien direct) |
Les chasseurs de menaces ont découvert un nouveau malware appelé & nbsp; latrodectus & nbsp; qui a été distribué dans le cadre des campagnes de phishing par e-mail depuis au moins fin novembre 2023.
"Latrodectus est un téléchargeur prometteur avec diverses fonctionnalités d'évasion de bac à sable", chercheurs de Proofpoint et Team Cymru & nbsp; Said & NBSP; dans une analyse conjointe publiée la semaine dernière, l'ajout de \\ conçu pour récupérer
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it\'s designed to retrieve |
Malware Threat | ★★★ | |
|
2024-04-08 16:24:08 | Évolution du paysage des menaces: une plongée profonde dans les attaques multicanaux ciblant les détaillants Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers (lien direct) |
Les acteurs de la menace ne fonctionnent plus dans les silos.Aujourd'hui, ils utilisent plusieurs canaux tels que SMS, e-mail, fausses pages Web et comptes cloud compromis.Ils utilisent ces différents canaux pour établir la persistance et compromettre les identités afin qu'ils puissent augmenter les privilèges et se déplacer latéralement. ProofPoint Research Threat a récemment observé des campagnes dans lesquelles les acteurs de la menace ont utilisé des attaques multicanaux pour cibler l'industrie du commerce de détail.La chaîne d'attaque et la chronologie montrent comment les acteurs de la menace (TA) passent d'une organisation ciblée à l'autre.Chaque fois que leur accès non autorisé est révoqué ou épuisé, les attaquants passent à la prochaine cible. La chaîne d'attaque multicanal qui cible les détaillants mondiaux. Dans nos recherches, ces campagnes commencent par une attaque de smims.Une attaque de smims, également connue sous le nom de phishing SMS, utilise des SMS pour inciter les destinataires à faire ce que l'attaquant veut qu'ils fassent.Cela pourrait fournir leurs informations personnelles ou financières, en cliquant sur des liens malveillants ou en téléchargeant des applications logicielles nocives.Les messages de smirs utilisent des thèmes de billets de support courts pour attirer les victimes des sites de phishing de l'acteur de menace. Exemples de messages de phishing SMS avec des thèmes de billets de support. Dans la campagne que nous avons observée, l'AT a utilisé une page de phishing Microsoft personnalisée qui comprenait la marque de l'organisation ciblée \\.Cette page a conduit les utilisateurs via le flux d'autorisation MFA pour collecter leurs informations d'identification. Exemple de page Microsoft Phish personnalisée avec la marque Target Organisation \\. Une fois que l'AT a capturé les informations d'identification, ils ont compromis les comptes d'utilisateurs.Takever post-compte (ATO), les attaquants ont utilisé plusieurs méthodes pour maintenir un accès persistant et masquer leurs activités non autorisées.Ceux-ci inclus: Manipulation MFA.Les attaquants ont utilisé des comptes détournés pour enregistrer leurs propres méthodes MFA. Inscription de nouveaux appareils via des applications Microsoft natives (telles que l'inscription Intune).Cela a aidé les attaquants à cacher leurs activités non autorisées et à accéder à certaines ressources. Utilisation malveillante du VPN d'entreprise.Le TA a utilisé les produits VPN et ZTNA de la victime et plusieurs de leurs propres clients VPN pour accéder à des ressources telles que les produits de sécurité et les environnements de production. Les attaquants ont eu accès au portail SSO de l'organisation, qui à son tour a donné accès à de nombreux autres services internes et applications tierces (3PA).Les attaquants ont énuméré toutes les applications connectées au PDI et ont tenté de trouver des liens API qu'ils pourraient abuser.Ensuite, ils sont entrés dans une application commerciale spécifique pour créer des cartes-cadeaux contrefaits. Attribution L'acteur de menace de cette attaque est appelé "atlas lion" qui a des zones potentielles de chevauchement avec l'acteur Microsoft Tracks sous le nom de Storm-0539.Cet acteur de menace est «connu pour cibler les organisations de vente au détail pour la fraude et le vol de cartes-cadeaux en utilisant des e-mails et un phishing SMS très sophistiqués pendant la saison des achats des fêtes».Bien que ces attaques ne soient pas originaires de courriels, leur chevauchement dans les TTP (tactiques, techniques et procédures) nous amène à croire que l'ensemble d'activités peut s'aligner sur l'acteur de menace que nous suivons en tant que TA4901.Cet TA cible les sociétés dans les secteurs de télécommunications et de vente au détail depuis au moins 2018. Le pouvoir des idées de bout en bout Ce qui fait que Proofpoint se démarque des autres fournisseurs de sécurité, c'est que nous avons des informations de bout en bout sur | Tool Threat Mobile Cloud | ★★ | |
|
