What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-18 14:06:53 | L'APT russe connu pour les attaques de phishing développe également des logiciels malveillants, prévient Google Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns (lien direct) |
> Le groupe de menaces russes Colriver a développé SPICA, un malware qui lui permet de compromettre les systèmes et de voler des informations.
>Russian threat group ColdRiver has developed Spica, a malware that enables it to compromise systems and steal information. |
Malware Threat | ★★★ | |
 |
2024-01-18 14:00:11 | Google Tag: Kremlin Cyber Spies se déplace dans les logiciels malveillants avec une porte dérobée personnalisée Google TAG: Kremlin cyber spies move into malware with a custom backdoor (lien direct) |
Les menaces que les chasseurs croient que Coldriver utilise SPICA depuis au moins novembre 2022 Les cyberespaces russes liées au Federal Security Service (FSB) du Kremlin \\ passent au-delà de leurs bouffonneries de phishing et ont développé et développées habituelles et ont développé et développéUne porte dérobée personnalisée qu'ils ont commencé à livrer par e-mail dès le novembre 2022, selon le groupe d'analyse des menaces de Google.…
The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Russian cyberspies linked to the Kremlin\'s Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google\'s Threat Analysis Group.… |
Malware Threat | ★★ | |
 |
2024-01-18 11:00:00 | Quatre tendances de cybersécurité que vous devriez connaître pour 2024 Four cybersecurity trends you should know for 2024 (lien direct) |
This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur | Tool Threat Prediction | ★★★ | |
 |
2024-01-18 09:46:00 | Les pirates iraniens se masquent en tant que journalistes pour espionner les experts de la guerre Israel-Hamas Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts (lien direct) |
Des individus de haut niveau travaillant sur les affaires du Moyen-Orient dans les universités et les organisations de recherche en Belgique, en France, Gaza, Israël, au Royaume-Uni et aux États-Unis ont été ciblées par un groupe de cyber-espionnage iranien appelé & nbsp; Mind Sandstorm & nbsp; depuis novembre 2023.
L'acteur de menace "a utilisé des leurres de phishing sur mesure pour tenter d'ingénierie socialement des cibles dans le téléchargement de fichiers malveillants", le
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mind Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the |
Threat | ★★ | |
 |
2024-01-18 09:30:00 | NCSC construit une nouvelle communauté de suivi des menaces «Cyber League» NCSC Builds New “Cyber League” Threat Tracking Community (lien direct) |
Le National Cyber Security Center du Royaume-Uni a lancé une cyber ligue pour surveiller les cyber-menaces émergentes
The UK\'s National Cyber Security Centre has launched a Cyber League to monitor emerging cyber-threats |
Threat | ★★ | |
 |
2024-01-18 08:00:31 | Le FBI et la CISA émettent des conseils sur AndroxGH0st malware et botnet menace pour les réseaux FBI and CISA issue advisory on Androxgh0st malware and botnet threat to networks (lien direct) |
> Le Federal Bureau of Investigation (FBI) et la Cybersecurity and Infrastructure Security Agency (CISA) ont publié mardi un ...
>The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published Tuesday a... |
Malware Threat | ★★ | |
 |
2024-01-18 07:10:53 | MIMO COINMINER ET MIMUS RANSOMWALIES installées via des attaques de vulnérabilité Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités àinstaller des logiciels malveillants.MIMO, également surnommé HEZB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022. Jusqu'à présent, tous les cas d'attaque impliquaient l'installation de XMRIG Coinmin, appelé MIMO Miner Bot dans l'étape finale.Cependant, il y avait d'autres cas pertinents où le même acteur de menace a installé Mimus Ransomware, Proxyware et Reverse Shell ...
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the installation of XMRig CoinMiner called Mimo Miner Bot in the final stage. However, there were other pertinent cases where the same threat actor installed Mimus ransomware, proxyware, and reverse shell... |
Ransomware Malware Vulnerability Threat | ★★★ | |
 |
2024-01-18 05:00:52 | Mémoire de sécurité: TA866 revient avec une grande campagne de messagerie Security Brief: TA866 Returns with a Large Email Campaign (lien direct) |
What happened Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_[10 digits].pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset. Screenshot of an email with an attached PDF. If the user clicked on the OneDrive URL inside the PDF, they were: Served a JavaScript file hosted on OneDrive. The JavaScript, if run by the user, downloaded and ran an MSI file. The MSI file executed an embedded WasabiSeed VBS script. The WasabiSeed VBS script then downloaded and executed a second MSI file as well as continued polling for additional payloads in a loop. The additional payloads are currently unknown. Finally, the second MSI file contained components of the Screenshotter screenshot utility which took a screenshot of the desktop and sent it the C2. Attack chain summary: Email > PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.) One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body. Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability). Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”. Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server. Attribution There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers. Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated. Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors. Why it matters The following are notable characteristics of TA866\'s return to email threat data: TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile | Spam Malware Tool Threat | ★★ | |
 |
2024-01-18 00:00:00 | Protéger la sécurité de votre réseau contre la menace Ivanti Zero-Day Protecting Your Network Security from Ivanti Zero-Day Threat (lien direct) |
La vulnérabilité négligée avec des impacts réels
The overlooked vulnerability with real impacts |
Vulnerability Threat | ★★ | |
 |
2024-01-17 21:58:17 | Avant de pointe: cibles suspectées APT Ivanti Connect Secure VPN dans une nouvelle exploitation zéro-jour |Mandiant Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation | Mandiant (lien direct) |
#### Description
Le 10 janvier 2024, Ivanti a révélé deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887, impactant Ivanti Connect Secure VPN («CS», anciennement Secure Secure) et Ivanti Policy Secure («PS»).Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités à l'état sauvage dès décembre 2023 par un acteur présumé de menace d'espionnage, actuellement suivi de l'UNC5221.
