What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-08 17:30:16 | Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (lien direct) | #### Description
Check Point rapporte que Magnet Goblin est un acteur de menace à motivation financière qui adopte rapidement et exploite les vulnérabilités d'un jour dans les services accessibles au public en tant que vecteur d'infection initial.Au moins dans un cas d'Ivanti Connect Secure VPN (CVE-2024-21887), l'exploit est entré dans l'arsenal du groupe \\ aussi vite que dans un jour suivant un POC pour sa publication.Le groupe a ciblé Ivanti, Magento, Qlink Sense et éventuellement Apache ActiveMQ.L'analyse de la récente campagne VPN de la récente Ivanti Secure VPN de l'acteur a révélé une nouvelle version Linux d'un logiciel malveillant appelé Nerbianrat, en plus de Warpwire, un voleur d'identification JavaScript.L'arsenal de l'acteur \\ comprend également Mininerbian, une petite porte dérobée Linux et des outils de surveillance et de gestion à distance (RMM) pour les fenêtres comme Screenconnect et AnyDesk.
#### URL de référence (s)
1. https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1d-day-vulnerabilities/
#### Date de publication
8 mars 2024
#### Auteurs)
Point de contrôle
#### Description Check Point reports Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group\'s arsenal as fast as within 1 day after a POC for it was published. The group has targeted Ivanti, Magento, Qlink Sense, and possibly Apache ActiveMQ. Analysis of the actor\'s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRAT, in addition to WARPWIRE, a JavaScript credential stealer. The actor\'s arsenal also includes MiniNerbian, a small Linux backdoor, and remote monitoring and management (RMM) tools for Windows like ScreenConnect and AnyDesk. #### Reference URL(s) 1. https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/ #### Publication Date March 8, 2024 #### Author(s) Check Point |
Malware Tool Vulnerability Threat | ★★ | |
 |
2024-03-08 15:00:00 | Goplus Security augmente le financement privé II + pour fortifier la sécurité des utilisateurs Web3 GoPlus Security Raises in Private II+ Funding to Fortify Web3 User Safety (lien direct) |
> Par waqas
GOPLUS SECURIT SECURES 4 M $ pour créer un réseau de sécurité Web3 axé sur l'utilisateur.Leur plate-forme alimentée par IA fournit une détection de menaces en temps réel sur 20+ blockchains, ce qui permet aux utilisateurs de la suite Secwarex pour la sécurité en chaîne.
Ceci est un article de HackRead.com Lire la publication originale: Goplus Security Rassement dans le financement privé II + pour fortifier la sécurité des utilisateurs Web3
>By Waqas GoPlus Security secures $4M to build a user-driven Web3 security network. Their AI-powered platform provides real-time threat detection across 20+ blockchains, empowering users with the SecWareX suite for on-chain security. This is a post from HackRead.com Read the original post: GoPlus Security Raises in Private II+ Funding to Fortify Web3 User Safety |
Threat | ★★★ | |
 |
2024-03-08 14:00:19 | Vérifier les alertes de recherche: le groupe de gobelin à aimant à motivation financière exploite des vulnérabilités à 1 jour pour cibler les serveurs auxquels sont confrontés le public Check Point Research Alerts: Financially Motivated Magnet Goblin Group Exploits 1-Day Vulnerabilities to target Publicly Facing Servers (lien direct) |
> Faits saillants de la clé: & # 8211;Exploitation rapide des vulnérabilités d'un jour: Menk Actor Group Magnet Gobblin & # 8217; S Gallmark est sa capacité à tirer rapidement parti des vulnérabilités nouvellement divulguées, en particulier ciblant les serveurs et les appareils Edge.Dans certains cas, le déploiement des exploits est dans un délai d'un jour après la publication d'un POC, augmentant considérablement le niveau de menace posé par cet acteur.& # 8211;Cyber Arsenal diversifié: le groupe utilise un ensemble sophistiqué d'outils, notamment Nerbianrat, un rat multiplateforme pour Windows et Linux, et Warpwire, un voleur d'identification JavaScript.Cette suite de logiciels malveillants diverse permet une large gamme de cyberattaques, du vol de données à un accès soutenu [& # 8230;]
>Key Highlights: – Rapid Exploitation of 1-Day Vulnerabilities: Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting public-facing servers and edge devices. In some cases, the deployment of the exploits is within 1 day after a POC is published, significantly increasing the threat level posed by this actor. – Diverse Cyber Arsenal: The group employs a sophisticated set of tools including NerbianRAT, a cross-platform RAT for Windows and Linux, and WARPWIRE, a JavaScript credential stealer. This diverse malware suite enables a wide range of cyber attacks, from data theft to sustained access […] |
Malware Tool Vulnerability Threat | ★★★ | |
 |
2024-03-08 13:39:00 | Cisco émet un patch pour un bogue de détournement de VPN de haute sévérité dans le client sécurisé Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client (lien direct) |
Cisco a publié des correctifs pour aborder un défaut de sécurité à haute sévérité ayant un impact sur son logiciel client sécurisé qui pourrait être exploité par un acteur de menace pour ouvrir une session VPN avec celle d'un utilisateur ciblé.
La société d'équipement de réseautage a décrit la vulnérabilité, suivie comme CVE-2024-20337 (score CVSS: 8.2), comme permettant à un attaquant distant non authentifié d'effectuer un flux de ligne de retour de chariot (CRLF
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF |
Vulnerability Threat | ★★ | |
|
2024-03-08 13:18:00 | L'émulateur Qemu exploité comme outil de tunneling pour violer le réseau QEMU Emulator Exploited as Tunneling Tool to Breach Company Network (lien direct) |
Des acteurs de menace ont été observés en tirant parti de l'émulateur de matériel open-source en tant que logiciel de tunnelisation lors d'une cyberattaque ciblant une "grande entreprise" sans nom pour se connecter à leur infrastructure.