2024-04-08 15:09:15 | Faits saillants hebdomadaires, 8 avril 2024 Weekly OSINT Highlights, 8 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals several key trends emerge in the realm of cybersecurity threats. Firstly, there is a notable diversification and sophistication in attack techniques employed by threat actors, ranging from traditional malware distribution through phishing emails to advanced methods like DLL hijacking and API unhooking for evading detection. Secondly, the threat landscape is characterized by the presence of various actors, including state-sponsored groups like Earth Freybug (a subset of APT41) engaging in cyberespionage and financially motivated attacks, as well as cybercrime actors orchestrating malware campaigns such as Agent Tesla and Rhadamanthys. Thirdly, the targets of these attacks span across different sectors and regions, with organizations in America, Australia, and European countries facing significant threats. Additionally, the emergence of cross-platform malware like DinodasRAT highlights the adaptability of threat actors to target diverse systems, emphasizing the need for robust cybersecurity measures across all platforms. Overall, these trends underscore the dynamic and evolving nature of cyber threats, necessitating continuous vigilance and proactive defense strategies from organizations and cybersecurity professionals. **1. [Latrodectus Loader Malware Overview](https://sip.security.microsoft.com/intel-explorer/articles/b4fe59bf)** Latrodectus is a new downloader malware, distinct from IcedID, designed to download payloads and execute arbitrary commands. It shares characteristics with IcedID, indicating possible common developers. **2. [Earth Freybug Cyberespionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/327771c8)** Earth Freybug, a subset of APT41, engages in cyberespionage and financially motivated attacks since at least 2012. The attack involved sophisticated techniques like DLL hijacking and API unhooking to deploy UNAPIMON, evading detection and enabling malicious commands execution. **3. [Agent Tesla Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/cbdfe243)** Agent Tesla malware targets American and Australian organizations through phishing campaigns aimed at stealing email credentials. Check Point Research identified two connected cybercrime actors behind the operation. **4. [DinodasRAT Linux Version Analysis](https://sip.security.microsoft.com/intel-explorer/articles/57ab8662)** DinodasRAT, associated with the Chinese threat actor LuoYu, is a cross-platform backdoor primarily targeting Linux servers. The latest version introduces advanced evasion capabilities and is installed to gain additional footholds in networks. **5. [Rhadamanthys Information Stealer Malware](https://sip.security.microsoft.com/intel-explorer/articles/bf8b5bc1)** Rhadamanthys utilizes Google Ads tracking to distribute itself, disguising as popular software installers. After installation, it injects into legitimate Windows files for data theft, exploiting users through deceptive ad redirects. **6. [Sophisticated Phishing Email Malware](https://sip.security.microsoft.com/intel-explorer/articles/abfabfa1)** A phishing email campaign employs ZIP file attachments leading to a series of malicious file downloads, culminating in the deployment of PowerShell scripts to gather system information and download further malware. **7. [AceCryptor Cryptors-as-a-Service (CaaS)](https://sip.security.microsoft.com/intel-explorer/articles/e3595388)** AceCryptor is a prevalent cryptor-as-a-service utilized in Rescoms campaigns, particularly in European countries. Threat actors behind these campaigns abuse compromised accounts to send spam emails, aiming to obtain credentials for further attacks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to ge | Ransomware Spam Malware Tool Threat Cloud | APT 41 | ★★★ |
 |
2024-04-08 15:00:00 | Scrubcrypt déploie Venomrat avec un arsenal de plugins ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins (lien direct) |
Fortiguard Labs a découvert un acteur de menace utilisant Scrumcrypt pour répandre le venomrat avec plusieurs rats.Apprendre encore plus.
FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more. |
Threat | ★★ | |
 |
2024-04-08 14:55:35 | Responsable de la sécurité des systèmes d\'information : un poste sous les projecteurs (lien direct) | Dans un environnement où les menaces sont de plus en plus aiguisées et où les surfaces vulnérables aux attaques ne cessent de croitre, la patience des Responsables de la sécurité des systèmes d'information (RSSI) est mise à rude épreuve. | Threat | ★★ | |
 |
2024-04-08 14:12:48 | Comment nous avons construit le nouveau réseau de recherche avec la sécurité des utilisateurs et la confidentialité How we built the new Find My Device network with user security and privacy in mind (lien direct) |
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users.
How location crowdsourcing works on the Find My Device network
The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys.
Find My Device network protections
Let\'s dive into key details of the multi-layered protections for the Find My Device network:
Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it.
Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a |
Vulnerability Threat Mobile | ★★ | |
|
2024-04-08 12:40:33 | Bias de rupture: explorer le rôle de l'UEBA dans la gestion éthique des menaces d'initiés Breaking Bias: Exploring UEBA’s Role in Ethical Insider Threat Management (lien direct) |
Dans DevOps, la conformité garantit que le développement et la livraison des logiciels sont sécurisés et dignes de confiance.Et pour s'assurer que les entreprises respectent les réglementations de conformité, les audits sont effectués par des fournisseurs externes (généralement, mais les entreprises peuvent également avoir des audits internes).La conformité consiste à adhérer aux politiques de sécurité établies, aux exigences réglementaires et aux normes de l'industrie tout au long du cycle de vie du développement.
