What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-15 15:30:00 | Lancefly APT Custom Backdoor Targets Government and Aviation Sectors (lien direct) | Symantec\'s Threat Hunter Team said these campaigns have been ongoing for several years
Symantec\'s Threat Hunter Team said these campaigns have been ongoing for several years |
Threat | ★★★ | |
 |
2023-05-15 15:18:51 | Selena Larson sur la façon dont les cybercriminels utilisent l'intelligence des menaces Selena Larson on how cybercriminals use threat intelligence (lien direct) |
Pas de details / No more details | Threat | ★★ | |
 |
2023-05-15 13:58:02 | 15 mai & # 8211;Rapport de renseignement sur les menaces 15th May – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 15 mai, veuillez télécharger nos principales attaques de Bulletin sur la menace_ingence et violation de la société suédoise d'automatisation multinationale ABB a été victime d'une attaque de ransomware menée par le Russian Black Basta Ransomware Group.Les acteurs de la menace ont attaqué le répertoire de Windows Active de la société, affectant [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th May, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The Swedish-Swiss multinational automation company ABB has been a victim of a ransomware attack conducted by the Russian Black Basta ransomware group. The threat actors have attacked the company\'s Windows Active Directory, affecting […] |
Ransomware Threat | ★ | |
 |
2023-05-15 10:54:38 | 5,8 millions de personnes touchées par la violation de données à Pharrica 5.8 Million People Affected by Data Breach at PharMerica (lien direct) |
Le 8 avril, l'organisation de ransomware de message monétaire a attaqué le National Pharmacy Network Pharmerica et sa société mère.L'activité de santé à domicile et communautaire BrightSpring Health.Les acteurs de la menace ont exposé des données de preuves, une déclaration a été obtenue auprès de BrightSpring, et des preuves et des allégations supplémentaires ont été obtenues par message monétaire.Message de l'argent a informé Databreaches le 14 avril [& # 8230;]
On April 8 that the Money Message ransomware organization attacked the national pharmacy network PharMerica and its parent company. The home and community healthcare business BrightSpring Health. Threat actors exposed evidence data, a statement was obtained from BrightSpring, and additional evidence and allegations were gained via Money Message. Money Message informed DataBreaches on April 14 […] |
Ransomware Data Breach Threat | ★★ | |
 |
2023-05-15 10:00:00 | CISOS: Comment améliorer la cybersécurité dans un paysage de menaces en constante évolution CISOs: How to improve cybersecurity in an ever-changing threat landscape (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s network, data, and other assets stay vigilant and on top of trends. Everybody within an organization should work to establish and maintain good cybersecurity habits and measures, but much of the security burden falls on the chief information security officer (CISO). Below are some key insights for any CISO to take into consideration. Concerns and challenges Since the beginning of the COVID-19 pandemic three years ago, hybrid and remote working solutions have been rising in popularity. This should be a priority area: according to a report from Malwarebytes, 20% of companies reported that a remote worker had caused a security breach. In comparison, 55% cited training employees in security protocols as a major challenge in transitioning to work-from-home infrastructure. Because the shift to hybrid and remote work happened quickly and with an eye for ease of access over security, employees working offsite can pose a great risk to an organization if not provided with adequate cybersecurity training and policies. AI and machine learning are also on the rise, increasingly being utilized by businesses and cybercriminals alike. It is important to recognize that while AI enhancements can provide aid, there is no replacement for the human element in developing a cybersecurity strategy. Understanding and deploying AI and machine learning tools can not only help with fraud detection, spam filtering, and data leak prevention, but it can allow a security officer insight into cybercriminals’ use of the tools. Increasing awareness of the criminal toolkit and operations provides an opportunity to get ahead of threat trends and potentially prevent attacks and breaches. Another major issue is the shortage of qualified cybersecurity professionals leading to a significant struggle with recruitment and retention. In a Fortinet report, 60% of respondents said they were struggling to recruit cybersecurity talent, and 52% said they were struggling to retain qualified people. In the same survey, around two-thirds of organization leaders agreed that the shortage “creates additional risk.” Many factors work in tandem to perpetuate the problem, but the solution doesn’t have to be complicated. Ensuring your employees have a healthy work environment goes a long way, as well as tweaking hiring practices to select “adaptable, highly communicative and curious” people, as these traits make for an employee who will grow and learn with your company. Tips for improving cybersecurity One of the top priorities for CISOs should always be to ensure that all employees are properly trained in cyber hygiene and cybersecurity best practices. Insider threats are a serious issue with no easy solution, and a good number of those (more than half, according to one report) are mistakes due to negligence or ignorance. Traditional threat prevention solutions are often concerned with | Data Breach Spam Threat | ★★ | |
 |
2023-05-15 01:00:00 | Tendances de la menace par e-mail de phishing ASEC (30 avril 2023 & # 8211; 6 mai 2023) ASEC Weekly Phishing Email Threat Trends (April 30th, 2023 – May 6th, 2023) (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 30 avril 2023 au 6 mai 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 30th, 2023 to May 6th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... |
Threat | ★★ | |
|
2023-05-14 23:30:00 | Groupe de pirates chinois volant des informations aux entreprises coréennes Chinese Hacker Group Stealing Information From Korean Companies (lien direct) |
récemment, il y a eu des cas fréquents d'attaques ciblant les serveurs vulnérables qui sont accessibles à l'extérieur, comme les serveurs SQLou des serveurs Web.L'équipe a confirmé deux entreprises touchées dans ce cas.L'une étant une entreprise pour les semi-conducteurs, et l'autre étant une entreprise de fabrication intelligente qui utilise l'intelligence artificielle.On suppose que le groupe de menaces qui a effectué l'attaque de piratage est un groupe de pirate chinois comme Xiaoqiying et Dalbit, en tant que fichier texte chinois contenant des instructions ...
Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial intelligence. It is assumed that the threat group that carried out the hacking attack is a Chinese hacker group like Xiaoqiying and Dalbit, as a Chinese text file containing instructions... |
Threat | ★★ | |
 |
2023-05-12 15:15:46 | Résultats clés du nouveau rapport d'activité APT d'ESET \\ & # 8211;Semaine en sécurité avec Tony Anscombe Key findings from ESET\\'s new APT Activity Report – Week in security with Tony Anscombe (lien direct) |
Qu'est-ce que certains des acteurs de menace avancés les plus infâmes du monde ont fait et quelles pourraient être les implications de leurs activités pour votre entreprise?
What have some of the world\'s most infamous advanced threat actors been up to and what might be the implications of their activities for your business? |
Threat | ★★ | |
 |
2023-05-12 13:29:00 | BL00DY Ransomware Gang frappe le secteur de l'éducation avec une vulnérabilité critique de papier Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability (lien direct) |
Les agences de cybersécurité et de renseignement des États-Unis ont mis en garde contre les attaques menées par un acteur de menace connu sous le nom de BL00DY Ransomware Gang qui tente d'exploiter des serveurs de papier de papier vulnérables contre le secteur des installations éducatifs du pays.
Les attaques ont eu lieu début mai 2023, le Federal Bureau of Investigation (FBI) et l'Agence de sécurité de la cybersécurité et des infrastructures (CISA) ont déclaré dans une
U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) said in a |
Ransomware Vulnerability Threat | ★★ | |
 |
2023-05-12 11:43:08 | Gulf Countries Threat Landscape Report: Cyber Security Posture of the GCC Countries (lien direct) | «Bahreïn, Koweït, Oman, Qatar, Arabie saoudite et les Émirats arabes unis constituent le Conseil de coopération ...
Le post Rapport de paysage des pays du Golfe:La posture de cybersécurité des pays du CCG est apparue pour la première fois sur socradar & reg;Cyber Intelligence Inc. .
“Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates constitute the Cooperation Council... The post Gulf Countries Threat Landscape Report: Cyber Security Posture of the GCC Countries first appeared on SOCRadar® Cyber Intelligence Inc.. |
Threat | ★★ | |
|
2023-05-12 09:30:00 | Les fabricants ciblés comme des chiffres de victime de ransomware augmentent 27% Manufacturers Targeted as Ransomware Victim Numbers Spike 27% (lien direct) |
Les groupes de menaces plus petits et les tactiques coercitives sont de plus en plus courantes
Smaller threat groups and coercive tactics are increasingly common |
Ransomware Threat | ★★ | |
|
2023-05-11 20:15:00 | New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (lien direct) | Un acteur avancé de menace persistante avancée (APT), non détecté, surnommé Red Stinger, est lié à des attaques ciblant l'Europe de l'Est depuis 2020.
"L'armée, le transport et les infrastructures critiques étaient quelques-unes des entités ciblées, ainsi que certaines impliquées dans les référendums de septembre de l'Ukraine", a révélé aujourd'hui un rapport publié aujourd'hui.
"Selon la campagne,
A previously undetected advanced persistent threat (APT) actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums," Malwarebytes disclosed in a report published today. "Depending on the campaign, |
Threat | ★★★ | |
|
2023-05-11 16:30:00 | Les acteurs de la menace utilisent le code BABUK pour construire un ransomware hyperviseur Threat Actors Use Babuk Code to Build Hypervisor Ransomware (lien direct) |
According to SentinelOne, these novel variants emerged between 2022 and 2023
According to SentinelOne, these novel variants emerged between 2022 and 2023 |
Ransomware Threat | ★★ | |
|
2023-05-11 16:02:00 | Le code source Babuk étimule 9 souches de ransomware différentes ciblant les systèmes VMware ESXi Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems (lien direct) |
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems.
