SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-05-31 14:53:11	Piratage chinois de l'infrastructure critique américaine Chinese Hacking of US Critical Infrastructure (lien direct)	Tout le monde est écriture About an Interagency et rapport international Sur le piratage chinois de l'infrastructure critique américaine. Beaucoup de détails intéressants sur la façon dont le groupe, appelé Volt Typhoon , accède aux réseaux cibles et élude la détection. Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.		Guam	★★
	2023-05-31 13:00:00	Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct)	CyberheistNews Vol 13 #22 \| May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry: 51% of invoice fraud attacks targeted the financial services industry 42% were payroll fraud attacks 63% were payment fraud To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.	Ransomware Malware Hack Tool Threat Conference	Uber ChatGPT ChatGPT Guam	★★
	2023-05-25 21:53:00	\\ 'Volt Typhoon \\' innove le terrain frais pour les cyber campagnes soutenues en Chine \\'Volt Typhoon\\' Breaks Fresh Ground for China-Backed Cyber Campaigns (lien direct)	Il s'agit du premier incident où un acteur de menace du pays semble jeter les bases d'attaques perturbatrices à l'avenir, selon les chercheurs. This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.	Threat	Guam	★★
	2023-05-25 16:50:00	Les pirates chinois derrière Guam Breach espèrent les militaires américains depuis des années Chinese hackers behind Guam breach have been spying on US military for years (lien direct)	Un groupe de piratage chinois parrainé par l'État qui était mercredi rapporté Guam collecte également les renseignements militaires auprès des entreprises américaines depuis au moins deux ans, ont déclaré des chercheurs au dossier.Des experts de SecureWorks ont déclaré que le groupe qu'il appelle la silhouette de bronze - suivi comme Volt Typhoon par Microsoft - était derrière A state-sponsored Chinese hacking group that on Wednesday was reported to have compromised critical infrastructure in Guam has also been collecting military intelligence from U.S. companies for at least two years, researchers told The Record. Experts from Secureworks said the group it calls Bronze Silhouette - tracked as Volt Typhoon by Microsoft - was behind		Guam Guam	★★★
	2023-05-25 13:58:00	Les pirates furtifs de la Chine infiltraient les infrastructures critiques des États-Unis et de Guam non détectées China\\'s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected (lien direct)	Un groupe furtif basé en Chine a réussi à établir un pied persistant dans des organisations d'infrastructures critiques aux États-Unis et à Guam sans être détectées, ont déclaré mercredi Microsoft et les «cinq yeux». L'équipe de renseignement sur les menaces du géant de la technologie suit l'activité, qui comprend l'accès post-compromis et la découverte du système de réseau, sous le nom de Volt Typhoon. Le A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant\'s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The	Threat	Guam	★★
	2023-05-25 10:49:50	Les dernières attaques chinoises parrainées par l'État contre l'infrastructure américaine critique espionne une continuation de la tendance, rapporte la recherche sur le point de contrôle Latest Chinese state-sponsored attacks on critical US infrastructure spies a continuation of trend, Reports Check Point Research (lien direct)	> Mercredi dernier, Microsoft a émis un avertissement affirmant que des pirates chinois parrainés par l'État ont compromis la cyber-infrastructure «critique» dans une variété d'industries, y compris le gouvernement et les organisations de communication.«Les États-Unis et les autorités internationales de cybersécurité émettent ce conseil conjoint de cybersécurité (CSA) pour mettre en évidence un groupe d'activités d'intérêt récemment découvert associé à un cyber-acteur de la République de Chine du peuple (RPC), également connu sous le nom de Cyber Actor, également connu sous le nomVolt Typhoon », a déclaré un communiqué publié par les autorités aux États-Unis, en Australie, au Canada, en Nouvelle-Zélande et au Royaume-Uni & # 8211;pays qui composent le réseau de renseignements Five Eyes.Dans cet avis et sur un article de blog qui l'accompagne [& # 8230;] >Last Wednesday, Microsoft issued a warning claiming Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations. “The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People\'s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said a statement released by authorities in the US, Australia, Canada, New Zealand and the UK – countries that make up the Five Eyes intelligence network. In this advisory, and on an accompanying blog post […]		Guam	★★
	2023-05-25 10:11:41	Microsoft: les pirates chinoises frappent les bases américaines de clés sur Guam Microsoft: Chinese hackers hit key US bases on Guam (lien direct)	Les logiciels malveillants ont frappé les installations de Guam qui seraient essentielles à toute réponse américaine à une invasion de Taïwan. The malware hit facilities on Guam that would be critical to any US response to an invasion of Taiwan.	Malware	Guam	★★★
	2023-05-25 03:30:08	Cinq yeux et Microsoft accusent la Chine d'attaquer à nouveau les infrastructures américaines Five Eyes and Microsoft accuse China of attacking US infrastructure again (lien direct)	La défaite de Volt Typhoon sera difficile, car les attaques ressemblent à l'activité de l'administration Windows légitime La Chine a attaqué des organisations d'infrastructures critiques aux États-Unis en utilisant une attaque "vivant hors de la terre" qui cache une action offensive parmi tous les joursActivité de l'administrateur Windows.… Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.…		Guam	★★