In DevOps, compliance ensures that software development and delivery are secure and trustworthy. And to ensure companies follow compliance regulations, audits are performed by external vendors (usually, but companies may have internal audits as well). Compliance involves adhering to established security policies, regulatory requirements, and industry standards throughout the development lifecycle. |
Threat | ★★ | |
 |
2024-04-08 11:46:03 | 8 avril & # 8211;Rapport de renseignement sur les menaces 8th April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violations Acuité, un entrepreneur fédéral, ont confirmé un cyber-incident où les pirates ont accédé à ses référentiels GitHub et ont volé divers documents.La violation, liée à l'acteur de menace Intelbroker, a impliqué des données de diverses agences gouvernementales américaines.[& # 8230;]
>For the latest discoveries in cyber research for the week of 8th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Acuity, a federal contractor, confirmed a cyber incident where hackers accessed its GitHub repositories, and stole various documents. The breach, linked to the threat actor IntelBroker, involved data from various U.S. government agencies. […] |
Threat | ★★★ | |
 |
2024-04-08 11:30:59 | Société offrant 30 millions de dollars pour les exploits Android, iOS, navigateur zéro Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits (lien direct) |
> Crowdfense a annoncé un programme d'acquisition d'exploit de 30 millions de dollars couvrant Android, iOS, Chrome et Safari Zero-Days.
>Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. |
Vulnerability Threat Mobile | ★★ | |
|
2024-04-08 10:00:00 | 10 stratégies pour fortifier la sécurité du système SCADA 10 Strategies to Fortify SCADA System Security (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization\'s safety. Late last year, Pennsylvania\'s Municipal Water Authority of Aliquippa (MWAA) fell victim to a sophisticated cyberattack, targeting its SCADA system at a key booster station. This station, crucial for regulating water pressure across Raccoon and Potter townships in Beaver County, experienced a temporary loss of communication, triggering an immediate investigation. Upon closer examination, the technicians discovered a clear indication of a cyberattack: a message declaring, "You have been hacked." This startling discovery led to the swift activation of manual control systems, ensuring that water quality and supply remained unaffected despite the breach. The hacked device operated on a separate network, distinct from the main corporate systems. This separation helped to limit the breach\'s impact and prevented it from affecting other essential parts of the infrastructure. The hackers, identified as being affiliated with an Iranian group, specifically targeted this equipment due to its Israeli-made components. This choice of target was part of a broader strategy, as similar devices are commonly used in water utility stations both in the US and internationally, hinting at the potential for more widespread attacks. The incident drew significant attention from US legislators, who expressed concerns about the vulnerability of the nation\'s critical infrastructure to such cyberattacks. The breach underscored the urgent need for enhanced cybersecurity measures across similar utilities, especially those with limited resources and exposure to international conflicts. Investigations by the Federal Bureau of Investigation and the Pennsylvania State Police were launched to examine the specifics of the attack. The cybersecurity community pointed out that industrial control systems, like the SCADA system breached at MWAA, often have inherent security weaknesses, making them susceptible to such targeted attacks. The following discussion on SCADA defense strategies aims to address these challenges, proposing measures to fortify these vital systems against potential cyberattacks and ensuring the security and reliability of essential public utilities. How to Enhance SCADA System Security? The breach at the MWAA sharply highlights the inherent vulnerabilities in SCADA systems, a crucial component of our critical infrastructure. In the wake of this incident, it\'s imperative to explore robust SCADA defense strategies. These strategies are not mere recommendations but essential steps towards safeguarding our essential public utilities from similar threats. 1. Network Segmentation: This strategy involves creating \'zones\' within the SCADA network, each with its own specific security controls. This could mean separating critical control systems from the rest of the network, or dividing a large system into smaller, more manageable segments. Segmentation often includes implementing demilitarized zones (DMZs) between the corporate and control networks. This reduces the risk of an attacker being able to move laterally across the network and access sensitive areas after breaching a less secure section. 2. Access Control and Authentication: Beyond basic measures, access control in SCADA systems should involve a comprehensive management of user privileges. This could include role-based access controls, where users are granted access rights depending on their job function, and time-based access controls, limiting access to certain times for specific users. Strong authentication methods also | Vulnerability Threat Patching Legislation Industrial | ★★★★ | |
|
2024-04-08 09:00:00 | Hôpital It Helpdesks ciblé par des fraudeurs vocaux, avertit HHS Hospital IT Helpdesks Targeted By Voice Fraudsters, Warns HHS (lien direct) |
Les acteurs de la menace sont le personnel socialement génie des soins de santé informatique pour voler de l'argent, le gouvernement a averti
Threat actors are socially engineering healthcare IT helpdesk staff to steal money, the government has warned |
Threat Medical | ★★ | |
 |
2024-04-08 05:47:42 | Les acteurs de la menace piratent les chaînes YouTube pour distribuer des infostelleurs (Vidar et Lummac2) Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment découvert qu'il y avait un nombre croissant de cas où les acteurs de la menace utilisentYouTube pour distribuer des logiciels malveillants.Les attaquants ne créent pas simplement des canaux YouTube et distribuent des logiciels malveillants - ils volent des canaux bien connus qui existent déjà pour atteindre leur objectif.Dans l'un des cas, le canal ciblé comptait plus de 800 000 abonnés.Les acteurs de la menace qui abusent de YouTube distribuent principalement des infostelleurs.L'infostaler Redline qui a été distribué via YouTube en 2020 aussi ...
