Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-03-31 15:22:00 |
La fuite de livre de jeu Vulkan expose les plans de la Russie pour le cyber -war mondial [Vulkan Playbook Leak Exposes Russia\\'s Plans for Worldwide Cyberwar] (lien direct) |
Les services de renseignement russes, ainsi qu'une société informatique basée à Moscou, prévoient des opérations de piratage mondial qui permettront également des attaques contre des installations d'infrastructure critiques.
Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities. |
Threat
General Information
|
|
★★★
|
|
2023-03-30 20:15:00 |
Les fraudeurs BEC se développent pour arracher les produits du monde réel dans les produits de base [BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist] (lien direct) |
Les escroqueries par courrier électronique d'entreprise vont au-delà du simple vol d'argent, certains acteurs de menace trompant les entreprises pour envoyer des marchandises et du matériel à crédit, puis en sautant le paiement.
Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment. |
Threat
|
|
★★
|
|
2023-03-30 00:00:00 |
Spira vise la gestion de la posture de sécurité de l'identité [Spira Takes Aim at Identity Security Posture Management] (lien direct) |
L'ISPM est une combinaison de la gestion de la surface d'attaque d'identité et de la réduction des risques, ainsi que de la prévention, de la détection et de la réponse des menaces d'identité.
ISPM is a combination of identity attack surface management, and risk reduction, as well as identity threat prevention, detection, and response. |
Threat
|
|
★★
|
|
2023-03-29 21:24:00 |
Le talent de la technologie supérieure met en garde contre la menace de l'AI \\ pour l'existence humaine dans une lettre ouverte [Top Tech Talent Warns on AI\\'s Threat to Human Existence in Open Letter] (lien direct) |
Musk, Wozniak et Yang sont parmi plus d'un millier de chefs de technologie pour demander du temps pour établir des paramètres de sécurité humaine autour de l'IA.
Musk, Wozniak, and Yang are among more than a thousand tech leaders asking for time to establish human safety parameters around AI. |
Threat
|
|
★★
|
|
2023-03-29 19:05:00 |
Le phishing envoie un énorme 569% en 2022 [Phishing Emails Up a Whopping 569% in 2022] (lien direct) |
Les e-mails de phishing d'identification sont le favori clair des acteurs de la menace, avec un pic de 478% l'année dernière, selon de nouvelles recherches.
Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows. |
Threat
|
|
★★
|
|
2023-03-29 16:53:00 |
Google: des logiciels espions commerciaux utilisés par les gouvernements chargés d'exploits zéro-jours [Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits] (lien direct) |
Les chercheurs de Google Tag révèlent deux campagnes contre iOS, Android et les utilisateurs de Chrome qui démontrent comment le marché de la surveillance commerciale prospère malgré les limites imposées par le gouvernement.
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits. |
Threat
Studies
|
|
★★
|
|
2023-03-28 21:00:00 |
MacStealer Malware Plucks Bushels of Data From Apple Users (lien direct) |
A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.
A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up. |
Malware
Threat
|
|
★★
|
|
2023-03-28 17:05:00 |
Kimsuky de la Corée du Nord évolue en APT à part entière et prolifique [North Korea\\'s Kimsuky Evolves into Full-Fledged, Prolific APT] (lien direct) |
Dans les cyberattaques contre les États-Unis, la Corée du Sud et le Japon, le groupe (alias APT43 ou Thallium) utilise des tactiques avancées d'ingénierie sociale et de cryptomiminage qui le distinguent des autres acteurs de la menace.
In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors. |
Threat
Cloud
|
APT 37
APT 43
|
★★★★
|
|
2023-03-27 18:05:00 |
7 femmes menant la charge dans la recherche et l'analyse en cybersécurité [7 Women Leading the Charge in Cybersecurity Research & Analysis] (lien direct) |
Des étoiles montantes aux anciens combattants à la tête des équipes de recherche, consultez nos profils de femmes ayant un grand impact sur la cyber-défense à mesure que le paysage des menaces se développe.
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. |
Threat
|
|
★★
|
|
2023-03-24 19:39:00 |
Zoom Zoom: \\ 'Dark Power \\' Ransomware extorque 10 cibles en moins d'un mois [Zoom Zoom: \\'Dark Power\\' Ransomware Extorts 10 Targets in Less Than a Month] (lien direct) |
Un nouvel acteur de menace accumule les victimes et fait preuve d'une agilité inhabituelle.Une partie de son succès pourrait provenir de l'utilisation du langage de programmation NIM.