"These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems. "These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report |
Ransomware Threat Prediction | ★★ | |
|
2023-05-11 16:02:00 | Comment la gestion de la surface d'attaque soutient la gestion continue de l'exposition aux menaces How Attack Surface Management Supports Continuous Threat Exposure Management (lien direct) |
Selon Forrester, la gestion externe de la surface d'attaque (EASM) est devenue une catégorie de marché en 2021 et a gagné en popularité en 2022. Dans un rapport différent, Gartner a conclu que les fournisseurs de gestion de la vulnérabilité élargissent leurs offres pour inclure la gestion de la surface d'attaque (ASM) pour une suitede solutions de sécurité offensive complètes.
La reconnaissance des analystes mondiaux a officiellement mis
According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite of comprehensive offensive security solutions. Recognition from global analysts has officially put |
Vulnerability Threat | ★★ | |
 |
2023-05-11 14:00:00 | Menaces d'initiés emballant leurs sacs avec des données d'entreprise Insider Threats Packing Their Bags With Corporate Data (lien direct) |
> Introduction L'histoire d'initiés, qu'il s'agisse d'un employé mécontent ou négligent, est un employé qui est familier à de nombreuses organisations.Le rapport sur les menaces d'initiés de Secuonix 2020 a révélé que 60% des cas de menace d'initiés avec lesquels ils ont traité impliquaient un employé de «risque de vol» ou une personne qui s'apprête à quitter son emploi.Dans aujourd'hui \'s [& # 8230;]
>Introduction The insider story, whether it is a disgruntled or negligent employee, is one that is familiar to many organizations. The 2020 Securonix Insider Threat Report found that 60% of the insider threat cases they dealt with involved a “flight risk” employee, or an individual that is getting ready to leave their employment. In today\'s […] |
Threat | ★★★ | |
 |
2023-05-11 12:49:03 | (Déjà vu) April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return (lien direct) | April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return
Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare became the second most exploited industry
-
Malware Update
April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare became the second most exploited industry - Malware Update |
Malware Threat | ★★ | |
|
2023-05-11 11:54:18 | Ransomware de l'hyperviseur - Les groupes d'acteurs de menaces multiples montent sur le code Babuk divulgué pour construire des casiers ESXi Hypervisor ransomware - Multiple threat actor groups hop on leaked Babuk code to build ESXi lockers (lien direct) |
Ransomware de l'hyperviseur - Les groupes d'acteurs de menaces multiples montent sur le code Babuk divulgué pour construire des recherches sur les casiers ESXi par Sentinelone
-
mise à jour malveillant
Hypervisor ransomware - Multiple threat actor groups hop on leaked Babuk code to build ESXi lockers research by SentinelOne - Malware Update |
Ransomware Threat | ★★ | |
|
2023-05-11 11:00:32 | Avril 2023 \\'s Most Wetewware: QBOT lance une campagne de Malspam substantielle et Mirai fait son retour April 2023\\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return (lien direct) |
>Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare moved up to become the second most exploited industry Our latest Global Threat Index for April 2023 saw researchers uncover a substantial Qbot malspam campaign distributed through malicious PDF files, attached to emails seen in multiple languages. Meanwhile, Internet-of-Things (IoT) malware Mirai made the list for the first time in a year after exploiting a new vulnerability in TP-Link routers, […]
>Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare moved up to become the second most exploited industry Our latest Global Threat Index for April 2023 saw researchers uncover a substantial Qbot malspam campaign distributed through malicious PDF files, attached to emails seen in multiple languages. Meanwhile, Internet-of-Things (IoT) malware Mirai made the list for the first time in a year after exploiting a new vulnerability in TP-Link routers, […] |
Malware Vulnerability Threat | ★★ | |
|
2023-05-11 10:11:00 | Les escrocs distribuent des logiciels malveillants via des annonces de compte vérifié sur Facebook Scammers Distribute Malware via Verified Account Ads on Facebook (lien direct) |
Les campagnes d'arnaque impliquent fréquemment des acteurs de menace usurpant l'usurpation d'entreprises ou des individus importants.Cependant, une tendance récente ...