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware-they are stealing well-known channels that already exist to achieve their goal. In one of the cases, the targeted channel had more than 800,000 subscribers. The threat actors who abuse YouTube are mainly distributing Infostealers. The RedLine Infostealer that was distributed via YouTube in 2020 as well... |
Malware Hack Threat | ★★★ | |
 |
2024-04-08 03:04:22 | Gone Phishing 2023: Voici les résultats! Gone Phishing 2023: Here Are the Results! (lien direct) |
Le phishing est l'un des dangers de cybersécurité les plus pertinents pour les organisations qui se préoccupent du paysage numérique d'aujourd'hui.Les tendances des menaces vont et viennent, mais le phishing est une méthode éprouvée que les cybercriminels peuvent ajuster et s'adapter à toutes les différentes manières de la communication et de l'évolution de la technologie.Le tournoi de phishing (GPT) de Fortra est un événement de formation annuel, disponible gratuitement dans le monde entier.L'objectif est de fournir aux utilisateurs une simulation de phishing et de mesurer leurs réponses pour comprendre à quel point les participants sont préparés pour empêcher les attaques via une gamme de mesures ...
Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today\'s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology. Fortra\'s Gone Phishing Tournament (GPT) is a yearly training event, available for free all around the world. The goal is to provide users with a phishing simulation and measure their responses to gain an understanding of how prepared participants are to prevent attacks via a range of metrics... |
Threat | ★★★★ | |
 |
2024-04-07 07:57:56 | La règle de Circia proposée stimule la compréhension des cyber-menaces, la détection précoce des campagnes adversaires, propose des actions coordonnées Proposed CIRCIA rule boosts cyber threat understanding, early detection of adversary campaigns, offers coordinated actions (lien direct) |
avec la publication récente d'une règle proposée en vertu du rapport sur les cyber-incidents pour la loi sur les infrastructures critiques de ...
With the recent release of a proposed rule under the Cyber Incident Reporting for Critical Infrastructure Act of... |
Threat | ★★ | |
|
2024-04-06 15:13:00 | Les pirates exploitent le bug magento pour voler les données de paiement des sites Web de commerce électronique Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (lien direct) |
Les acteurs de la menace ont été trouvés exploitant une faille critique à Magento pour injecter une porte dérobée persistante dans les sites Web de commerce électronique.
Les leviers d'attaque et NBSP; CVE-2024-20720 & NBSP; (Score CVSS: 9.1), qui a été décrit par Adobe comme un cas de "neutralisation incorrecte d'éléments spéciaux" qui pourraient ouvrir la voie à l'exécution de code arbitraire.
C'était & nbsp; adressé & nbsp; par la société dans le cadre de
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of |
Threat | ★★ | |
|
2024-04-05 19:38:00 | AI-AS-A-SERVICE Fournisseurs vulnérables aux attaques de PRIVSC et de locataires croisés AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (lien direct) |
De nouvelles recherches ont révélé que l'intelligence artificielle (IA) -as-un-service, comme les étreintes, est sensible à deux risques critiques qui pourraient permettre aux acteurs de menace de dégénérer les privilèges, d'obtenir un accès croisé à d'autres clients \\ ', etPrendre même les pipelines d'intégration continue d'intégration et de déploiement continu (CI / CD).