Alors qu'un certain nombre d'outils de tunneling légitime comme Chisel, FRP, Ligolo, Ngrok et Plink ont été utilisés par les adversaires à leur avantage, le développement marque le premier Qemu qui a été
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been |
Tool Threat | ★★★ | |
 |
2024-03-08 12:06:58 | Une taxonomie d'attaques d'injection rapide A Taxonomy of Prompt Injection Attacks (lien direct) |
Les chercheurs ont organisé un concours mondial de piratage rapide et ont documenté Les résultats dans un article qui donne beaucoup de bien donne beaucoup de bienExemples et essaie d'organiser une taxonomie de stratégies d'injection rapide efficaces.Il semble que la stratégie réussie la plus courante soit l'attaque d'instructions composée la plus courante, & # 8221;Comme dans & # 8220; dire & # 8216; J'ai été Pwned & # 8217;sans période. & # 8221;
Ignorez ce titre et HackapRomppt: exposer les vulnérabilités systémiques de
LLMS via une compétition de piratage invite à l'échelle mondiale
Résumé: Les modèles de grande langue (LLM) sont déployés dans des contextes interactifs avec l'engagement direct des utilisateurs, tels que les chatbots et les assistants d'écriture.Ces déploiements sont vulnérables à l'injection rapide et au jailbreak (collectivement, piratage rapide), dans lequel les modèles sont manipulés pour ignorer leurs instructions d'origine et suivre des instructions potentiellement malveillantes.Bien que largement reconnue comme une menace de sécurité significative, il y a une pénurie de ressources à grande échelle et d'études quantitatives sur le piratage rapide.Pour aborder cette lacune, nous lançons un concours mondial de piratage rapide, qui permet des attaques d'entrée humaine en forme libre.Nous produisons 600k + invites adversaires contre trois LLM de pointe.Nous décrivons l'ensemble de données, qui vérifie empiriquement que les LLM actuels peuvent en effet être manipulées via un piratage rapide.Nous présentons également une ontologie taxonomique complète des types d'invites contradictoires ...
Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts... |
Vulnerability Threat Studies | ★★★ | |
|
2024-03-08 12:00:00 | Magnet Goblin cible des serveurs auxquels il est confronté en utilisant des vulnérabilités à 1 jour Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (lien direct) |
> Points clés Introduction le 10 janvier 2024, Ivanti & # 160; publié & # 160; Un avis de sécurité concernant deux vulnérabilités dans Ivanti Connect Secure VPN.Ces vulnérabilités, qui ont été exploitées dans la nature, sont identifiées comme CVE-2023-46805 et CVE-2023-21887.L'exploitation de ces vulnérabilités a été rapidement adoptée par un certain nombre d'acteurs de menace, résultant en une large gamme & # 160; des activités malveillantes.Vérifiez la recherche sur le point [& # 8230;]
>Key Points Introduction On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad range of malicious activities. Check Point Research […] |
Vulnerability Threat | ★★ | |
 |
2024-03-08 00:00:00 | Mise à jour sur les actions de Microsoft après l'attaque par l'acteur de l'État national Midnight Blizzard Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (lien direct) |
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. |
Threat | ★★★ | |
 |
2024-03-07 20:58:37 | Antonin Hily, Sesame it : Les RSSI doivent considérer, avec objectivité et bienveillance les solutions locales (lien direct) | Le Forum InCyber 2024 sera l'occasion pour Sesame it de présenter sa gamme de solution avec entre autre Jizô, mais aussi son NDR et son service de Cyber Threat Intelligence, HOSHI. Pour Antonin Hily, COO de Sesame it les RSSI doivent considérer, avec objectivité et bienveillance les solutions locales - Interviews / INCYBER 2024 | Threat | ★★ | |
 |
2024-03-07 19:20:18 | Échange de cloud Netskope pour votre voyage de confiance zéro Netskope Cloud Exchange for Your Zero Trust Journey (lien direct) |
> Au début de 2023, mon collègue et vice-président des intégrations technologiques et du développement commercial, David Willis nous a guidés en réalisant la véritable puissance de Netskope Cloud Exchange.Dans l'article, David a peint l'évolution de l'échange de nuages en mettant l'accent sur la façon dont le module Netkope Cloud Kenet Exchange (CTE) a mûri depuis sa libération.Dans [& # 8230;]
>Early in 2023 my colleague, and VP of Technology Integrations and Business Development, David Willis walked us through Realizing the True Power of Netskope Cloud Exchange. In the article, David painted the evolution of Cloud Exchange with a focus on how the Netskope Cloud Threat Exchange (CTE) module has matured since it was released. In […] |
Threat Cloud | ★★ | |
|
2024-03-07 19:15:00 | Sites WordPress piratés abusant des visiteurs \\ 'Browsers pour les attaques par force brute distribuée Hacked WordPress Sites Abusing Visitors\\' Browsers for Distributed Brute-Force Attacks (lien direct) |
Les acteurs de la menace mènent des attaques par force brute contre les sites WordPress en tirant parti des injections de javascript malveillantes, révèlent de nouvelles découvertes de Sucuri.
Les attaques, qui prennent la forme d'attaques brutales distribuées, «ciblent les sites Web WordPress des navigateurs de visiteurs du site complètement innocents et sans méfiance», a déclaré la chercheuse en sécurité Denis Sinegubko & Nbsp;
L'activité fait partie de A &
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said. The activity is part of a& |
Threat | ★★ | |
|
2024-03-07 18:52:00 | Les pirates d'État chinois ciblent les Tibétains avec une chaîne d'approvisionnement, les attaques d'arrosage Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (lien direct) |
L'acteur de menace lié à la Chine connue sous le nom de & nbsp; évasif Panda & nbsp; a orchestré à la fois des attaques d'eau et de la chaîne d'approvisionnement ciblant les utilisateurs tibétains au moins depuis septembre 2023.
La fin des attaques est de livrer des téléchargeurs malveillants pour Windows et MacOS qui déploient une porte dérobée connue appelée MGBOT et un implant Windows auparavant sans papiers connu sous le nom de nuit.
Les résultats proviennent de ESET, qui
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. The findings come from ESET, which |
Threat | ★★ | |
 |
2024-03-07 16:34:52 | JetBrains TeamCity sous attaque par Ransomware Thugs après le désordre de divulgation JetBrains TeamCity under attack by ransomware thugs after disclosure mess (lien direct) |
Plus de 1 000 serveurs restent non corrigés et vulnérables Les chercheurs en sécurité voient de plus en plus des tentatives d'exploitation actives en utilisant les dernières vulnérabilités de JetBrains \\ 'TeamCity qui, dans certains cas, conduisent à un déploiement de ransomwares.…
More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains\' TeamCity that in some cases are leading to ransomware deployment.… |
Ransomware Vulnerability Threat | ★★ | |
 |
2024-03-07 14:01:52 | Lignes directrices pour la sélection et la diffusion de Sekoia.io IOC à partir de sources CTI Guidelines for selecting and disseminating Sekoia.io IOCs from CTI sources (lien direct) |
> Dans le paysage en constante évolution de la cybersécurité, la bataille contre les menaces exige une approche à multiples facettes.Les organisations, plus que jamais, doivent tirer parti de l'intelligence complète des menaces pour rester en avance sur les adversaires.À l'avant-garde de cette défense se trouve Sekoia.io, un fournisseur de cybersécurité de premier plan offrant une plate-forme CTI de pointe (Cyber Threat Intelligence).Sekoia.io s'appuie sur l'un des [& # 8230;]
la publication Suivante directives pour sélectionner et disséquerSekoia.io IOCS à partir de sources CTI est un article de blog Sekoia.io .