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language. |
Ransomware
Threat
|
|
★★
|
|
2023-03-23 15:18:39 |
La méthode post-exploitation OKTA expose les mots de passe utilisateur [Okta Post-Exploitation Method Exposes User Passwords] (lien direct) |
La saisie accidentelle d'un mot de passe dans le champ de nom d'utilisateur de la plate-forme les économise pour auditer les journaux, auxquels les acteurs de menace peuvent accéder et utiliser pour compromettre les services d'entreprise.
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services. |
Hack
Threat
|
|
★★
|
|
2023-03-21 14:30:50 |
Personnalisé \\ 'napListener \\' malware un cauchemar pour la détection basée sur le réseau [Custom \\'Naplistener\\' Malware a Nightmare for Network-Based Detection] (lien direct) |
Les acteurs de la menace utilisent des actifs réseau légitimes et du code open source pour voler sous le radar dans les attaques de vol de données en utilisant un ensemble de logiciels malveillants personnalisés inclinés dans l'évasion.
Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion. |
Malware
Threat
|
|
★★
|
|
2023-03-17 20:15:57 |
Microsoft Azure Warns on Killnet\'s Growing DDoS Onslaught Against Healthcare (lien direct) |
DDoS cyberattack campaigns from the pro-Russian group have spiked significantly. |
Threat
|
|
★★★
|
|
2023-03-17 13:41:55 |
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (lien direct) |
A more holistic model beyond MITRE et al is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says. |
Threat
General Information
|
|
★★
|
|
2023-03-16 15:00:00 |
Rapid7 Acquires Minerva Labs to Extend Leading Managed Detection and Response Service (lien direct) |
Minerva's robust technology and talented engineering team extend Rapid7's end-to-end managed threat detection and orchestration capabilities from the endpoint to the cloud. |
Threat
|
|
★★
|
|
2023-03-15 19:37:00 |
Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns (lien direct) |
An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch. |
Data Breach
Threat
|
|
★★★
|
|
2023-03-13 19:56:00 |
Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures (lien direct) |
AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting. |
Threat
|
|
★★★
|
|
2023-03-13 19:53:21 |
Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles (lien direct) |
Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. |
Threat
|
|
★★★
|
|
2023-03-10 21:49:07 |
Pig Butchering & Investment Scams: The $3B Cybercrime Threat Overtaking BEC (lien direct) |
A novel take on investment scams mixes romance and the lure of crypto riches to con targets out of "the whole hog" of their assets. |
Threat
|
|
★★★
|
|
2023-03-09 22:26:00 |
Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks (lien direct) |
Study underscores the clear and pressing need for real-time physical and cyber threat alerts for effective enterprise risk management and business resilience. |
Threat
|
|
★★
|
|
2023-03-09 21:01:00 |
US Lawmakers Face Cyberattacks, Potential Physical Harm After DC Health Link Breach (lien direct) |
The threat actor who posted the data for sale has claimed credit for multiple other breaches, including one at grocery platform Weee! that exposed data on more than 1.1 million customers. |
Threat
|
|
★★
|
|
2023-03-09 16:56:00 |
Iranian APT Targets Female Activists With Mahsa Amini Protest Lures (lien direct) |
A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights. |
Threat
|
|
★★
|
|
2023-03-08 22:14:00 |
Emotet Resurfaces Yet Again After 3-Month Hiatus (lien direct) |
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts. |
Threat
|
|
★★★
|
|
2023-03-08 17:31:00 |
Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls (lien direct) |
A state-backed threat actor impersonates political figures, tricking a prime minister, a former US president, and several European mayors and MPs into video calls later used in an anti-Ukraine influence campaign. |
Threat
|
|
★★★
|
|
2023-03-04 00:20:00 |
Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab (lien direct) |
The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research. |
Threat
|
|
★★★
|
|
2023-03-02 18:24:00 |
What GoDaddy\'s Years-Long Breach Means for Millions of Clients (lien direct) |
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. |
Threat
|
|
★★★
|
|
2023-03-01 22:50:00 |
(Déjà vu) DoControl\'s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets (lien direct) |
Volume of SaaS assets and events magnifies risks associated with manual management and remediation. |
Threat
Cloud
|
|
★
|
|
2023-02-24 20:50:00 |