Mandiant partage les détails de cinq familles de logiciels malveillants associés à l'exploitation des appareils CS et PS.Ces familles permettent aux acteurs de la menace de contourner l'authentification et de fournir un accès de porte dérobée à ces appareils.
#### URL de référence (s)
1. https://www.mandiant.com/resourceS / Blog / suspecté-APT-Targets-Ivanti-Zero-Day
#### Date de publication
17 janvier 2024
#### Auteurs)
Tyler McLellan
John Wolfram
Gabby Rconcone
Matt Lin
Robert Wallace
Dimiter Andonov
#### Description On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities in the wild beginning as early as December 2023 by a suspected espionage threat actor, currently being tracked as UNC5221. Mandiant is sharing details of five malware families associated with the exploitation of CS and PS devices. These families allow the threat actors to circumvent authentication and provide backdoor access to these devices. #### Reference URL(s) 1. https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day #### Publication Date January 17, 2024 #### Author(s) Tyler Mclellan John Wolfram Gabby Roncone Matt Lin Robert Wallace Dimiter Andonov |
Malware Vulnerability Threat | ★★★★ | |
 |
2024-01-17 21:15:00 | Google Chrome Zero-Day Bug attaqué, permet l'injection de code Google Chrome Zero-Day Bug Under Attack, Allows Code Injection (lien direct) |
Le premier bogue chromé zéro de 2024 ajoute à une liste croissante de vulnérabilités activement exploitées trouvées dans le chrome et d'autres technologies de navigateur.
The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies. |
Vulnerability Threat | ★★★ | |
|
2024-01-17 21:00:08 | Anneaux de voleur atomique dans la nouvelle année avec une version mise à jour Atomic Stealer Rings in the New Year with Updated Version (lien direct) |
#### Description
Les utilisateurs de Mac doivent être conscients d'une campagne de distribution active via des publicités malveillantes fournissant un voleur atomique.La dernière itération du malware a ajouté le chiffrement et l'obscurcissement de son code.Le malware a été distribué via des campagnes de malvertisation et des sites compromis.En janvier 2024, une campagne de malvertising a été identifiée à l'aide de publicités Google Search pour attirer les victimes via un site Web de leurre imitant Slack.Les acteurs de la menace tirent parti des modèles de suivi pour filtrer le trafic et l'ouvrir à travers quelques redirectes avant de charger la page de destination.Le fichier DMG malveillant contient des instructions pour les utilisateurs pour ouvrir le fichier ainsi qu'une fenêtre de boîte de dialogue leur demandant de saisir le mot de passe de leur système.Cela permettra au voleur atomique de collecter des mots de passe et d'autres fichiers sensibles qui sont généralement liés à l'accès.Les voleurs continuent d'être une menace supérieure pour les utilisateurs de Mac, et il est important de télécharger des logiciels à partir de sites de confiance.