>In the ever-evolving landscape of cybersecurity, the battle against threats demands a multi-faceted approach. Organizations, now more than ever, need to leverage comprehensive Threat Intelligence to stay ahead of adversaries. At the forefront of this defense is Sekoia.io, a leading cybersecurity vendor offering a cutting-edge CTI platform (Cyber Threat Intelligence). Sekoia.io relies on one of […] La publication suivante Guidelines for selecting and disseminating Sekoia.io IOCs from CTI sources est un article de Sekoia.io Blog. |
Threat | ★★ | |
|
2024-03-07 14:01:45 | L'avenir de la cybersécurité à l'ère de l'IA génératrice: idées et projections d'une recherche ESG récente The Future of Cybersecurity in the Age of Generative AI: Insights and Projections from a recent ESG research (lien direct) |
> Faits saillants principaux: les professionnels de la sécurité expriment l'optimisme prudent quant au potentiel de l'IA génératif pour renforcer les défenses de la cybersécurité, reconnaissant sa capacité à améliorer l'efficacité opérationnelle et la réponse aux menaces.Les organisations développent de manière proactive des structures de gouvernance pour une IA générative, reconnaissant l'importance d'établir des politiques robustes et des mécanismes d'application pour atténuer les risques associés.L'IA générative devrait devenir un facteur clé dans les décisions d'achat de cybersécurité d'ici la fin de 2024, avec ses applications qui devraient être omniprésentes entre les opérations de sécurité, soulignant le changement vers des solutions de cybersécurité plus intégrées à l'IA.& # 160;À mesure que le paysage numérique évolue, le domaine de la cybersécurité aussi, maintenant [& # 8230;]
>Main Highlights: Security professionals express cautious optimism about the potential of generative AI to bolster cybersecurity defenses, acknowledging its ability to enhance operational efficiency and threat response. Organizations are proactively developing governance structures for generative AI, recognizing the importance of establishing robust policies and enforcement mechanisms to mitigate associated risks. Generative AI is predicted to become a key factor in cybersecurity purchasing decisions by the end of 2024, with its applications expected to be pervasive across security operations, emphasizing the shift towards more AI-integrated cybersecurity solutions. As the digital landscape evolves, so does the domain of cybersecurity, now standing […] |
Threat Legislation | ★★ | |
|
2024-03-07 13:09:00 | Nouveau voleur d'informations de serpent basé sur Python se répandant via les messages Facebook New Python-Based Snake Info Stealer Spreading Through Facebook Messages (lien direct) |
Les messages Facebook sont utilisés par les acteurs de la menace dans un voleur d'informations basé sur Python surnommé un serpent qui a conçu pour capturer des informations d'identification et d'autres données sensibles.
"Les informations d'identification récoltées auprès des utilisateurs sans méfiance sont transmises à différentes plates-formes telles que Discord, Github et Telegram", le chercheur de cyberison Kotaro Ogino & nbsp; a dit & nbsp; dans un rapport technique.
Détails sur la campagne et
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that\'s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign& |
Threat Technical | ★★★ | |
|
2024-03-07 12:09:37 | Tycoon et Storm-1575 liés aux attaques de phishing contre les écoles américaines Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools (lien direct) |
> Par deeba ahmed
Les acteurs du magnat et de la tempête-1575 ont lancé des attaques ciblées de phishing de lance pour contourner les protections de l'AMF, ciblant les responsables dans de grands districts scolaires américains.
Ceci est un article de HackRead.com Lire le post original: Tycoon et Storm-1575 liés aux attaques de phishing contre les écoles américaines
>By Deeba Ahmed Tycoon and Storm-1575 threat actors launched targeted spear phishing attacks to bypass MFA protections, targeting officials at large US school districts. This is a post from HackRead.com Read the original post: Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools |
Threat | ★★ | |
|
2024-03-07 11:41:00 | Attention au zoom usurpé, skype, google rencontre des sites offrant des logiciels malveillants Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (lien direct) |
Les acteurs de la menace ont tiré parti de faux sites Web annonçant des logiciels de vidéoconférence populaires tels que Google Meet, Skype et Zoom pour fournir une variété de logiciels malveillants ciblant les utilisateurs d'Android et de Windows depuis décembre 2023.
«L'acteur de menace distribue des chevaux de Troie (rats) d'accès à distance, y compris & nbsp; spynote rat & nbsp; pour les plates-formes Android, et & nbsp; njrat & nbsp; et & nbsp; dcrat & nbsp; pour Windows
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows |
Malware Threat Mobile | ★★ | |
 |
2024-03-07 11:00:00 | Sécuriser l'IA Securing AI (lien direct) |
With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles. Vulnerabilities in ChatGPT A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset. The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models. This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy. U.S. and UK’s Bilateral cybersecurity effort on securing AI The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023. The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought. Securing AI by design Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF). The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from | Tool Vulnerability Threat Mobile Medical Cloud Technical | ChatGPT | ★★ |
 |
2024-03-07 09:16:25 | ANY.RUN – La sandbox cloud des chasseurs de malwares (lien direct) | ANY.RUN est un service basé sur le cloud pour l'analyse des malwares sous Windows et Linux, aidant les analystes à étudier les menaces en toute sécurité. Offrant un contrôle total sur l'activité des malwares, la plateforme présente des avantages tels que l'accès instantané aux résultats et une structure arborescente visuelle interactive. ANY.RUN est compatible avec les navigateurs et systèmes d'exploitation populaires, et prend en charge l'analyse des malwares Linux. Il offre une solution rentable pour les organisations. | Threat Cloud | ★★ | |
|
2024-03-07 08:00:00 | Les architectes de l'évasion: un paysage de menace des cryptères The Architects of Evasion: a Crypters Threat Landscape (lien direct) |
> Dans ce rapport, nous introduisons des concepts clés et analysons les différentes activités liées à Crypter et l'écosystème lucratif des groupes de menaces en les tirant parti des campagnes malveillantes.
la publication Suivante Les architectes de l'évasion: un paysage de menace des Crypte est un article de blog Sekoia.io .