Scamming campaigns frequently involve threat actors impersonating businesses or significant individuals. However, a recent trend... |
Malware Threat | ★★ | |
 |
2023-05-11 09:55:06 | Ransomware de l'hyperviseur |Les groupes d'acteurs de menaces multiples montent sur le code Babuk divulgué pour construire des casiers ESXi Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers (lien direct) |
La disponibilité du code source BABUK divulguée alimente une prolifération des casiers de fichiers ciblant VMware ESXi.
Availability of leaked Babuk source code is fuelling a proliferation of file lockers targeting VMware ESXi. |
Ransomware Threat | ★★★ | |
|
2023-05-11 09:10:00 | Le groupe de ransomwares essaie et ne parvient pas à extorquer des dragos du fournisseur de sécurité Ransomware Group Tries and Fails to Extort Security Vendor Dragos (lien direct) |
Les acteurs de la menace ont exercé la pression avec les références aux membres de la famille
Threat actors put the pressure on with references to family members |
Ransomware Threat | ★★ | |
|
2023-05-11 00:00:00 | Analyse de CLR SQLShell utilisée pour attaquer les serveurs MS-SQL Analysis of CLR SqlShell Used to Attack MS-SQL Servers (lien direct) |
Cet article de blog analysera le malware CLR SQLShell qui est utilisé pour cibler les serveurs MS-SQL.Semblable à la webshell, qui peut être installé sur des serveurs Web, SQLShell est une souche malveillante qui prend en charge diverses fonctionnalités après avoir été installée sur un serveur MS-SQL, telles que l'exécution de commandes d'acteurs de menace et la réalisation de toutes sortes de comportements malveillants.Les serveurs MS-SQL prennent en charge une méthode connue sous le nom de procédure stockée CLR qui permet l'utilisation de fonctionnalités élargies, et SQLShell est une DLL ...
This blog post will analyze the CLR SqlShell malware that is being used to target MS-SQL servers. Similar to WebShell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS-SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior. MS-SQL servers support a method known as CLR Stored Procedure which allows the usage of expanded features, and SqlShell is a DLL... |
Malware Threat | ★★ | |
|
2023-05-10 20:13:00 | OneNote documents have emerged as a new malware infection vector (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Intro
In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.
OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.
Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.
Attack chain
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.
Email – Social engineering
Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.
In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.
In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the "Open" button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.
One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.
Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.
Tactics and techniques
This particular campaign |
Malware Tool Threat | ★★★ | |
|
2023-05-10 18:35:00 | Campagne sophistiquée de logiciels malveillants Downex ciblant les gouvernements d'Asie centrale Sophisticated DownEx Malware Campaign Targeting Central Asian Governments (lien direct) |
Les organisations gouvernementales en Asie centrale sont la cible d'une campagne d'espionnage sophistiquée qui exploite une souche de logiciels malveillants auparavant sans papiers surnommée Downex.
BitDefender, dans un rapport partagé avec les hackers News, a déclaré que l'activité reste active, les preuves indiquant probablement l'implication des acteurs de la menace basés en Russie.
La firme de cybersécurité roumaine a déclaré qu'elle avait d'abord détecté le
Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx. Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the involvement of Russia-based threat actors. The Romanian cybersecurity firm said it first detected the |
Malware Threat | ★★ | |
 |
2023-05-09 20:02:00 | Anomali Cyber Watch: l'environnement virtuel personnalisé cache Fluorshe Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions (lien direct) |
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Defense evasion, Infostealers, North Korea, Spearphishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
(published: May 5, 2023)
McAfee researchers have detected a multi-stage attack that starts with a trojanized wextract.exe, Windows executable used to extract files from a cabinet (CAB) file. It was used to deliver the AgentTesla, Amadey botnet, LockBit ransomware, Redline Stealer, and other malicious binaries. To avoid detection, the attackers use obfuscation and disable Windows Defender through the registry thus stopping users from turning it back on through the Defender settings.
Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioral analysis defenses and social engineering training. Users should report suspicious files with double extensions such as .EXE.MUI. Indicators associated with this campaign are available in the Anomali platform and users are advised to block these on their infrastructure.
MITRE ATT&CK: [MITRE ATT&CK] T1562.001: Disable or Modify Tools | [MITRE ATT&CK] T1555 - Credentials From Password Stores | [MITRE ATT&CK] T1486: Data Encrypted for Impact | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information
Tags: malware:Amadey, malware-type:Botnet, malware:RedLine, malware:AgentTesla, malware-type:Infostealer, malware:LockBit, malware-type:Ransomware, abused:Wextract.exe, file-type:CAB, file-type:EXE, file-type:MUI, target-program:Windows Defender, target-system:Windows
Eastern Asian Android Assault – FluHorse
(published: May 4, 2023)
Active since May 2022, a newly-detected Android stealer dubbed FluHorse spreads mimicking popular apps or as a fake dating application. According to Check Point researchers, FluHorse was targeting East Asia (Taiwan and Vietnam) while remaining undetected for months. This stealthiness is achieved by sticking to minimal functions while also relying on a custom virtual machine that comes with the Flutter user interface software development kit. FluHorse is being distributed via emails that prompt the recipient to install the app and once installed, it asks for the user’s credit card or banking data. If a second factor authentication is needed to commit banking fraud, FluHorse tells the user to wait for 10-15 minutes while intercepting codes by installing a listener for all incoming SMS messages.