#### URL de référence (s)
1. https://www.malwarebytes.com/blog/thereat-intelligence/2024/01/atomic-staleer-rings-in-the-new-year-with-updated-version
#### Date de publication
10 janvier 2024
#### Auteurs)
MalwareBytes Mende Intelligence Team
J & eacute; r & ocirc; moi segura
#### Description Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware added encryption and obfuscation of its code. he malware was distributed via malvertising campaigns and compromised sites. In January 2024, a malvertising campaign was identified using Google search ads to lure victims via a decoy website impersonating Slack. The threat actors are leveraging tracking templates to filter traffic and route it through a few redirects before loading the landing page. The malicious DMG file contains instructions for users to open the file as well as a dialog window asking them to enter their system password. This will allow Atomic Stealer to collect passwords and other sensitive files that are typically access-restricted. Stealers continue to be a top threat for Mac users, and it is important to download software from trusted locations. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version #### Publication Date January 10, 2024 #### Author(s) Malwarebytes Threat Intelligence Team Jérôme Segura |
Malware Threat | ★★★ | |
 |
2024-01-17 20:30:00 | Microsoft: des pirates iraniens ciblant les experts \\ 'de haut niveau \\' sur le Moyen-Orient Microsoft: Iranian hackers targeting \\'high-profile\\' experts on Middle East (lien direct) |
Les experts «de haut niveau» travaillant sur les affaires du Moyen-Orient dans les universités et les organisations de recherche en Belgique, en France, Gaza, Israël, le Royaume-Uni et les États-Unis ont été ciblées par des pirates prétendument liés au gouvernement iranien, selon un nouveau rapport de Microsoft.Dans un article de blog, l'équipe de renseignement des menaces de Microsoft a déclaré que depuis novembre, un sous-ensemble de
“High-profile” experts working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K. and the U.S. have been targeted by hackers allegedly connected to the Iranian government, according to a new report from Microsoft. In a blog post, Microsoft\'s Threat Intelligence team said that since November a subset of |
Threat | ★★★ | |
|
2024-01-17 19:21:00 | La faille de terminal PAX POS pourrait permettre aux attaquants de falsifier les transactions PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions (lien direct) |
Les terminaux de point de vente (POS) de la technologie PAX sont touchés par une collection de vulnérabilités de haute sévérité qui peuvent être armées par les acteurs de la menace pour exécuter du code arbitraire.
L'équipe STM Cyber R & amp; D, qui a inversé les appareils basés sur Android fabriqués par l'entreprise chinoise en raison de leur déploiement rapide en Pologne, a déclaré qu'il avait déniché une demi-douzaine de défauts qui permettaient
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for |
Vulnerability Threat | ★★★ | |
|
2024-01-17 17:45:00 | Le FBI et la CISA mettent en garde contre la menace de sécurité nationale posée par les drones chinois FBI and CISA warn of national security threat posed by Chinese drones (lien direct) |
L'Agence du FBI et de la cybersécurité et de la sécurité des infrastructures (CISA) a averti mercredi que les drones de fabrication chinoise présentent un «risque important» pour les infrastructures critiques américaines et ont fourni de nouvelles conseils sur la façon dont les entités peuvent mieux protéger les réseaux contre leur utilisation malveillante.Le Guidance publique souligne que la loi chinoise donne désormais à son gouvernement «une étendue légale élargie légale«motifs »pour accéder aux données détenues
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that Chinese-made drones pose a “significant risk” to U.S. critical infrastructure and provided new guidance on how entities can better protect networks from their malicious use. The public guidance highlights that Chinese law now gives its government “expanded legal grounds” for accessing data held |
Threat | ★★★ | |
|
2024-01-17 16:44:00 | Feds met en garde contre AndroxGH0st Botnet ciblant les titres de compétences AWS, Azure et Office 365 Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) et le Federal Bureau of Investigation (FBI) & nbsp; averti & nbsp; que les acteurs de menace déploient le & nbsp; AndroxGH0st & nbsp; malware créent un botnet pour "l'identification et l'exploitation des victimes dans les réseaux cibles".
Un malware basé sur Python, & nbsp; AndroxGH0st & nbsp; a été documenté pour la première fois par Lacework en décembre 2022, avec le malware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the malware |
Malware Threat | ★★★★ | |
 |
2024-01-17 16:15:18 | Vulnérabilités zéro-jour dans Citrix Netscaler ADC et Gateway & Google Chrome: CVE-2023-6548, CVE-2023-6549 et CVE-2024-0519 Zero-Day Vulnerabilities in Citrix Netscaler ADC and Gateway & Google Chrome: CVE-2023-6548, CVE-2023-6549, and CVE-2024-0519 (lien direct) |
Citrix a récemment émis un avertissement à ses clients, leur conseillant de patcher NetScaler ADC ...
Citrix has recently issued a warning to its customers, advising them to patch Netscaler ADC... |
Vulnerability Threat | ★★★ | |
|
2024-01-17 15:30:00 | Indian Air Force potentiellement ciblée avec des logiciels malveillants voleurs d'informations Indian Air Force potentially targeted with info-stealing malware (lien direct) |
Les chercheurs ont découvert une nouvelle campagne d'espionnage ciblant potentiellement l'Indian Air Force avec des logiciels malveillants de voleur d'informations.L'acteur de menace non identifié a envoyé des e-mails de phishing à ses cibles avec un lien vers un fichier .zip malveillant contenant soi-disant des données sur les avions de chasse Su-30.Inde approuvé L'approvisionnement de ces jets l'année dernière pour renforcer sa défense en cours
Researchers have uncovered a new espionage campaign potentially targeting the Indian Air Force with information-stealing malware. The unidentified threat actor sent phishing emails to its targets with a link to a malicious .zip file supposedly containing data about Su-30 fighter jets. India approved the procurement of these jets last year to bolster its ongoing defense |
Malware Threat | ★★ | |
|
2024-01-17 15:00:00 | Force en nombre: le cas de la cybersécurité de tout l'État Strength in Numbers: The Case for Whole-of-State Cybersecurity (lien direct) |
La cybersécurité WOS crée un front uni pour que les gouvernements se défendent contre les acteurs de la menace, durcissent les postures de sécurité et protégeaient les électeurs qui dépendent des services.
WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services. |
Threat | ★★ | |
 |
2024-01-17 13:19:21 | Selon l\'édition 2024 du Veeam Data Protection Trends Report, les cyberattaques sont la première cause d\'interruption d\'activité (lien direct) | Selon l'édition 2024 du Veeam Data Protection Trends Report, les cyberattaques sont la première cause d'interruption d'activité Cette nouvelle enquête révèle que 92 % des entreprises prévoient d'augmenter leurs dépenses de protection des données en 2024, afin de renforcer leur cyberrésilience face aux menaces continues de ransomwares et de cyberattaques. - Investigations | Threat | ★★★ | |
 |
2024-01-17 11:13:16 | Protection des applications web : retour d\'expérience de Sarpi Veolia (lien direct) | La sécurité des applications est aujourd'hui un grand défi pour les entreprises alors que les applications web sont devenues un des principaux vecteurs de menaces.... | Threat | ★★★ | |
|
2024-01-17 11:05:00 | Le gouvernement américain exhorte l'action à atténuer la menace de malware AndroxGH0st US Government Urges Action to Mitigate Androxgh0st Malware Threat (lien direct) |
Un avis du FBI et de la CISA indique que les acteurs de la menace déploient le logiciel malveillant AndroxGH 0st pour l'identification et l'exploitation des victimes dans les réseaux cibles
An advisory from the FBI and CISA says threat actors are deploying the Androxgh0st malware for victim identification and exploitation in target networks |
Malware Threat | ★★ | |
|
2024-01-17 11:00:00 | Opérations de cybersécurité en 2024: le SOC du futur Cybersecurity operations in 2024: The SOC of the future (lien direct) |
This is part two of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Part one: Unusual, thought-provoking predictions for cybersecurity in 2024 Part three: Four cybersecurity trends you should know for 2024 With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so. The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation. The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address: Edge computing Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes. Edge computing is a sea-change in the world of computing. As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases. Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood. In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints. Application security Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works. With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm. While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity. In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are | Threat | ★★★ | |
|
2024-01-17 09:44:00 | Citrix, VMware et Atlassian Hit avec des défauts critiques - patch dès que possible! Citrix, VMware, and Atlassian Hit with Critical Flaws - Patch ASAP! (lien direct) |
Citrix avertit deux vulnérabilités de sécurité zéro-jour dans NetScaler ADC (anciennement Citrix ADC) et NetScaler Gateway (anciennement Citrix Gateway) qui sont activement exploitées dans la nature.
Les défauts sont répertoriés ci-dessous -
CVE-2023-6548 (score CVSS: 5.5) - Exécution de code distant authentifié (faible privilégié) sur l'interface de gestion (nécessite un accès au NSIP, au clip ou au snip avec la gestion
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management |
Vulnerability Threat | ★★★ | |
 |
2024-01-17 08:00:06 | 2023 en revue: c'est un enveloppe! 2023 In Review: It\\'s a Wrap! (lien direct) |
2023 a vu de larges changements dans le paysage des menaces et comment les équipes SOC détectent et atténuent les menaces.Securonix a vu des besoins de données accrus, la montée de l'IA générative et l'automatisation intégrée comme principales tendances en 2023.
2023 saw broad changes to the threat landscape and how SOC teams detect and mitigate threats. Securonix saw increased data needs, the rise of generative AI and integrated automation as top trends in 2023. |
Threat | ★★★ | |
|
2024-01-17 07:50:00 | Alerte zéro-jour: mettez à jour Chrome maintenant pour réparer la nouvelle vulnérabilité activement exploitée Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (lien direct) |
Google a publié mardi des mises à jour pour résoudre quatre problèmes de sécurité dans son navigateur Chrome, y compris une faille zéro jour exploitée activement.
Le problème, suivi comme CVE-2024-0519, concerne un accès à la mémoire hors limites dans le moteur V8 Javascript et WebAssembly, qui peut être armé par les acteurs de la menace pour déclencher un accident.