>In this report, we introduce key concepts and analyse the different crypter-related activities and the lucrative ecosystem of threat groups leveraging them in malicious campaigns. La publication suivante The Architects of Evasion: a Crypters Threat Landscape est un article de Sekoia.io Blog. |
Threat | ★★★ | |
 |
2024-03-07 07:11:54 | Arrêt de cybersécurité du mois: détection d'une attaque de code QR malveillante multicouche Cybersecurity Stop of the Month: Detecting a Multilayered Malicious QR Code Attack (lien direct) |
This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Business email compromise (BEC) EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation Supply chain compromise In this post, we delve into a new and sophisticated QR code attack that we recently detected and stopped. It shows how attackers constantly innovate-and how Proofpoint stays ahead of the curve. The scenario Typically, in a QR code attack a malicious QR code is directly embedded in an email. But recently, attackers have come up with a new and sophisticated variation. In these multilayered attacks, the malicious QR code is hidden in what seems like a harmless PDF attachment. To slow down automated detection and confuse traditional email security tools, attackers use anti-evasion tactics like adding a Cloudflare CAPTCHA. This means that tools using traditional URL reputation detection face an uphill battle in trying to identify them. Proofpoint recently found one of these threats as it conducted a threat assessment at a U.S.-based automotive company with 11,000 employees. The company\'s incumbent security tools-an API-based email security tool and its native security-both boasted QR scanning capabilities. Yet both classified the email as clean and delivered it to the end user. The threat: How did the attack happen? Here\'s a closer look at how the attack unfolded. 1. A deceptive lure. The email was designed to appear legitimate, and it played on the urgency of tax season. This prompted the recipient to open an attached PDF. The initial email to the end user. 2. Malicious QR code embedded in the PDF. Unlike previous QR code attacks, the malicious URL in this attack was not directly visible in the email. Instead, it was hidden in the attached PDF. Given the ubiquity of QR codes, this might not have seemed suspicious to the recipient. The attached PDF with the embedded QR code (obscured). 3. Cloudflare CAPTCHA hurdle. The attacker added another layer of deception. They used a Cloudflare CAPTCHA on the landing page from the QR code URL to further hide the underlying threat. This step aimed to bypass security detection tools that rely solely on analyzing a URL\'s reputation. Cloudflare CAPTCHA on the QR code URL landing page. 4. Credential phishing endgame. Once the CAPTCHA was solved, the malicious QR code led to a phishing landing page set up to steal user credentials. The theft of user credentials can give a malicious actor access to a user\'s account to spread attacks internally for lateral movement. Or they might use them externally to deceive partners or suppliers as with supplier email compromise attacks. Detection: How did Proofpoint prevent this attack? The use of optical character recognition (OCR) or other QR code scanning techniques plays a vital role in defending against QR code threats. But QR code scanning is only the mechanism used to extract the hidden URL. It does not act as a detection mechanism to decipher between legitimate or malicious QR codes. Many tools, including the incumbent email security tools used by the automotive company, claim to parse QR codes and extract the URL for analysis. However, they lack the ability to scan URLs within an embedded image in an attachment. Few tools have engineered the ability to use in-depth URL analysis on a scale like Proofpoint. Proofpo | Tool Threat | ★★★ | |
|
2024-03-07 06:27:08 | Ici \\, quelque chose d'autre peut faire: exposer Bad Infosec pour donner aux cyber-crims une orteil dans votre organisation Here\\'s something else AI can do: expose bad infosec to give cyber-crims a toehold in your organization (lien direct) |
Les chercheurs singapouriens notent la présence croissante de crédits de chatppt dans les journaux malwares infoséaler trouvé quelques 225 000 journaux de voleurs contenant des détails de connexion pour le service l'année dernière.…
Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year.… |
Malware Threat | ChatGPT | ★★★ |
|
2024-03-06 22:28:00 | Les pirates exploitent le fil mal conçu, le docker, la confluence, les serveurs redis pour l'exploitation de cryptographie Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (lien direct) |
Les acteurs de la menace ciblent les serveurs erronés et vulnérables exécutant les services Apache Hadoop, Docker, Atlassian Confluence et Redis dans le cadre d'une campagne de logiciels malveillants émergente conçue pour fournir un mineur de crypto-monnaie et engendrer un coquille inverse pour un accès à distance persistant.
«Les attaquants tirent parti de ces outils pour émettre du code d'exploitation, en profitant des erreurs de configuration courantes et
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. “The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and |
Malware Tool Threat | ★★ | |
|
2024-03-06 21:12:22 | Fil de spinning - Une nouvelle campagne de logiciels malveillants Linux cible Docker, Apache Hadoop, Redis et Confluence Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence (lien direct) |
#### Description
Les chercheurs de CADO Security Labs ont récemment rencontré une campagne de logiciels malveillants émergente ciblant des serveurs mal configurés exécutant des services orientés Web.
La campagne utilise un certain nombre de charges utiles uniques et non déclarées, dont quatre binaires Golang, qui servent d'outils pour automatiser la découverte et l'infection des hôtes exécutant les services ci-dessus.Les attaquants tirent parti de ces outils pour émettre du code d'exploitation, en profitant des erreurs de configuration courantes et en exploitant une vulnérabilité du jour, pour effectuer des attaques d'exécution de code distant (RCE) et infecter de nouveaux hôtes.
Une fois l'accès initial atteint, une série de scripts de coquille et de techniques d'attaque General Linux sont utilisées pour livrer un mineur de crypto-monnaie, engendrer une coquille inversée et permettre un accès persistant aux hôtes compromis.
#### URL de référence (s)
1. https://www.cadosecurity.com/spinning-yarn-a-new-Linux-Malware-Campaign-Targets-Docker-Apache-Hadoop-Redis-and-Confluence /
#### Date de publication
6 mars 2024
#### Auteurs)
Matt Muir
#### Description Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running web-facing services. The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services. The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts. Once initial access is achieved, a series of shell scripts and general Linux attack techniques are used to deliver a cryptocurrency miner, spawn a reverse shell and enable persistent access to the compromised hosts. #### Reference URL(s) 1. https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ #### Publication Date March 6, 2024 #### Author(s) Matt Muir |
Malware Tool Vulnerability Threat | ★★★ | |
|
2024-03-06 20:33:00 | Arnaque de sortie: Blackcat Ransomware Group disparaît après un paiement de 22 millions de dollars Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout (lien direct) |
Les acteurs de la menace derrière le & nbsp; BlackCat Ransomware & NBSP; ont fermé leur site Web Darknet et ont probablement tiré une arnaque de sortie après avoir téléchargé une bannière de crise d'application de la loi.