Analyst Comment: FluHorse\'s ability to remain undetected for months makes it a dangerous threat. Users should avoid installing applications following download links received via email or other messaging. Verify the app authenticity on the official com |
Malware Tool Threat | APT 37 APT 43 | ★★★ |
 |
2023-05-09 19:12:00 | ESET APT Rapport: Attaques par la Chine, la Corée du Nord et les acteurs des menaces alignées par l'Iran;La Russie yeux Ukraine et l'UE ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU (lien direct) |
Pas de details / No more details | Threat | ★★★★ | |
|
2023-05-09 18:59:00 | Opération ChattyGoblin: Hackers ciblant les entreprises de jeu via les applications de chat Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps (lien direct) |
Une entreprise de jeu aux Philippines était la cible d'un acteur de menace aligné par la Chine dans le cadre d'une campagne qui se poursuit depuis octobre 2021.
La société de cybersécurité slovaque ESET suit la série d'attaques contre les sociétés de jeu d'Asie du Sud-Est sous le nom de l'opération Chattygoblin.
"Ces attaques utilisent une tactique spécifique: cibler les sociétés de victimes \\ 'Support Agents via le chat
A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin. "These attacks use a specific tactic: targeting the victim companies\' support agents via chat |
Threat | ★★ | |
 |
2023-05-09 16:48:12 | Alerte de menace vert: mai 2023 Patch mardi analyse - cloné VERT Threat Alert: May 2023 Patch Tuesday Analysis - Cloned (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de \\ sont les mises à jour de la sécurité de Microsoft \\ en mai, qui incluent un nouveau format de notes de version.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1055 le mercredi 10 mai.CVE CVE-2023-29336 dans le Wild et divulgué CVE-2023-29336 Ce mois-ci est une vulnérabilité rapportée par Avast dans Win32k.Cette vulnérabilité pourrait permettre à un attaquant authentifié d'élever ses privilèges au système.Cette vulnérabilité a connu une exploitation active.CVE-2023-24932 Cette vulnérabilité permet à un attaquant d'accès physique ou de droits administratifs pour installer un démarrage ...
Today\'s VERT Alert addresses Microsoft\'s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation. CVE-2023-24932 This vulnerability allows an attacker with physical access or Administrative rights to install a boot... |
Vulnerability Threat | ★★ | |
|
2023-05-09 15:11:16 | Kimsuky Apt évolue les capacités de reconnaissance dans la nouvelle campagne mondiale Kimsuky APT evolves reconnaissance capabilities in new global campaign (lien direct) |
Kimsuky est un groupe de menace persistante avancée (APT) nord-coréenne avec une longue histoire d'attaques ciblées à travers le monde.La compréhension actuelle du groupe indique qu'ils sont principalement affectés aux opérations de collecte et d'espionnage des renseignements à l'appui du gouvernement nord-coréen depuis au moins 2012. En 2018, le groupe a été observé en déploiement d'une famille de logiciels malveillants surnommée BabyShark, et les dernières observations indiquent que le groupe a évolué leMalware avec une capacité de reconnaissance élargie & # 8211;Sentinellabs fait référence à ce composant babyshark comme Reonshark.
-
mise à jour malveillant
Kimsuky is a North Korean advanced persistent threat (APT) group with a long history of targeted attacks across the world. Current understanding of the group indicates they are primarily assigned to intelligence collection and espionage operations in support of the North Korean government since at least 2012. In 2018 the group was observed deploying a malware family dubbed BabyShark, and latest observations indicate the group has evolved the malware with an expanded reconnaissance capability – SentinelLabs refers to this BabyShark component as ReconShark. - Malware Update |
Malware Threat | ★★ | |
|
2023-05-09 15:09:00 | Les chercheurs découvrent la dernière technique du polymorphisme basé sur le serveur de Sidewinder \\ Researchers Uncover SideWinder\\'s Latest Server-Based Polymorphism Technique (lien direct) |
L'acteur avancé de menace persistante (APT) connue sous le nom de Sidewinder a été accusé d'avoir déployé une porte dérobée dans des attaques dirigées contre les organisations gouvernementales pakistanaises dans le cadre d'une campagne qui a commencé fin novembre 2022.