"En lisant la mémoire hors limites, un attaquant pourrait être en mesure d'obtenir des valeurs secrètes,
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values, |
Vulnerability Threat | ★★ | |
|
2024-01-17 06:00:02 | Comment mettre en place un programme de gestion des menaces d'initié et de prévention des pertes de données How to Set Up an Insider Threat Management and Data Loss Prevention Program (lien direct) |
This blog post is adapted from our e-book, Getting Started with DLP and ITM. The last few years have brought unprecedented change. An increasingly distributed workforce, access to more data through more channels and a shift to the cloud have transformed the nature of work. These trends have made protecting sensitive data more complicated and demanding. What\'s clear is that organizations are struggling to rise to the challenge. Between 2020 and 2022, insider threats increased by a staggering 44%. And the costs of addressing them increased 34%-from $11.45 million to $15.38 million. This upswing mainly comes down to two factors. For starters, most security teams have little visibility into people-caused data loss and insider-led security incidents. And few have the tools or resources to handle it. That\'s why Gartner sees platforms for data loss prevention and insider threat management (DLP and ITM) increasingly converging. Businesses need tools and processes that give them holistic, contextualized insights that take user behavior into account. It\'s no longer enough to focus on data-and where it\'s moving. To prevent data loss, industry leaders need to take a people-centric approach that expands beyond traditional drivers like compliance. In this blog post, we\'ll explore some basics for designing an ITM and DLP program. This can help you approach information protection in a way that\'s built for how modern organizations work. Why information protection is so challenging Risks are everywhere in today\'s complex landscape. Here are a few changes making it difficult for companies to protect their data. More data is open to exposure and theft. As businesses go digital, more data is being generated than ever before. According to IDC\'s Worldwide Global DataSphere Forecast, the total amount of data generated data will double from 2022 to 2026. That means malicious insiders will have more access to more sensitive data through more channels. It will also be easier for careless users to expose data inadvertently. Plus, any security gap between channels, any misconfiguration or any accidental sharing of files can give external attackers more opportunities to steal data. New data types are hard to detect. Data isn\'t just growing in volume. It\'s also becoming more diverse, which makes it harder to detect and control. With traditional DLP program tools, data typically fits within very tightly defined data patterns (such as payment card number). But even then, it generates too many false positives. Now, key business data is more diverse and can be graphical, tabular or even source code. The network security perimeter no longer exists. With more employees and contractors working remotely, the security perimeter has shifted from brick and mortar to one based on people. Add to the mix bring-your-own-device (BYOD) practices, where the personal and professional tend to get blurred, and security teams have even more risks to contend with. In a survey for the 2023 State of the Phish report from Proofpoint, 72% of respondents said they use one or more of their personal devices for work. Employee churn is high. Tech industry layoffs in 2022 and 2023 have seen many employees leaving and joining businesses at a rapid rate. The result is greater risk of data exfiltration, infiltration and sabotage. Security leaders know it, too-39% of chief information security officers rated improving information protection as the top priority over the next two years. Security talent is in short supply. A lack of talent has left many security teams under-resourced. And the situation is likely to get worse. In 2023, the cybersecurity workforce gap hit an all-time high-there are 4 million more jobs than there are skilled workers. DLP vs. ITM What\'s the difference between DLP and ITM? Both DLP and ITM work to prevent data loss. But they achieve it in different ways. DLP tracks data movement and exfiltration DLP monitors file activity and scans content to see whether users are handling sen | Tool Threat Cloud Technical | ★★ | |
 |
2024-01-17 02:22:22 | Le rapport mondial de la cybercriminalité 2023: un regard sur les principaux plats à retenir The 2023 Global Cybercrime Report: A look at the key takeaways (lien direct) |
À l'ère numérique d'abord, Internet n'est pas simplement un luxe;C'est une partie fondamentale de notre vie quotidienne.De la croissance des entreprises aux connexions personnelles, son impact est profond.Cependant, cette interconnexion a un prix: la hausse de la cybercriminalité.En explorant le rapport mondial de la cybercriminalité en 2023, nous découvrons quels pays sont confrontés au risque le plus élevé et comment ce problème omniprésent nous affecte tous, peu importe d'où nous nous connectons.Comprendre la cybercriminalité La cybercriminalité couvre un large éventail d'activités illicites et est devenu une menace mondiale omniprésente.Avec notre dépendance croissante sur le ...