"Alphv / Blackcat n'a pas été saisi. Ils sont de sortie en escroquerie leurs sociétés affiliées", a déclaré le chercheur en sécurité Fabian Wosar & NBSP;"Il est manifestement évident lorsque vous vérifiez le code source du nouvel avis de retrait."
"Là
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There |
Ransomware Threat Legislation | ★★★★ | |
 |
2024-03-06 19:15:07 | Patch maintenant: Apple Zero-Day Exploits contourner la sécurité du noyau Patch Now: Apple Zero-Day Exploits Bypass Kernel Security (lien direct) |
Une paire de bogues critiques pourrait ouvrir la porte pour terminer le compromis du système, y compris l'accès aux informations de localisation, la caméra et le micro iPhone et les messages.Les attaquants de RootKited pourraient également effectuer des mouvements latéraux vers les réseaux d'entreprise.
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too. |
Vulnerability Threat Mobile | ★★★ | |
|
2024-03-06 18:41:16 | Fake Skype, Zoom, Google Meet Sites Infecting Devices avec plusieurs rats Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs (lien direct) |
> Par deeba ahmed
Menace de Troie à l'accès à distance: Méfiez-vous des téléchargements malveillants déguisés en applications de réunion.
Ceci est un article de HackRead.com Lire la publication originale: Fake Skype, Zoom, Google Rencontrez des sites infectieux avec plusieurs rats
>By Deeba Ahmed Remote Access Trojan Threat: Beware Malicious Downloads Disguised as Meeting Apps. This is a post from HackRead.com Read the original post: Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs |
Threat | ★★ | |
 |
2024-03-06 16:55:05 | Prise en charge de l'initiative de responsabilité spyware Support from the Spyware Accountability Initiative (lien direct) |
> Le laboratoire de sécurité d'Amnesty International a le plaisir d'annoncer qu'il fait partie de la cohorte inaugurale de groupes qui sera soutenue par la Spyware Accountability Initiative (SAI), dont la mission est de développer un domaine mondial des organisations de la société civile qui progressentRecherche de menace, plaidoyer et responsabilité pour résoudre l'utilisation et le commerce des logiciels espions. & # 160;[& # 8230;]
>Amnesty International\'s Security Lab is pleased to announce that it is part of the inaugural cohort of groups to be supported by the Spyware Accountability Initiative (SAI), whose mission is to grow a global field of civil society organizations who are advancing threat research, advocacy and accountability to address the use and trade of spyware. […] |
Threat | ★★ | |
|
2024-03-06 15:00:00 | Mémo sur les menaces du cloud: Google Drive a abusé des organisations ciblées dans les pays asiatiques Cloud Threats Memo: Google Drive Abused to Target Organizations in Asian Countries (lien direct) |
> Le dernier exemple d'une menace persistante avancée exploitant un service cloud légitime pour fournir une charge utile malveillante a récemment été déterminé par les chercheurs de Trend Micro.En tant que suivi d'une campagne ciblant plusieurs pays européens, découvert en juillet 2023 et attribué à l'APT Earth Preta (également connu sous le nom de Mustang Panda et Bronze [& # 8230;]
>The latest example of an advanced persistent threat exploiting a legitimate cloud service to deliver a malicious payload was recently unearthed by researchers at Trend Micro. As a follow up of a campaign targeting several European countries, discovered in July 2023 and attributed to the APT Earth Preta (also known as Mustang Panda and Bronze […] |
Threat Prediction Cloud | ★★ | |
|
2024-03-06 14:38:08 | Cryptochameleon: de nouvelles tactiques de phishing exposées dans l'attaque ciblée par la FCC CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack (lien direct) |
#### Description
Des chercheurs en sécurité de Lookout ont récemment découvert un kit de phishing sophistiqué, connu sous le nom de cryptochameleon, utilisant de nouvelles techniques pour voler des données sensibles des plateformes de crypto-monnaie et de la Federal Communications Commission (FCC).Ce kit utilise des pages de connexion unique (SSO) personnalisées et des leurres téléphoniques / SMS pour extraire les informations d'identification de connexion, les jetons multi-facteurs et les identifiants photo des victimes, principalement sur les appareils mobiles.Notamment, le kit comprend une console administrative pour surveiller les tentatives de phishing et offre des redirections personnalisées basées sur les réponses des victimes, en mettant l'accent sur l'imitation des processus AMF authentiques.Les attaques ont réussi à compromettre des centaines de victimes, principalement aux États-Unis.Alors que les tactiques ressemblent à des acteurs précédents comme [dispersée Spider alias Octo Tempest] (https://ti.defender.microsoft.com/intel-profiles/205381037ed05d275251862061dd923309ac9ecdc2a9951d7c344d890a61101a), infrastructure.
#### URL de référence (s)
1. https://www.lookout.com/Threat-intelligence/article/cryptochameleon-fcc-phishing-kit
#### Date de publication
29 février 2024
#### Auteurs)
David Richardson
Savio Lau
#### Description Security researchers from Lookout recently uncovered a sophisticated phishing kit, known as CryptoChameleon, utilizing novel techniques to steal sensitive data from cryptocurrency platforms and the Federal Communications Commission (FCC). This kit employs custom single sign-on (SSO) pages and phone/SMS lures to extract login credentials, multi-factor tokens, and photo IDs from victims, primarily on mobile devices. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. Attacks have successfully compromised hundreds of victims, primarily in the United States. While tactics resemble previous actors like [Scattered Spider AKA Octo Tempest](https://ti.defender.microsoft.com/intel-profiles/205381037ed05d275251862061dd923309ac9ecdc2a9951d7c344d890a61101a), infrastructure differences suggest a distinctly different threat group. #### Reference URL(s) 1. https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit #### Publication Date February 29, 2024 #### Author(s) David Richardson Savio Lau |
Threat Mobile | ★★★ | |
|
2024-03-06 14:24:33 | La montée de la fraude de l'ingénierie sociale dans le compromis des e-mails commerciaux The Rise of Social Engineering Fraud in Business Email Compromise (lien direct) |
En examinant les tactiques d'ingénierie sociale communes et quatre des groupes de menaces les plus sournois, les organisations peuvent mieux se défendre.