"Les modèles malveillants représentent un risque majeur pour les systèmes d'IA,
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers\' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems, |
Threat | ★★ | |
|
2024-04-05 14:00:00 | Les acteurs de la menace chinoise déploient de nouveaux TTP pour exploiter les vulnérabilités ivanti Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities (lien direct) |
Mandiant Research Détails comment les groupes d'espionnage chinois déploient de nouveaux outils après l'exploitation des vulnérabilités ivanti récemment corrigées
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities |
Tool Vulnerability Threat | ★★ | |
|
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
 |
2024-04-05 12:50:29 | Gouvernance de la cybersécurité: un chemin vers la cyber-maturité Cybersecurity Governance: A Path To Cyber Maturity (lien direct) |
> Cette semaine en cybersécurité des éditeurs du magazine Cybercrime & # 8211;Lisez l'histoire complète dans TechTarget Sausalito, Californie & # 8211;5 avril 2024 Dans un paysage de menace de plus en plus difficile, de nombreuses organisations ont du mal à développer et à mettre en œuvre une gouvernance efficace de cybersécurité.TechTarget rapporte & # 160; que & # 160; les dommages de la cybercriminalité sont projetés
>This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechTarget Sausalito, Calif. – Apr. 5, 2024 In an increasingly challenging threat landscape, many organizations struggle with developing and implementing effective cybersecurity governance. TechTarget reports that damages from cybercrime are projected |
Threat | ★★ | |
|
2024-04-05 12:45:00 | Les chercheurs identifient plusieurs groupes de pirates en Chine exploitant des défauts de sécurité Ivanti Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (lien direct) |
Plusieurs acteurs de menace en Chine-Nexus ont été liés à l'exploitation zéro-jour de trois défauts de sécurité ayant un impact sur les appareils Ivanti (CVE-2023-46805, CVE-2024-21887 et CVE-2024-21893).
Les clusters sont suivis par Mandiant sous les surnoms & NBSP; UNC5221, UNC5266, UNC5291, & NBSP; UNC5325, UNC5330 et UNC5337.Un autre groupe lié à la série d'exploitation est & nbsp; unc3886.
Le cloud Google
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud |
Vulnerability Threat Cloud | ★★★ | |
|
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 21:12:00 | Les pirates basés au Vietnam volent des données financières à travers l'Asie avec des logiciels malveillants Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (lien direct) |
Un acteur suspecté de menace d'origine vietnamienne a été observé ciblant les victimes dans plusieurs pays d'Asie et d'Asie du Sud-Est, des logiciels malveillants conçus pour récolter des données précieuses depuis au moins mai 2023.
Cisco Talos suit le cluster sous le nom et NBSP; Coralraider, le décrivant comme motivé financièrement.Les cibles de la campagne comprennent l'Inde, la Chine, la Corée du Sud, le Bangladesh, le Pakistan, l'Indonésie,
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia, |
Malware Threat | ★★ | |
 |
2024-04-04 21:00:27 | Le pouvoir des assistants de l'IA et la détection avancée des menaces The Power of AI Assistants and Advanced Threat Detection (lien direct) |
> Explorez les prédictions sur l'IA en cybersécurité et cultivant une culture cyber-consciente.Découvrez l'émergence d'assistants de cybersécurité alimentés par l'IA.
>Explore predictions on AI in cybersecurity and cultivating a cyber-aware culture. Discover the emergence of AI-powered cybersecurity assistants. |
Threat | ★★ | |
 |
2024-04-04 14:12:16 | Une fausse menace de procès expose les sites de phishing privé Fake Lawsuit Threat Exposes Privnote Phishing Sites (lien direct) |
Un CyberCrook qui a créé des sites Web qui imitent le service d'auto-destruction du service de messages Privnote.com a accidentellement exposé l'étendue de leurs opérations récemment lorsqu'ils ont menacé de poursuivre une société de logiciels.La divulgation a révélé un réseau rentable de sites de phishing qui se comportent et ressemblent au véritable privnote, sauf que tous les messages contenant des adresses de crypto-monnaie seront automatiquement modifiés pour inclure une adresse de paiement différente contrôlée par les escrocs.
A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. |
Threat | ★★ | |
 |
2024-04-04 13:19:05 | Choisir une entreprise de test de pénétration pour les environnements basés sur Mac Choosing a Penetration Testing Company for Mac-based Environments (lien direct) |
Threat | ★★ | ||
 |
2024-04-04 11:56:00 | Latrodectus: This Spider Bytes Like Ice (lien direct) | Pour cette recherche, nous nous sommes associés à l'équipe de recherche sur les menaces de Proofpoint \\ dans un effort de collaboration pour fournir un aperçu complet de ...