Canadian Telecom Firm Telus Reportedly Investigating Breach (lien direct) |
A threat actor has leaked data - purportedly, samples of Telus employee payroll data and source code - on a hacker site. |
Threat
|
|
★★★
|
|
2023-02-23 19:54:00 |
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (lien direct) |
A previously unidentified threat group uses open source malware and phishing to conduct cyber-espionage on shipping and medical labs associated with COVID-19 treatments and vaccines. |
Malware
Threat
Medical
|
|
★★★
|
|
2023-02-23 19:30:07 |
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (lien direct) |
A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation. |
Threat
|
|
★★★
|
|
2023-02-21 23:20:00 |
Malwarebytes Expands Platform With New Application Block Capabilities (lien direct) |
Latest threat prevention module helps resource-strapped security teams block unsafe, untrusted or vulnerable applications. |
Threat
|
|
★★★
|
|
2023-02-21 18:45:13 |
Cyberthreats, Regulations Mount for Financial Industry (lien direct) |
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. |
Threat
|
|
★★
|
|
2023-02-21 15:00:00 |
Insider Threats Don\'t Mean Insiders Are Threatening (lien direct) |
By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust. |
Threat
|
|
★★
|
|
2023-02-20 14:00:00 |
Majority of Ransomware Attacks Last Year Exploited Old Bugs (lien direct) |
New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft. |
Ransomware
Threat
|
|
★★★
|
|
2023-02-17 21:00:00 |
Google Translate Helps BEC Groups Scam Companies in Any Language (lien direct) |
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally. |
Threat
|
|
★★★
|
|
2023-02-16 22:10:00 |
Atlassian: Leaked Data Stolen via Third-Party App (lien direct) |
SiegedSec threat group leaked data that Atlassian says was taken from app used to coordinate in-office resources. |
Threat
|
|
★★★
|
|
2023-02-16 16:41:00 |
SideWinder APT Spotted Stealing Crypto (lien direct) |
The nation-state threat group has been attacking a wider range of victims and regions than previously thought. |
Threat
|
APT-C-17
|
★★
|
|
2023-02-14 15:27:00 |
ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops) (lien direct) |
The nation-state threat group has been attacking a wider range of victims and regions than previously thought. |
Threat
|
|
★★
|
|
2023-02-13 21:30:00 |
Accenture Acquires Morphus, Brazil-Based Cybersecurity Company (lien direct) |
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America. |
Threat
|
|
★★
|
|
2023-02-10 02:00:00 |
Google Cloud Connects Chronicle to Health ISAC Feed (lien direct) |
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment. |
Threat
|
|
★★★
|
|
2023-02-09 21:00:00 |
Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware (lien direct) |
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets. |
Threat
|
|
★★
|
|
2023-02-09 20:45:08 |
7 Critical Cloud Threats Facing the Enterprise in 2023 (lien direct) |
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon. |
Threat
|
|
★★★★
|
|
2023-02-09 18:52:00 |
Phishing Surges Ahead, as ChatGPT & AI Loom (lien direct) |
AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. |
Threat
|
ChatGPT
|
★★★
|
|
2023-02-09 16:47:31 |
Twitter Implements API Paywall; But Will That Solve Its Enormous Bot Crisis? (lien direct) |
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play? |
Threat
|
|
★★
|
|
2023-02-07 19:18:00 |
New Banking Trojan Targeting 100M Pix Payment Platform Accounts (lien direct) |
New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say. |
Malware
Threat
|
|
★★★
|
|
2023-02-06 15:00:00 |
How Cybercriminals Are Operationalizing Money Laundering and What to Do About It (lien direct) |
It's time to share threat intelligence, prioritize digital literacy and cyber hygiene, and use digital risk-protection services to stem the rising money laundering tide. |
Threat
|
|
★★
|
|
2023-02-02 09:00:00 |
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (lien direct) |
An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. |
Ransomware
Threat
|
APT 38
|
★★
|
|
2023-02-01 20:58:00 |
Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report (lien direct) |
Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics. |
Threat
|
|
★★★
|
|
2023-02-01 05:00:00 |
Checkmarx Launches Threat Intelligence for Open Source Packages (lien direct) |
The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain. |
Threat
|
|
★★
|
|
2023-01-31 20:00:41 |
Phishers Trick Microsoft Into Granting Them \'Verified\' Cloud Partner Status (lien direct) |
Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. |
Threat
|
|
★★
|