	2023-05-24 23:11:52	Les pirates d'État chinois infectent une infrastructure critique aux États-Unis et à Guam Chinese state hackers infect critical infrastructure throughout the US and Guam (lien direct)	Le groupe utilise des attaques de vie et des routeurs infectés pour rester non détectés. Group uses living-off-the-land attack and infected routers to remain undetected.		Guam	★★
	2023-05-24 22:43:32	Les pirates de chinois ciblent les infrastructures critiques aux États-Unis et à Guam Chinese-linked hackers target critical infrastructure in US and Guam (lien direct)	> La campagne de piratage peut être de jeter les bases de la perturbation des communications entre les États-Unis et l'Asie en cas de crise. >The hacking campaign may be laying the groundwork for disrupting communications between the U.S. and Asia in the event of a crisis.		Guam	★★
	2023-05-24 22:09:00	\\ 'Volt Typhoon \\' APT soutenu par la Chine Infiltre les organes d'infrastructure critique \\'Volt Typhoon\\' China-Backed APT Infiltrates US Critical Infrastructure Orgs (lien direct)	Selon Microsoft et les chercheurs, l'acteur de menace parrainé par l'État pourrait très bien mettre en place un plan d'urgence d'attaques perturbatrices contre les États-Unis à la suite d'un conflit armé en mer de Chine méridionale. According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.	Threat	Guam	★★
	2023-05-24 20:58:00	Le groupe de piratage soutenu par l'État chinois a compromis les organisations d'infrastructures critiques Chinese state-backed hacking group compromised US critical infrastructure orgs (lien direct)	Un groupe de piratage parrainé par l'État chinois a eu accès à des organisations d'infrastructures critiques à Guam et dans d'autres parties des États-Unis, Microsoft.24 / Volt-Typhoon-Targets-Us-Critical-Infrastructure-With-Living-Off-the-Land-Techniques / "> averti Mercredi.Le groupe, que la société appelle Volt Typhoon, a tenté d'accéder aux organisations dans «les secteurs des communications, de la fabrication, des services publics, des transports, de la construction, du gouvernement, du gouvernement, des technologies de l'information et de l'éducation».Dans un cas, rapporté sur par A Chinese state-sponsored hacking group gained access to critical infrastructure organizations in Guam and other parts of the U.S., Microsoft warned on Wednesday. The group, which the company calls Volt Typhoon, has attempted to access organizations in “communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” In one case reported on by		Guam	★★
	2023-05-24 16:43:37	Les pirates chinois nous frappent une infrastructure critique dans les attaques furtives Chinese hackers breach US critical infrastructure in stealthy attacks (lien direct)	Microsoft affirme qu'un groupe de cyberespionnage chinois qu'il suit comme Volt Typhoon cible des organisations d'infrastructures critiques à travers les États-Unis, y compris Guam, depuis au moins la mi-2021.[...] Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. [...]		Guam	★★
	2023-05-05 12:00:43	Faire l'authentification plus rapidement que jamais: Passkeys vs mots de passe Making authentication faster than ever: passkeys vs. passwords (lien direct)	Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content DesignerIn recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo		APT 38 APT 15 APT 10 Guam	★★
	2022-08-18 08:00:00	Ukraine and the fragility of agriculture security (lien direct)	By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H	Ransomware Threat Guideline Cloud	NotPetya Uber APT 37 APT 32 APT 28 APT 10 APT 21 Guam
	2022-08-06 10:46:21	CISO workshop slides (lien direct)	A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):	Malware Vulnerability Threat Patching Guideline Medical Cloud	Uber APT 38 APT 37 APT 28 APT 19 APT 15 APT 10 APT 34 Guam
	2017-05-10 02:16:35	OAuth, and It\'s High Time for Some Personal "Security-Scaping" Today, (Wed, May 10th) (lien direct)	After Bojans recent story on the short-lived Google Docs OAuth issues last week (https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/), I got to thinking. The compromise didnt affect too many people, but it got me thinking about OAuth. The piece of OAuth that I focused on is the series of permisssions and tokens that allow interaction between applications, which is what the recent compromise took advantage of. My personal mantra is the best day to change the password for X is today, and as part of this Ive expanded that proverb to include looking at application permissions and privacy settings! For instance, using Googles Security Checkup at https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - click - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO	Guideline	Yahoo Guam
	2017-04-24 16:37:23	The Backstory Behind Carder Kingpin Roman Seleznev\'s Record 27 Year Prison Sentence (lien direct)	Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev's record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial. The son of an influential Russian politician, Seleznev made international headlines in 2014 after he was captured while vacationing in The Maldives, a popular vacation spot for Russians and one that many Russian cybercriminals previously considered to be out of reach for western law enforcement agencies. He was whisked away to Guam briefly before being transported to Washington state to stand trial for computer hacking charges.		Guam

Last update at: 2024-05-17 07:07:58
See our sources.

To see everything: Our RSS (filtrered)