"Dans cette campagne, le groupe de menace persistante avancée (APT) Advanced Advanced Advance
The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry |
Threat | APT-C-17 | ★★★ |
|
2023-05-09 14:23:00 | Microsoft met en garde contre les attaques parrainées par l'État exploitant la vulnérabilité critique de papier Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability (lien direct) |
Les groupes iraniens de l'État-nation ont maintenant rejoint les acteurs motivés financièrement dans l'exploitation active d'un défaut critique dans le logiciel de gestion de Papercut Print, a déclaré Microsoft.
L'équipe de renseignement sur les menaces du géant de la technologie a déclaré qu'elle avait observé à la fois Mango Sandstorm (Mercury) et Mint Sandstorm (phosphore) armorant le CVE-2023-27350 dans leurs opérations pour obtenir un accès initial.
"Cette activité montre la menthe
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant\'s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint |
Vulnerability Threat | APT 35 | ★★ |
 |
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 12:32:14 | Fog lance Tripline Nebulon Launches TripLine (lien direct) |
Nebulon lance Tripline, la première détection de menace combinée de serveurs et de stockage de l'industrie pour les ransomwares cryptographiques
La société SmartInfrastructure a également annoncé SmartDefense, une solution pour protéger, détecter et récupérer l'infrastructure d'application des ransomwares en quelques minutes
-
revues de produits
Nebulon Launches TripLine, the Industry\'s First Combined Server and Storage Threat Detection for Cryptographic Ransomware The smartInfrastructure company also announced smartDefense, a solution to protect, detect, and recover the application infrastructure from ransomware in minutes - Product Reviews |
Ransomware Threat | ★★ | |
|
2023-05-09 12:04:07 | Money Message Ransomware Leaks MSI Signing Keys for Intel Boot Guard (lien direct) | MSI, un fabricant de PC leader & # 160; Taiwanais, a subi une attaque de ransomware & # 160; le mois dernier.Les acteurs de la menace derrière l'attaque, le ...
MSI, a leading Taiwanese PC manufacturer, suffered a ransomware attack last month. The threat actors behind the attack, the... |
Ransomware Threat | ★★★★ | |
|
2023-05-09 00:56:00 | ASEC Weekly Phishing Email Trends Threat (23 avril 2023 & # 8211; 29 avril 2023) ASEC Weekly Phishing Email Threat Trends (April 23rd, 2023 – April 29th, 2023) (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) surveille les menaces par e-mail avec le système d'analyse automatique ASEC (Rapit) et le pot de miel.Ce message couvrira les cas de distribution des e-mails de phishing au cours de la semaine du 23 avril 2023 au 29 avril 2023 et fournira des informations statistiques sur chaque type.Généralement, le phishing est cité comme une attaque qui fuit les utilisateurs & # 8217;Connexion des informations de connexion en déguisant ou en imitant un institut, une entreprise ou un individu grâce à des méthodes d'ingénierie sociale.Sur une note plus large, ...
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 23rd, 2023 to April 29th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,... |
Threat | ★★ | |
|
2023-05-08 20:53:00 | Brave de données MSI: clés de signature de code privé divulguées sur le Web sombre MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web (lien direct) |
Les acteurs de la menace derrière l'attaque des ransomwares contre le fabricant de PC taïwanais MSI le mois dernier ont divulgué les clés de signature de code privé de la société sur leur site Web sombre.
"Confirmé, la clé privée Intel OEM a divulgué, provoquant un impact sur l'ensemble de l'écosystème", a déclaré Alex Matrosov, fondateur et PDG de la société de sécurité du firmware Binarly, dans un tweet au cours du week-end.
"Il semble que le démarrage Intel ne soit pas
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company\'s private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend. "It appears that Intel Boot Guard may not be |
Ransomware Threat | ★ | |
|
2023-05-08 18:57:00 | Sidecopy utilisant Action Rat et Allakore Rat pour infiltrer les organisations indiennes SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations (lien direct) |
L'acteur de menace présumé aligné par le Pakistan connu sous le nom de sidecopy a été observé en train de tirer parti des thèmes liés à l'organisation de recherche militaire indienne dans le cadre d'une campagne de phishing en cours.