In the digital-first era, the internet is not simply a luxury; it\'s a fundamental part of our daily lives. From business growth to personal connections, its impact is profound. However, this interconnectedness comes with a price: the rise of cybercrime. Exploring the 2023 Global Cybercrime Report , we uncover which countries face the highest risk and how this pervasive issue affects us all, no matter where we connect from. Understanding Cybercrime Cybercrime covers a broad spectrum of illicit activities and has evolved into a pervasive global threat. With our increasing reliance on the... |
Threat | ★★★★ | |
|
2024-01-16 22:00:00 | AndroxGH0st malware hackers créant de grands botnets, CISA et FBI avertissent Androxgh0st malware hackers creating large botnet, CISA and FBI warn (lien direct) |
Les pirates derrière les logiciels malveillants AndroxGH0st créent un puissant botnet, ont averti mardi des agences de cybersécurité américaines.Mardi, le FBI et la Cybersecurity and Infrastructure Security Agency (CISA) libéréUn avis conjoint sur les logiciels malveillants, affirmant que plusieurs enquêtes en cours leur ont permis d'évaluer les tactiques utilisées par les acteurs de la menace qui le déploient.Le malware
The hackers behind the Androxgh0st malware are creating a powerful botnet, U.S. cybersecurity agencies warned on Tuesday. On Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on the malware, saying multiple ongoing investigations have allowed them to assess the tactics used by the threat actors deploying it. The malware |
Malware Threat | ★★ | |
|
2024-01-16 21:25:00 | Les exploits d'Ivanti Zero-Day montent en flèche dans le monde;Pas encore de correctifs Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet (lien direct) |
Quiconque n'a pas atténué deux bogues de sécurité zéro-jour dans les VPN Ivanti peut déjà être compromis par un acteur chinois de l'État-nation.
Anyone who hasn\'t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. |
Vulnerability Threat | ★★ | |
|
2024-01-16 19:03:00 | Ivanti Spots \\ 'augmentation nette \\' dans le ciblage de VPN en tant que analystes trouvent 1 700 appareils exploités Ivanti spots \\'sharp increase\\' in targeting of VPN as analysts find 1,700 devices exploited (lien direct) |
Ivanti a déclaré qu'il voyait un pic dans des pirates ciblant deux vulnérabilités récemment divulguées dans son produit VPN Connect Secure, car les chercheurs en cybersécurité ont également dimensionné l'étendue des dégâts.Depuis émettre un avis la semaine dernière : «Nous avons constaté une forte augmentation de l'activité des acteurs et des analyses des chercheurs en sécurité des acteurs de la menace et des chercheurs en sécurité”Concernant les bogues, un
Ivanti said it is seeing a spike in hackers targeting two recently disclosed vulnerabilities in its Connect Secure VPN product, as cybersecurity researchers also sized up the extent of the damage. Since issuing an advisory last week, “we have seen a sharp increase in threat actor activity and security researcher scans” concerning the bugs, an |
Vulnerability Threat | ★★★★ | |
|
2024-01-16 17:08:29 | Ivanti VPN Flaws Zero-Day Flaws Cyber Attacks répandus Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks (lien direct) |
> Par deeba ahmed
Un autre jour, un autre défaut zéro-jour rendant le monde de la cybersécurité fou.
Ceci est un article de HackRead.com Lire le post original: Ivanti VPN Flaws Zero-Day Flaws Cyber Attacks Adpread
>By Deeba Ahmed Another day, another zero-day flaw driving the cybersecurity world crazy. This is a post from HackRead.com Read the original post: Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks |
Vulnerability Threat | ★★★ | |
|
2024-01-16 16:43:00 | 178K + pare-feu Sonicwall vulnérable aux dossiers DOS, RCE 178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks (lien direct) |
Deux défauts découverts d'un an d'intervalle sont ostensiblement les mêmes avec des chemins d'exploitation légèrement différents, exposant les réseaux d'entreprise aux risques et à l'intrusion potentielle.
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion. |
Threat | ★★ | |
|
2024-01-16 15:00:06 | Les exploits à jour zéro ivanti explosent alors que la multitude d'attaquants se présentent sur l'acte Ivanti zero-day exploits explode as bevy of attackers get in on the act (lien direct) |
Les clients sont toujours sans correctifs et l'atténuation ne fait que jusqu'à présent qu'il y ait une "chance raisonnable" que les utilisateurs VPN Secure (ICS) Ivanti Connect sont déjà compromis s'ils n'appliquent pas la vulnérabilitéMitigation publiée la semaine dernière, disent les experts.… | Vulnerability Threat | ★★★ | |
 |
2024-01-16 14:33:29 | NetSkope Protection en temps réel et résultats de test AV Netskope Real-time Threat Protection and AV-TEST Results (lien direct) |
> Netskope continue de faire progresser les capacités de protection des menaces en ligne et a amélioré sa détection et son blocage des logiciels malveillants et des attaques de phishing tout en abaissant et en améliorant son taux de faux positifs dans le dernier rapport AV-Test.Dans toutes les parties des tests, NetSkope s'est amélioré.Aujourd'hui, plus de la moitié du trafic de sortie des utilisateurs implique des applications et des services cloud [& # 8230;]
>Netskope continues to advance inline threat protection capabilities and has improved its detection and blocking of malware and phishing attacks while also lowering and improving its false positive rate in the latest AV-TEST Report. In every part of the testing, Netskope improved. Today more than half of user egress traffic involves applications and cloud services […] |
Malware Threat Cloud | ★★★ | |
|
2024-01-16 12:43:00 | Les pirates d'armement des fenêtres pour déployer le voleur de phédrone crypto-siphonnant Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer (lien direct) |
Les acteurs de la menace ont été observés en tirant parti d'une faille de sécurité maintenant paires dans Microsoft Windows pour déployer un voleur d'informations open source appelé & nbsp; Phemedrone Stealer.