By examining common social engineering tactics and four of the most devious threat groups, organizations can better defend themselves. |
Threat | ★★ | |
|
2024-03-06 13:55:16 | TA4903: acteur usurpation du gouvernement américain, petites entreprises en phishing, BEC BIDS TA4903: Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids (lien direct) |
Key takeaways TA4903 is a unique threat actor that demonstrates at least two distinct objectives: (1) credential phishing and (2) business email compromise (BEC). TA4903 routinely conducts campaigns spoofing various U.S. government entities to steal corporate credentials. The actor also spoofs organizations in various sectors including construction, finance, healthcare, food and beverage, and others. The campaign volumes range from hundreds of messages to tens of thousands of messages per campaign. The messages typically target entities in the U.S., although additional global targeting has been observed. TA4903 has been observed using the EvilProxy MFA bypass tool. In late 2023, TA4903 began adopting QR codes in credential phishing campaigns. Overview TA4903 is a financially motivated cybercriminal threat actor that spoofs both U.S. government entities and private businesses across many industries. The actor mostly targets organizations located in the United States, but occasionally those located globally, with high-volume email campaigns. Proofpoint assesses with high confidence the objectives of the campaigns are to steal corporate credentials, infiltrate mailboxes, and conduct follow-on business email compromise (BEC) activity. Proofpoint began observing a series of campaigns spoofing federal U.S. government entities in December 2021. The campaigns, which were subsequently attributed to TA4903, first masqueraded as the U.S. Department of Labor. In 2022 campaigns, the threat actors purported to be the U.S. Departments of Housing and Urban Development, Transportation, and Commerce. During 2023, the actor began to spoof the U.S. Department of Agriculture. In mid-2023 through 2024, Proofpoint observed an increase in credential phishing and fraud campaigns using different themes from TA4903. The actor began spoofing various small and medium-sized businesses (SMBs) across various industries including construction, manufacturing, energy, finance, food and beverage, and others. Proofpoint observed an increase in the tempo of BEC themes as well, including using themes such as “cyberattacks” to prompt victims to provide payment and banking details. Most credential phishing messages associated with this actor contain URLs or attachments leading to credential phishing websites. In some cases, including the government-themed campaigns, messages contain PDF attachments that contain embedded links or QR codes leading to websites that appear to be direct clones of the spoofed government agency. Based on Proofpoint\'s research and tactics, techniques, and procedures (TTPs) observed in open-source intelligence, activity related to TA4903\'s impersonation of U.S. government entities goes back to at least mid-2021. TTPs associated with the actor\'s broader credential phishing and BEC activities are observable as long ago as 2019. Campaign details Government bid spoofing Historically, Proofpoint mostly observed TA4903 conducting credential theft campaigns using PDF attachments leading to portals spoofing U.S. government entities, typically using bid proposal lures. In late 2023, TA4903 began spoofing the USDA and began incorporating QR codes into their PDFs, a technique previously unobserved by this actor. Messages may purport to be, for example: From: U.S. Department of Agriculture Subject: Invitation To Bid Attachment: usda2784748973bid.pdf Example of one page of a multi-page PDF spoofing the USDA. The “Bid Now” button is hyperlinked to the same URL as the QR code. In these campaigns, the PDF attachments are typically multiple pages long and have both embedded URLs and QR codes that lead to government-branded phishing websites. Example credential phishing website operated by TA4903, designed to capture O365 and other email account credentials. In 2023, Proofpoint observed TA4903 spoof the U.S. Department of Transportation, the U.S. Small Business Administration (SBA), and the USDA us | Tool Threat Medical | ★★★ | |
 |
2024-03-06 13:02:10 | Que.Prairie.Weekly # 61 - ALPHV SORK SPAMMED ?? Det. Eng. Weekly #61 - AlphV exit scammed?? (lien direct) |
Et tout ce que j'ai eu était une menace de merde Intel
And all I got was crappy threat intel takes |
Threat | ★★★ | |
|
2024-03-06 13:01:19 | Gestion des risques de vulnérabilité pour les actifs externes Vulnerability Risk Management for External Assets (lien direct) |
> Par uzair amir
Gestion des risques de vulnérabilité, contrairement aux approches traditionnelles, les facteurs de criticité de la vulnérabilité, de la probabilité de l'exploitation et de l'impact commercial, de l'amélioration des stratégies d'évaluation des risques et d'atténuation.
Ceci est un article de HackRead.com Lire le post original: Gestion des risques de vulnérabilité pour les actifs externes
>By Uzair Amir Vulnerability risk management, unlike traditional approaches, factors in vulnerability criticality, exploit likelihood, and business impact, enhancing risk assessment and mitigation strategies. This is a post from HackRead.com Read the original post: Vulnerability Risk Management for External Assets |
Vulnerability Threat | ★★ | |
|
2024-03-06 12:31:00 | Nouveau groupe apt \\ 'Lotus Bane \\' derrière les attaques récentes contre les entités financières du Vietnam \\ New APT Group \\'Lotus Bane\\' Behind Recent Attacks on Vietnam\\'s Financial Entities (lien direct) |
Une entité financière au Vietnam a été la cible d'un acteur de menace auparavant sans papiers appelé & nbsp; Lotus Bane & Nbsp; qui a été détecté pour la première fois en mars 2023.
Le groupe de Singapour, dont le siège social, a décrit la tenue de piratage comme un groupe de menaces persistant avancé qui aurait été actif depuis au moins 2022.
Les spécificités exactes de la chaîne d'infection restent encore inconnues, mais elle implique le
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that\'s believed to have been active since at least 2022. The exact specifics of the infection chain remain unknown as yet, but it involves the |
Threat | ★★★ | |
 |
2024-03-06 12:16:22 | Cyber Insights 2024: OT, ICS et IIOT Cyber Insights 2024: OT, ICS and IIoT (lien direct) |
> À l'ère de l'augmentation des tensions géopolitiques causées par les guerres réelles et la menace d'une action chinoise contre Taïwan, l'OT est une cible qui ne peut être ignorée par les États-nations.
>In an age of increasing geopolitical tensions caused by actual wars, and the threat of Chinese action against Taiwan, OT is a target that cannot be ignored by nation states. |
Threat Industrial | ★★ | |
|
2024-03-06 11:24:00 | Urgent: Apple émet des mises à jour critiques pour les défauts nuls exploités activement Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (lien direct) |
Apple a publié des mises à jour de sécurité pour aborder plusieurs défauts de sécurité, dont deux vulnérabilités qui, selon elle, ont été activement exploitées dans la nature.