For this research, we partnered with Proofpoint\'s Threat Research team in a collaborative effort to provide a comprehensive overview of... |
Threat | ★★★★ | |
|
2024-04-04 11:47:34 | Latrodectus: ces octets d'araignée comme la glace Latrodectus: This Spider Bytes Like Ice (lien direct) |
Proofpoint\'s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the threat activity described. Key takeaways Proofpoint first observed new malware named Latrodectus appear in email threat campaigns in late November 2023. While use of Latrodectus decreased in December 2023 through January 2024, Latrodectus use increased in campaigns throughout February and March 2024. It was first observed in Proofpoint data being distributed by threat actor TA577 but has been used by at least one other threat actor, TA578. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. While similar to IcedID, Proofpoint researchers can confirm it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations. While investigating Latrodectus, researchers identified new, unique patterns in campaign IDs designating threat actor use in previous IcedID campaigns. Overview Proofpoint identified a new loader called Latrodectus in November 2023. Researchers have identified nearly a dozen campaigns delivering Latrodectus, beginning in February 2024. The malware is used by actors assessed to be initial access brokers (IABs). Latrodectus is a downloader with the objective of downloading payloads and executing arbitrary commands. While initial analysis suggested Latrodectus was a new variant of IcedID, subsequent analysis confirmed it was a new malware most likely named Latrodectus, based on a string identified in the code. Based on characteristics in the disassembled sample and functionality of the malware, researchers assess the malware was likely written by the same developers as IcedID. This malware was first observed being distributed by TA577, an IAB known as a prolific Qbot distributor prior to the malware\'s disruption in 2023. TA577 used Latrodectus in at least three campaigns in November 2023 before reverting to Pikabot. Since mid-January 2024, researchers observed it being used almost exclusively by TA578 in email threat campaigns. Campaign details TA577 TA577 was only observed using Latrodectus in three campaigns, all occurring in November 2023. Notably, a campaign that occurred on 24 November 2023 deviated from previously observed TA577 campaigns. The actor did not use thread hijacking, but instead used contained a variety of different subjects with URLs in the email body. The URLs led to the download of a JavaScript file. If executed, the JavaScript created and ran several BAT files that leveraged curl to execute a DLL and ran it with the export “scab”. Figure 1: Example TA577 campaign delivering Latrodectus. On 28 November 2023, Proofpoint observed the last TA577 Latrodectus campaign. The campaign began with thread hijacked messages that contained URLs leading to either zipped JavaScript files or zipped ISO files. The zipped JavaScript file used curl to download and execute Latrodectus. The zipped ISO file contained a LNK file used to execute the embedded DLL, Latrodectus. Both attack chains started the malware with the export “nail”. TA578 Since mid-January 2024, Latrodectus has been almost exclusively distributed by TA578. This actor typically uses contact forms to initiate a conversation with a target. In one campaign observed on 15 December 2023, Proofpoint observed TA578 deliver the Latrodectus downloader via a DanaBot infection. This December campaign was the first observed use of TA578 distributing Latrodectus. On 20 February 2024, Proofpoint researchers observed TA578 impersonating various companies to send legal threats about alleged copyright infringement. The actor filled out a contact form on multiple targets\' websites, with text containing unique URLs and included in the URI both the domain of the site that initiated the contact form (the target), and the name of the impersonated company (to further the legitimacy | Ransomware Malware Tool Threat Prediction | ★★★ | |
 |
2024-04-04 10:49:40 | Ransomware Gang a fait voler les résidents \\ 'Données confidentielles, le conseil municipal britannique admet Ransomware gang did steal residents\\' confidential data, UK city council admits (lien direct) |
La rançon Inc apparaît comme une menace croissante, car certains ex-affiliés de Lockbit / AlphV obtiennent de nouveaux concerts Le conseil municipal de Leicester admet enfin que son "cyber-incident" a été effectué par un gang de ransomware et que ces données étaientvolés, des heures après que les criminels ont forcé sa main.…
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.… |
Ransomware Threat | ★★ | |
|
2024-04-04 09:30:00 | Les affirmations de l'acteur de menace ont classé cinq yeux Vol de données Threat Actor Claims Classified Five Eyes Data Theft (lien direct) |
L'acteur de menace Intelbroker prétend que les renseignements classifiés volés au fournisseur de technologies du gouvernement américain acuisent
Threat actor IntelBroker claims to have classified intelligence stolen from US government tech supplier Acuity |
Threat | ★★★★ | |
|
2024-04-04 01:13:01 | Rhadamanthys Malware déguisé en programme d'installation de groupware (détecté par MDS) Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) (lien direct) |
Récemment, Ahnlab Security Intelligence Center (ASEC) a découvert la distribution de Rhadamanthygroupware.L'acteur de menace a créé un faux site Web pour ressembler au site Web d'origine et exposé le site aux utilisateurs en utilisant la fonctionnalité publicitaire dans les moteurs de recherche.Le blog ASEC a précédemment couvert les logiciels malveillants distribués via ces fonctionnalités publicitaires des moteurs de recherche dans l'article intitulé & # 8220; Hé, ce n'est pas le bon site! & # 8221;Distribution des logiciels malveillants exploitant Google ADS Suivi [1].Le malware dans ...
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered malware distributed through such ad features of search engines in the article titled “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking [1]. The malware in... |
Malware Threat | ★★ | |
|
2024-04-03 21:40:00 | Google Warns: Android Zero-Day Flaws in Pixel Phones exploité par des sociétés médico-légales Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (lien direct) |
Google a révélé que deux défauts de sécurité Android ayant un impact sur ses smartphones de pixels ont été exploités dans la nature par des sociétés médico-légales.
Les vulnérabilités de haute sévérité zéro sont les suivantes -
CVE-2024-29745 & NBSP; - un défaut de divulgation d'informations dans le composant de chargeur de démarrage
CVE-2024-29748 & NBSP; - un défaut d'escalade du privilège dans le composant du firmware
"Il y a des indications que le [
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [ |
Vulnerability Threat Mobile | ★★★ | |
 |
2024-04-03 20:40:20 | Comment la Coupe du monde du football en 2022 au Qatar a été presque piratée How Soccer\\'s 2022 World Cup in Qatar Was Nearly Hacked (lien direct) |
Un acteur de menace lié à la Chine avait accès à une base de données de configuration de routeur qui aurait pu perturber complètement la couverture, selon un fournisseur de sécurité.
A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. |
Threat | ★★★★ | |
 |
2024-04-03 20:21:10 | Microsoft ne sait toujours pas comment les pirates ont volé la clé MSA en 2023 Attaque d'échange Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (lien direct) |
Le Cyber Sectean Review Board (CSRB) du Département américain de la sécurité intérieure a publié un rapport cinglant sur la façon dont Microsoft a géré son attaque en ligne échangeuse en 2023, avertissant que la société doit faire mieux pour sécuriser les données et être plus honnête sur la façon dont la menaceLes acteurs ont volé une clé de signature Azure.[...]
The U.S. Department of Homeland Security\'s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. [...] |
Threat | ★★★ | |
 |
2024-04-03 16:36:17 | Le nouveau rapport montre que les liens de phishing et les attachements malveillants sont les principaux points d'entrée des cyberattaques New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks (lien direct) |
Les nouvelles données d'attaque TTP couvrant 2023 mettent en lumière les acteurs de la menace et les actions des utilisateurs qui mettent les organisations les plus à risque.
New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. |
Threat Studies | ★★★ | |
|
2024-04-03 16:30:00 | Rapport du comité d'examen de la cyber-sécurité Slams Microsoft Security Échecs dans la violation par e-mail du gouvernement Cyber Safety Review Board Report Slams Microsoft Security Failures in Government Email Breach (lien direct) |
Un rapport a mis en évidence plusieurs défaillances de sécurité par Microsoft qui ont permis aux acteurs de la menace chinoise d'accéder aux représentants du gouvernement américain \\ 'des comptes de messagerie à l'été 2023
A report has highlighted multiple security failings by Microsoft that allowed Chinese threat actors to access US government officials\' email accounts in the Summer of 2023 |
Threat | ★★ | |
 |
2024-04-03 15:54:22 | Les botnets et les infosteaux IoT ciblent fréquemment le secteur de la vente au détail IoT Botnets and Infostealers Frequently Target Retail Sector (lien direct) |
La nouvelle recherche de NetSkope Threat Labs a révélé que les botnets IoT, les outils d'accès à distance et les infostateurs étaient les principales familles de logiciels malveillants déployés par des attaquants ciblant le secteur de la vente au détail au cours de la dernière année.Les résultats ont été révélés dans un nouveau rapport sur le secteur de la vente au détail.La vente au détail a également subi un changement au cours des 12 derniers mois [& # 8230;] Le post | Malware Tool Threat | ★★ | |
|
2024-04-03 14:55:21 | Le département d'État américain enquête sur un vol présumé de données gouvernementales US State Department investigates alleged theft of government data (lien direct) |
Le département d'État américain enquête sur les allégations d'un cyber-incident après qu'un acteur de menace a divulgué des documents qui auraient volé un entrepreneur du gouvernement.[...]
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...] |
Threat | ★★ | |
 |
2024-04-03 13:54:45 | Benjamin Duchet, HP France : Les technologies doivent évoluer avec des réponses pragmatiques face aux menaces émergentes (lien direct) | Benjamin Duchet, HP France : Les technologies doivent évoluer avec des réponses pragmatiques face aux menaces émergentes. Lors du Forum InCyber, HP a présenté sa suite de solutions HP Wolf Security qui vise à renforcer la sécurité et la résilience des postes de travail et solutions d'impression face aux attaques. - Interviews / INCYBER 2024 | Threat | ★★ | |
 |
2024-04-03 13:00:00 | Genai: La prochaine frontière des menaces de sécurité de l'IA GenAI: The next frontier in AI security threats (lien direct) |
> Les acteurs de la menace ne sont pas encore en train d'attaquer une IA générative (Genai) à grande échelle, mais ces menaces de sécurité de l'IA arrivent.Cette prédiction provient de l'indice de renseignement sur les menaces X 2024.Voici un examen des types de renseignements sur les menaces qui sous-tendent ce rapport.Les cyber-criminels changent la mise au point accrue des bavardages sur les marchés illicites et les forums Web sombres sont un signe [& # 8230;]
>Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report. Cyber criminals are shifting focus Increased chatter in illicit markets and dark web forums is a sign […] |
Threat Prediction | ★★★ | |
|
2024-04-03 10:00:00 | Le rôle des contrôles d'accès dans la prévention des menaces d'initiés The role of access controls in preventing insider threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. If you’ve ever worked in an IT department, you know how easily a single misclick can lead to data breaches and system compromises. Preventive efforts are critical since there’s no reliable way to truly eliminate insider threats. Can robust access controls protect your organization? The impact of insider threats on organizations Insider threats are a prominent danger regardless of the industry you’re in. In fact, 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts. Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver. Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions. Access control mechanisms are crucial for threat mitigation The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems. No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated. If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else. Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact. With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack. Which access control systems should you implement? Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises. A standard system to consid | Tool Threat | ★★★ | |
|
2024-04-03 09:27:23 | 7 conseils pour guider les développeurs dans leurs décisions de sécurité (lien direct) | La cybersécurité est une discipline qui évolue constamment au gré des nouvelles menaces. Certains développeurs trouvent cela fascinant : il convient de dénicher ces talents et de les former en priorité. | Threat | ★★ | |
 |
2024-04-03 07:52:55 | Pas de cybersécurité efficace sans défense en profondeur (lien direct) | >La vulnérabilité des entreprises n'a jamais été aussi importante et toutes les organisations sont désormais exposées aux risques cyber. Ainsi, les structures privées et publiques doivent repenser en profondeur leurs dispositifs existants pour se prémunir au mieux de menaces toujours plus complexes qui pourraient impacter fortement leur SI et compromettre leurs activités. C'est précisément dans […] The post Pas de cybersécurité efficace sans défense en profondeur first appeared on UnderNews. | Threat | ★★★ | |
|
2024-04-03 06:00:40 | Les acteurs de la menace offrent des logiciels malveillants via les fissures du jeu vidéo YouTube Threat Actors Deliver Malware via YouTube Video Game Cracks (lien direct) |
Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading to the download of information stealers. The activity likely targets consumer users who do not have the benefits of enterprise-grade security on their home computers. Overview Threat actors often target home users because they do not have the same resources or knowledge to defend themselves from attackers compared to enterprises. While the financial gain might not be as large as attacks perpetrated on corporations, the individual victims likely still have data like credit cards, cryptocurrency wallets, and other personal identifiable information (PII) stored on their computers which can be lucrative to criminals. Proofpoint Emerging Threats has observed information stealer malware including Vidar, StealC, and Lumma Stealer being delivered via YouTube in the guise of pirated software and video game cracks. The videos purport to show an end user how to do things like download software or upgrade video games for free, but the link in the video descriptions leads to malware. Many of the accounts that are hosting malicious videos appear to be compromised or otherwise acquired from legitimate users, but researchers have also observed likely actor-created and controlled accounts that are active for only a few hours, created exclusively to deliver malware. Third-party researchers have previously published details on fake cracked software videos used to deliver malware. The distribution method is particularly notable due to the type of video games the threat actors appear to promote. Many of them appear to be targeted to younger users including games popular with children, a group that is less likely to be able to identify malicious content and risky online behaviors. During our investigation, Proofpoint Emerging Threats reported over two dozen accounts and videos distributing malware to YouTube, which removed the content. Example account The following is an example of a suspected compromised account (or potentially sold to a new “content creator”) used to deliver malware. Indicators of a suspected compromised or otherwise acquired account include significant gaps of time between the videos posted, content that vastly differs from previously published videos, differences in languages, and descriptions of the videos containing likely malicious links, among other indicators. The account has around 113,000 subscribers, and the account displays a grey check mark which indicates the account owner has met verified channel requirements including verifying their identity. Example of a verified YouTube account with a large following, suspected to be compromised. When Proofpoint researchers identified the account, the majority of the account\'s videos had been posted one year or more previously, and all had titles written in Thai. However, when the account was identified, twelve (12) new English language videos had been posted within a 24-hour period, all related to popular video games and software cracks. All of the new video descriptions included links to malicious content. Some of the videos had over 1,000 views, possibly artificially increased by bots to make the videos seem more legitimate. Screenshot of a suspected compromised YouTube account distributing malware comparing upload dates. In one example, a video purported to contain a character enhancement for a popular video game with a MediaFire link in the description. The MediaFire URL led to a password-protected file (Setup_Pswrd_1234.rar) containing an executable (Setup.exe) that, if executed, downloaded and installed Vidar Stealer malware. The video was uploaded to the suspected compromised account seven (7) hours prior to our investigation. Around the same time the video was posted, several comments purported to attest to the legitimacy of the software crack. It is likely those accounts and comments were created by the video | Malware Tool Threat | ★★★ | |
|
2024-04-02 23:05:39 | L'acteur de menace lié à la Chine Taps \\ 'Peculiar \\' malware pour échapper à la détection China-Linked Threat Actor Taps \\'Peculiar\\' Malware to Evade Detection (lien direct) |
Unapimon fonctionne en désactivant méticuleusement les crochets dans les API Windows pour détecter les processus malveillants.
UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes. |
Malware Threat | ★★ |
To see everything:
Our RSS (filtrered)