«Phemedrone cible les navigateurs Web et les données des portefeuilles de crypto-monnaie et des applications de messagerie telles que Telegram, Steam et Discord», a déclaré Simon Zuckerbraun & Nbsp;
"Ça aussi
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also |
Threat Prediction | ★★★ | |
 |
2024-01-16 12:34:28 | FBI: AndroxGH0st malware botnet vole AWS, Microsoft FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials (lien direct) |
La CISA et le FBI ont averti aujourd'hui que les acteurs de la menace utilisant des logiciels malveillants AndroxGH construisent un botnet axé sur le vol d'identification cloud et utilisent les informations volées pour fournir des charges utiles malveillantes supplémentaires.[...]
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...] |
Malware Threat Cloud | ★★★ | |
|
2024-01-16 10:19:46 | LogPoint a annoncé la sortie de LogPoint Business-Critical Security Logpoint has announced the release of Logpoint Business-Critical Security (lien direct) |
LogPoint augmente la solution BCS avec les capacités de sécurité du cloud
Le nouveau BCS de LogPoint \\ pour SAP BTP offre des capacités de sécurité cloud pour aider les organisations à gérer la surveillance et la détection des menaces dans SAP Business Technology Platform (BTP)
-
revues de produits
Logpoint boosts BCS solution with cloud security capabilities Logpoint\'s new BCS for SAP BTP offers cloud security capabilities to help organisations manage monitoring and threat detection in SAP Business Technology Platform (BTP) - Product Reviews |
Threat Cloud Commercial | ★★ | |
|
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Malware Tool Threat Cloud | ★★ | |
|
2024-01-16 08:00:29 | Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix (lien direct) |
Securonix Threat Research Knowleas Shart Series: sur la détection d'attaques réelles impliquant des comportements RMM utilisant Securonix
Securonix Threat Research Knowledge Sharing Series: On Detecting Real-world Attacks Involving RMM Behaviors Using Securonix |
Threat | ★★★ | |
 |
2024-01-15 23:35:41 | Ivanti Connect Secure VPN Exploitation devient global Ivanti Connect Secure VPN Exploitation Goes Global (lien direct) |
> Important: si votre organisation utilise Ivanti Connect Secure VPN et que vous n'avez pas appliqué l'atténuation, alors faites-le immédiatement!Les organisations doivent immédiatement examiner les résultats de l'outil de vérification d'intégrité intégré pour les entrées de journal indiquant des fichiers incompatibles ou nouveaux.À partir de la version 9.12, Ivanti a commencé à fournir un outil de vérificateur d'intégrité intégré qui peut être exécuté en tant que numérisation périodique ou planifiée.La volexité a observé qu'il a réussi à détecter les compromis décrits dans ce poste dans les organisations touchées.La semaine dernière, Ivanti a également publié une version mise à jour de l'outil de damier d'intégrité externe qui peut être utilisé pour vérifier et vérifier les systèmes.Le 10 janvier 2024, la volexité a partagé publiquement les détails des attaques ciblées par UTA00178 exploitant deux vulnérabilités de deux jours zéro (CVE-2024-21887 et CVE-2023-46805) dans les appareils VPN Ivanti Secure (ICS).Le même jour, Ivanti a publié une atténuation qui pourrait être appliquée aux appareils VPN ICS pour empêcher l'exploitation de ces [& # 8230;]
>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […] |
Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-01-15 13:34:55 | Prédateurs numériques de 2023: exposer les meilleurs acteurs de cyber-menaces Digital Predators of 2023: Exposing Top Cyber Threat Actors (lien direct) |
> En 2023, le paysage numérique a continué d'évoluer rapidement, mais la sophistication et ... aussi
>In 2023, the digital landscape continued to evolve rapidly, but so did the sophistication and... |
Threat | ★★★ | |
|
2024-01-15 13:26:32 | Ventes sur le Web sombre: un nouvel exploit RCE, des cartes de crédit américaines et 19m e-mails japonais Dark Web Sales: A New RCE Exploit, US Credit Cards, and 19M Japanese Emails (lien direct) |
Dans les découvertes récentes dans le paysage cyber-menace, l'équipe Web Socradar Dark a identifié ...