Les lacunes sont répertoriées ci-dessous -
CVE-2024-23225 & NBSP; - un problème de corruption de mémoire dans le noyau qu'un attaquant avec une capacité de lecture et d'écriture arbitraire peut exploiter pour contourner les protections de la mémoire du noyau
CVE-2024-23296 & NBSP; - une mémoire
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296 - A memory |
Vulnerability Threat | ★★★ | |
|
2024-03-06 11:00:00 | Les escroqueries «Phantom Hacker» ciblant les seniors sont en augmentation “Phantom hacker” scams targeting seniors are on the rise (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. “Phantom hacker” scams — tech support-style scams that trick people into transferring money by falsely claiming their computer or online security is compromised — are on the rise, and “significantly impacting senior citizens, who often lose their entire bank, savings, retirement or investment accounts to such crime”, CNBC reports. Notably, as of August 2023, damages stemming from tech support scams surged by 40%, compared to the corresponding period in 2022, a recent FBI public advisory reveals (specifics on the total financial impact, however, weren’t disclosed). 50% of people targeted were over 60 years old, accounting for 66% of the total financial damages. Financial predation: exploiting seniors\' savings Ample financial resources, technological unfamiliarity, and a generally trusting nature collectively makes the elderly a prime target for phantom hacker scams. “Older adults have generally amassed a larger nest egg than younger age groups, and therefore pose a more lucrative target for criminals. Older adults are also particularly mindful of potential risks to their life savings,” Gregory Nelsen, FBI Cleveland special agent in charge, said in a statement. “These scammers are cold and calculated,” he added. “The criminals are using the victims’ own attentiveness against them”. Additionally, older adults may be less familiar with the intricacies of technology and cybersecurity, making them more susceptible to manipulation and deception. And, due to the generally polite and trusting nature of seniors, scammers can have an easier time establishing rapport and gaining the trust needed to pull off their scams. | Threat | ★★★ | |
 |
2024-03-06 11:00:00 | Skype, Google Meet et Zoom utilisés dans une nouvelle campagne d'escroquerie de Troie Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign (lien direct) |
Un nouvel acteur de menace a été observé par Zscaler distribuant des chevaux de Troie (rats) d'accès à distance via des leurres de réunion en ligne
A new threat actor has been observed by Zscaler distributing remote access Trojans (RATs) via online meeting lures |
Threat | ★★ | |
 |
2024-03-06 10:47:10 | Pourquoi les tests de pénétration annuels pour l'industrie des médias doivent évoluer Why annual penetration testing for the media industry must evolve (lien direct) |
> L'industrie des médias est un objectif majeur pour les cyberattaques.Avec l'évolution constante de la technologie, les cybercriminels développent des méthodes de plus en plus sophistiquées pour exploiter les vulnérabilités et les systèmes de compromis.Les mesures de sécurité traditionnelles, telles que les tests de pénétration annuelle, ne sont plus suffisantes pour protéger les organisations des médias contre ces menaces en évolution.Il est clair que les tests de sécurité pour les organisations de médias [& # 8230;]
>The media industry is a major target for cyberattacks. With the constant evolution of technology, cybercriminals are developing increasingly sophisticated methods to exploit vulnerabilities and compromise systems. Traditional security measures, such as annual penetration tests, are no longer sufficient to protect media organizations from these evolving threats. It’s clear that security testing for media organizations […] |
Vulnerability Threat | ★★ | |
|
2024-03-06 09:42:13 | Rapports de tendances de menace de vérification de vérification des menaces de février Checkmarx February Threat Trends Report (lien direct) |
CheckMarx vient de publier son rapport sur les tendances des menaces de sécurité de la chaîne d'approvisionnement de février.
Les recherches effectuées par l'équipe de recherche sur la sécurité de CheckMarx en février ont rencontré de nouveaux cas des types d'attaques suivants, qui représentent la continuation des techniques d'attaque observées pour la première fois en 2023 et plus tôt.
-
revues de produits
Checkmarx just released its February Supply Chain Security Threat Trends report. Research performed by the Checkmarx security research team in February encountered new cases of the following types of attacks, which represent the continuation of attack techniques first seen in 2023 and earlier. - Product Reviews |
Threat | ★★ | |
|
2024-03-06 08:56:56 | Microsoft Windows Security Update Advisory (CVE-2024-21338) (lien direct) | aperçu du 13 février 2024, Microsoft a annoncé une élévation du noyau Windows des privilèges Vulnérabilité CVE-2012-21338correctif.La vulnérabilité se produit à certains ioctl de & # 8220; appid.sys & # 8221;Connu sous le nom de pilote AppLocker, l'une des fonctionnalités Windows.L'acteur de menace peut lire et écrire sur une mémoire de noyau aléatoire en exploitant la vulnérabilité, et peut soit désactiver les produits de sécurité ou gagner le privilège du système.Avast a rapporté que le groupe de menaces Lazarus a récemment utilisé la vulnérabilité CVE-2024-21338 à désactiver les produits de sécurité.Ainsi, les utilisateurs de Windows OS sont ...
Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users are... |
Vulnerability Threat | APT 38 | ★★ |
 |
2024-03-06 01:38:41 | Aucun problème de sécurité alors que Super Mardi tire à sa fin, dit le responsable de la CISA No security issues as Super Tuesday draws to a close, CISA official says (lien direct) |
Les menaces de cyber et d'influence ne se sont pas concrétisées comme le plus grand jour du calendrier primaire présidentiel se sont terminés, selon un responsable américain.«Nous n'avons observé aucun problème de l'ordinaire aujourd'hui.Nous continuons avec l'évaluation qu'il n'y a aucune menace connue, crédible ou spécifique aux opérations du jour du scrutin d'aujourd'hui »,"
Cyber and influence threats did not materialize as the biggest day of the presidential primary calendar drew to a close, according to a U.S. official. “We did not observe any issues out of the ordinary today. We continue with the assessment that there is no known, credible or specific threat to today\'s election day operations,” |
Threat | ★★★ | |
|
2024-03-06 01:26:31 | Z0miner exploite les serveurs Web coréens pour attaquer le serveur WebLogic z0Miner Exploits Korean Web Servers to Attack WebLogic Server (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a trouvé de nombreux cas d'acteurs de menace attaquant les serveurs coréens vulnérables.Ce post présente l'un des cas récents dans lesquels l'acteur de menace \\ 'z0min \' a attaqué des serveurs coréens Weblogic.Z0miner a été présenté pour la première fois par Tencent Security, un fournisseur de services Internet chinois.https://s.tencent.com/research/report/1170.html (ce lien n'est disponible qu'en chinois.) Ces acteurs de menace ont une histoire de distribution de mineurs contre les serveurs vulnérables (Atlassian Confluence, Apache ActiveMq, Log4J, etc.), et ils étaient fréquemment mentionnés dans l'ASEC ...
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor \'z0Miner\' attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is only available in Chinese.) These threat actors have a history of distributing miners against vulnerable servers (Atlassian Confluence, Apache ActiveMQ, Log4J, etc.), and they were frequently mentioned in the ASEC... |
Threat | ★★★ | |
|
2024-03-06 01:05:06 | Faits saillants hebdomadaires d'osint, 4 mars 2024 Weekly OSINT Highlights, 4 March 2024 (lien direct) |
## Weekly OSINT Highlights, 4 March 2024 Ransomware loomed large in cyber security research news this week, with our curated OSINT featuring research on Abyss Locker, BlackCat, and Phobos. Phishing attacks, information stealers, and spyware are also in the mix, highlighting the notable diversity in the cyber threat landscape. The OSINT reporting this week showcases the evolving tactics of threat actors, with operators increasingly employing multifaceted strategies across different operating systems. Further, the targets of these attacks span a wide range, from civil society figures targeted by spyware in the Middle East and North Africa to state and local governments victimized by ransomware. The prevalence of attacks on sectors like healthcare underscores the significant impact on critical infrastructure and the potential for substantial financial gain through ransom payments. 1. [**Abyss Locker Ransomware Evolution and Tactics**](https://ti.defender.microsoft.com/articles/fc80abff): Abyss Locker ransomware, derived from HelloKitty, exfiltrates victim data before encryption and targets Windows systems, with a subsequent Linux variant observed. Its capabilities include deleting backups and employing different tactics for virtual machines, indicating a growing sophistication in ransomware attacks. 2. [**ALPHV Blackcat Ransomware-as-a-Service (RaaS)**:](https://ti.defender.microsoft.com/articles/b85e83eb) The FBI and CISA warn of ALPHV Blackcat RaaS, which targets multiple sectors, particularly healthcare. Recent updates to ALPHV Blackcat include improved defense evasion, encryption capabilities for Windows and Linux, reflecting the increasing sophistication in ransomware operations. 3. [**Phobos RaaS Model**](https://ti.defender.microsoft.com/articles/ad1bfcb4): Phobos ransomware, operating as a RaaS model, frequently targets state and local governments. Its use of accessible open-source tools enhances its popularity among threat actors, emphasizing the ease of deployment and customization for various environments. 4. [**TimbreStealer Phishing Campaign**](https://ti.defender.microsoft.com/articles/b61544ba): Talos identifies a phishing campaign distributing TimbreStealer, an information stealer disguised as Mexican tax-related themes. The threat actor was previously associated with banking trojans, underscoring the adaptability and persistence of malicious actors. 5. [**Nood RAT Malware Features and Stealth**](https://ti.defender.microsoft.com/articles/cc509147): ASEC uncovers Nood RAT, a Linux-based variant of Gh0st RAT, equipped with encryption and disguised as legitimate software. The malware\'s flexibility in binary creation and process naming underscores the threat actor\'s intent to evade detection and carry out malicious activities with sophistication. 6. [**Predator Spyware Infrastructure and Targeting**](https://ti.defender.microsoft.com/articles/7287eb1b): The Insikt Group\'s discovery highlights the widespread use of Predator spyware, primarily targeting journalists, politicians, and activists in various countries. Despite its purported use for counterterrorism and law enforcement, Predator is employed by threat actors outside these contexts, posing significant privacy and safety risks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following | Ransomware Spam Malware Tool Threat Legislation Medical | ★★★★ | |
 |
2024-03-06 00:00:00 | Dévoiler la Terre Kapre AKA AKE REDCURL \\'s Cyberspionage Tactics with Trend Micro MDR, Mende Intelligence Unveiling Earth Kapre aka RedCurl\\'s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence (lien direct) |
Cette entrée de blog examinera l'enquête de Trend Micro MDR Team \\ qui a réussi à découvrir les ensembles d'intrusion employés par Earth Kapre dans un incident récent, ainsi que sur la façon dont l'équipe a exploité les renseignements sur les menaces pour attribuer les preuves extraites au groupe de menaces de Cyberespionage.
This blog entry will examine Trend Micro MDR team\'s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group. |
Threat Prediction | ★★ | |
|
2024-03-05 21:48:00 | Les pirates exploitent ConnectWise Screenconnect Flaws pour déployer des logiciels malveillants Toddlershark Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (lien direct) |
Les acteurs de la menace nord-coréenne ont exploité les défauts de sécurité récemment divulgués dans ConnectWise ScreenConnect pour déployer un nouveau malware appelé & nbsp; Toddlershark.
Selon un rapport partagé par Kroll avec The Hacker News, Toddlershark chevauche des logiciels malveillants Kimsuky connus tels que BabyShark et Reonshark.
«L'acteur de menace a eu accès au poste de travail de victime en exploitant l'assistant de configuration exposé
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard |
Malware Threat | ★★ | |
|
2024-03-05 20:00:39 | Félicitations à Check Point \\'s CPX Americas Partner Award Gainters Congratulating Check Point\\'s CPX Americas Partner Award Winners (lien direct) |
> 2023 a été l'année des attaques de méga ransomwares et des cybermenaces alimentées par l'IA avec 1 organisation sur 10 dans le monde en proie à des tentatives de ransomware.Nos partenaires étaient là pour soutenir et guider les clients au milieu du paysage des menaces croissantes et de nouvelles cyber-réglementations.Nous remercions tous nos partenaires pour leur dévouement continu à assurer la meilleure sécurité aux organisations de toutes tailles.Cette année, nous sommes fiers d'annoncer les prix des partenaires Amériques CPX suivants et de célébrer les gagnants: Americas Partner of the Year: Sayers Distributeur de l'année: licence en ligne GSI partenaire de l'année: DXC Technology Harmony Partner of the Year:Gotham [& # 8230;]
>2023 was the year of mega ransomware attacks and AI-fueled cyber threats with 1 in 10 organizations worldwide plagued by attempted ransomware attacks. Our partners were there to support and guide customers amidst the growing threat landscape and new cyber regulations. We thank all of our partners for their continued dedication to providing the best security to organizations of all sizes. This year, we\'re proud to announce the following CPX Americas Partner awards and celebrate the winners: Americas Partner of the Year: Sayers Distributor of the Year: Licensias OnLine GSI Partner of the Year: DXC Technology Harmony Partner of the Year: Gotham […] |
Ransomware Threat | ★★ | |
|
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical | APT 28 ChatGPT APT 4 | ★★ |
To see everything:
Our RSS (filtrered)