Cela implique d'utiliser un leurre d'archives zip concernant l'organisation de recherche et de développement de la défense de l'Inde (DRDO) pour livrer une charge utile malveillante capable de récolter des informations sensibles, Fortinet
The suspected Pakistan-aligned threat actor known as SideCopy has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India\'s Defence Research and Development Organization (DRDO) to deliver a malicious payload capable of harvesting sensitive information, Fortinet |
Threat | ★★ | |
|
2023-05-08 18:29:11 | Roundup des nouvelles de la menace des laboratoires: avril 2023 Threat Labs News Roundup: April 2023 (lien direct) |
> Résumé Le but de la série Roundup de Netkope Threat Labs est de fournir aux équipes de sécurité des entreprises un mémoire de la meilleure cybersécurité du monde entier.Le mémoire comprend des résumés et des liens vers les meilleurs articles couvrant des menaces compatibles avec le cloud, des logiciels malveillants et des ransomwares.Top Stories Microsoft élimine les serveurs de frappe Cobalt Microsoft, [& # 8230;]
>Summary The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware. Top Stories Microsoft takes down Cobalt Strike servers Microsoft, […] |
Threat | ★★ | |
|
2023-05-08 17:19:00 | Comment mettre en place un programme de renseignement de chasse et de menaces How to Set Up a Threat Hunting and Threat Intelligence Program (lien direct) |
La chasse aux menaces est une composante essentielle de votre stratégie de cybersécurité.Que vous soyez en train de commencer ou dans un état avancé, cet article vous aidera à augmenter votre programme de renseignement sur les menaces.
Qu'est-ce que la chasse aux menaces?
L'industrie de la cybersécurité passe d'une approche réactive à une approche proactive.Au lieu d'attendre des alertes de cybersécurité puis de s'adresser à eux, les organisations de sécurité sont
Threat hunting is an essential component of your cybersecurity strategy. Whether you\'re getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive approach. Instead of waiting for cybersecurity alerts and then addressing them, security organizations are |
Threat | ★★ | |
 |
2023-05-08 12:00:00 | Alors que les données de ransomware restent \\ 'floues, \\' les cyber-chefs américains voient les raisons de l'optimisme As ransomware data remains \\'fuzzy,\\' US cyber leaders see reasons for optimism (lien direct) |
NASHVILLE - Deux principaux dirigeants fédéraux de la cybersécurité ont décrit vendredi le ransomware comme une menace persistante, mais offraient un optimisme selon lequel les efforts existants et récemment lancés aideraient à lutter contre la pandémie numérique."Je ne sais pas quand ça va à Crest", a déclaré aux journalistes le général de commandement et le chef de la NSA, le général Paul Nakasone
NASHVILLE - Two top federal cybersecurity leaders on Friday described ransomware as a persistent threat but offered optimism that existing and recently launched efforts would help combat the digital pandemic. “I\'m not sure when it\'s going to crest,” U.S. Cyber Command and NSA chief Gen. Paul Nakasone told reporters after his keynote address at the |
Ransomware Threat | ★★ | |
 |
2023-05-08 10:05:10 | Détection du vol de données avec Wazuh, le XDR open source Detecting data theft with Wazuh, the open-source XDR (lien direct) |
Les acteurs de la menace peuvent voler des données aux organisations pour vendre à d'autres acteurs malveillants, ce qui en fait un risque majeur pour les organisations.Wazuh, le XDR / SIEM gratuit et open-source, offre plusieurs capacités qui se protégent contre le vol de données.[...]
Threat actors can steal data from organizations to sell to other malicious actors, making it a major risk for organizations. Wazuh, the free and open-source XDR/SIEM, offers several capabilities that protection against data theft. [...] |
Threat | ★★ | |
|
2023-05-08 08:50:17 | 8 mai & # 8211;Rapport de renseignement sur les menaces 8th May – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 8 mai, veuillez télécharger nos principales attaques de menace_ingence et violation de la ville de Dallas, le Texas a subi une attaque de ransomware menée par Royal Ransomware Gang.L'attaque a provoqué une panne de réseau de ses services d'information et de technologie (ITS), notamment le département de police de Dallas, Dallas [& # 8230;]
>For the latest discoveries in cyber research for the week of 8th May, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The City of Dallas, Texas has suffered a ransomware attack conducted by Royal ransomware gang. The attack caused a network outage of its Information and Technology Services (ITS), including Dallas police department, Dallas […] |
Ransomware Threat | ★★ | |
|
2023-05-07 23:30:00 | AHNLAB EDR suit et répond contre le fichier de liaison (* .lnk) Distribution de Rokrat AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a partagé des informations concernant le groupe de menaces Redeyes (également connu sous le nom d'APT37, Scarcruft), qui a distribué CHM malware déguisé en e-mail de sécurité d'une société financière coréenne le mois dernier.Le fichier LNK contient une commande PowerShell et effectue un comportement malveillant sans la connaissance de l'individu qui utilise le fichier PDF normal en créant et en exécutant des fichiers de script ainsi que des fichiers normaux dans le chemin d'accès temporaire.Si un fichier LNK malveillant est injecté dans un ...
AhnLab Security Emergency response Center (ASEC) has shared information regarding the RedEyes threat group (also known as APT37, ScarCruft), who distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month. The LNK file contains a PowerShell command and performs malicious behavior without the knowledge of the individual who uses the normal pdf file by creating and executing script files along with normal files in the temp path. If a malicious LNK file is injected into a... |
Malware Threat | APT 37 | ★★ |
|
2023-05-06 16:54:00 | Dragon Breath apt Group utilisant une technique de double application pour cibler l'industrie du jeu Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry (lien direct) |
Un acteur avancé de menace persistante (APT) connue sous le nom de Dragon Breath a été observé en ajoutant de nouvelles couches de complexité à ses attaques en adoptant un nouveau mécanisme de chargement latérale DLL.
"L'attaque est basée sur une attaque classique à chargement latéral, composé d'une application propre, d'un chargeur malveillant et d'une charge utile cryptée, avec diverses modifications apportées à ces composants au fil du temps", chercheur Sophos
An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher |
Threat | ★★★ | |
 |
2023-05-05 16:01:51 | Healthcare Beware: Crypto-mine, Malware et IoT Attacks Healthcare beware: Crypto-mining, malware, and IoT attacks (lien direct) |
As threat actors are continually employing novel methods to compromise a network, a growing number of healthcare companies are now having to play catch-up in a fast-evolving threat landscape.
As threat actors are continually employing novel methods to compromise a network, a growing number of healthcare companies are now having to play catch-up in a fast-evolving threat landscape. |
Threat | ★★★ | |
|
2023-05-05 15:49:00 | N. Corée des pirates de Kimsuky utilisant un nouvel outil Recon Reonshark dans les dernières cyberattaques N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks (lien direct) |
L'acteur de menace nord-coréen parrainé par l'État connu sous le nom de Kimsuky a été découvert à l'aide d'un nouvel outil de reconnaissance appelé Reonshark dans le cadre d'une campagne mondiale en cours.
"[Reonshark] est activement livré à des individus spécifiquement ciblés par le biais de courriels de lance-phishing, des liens OneDrive menant à des téléchargements de documents et à l'exécution de macros malveillants", cherche aux chercheurs de Sentinélone Tom Hegel
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel |
Tool Threat | APT 43 | ★★★ |
|
2023-05-05 15:48:00 | Manque de visibilité: le défi de protéger les sites Web des scripts tiers Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts (lien direct) |
Des applications tierces telles que Google Analytics, Meta Pixel, Hotjar et JQuery sont devenues des outils critiques pour les entreprises afin d'optimiser les performances et les services de leur site Web pour un public mondial.Cependant, à mesure que leur importance s'est développée, la menace de cyber-incidents impliquant des applications tierces non gérées et des outils open-source.Les entreprises en ligne ont de plus en plus du mal à maintenir une visibilité complète
Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete visibility |
Threat | ★★ | |
|
2023-05-05 14:00:25 | APTS cible l'accès MSP aux réseaux clients & # 8211;Semaine en sécurité avec Tony Anscombe APTs target MSP access to customer networks – Week in security with Tony Anscombe (lien direct) |
> Le récent compromis des réseaux de plusieurs sociétés via l'abus d'un outil d'accès à distance utilisé par MSPS illustre pourquoi les acteurs de menace alignés par l'État devraient être sur les radars des fournisseurs de services informatiques
>The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers |
Tool Threat | ★★ | |
|
2023-05-05 13:08:00 | Le Danemark met en garde contre les espions russes se faisant passer pour des journalistes ou des hommes d'affaires \\ ' Denmark warns of Russian spies posing as \\'journalists or business people\\' (lien direct) |
Le service de sécurité et de renseignement du Danemark a averti que les expulsions de l'année dernière des agents du renseignement russes travaillant sous couverture diplomatique pourraient entraîner une nouvelle vague d'espions infiltrés se faisant passer pour «des journalistes ou des hommes d'affaires».Dans son évaluation annuelle de [la menace d'espionnage pour le Danemark, les îles Féroé et le Groenland] (https://pet.dk/en/publications) publié cette semaine, les politiétés efterretningstJenetes
Denmark\'s security and intelligence service has warned that last year\'s expulsions of Russian intelligence officers working under diplomatic cover could result in a new wave of undercover spies posing as “journalists or business people.” In its annual assessment of [the espionage threat to Denmark, the Faroe Islands and Greenland](https://pet.dk/en/publications) published this week, the Politiets Efterretningstjeneste |
Threat | ★★ |
To see everything:
Our RSS (filtrered)