In recent discoveries within the cyber threat landscape, the SOCRadar Dark Web Team has identified... |
Threat | ★★ | |
 |
2024-01-15 11:52:44 | 15 janvier & # 8211;Rapport de renseignement sur les menaces 15th January – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violations le groupe Ransomware en tant que service Medusa ont violé l'eau pour les personnes à but non lucratif, qui vise à améliorer l'accès à l'eau potable dans différents pays, notamment le Guatemala, le Honduras, le Mozambique et l'Inde.Les cybercriminels demandent [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The ransomware-as-a-service group Medusa has breached Water for People nonprofit organization, which aims to improve access to clean water in different countries including Guatemala, Honduras, Mozambique and India. The cybercriminals are asking for […] |
Threat | ★★ | |
|
2024-01-15 11:25:00 | DDOS attaque contre l'industrie des services environnementaux augmente de 61 839% en 2023 DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 (lien direct) |
L'industrie des services environnementaux a connu une «augmentation sans précédent» dans les attaques de déni de service distribué basées sur HTTP (DDOS), représentant la moitié de tout son trafic HTTP.
Cela marque une augmentation de 61 839% du trafic d'attaque DDOS d'une année à l'autre, la société d'infrastructure Web et de sécurité Cloudflare a déclaré dans son rapport de menace DDOS pour 2023 Q4 publié la semaine dernière.
«Cette augmentation des cyberattaques a coïncidé
The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks coincided |
Threat | ★★★ | |
|
2024-01-15 08:40:11 | Flaw critique trouvé dans le plugin WordPress utilisé sur plus de 300 000 sites Web Critical flaw found in WordPress plugin used on over 300,000 websites (lien direct) |
Un plugin WordPress utilisé sur plus de 300 000 sites Web contenait des vulnérabilités qui pourraient permettre aux pirates de prendre le contrôle.Les chercheurs en sécurité de WordFence ont trouvé deux défauts critiques dans le plugin post SMTP Mailer.Le premier défaut a permis aux attaquants de réinitialiser la clé API d'authentification du plugin \\ et d'afficher les journaux sensibles (y compris les e-mails de réinitialisation du mot de passe) sur le site Web affecté.Un pirate malveillant exploitant la faille pourrait accéder à la clé après avoir déclenché une réinitialisation de mot de passe.L'attaquant pourrait alors se connecter au site, verrouiller l'utilisateur légitime et exploiter son accès à la cause ...
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin\'s authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset. The attacker could then log into the site, lock out the legitimate user, and exploit their access to cause... |
Vulnerability Threat | ★★ | |
|
2024-01-14 10:32:54 | Graphène: Android Android Auto-Recouots Bloquer les exploits du micrologiciel GrapheneOS: Frequent Android auto-reboots block firmware exploits (lien direct) |
Grapheneos, un système d'exploitation basé sur Android axé sur la confidentialité et la sécurité, a publié une série de tweets sur X suggérant qu'Android devrait introduire de fréquents réapparition automatique pour rendre les fournisseurs de logiciels médico-légaux pour exploiter les défauts du firmware et l'espion des utilisateurs.[...]
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [...] |
Threat Mobile | ★★★ | |
|
2024-01-13 02:26:04 | Le nombre d'organismes compromis via Ivanti VPN zéro-jours se développe à mesure que le mandiant pèse Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in (lien direct) |
Snoops n'avait pas moins de cinq bits personnalisés de logiciels malveillants aux réseaux de porte dérobée Deux bugs de jour zéro dans les produits Ivanti étaient probablement attaqués par les cyberspies dès décembre, selon Mandiant \\ 's Menace Intel Team.…
Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant\'s threat intel team.… |
Malware Vulnerability Threat | ★★★ | |
|
2024-01-12 20:15:00 | Vulnérabilité affectant les thermostats intelligents patchés par Bosch Vulnerability affecting smart thermostats patched by Bosch (lien direct) |
Le fabricant de technologies allemands Bosch a fixé une vulnérabilité affectant une gamme populaire de thermostats intelligents en octobre, a révélé la société cette semaine.Des chercheurs de Bitdefender ont découvert un problème avec les thermostats Bosch BCC100 en août dernier qui permet à un attaquant du même réseau de remplacer le firmware de l'appareil par une version voyou.Bogdan Boozatu, directeur de la recherche sur les menaces
German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research |
Vulnerability Threat Industrial | ★★★ | |
|
2024-01-12 19:34:07 | Exploiter pour un sous-siege SharePoint Vuln aurait été entre les mains de l'équipage de Ransomware Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew (lien direct) |
Il a pris des mois pour que Crims pirater ensemble une chaîne d'exploitation de travail Les experts en sécurité affirment que les criminels de ransomware ont mis la main sur un exploit fonctionnel pour une vulnérabilité critique de Microsoft Sharepoint de presque un an que Microsoft qui queCette semaine a-t-elle été ajoutée à la liste des combinaisons des États-Unis.…
It\'s taken months for crims to hack together a working exploit chain Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US\'s must-patch list.… |
Ransomware Hack Vulnerability Threat | ★★ |
To see everything:
