What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
TechRepublic.png 2023-11-22 19:47:34 Le voleur atomique distribue des logiciels malveillants sur les Mac via les faux téléchargements du navigateur
Atomic Stealer Distributes Malware to Macs Through False Browser Downloads
(lien direct)
Le malware atomique du voleur se fait annoncer via les mises à jour du navigateur Clearfake déguisées en safari de Google \\ de Google et d'Apple \\.
Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google\'s Chrome and Apple\'s Safari.
Malware ★★
Blog.png 2023-11-22 18:49:59 Kinsing crypto malware cible les systèmes linux via une faille Apache activemq
Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw
(lien direct)
> Par deeba ahmed Les correctifs pour toutes les versions affectées d'Apache ActiveMQ ont été publiées, et les clients sont fortement invités à mettre à niveau leurs systèmes. Ceci est un post deHackRead.com Lire le post original: kinsing crypto malin cible Linux Systems Systems Systemsvia apache activemq flaw
>By Deeba Ahmed Patches for all affected versions of Apache ActiveMQ have been released, and clients are strongly advised to upgrade their systems. This is a post from HackRead.com Read the original post: Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw
Malware ★★
The_Hackers_News.png 2023-11-22 17:44:00 Les pirates nord-coréens se présentent en tant que recruteurs d'emplois et demandeurs dans des campagnes de logiciels malveillants
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
(lien direct)
Les acteurs de la menace nord-coréenne ont été liés à deux campagnes dans lesquelles ils se sont masqués en tant que recruteurs d'emplois et demandeurs pour distribuer des logiciels malveillants et obtenir un emploi non autorisé avec des organisations basées aux États-Unis et dans d'autres parties du monde. Les grappes d'activités ont été nommées par codé interview et Wagemole, respectivement, par Palo Alto Networks Unit 42. Tandis que la première série d'attaques
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks
Malware Threat ★★★
InfoSecurityMag.png 2023-11-22 17:00:00 Flaw in Apache ActiveMQ expose les systèmes Linux à la pavage de logiciels malveillants
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
(lien direct)
Identifié comme CVE-2023-46604, la vulnérabilité a un score CVSS de 9,8
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
Malware Vulnerability ★★
TechRepublic.png 2023-11-22 16:41:22 Sekoia: Dernier paysage cyber-menace du secteur financier
Sekoia: Latest in the Financial Sector Cyber Threat Landscape
(lien direct)
Le phishing, les logiciels malveillants, les ransomwares, les attaques de chaîne d'approvisionnement, les violations de données et les attaques liées à la crypto figurent parmi les menaces les plus évolutives du secteur financier, explique Sekoia.
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.
Ransomware Malware Threat Studies ★★★
bleepingcomputer.png 2023-11-22 13:06:25 Microsoft: les pirates de Lazarus violant le cyberlink dans l'attaque de la chaîne d'approvisionnement
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
(lien direct)
Microsoft affirme qu'un groupe de piratage nord-coréen a violé la société de logiciels multimédias taïwanais Cyberlink et a traditionnel l'un de ses installateurs pour pousser les logiciels malveillants dans une attaque de chaîne d'approvisionnement ciblant les victimes potentielles du monde entier.[...]
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]
Malware APT 38 ★★★
bleepingcomputer.png 2023-11-22 12:39:04 New Botnet Malware exploite deux jours zéro pour infecter les NVR et les routeurs
New botnet malware exploits two zero-days to infect NVRs and routers
(lien direct)
Un nouveau botnet malware basé sur Mirai nommé \\ 'InfectedSlurs \' a exploité deux vulnérabilités d'exécution de code distant (RCE) à deux jours zéro jour pour infecter les routeurs et les enregistreurs vidéo (NVR).[...]
A new Mirai-based malware botnet named \'InfectedSlurs\' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. [...]
Malware Vulnerability ★★
AlienVault.png 2023-11-22 11:00:00 Cyber Fête de Thanksgiving: sauvegarde contre les escroqueries saisonnières
Thanksgiving Cyber feast: Safeguarding against seasonal scams
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  As the Thanksgiving season rapidly approaches, many look forward to the warmth of family gatherings, the aroma of roasted turkey, and the joy of gratitude. Yet, just as we prepare our homes and hearts for this festive season, cybercriminals are gearing up to unleash a different kind of feast—a cyber feast—rife with sophisticated scams targeting unsuspecting individuals and businesses alike.  This article will take a closer look at various Thanksgiving-themed cyber threats, illuminating the nature and impact of devious digital deceptions while unpacking the methodologies these digital bad actors try to use. But fear not, because we’ll also offer some key strategies to help you secure and fortify your digital domains throughout the holidays. The rise of seasonal cyber threats As November and the holiday season roll around, a surge in online activity sweeps across the United States, both good and bad. Thanksgiving not only signifies a time of family gatherings and festive meals but also marks the beginning of the holiday shopping season, especially with Black Friday and Cyber Monday right around the corner—in response to this, cybercriminals see a ripe opportunity to scam.  According to the New Jersey Cybersecurity & Communications Integration Cell, recent reports had indicated. “spoofed emails were sent appearing to originate from legitimate organizations and contained [Thanksgiving-themed subject lines]’” noting how criminals and bad actors exploit the spirit of the season. Furthermore, they highlight that ”an Emotet banking trojan campaign was [also] observed using Thanksgiving lures.” Criminals know that with increased online transactions comes increased vulnerability, so they capitalize on the holiday spirit, designing scams that blend seamlessly with genuine promotional content, making it harder for individuals to distinguish between what\'s authentic and what\'s not. The risks of phishing One of the primary ways cybercriminals target individuals and businesses is through phishing attacks. Around Thanksgiving time, these types of scams might manifest as emails purporting to offer massive discounts, invitations to exclusive Thanksgiving events, or even charitable appeals meant to tug at the heartstrings to draw you in.  However, phishing isn’t restricted to just email—with their vast user bases, social media platforms are also prime targets for scams of all kinds.  Cybercriminals often create fake profiles or pages promoting too-good-to-be-true Thanksgiving deals, leading unsuspecting and unknowing victims to phishing websites or even tricking them into sharing personal information that can be further exploited. The hidden benefits of cybersecurity When businesses transform their robust cybersecurity processes into content, it becomes a powerful tool for brand awareness and elevation. Sharing with your audience the measures you\'ve implemented reassures them of the sanctity of their data. It\'s not just about telling them they\'re safe; it\'s about showing them. For potential customers, especially in niche markets, tangible information is a beacon of trust. So when they can actively see and better understand Malware Tool Vulnerability Threat ★★
RiskIQ.png 2023-11-21 21:19:53 Agent Tesla: le format d'archive ZPAQ inhabituel fournit des logiciels malveillants
Agent Tesla: Unusual ZPAQ Archive Format Delivers Malware
(lien direct)
#### Description Une nouvelle variante de l'agent Tesla a été découverte qui utilise l'extension de fichier archive ZPAQ et .wav pour infecter les systèmes et voler des informations à environ 40 navigateurs Web et divers clients de messagerie.ZPAQ est un format de compression de fichiers qui offre un meilleur rapport de compression et une fonction de journalisation par rapport à des formats largement utilisés comme ZIP et RAR.Cependant, le ZPAQ a un support logiciel limité, ce qui rend difficile le travail, en particulier pour les utilisateurs sans expertise technique.Le fichier exécutable .NET est gonflé avec zéro octets, ce qui permet aux acteurs de menace de contourner les mesures de sécurité traditionnelles et d'augmenter l'efficacité de leur attaque. L'utilisation du format de compression ZPAQ soulève plus de questions que de réponses.Les hypothèses ici sont que les acteurs de la menace ciblent un groupe spécifique de personnes qui ont des connaissances techniques ou utilisent des outils d'archives moins connus, ou ils testent d'autres techniques pour diffuser plus rapidement les logiciels malveillants et contourner les logiciels de sécurité. Le malware utilise Telegram en tant que C&C en raison de son utilisation juridique généralisée et du fait que son trafic est souvent autorisé à travers des pare-feu, ce qui en fait un support utile pour une communication secrète.Comme tout autre voleur, l'agent Tesla peut nuire non seulement aux particuliers mais aussi aux organisations.Il a gagné en popularité parmi les cybercriminels pour de nombreuses raisons, notamment la facilité d'utilisation, la polyvalence et l'abordabilité sur le Dark Web. #### URL de référence (s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-Tesla-zpaq #### Date de publication 20 novembre 2023 #### Auteurs) Anna Lvova
#### Description A new variant of Agent Tesla has been discovered that uses the ZPAQ archive and .wav file extension to infect systems and steal information from approximately 40 web browsers and various email clients. ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR. However, ZPAQ has limited software support, making it difficult to work with, especially for users without technical expertise. The .NET executable file is bloated with zero bytes, which allows threat actors to bypass traditional security measures and increase the effectiveness of their attack. The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software. The malware uses Telegram as a C&C due to its widespread legal usage and the fact that its traffic is often allowed through firewalls, making it a useful medium for covert communication. Like any other stealer, Agent Tesla can harm not only private individuals but also organizations. It has gained popularity among cybercriminals for many reasons including ease of use, versatility, and affordability on the Dark Web. #### Reference URL(s) 1. https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq #### Publication Date November 20, 2023 #### Author(s) Anna Lvova
Malware Tool Threat Technical ★★★
RecordedFuture.png 2023-11-21 19:30:00 Les pirates créent de fausses applications bancaires pour voler les données financières des utilisateurs indiens
Hackers create fake banking apps to steal financial data from Indian users
(lien direct)
Les chercheurs ont découvert une campagne en cours de vol d'information ciblant les clients des banques indiennes avec des logiciels malveillants mobiles.Les cybercriminels derrière la campagne induisent des utilisateurs pour installer des applications bancaires frauduleuses sur leurs appareils en usurpant l'identité d'organisations légitimes, telles que les institutions financières, les services gouvernementaux et les services publics.Une fois installés, ces applications exfiltraient divers types de données sensibles des utilisateurs, y compris
Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware. The cybercriminals behind the campaign trick users into installing fraudulent banking apps on their devices by impersonating legitimate organizations, such as financial institutions, government services, and utilities. Once installed, these apps exfiltrate various types of sensitive data from users, including
Malware ★★★
The_Hackers_News.png 2023-11-21 17:27:00 Nouvel agent Tesla Malware Variant à l'aide de la compression ZPAQ dans les attaques par e-mail
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
(lien direct)
Une nouvelle variante de l'agent Tesla Malware a été observée livrée via un fichier de leurre avec le format de compression ZPAQ pour récolter les données de plusieurs clients de messagerie et près de 40 navigateurs Web. "ZPAQ est un format de compression de fichiers qui offre un meilleur rapport de compression et une fonction de journalisation par rapport à des formats largement utilisés comme ZIP et RAR", a déclaré Anna Lvova, analyste des logiciels malveillants de données, dans une analyse du lundi.
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.
Malware ★★★
InfoSecurityMag.png 2023-11-21 15:30:00 Darkgate et Pikabot Activity Surge à la suite du démontage de Qakbot
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
(lien direct)
Les acteurs de la menace se sont déplacés vers d'autres chargeurs de logiciels malveillants après le retrait du FBI de Qakbot
Threat actors have shifted to other malware loaders following QakBot FBI takedown
Malware Threat ★★
bleepingcomputer.png 2023-11-21 14:29:05 Malware Dev dit qu'ils peuvent relancer les cookies Google Auth expirés
Malware dev says they can revive expired Google auth cookies
(lien direct)
Le logiciel malveillant du voleur d'informations Lumma (aka \\ 'Lummac2 \') fait la promotion d'une nouvelle fonctionnalité qui permettait prétendument sur les cybercriminels de restaurer les cookies Google expirés, qui peuvent être utilisés pour détourner les comptes Google.[...]
The Lumma information-stealer malware (aka \'LummaC2\') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. [...]
Malware Vulnerability ★★★★
The_Hackers_News.png 2023-11-21 13:16:00 Applications malveillantes déguisées en banques et agences gouvernementales ciblant les utilisateurs d'Android indiens
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
(lien direct)
Les utilisateurs de smartphones Android en Inde sont la cible d'une nouvelle campagne de logiciels malveillants qui utilise des leurres d'ingénierie sociale pour installer des applications frauduleuses capables de récolter des données sensibles. «En utilisant des plateformes de médias sociaux comme WhatsApp et Telegram, les attaquants envoient des messages conçus pour attirer les utilisateurs dans l'installation d'une application malveillante sur leur appareil mobile en usurpant l'identité d'organisations légitimes,
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. “Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations,
Malware Android ★★
bleepingcomputer.png 2023-11-21 10:55:39 Les logiciels malveillants de Darkgate et Pikabot émergent en tant que successeurs de Qakbot \\
DarkGate and Pikabot malware emerge as Qakbot\\'s successors
(lien direct)
Une campagne de phishing sophistiquée poussant les infections des logiciels malveillants de Darkgate a récemment ajouté les logiciels malveillants Pikabot dans le mélange, ce qui en fait la campagne de phishing la plus avancée depuis le démonstration de l'opération de Qakbot.[...]
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled. [...]
Malware ★★
ProofPoint.png 2023-11-21 08:35:02 Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation
Preventing MFA Fatigue Attacks: Safeguarding Your Organization
(lien direct)
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account.  The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location.   MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category.  What are MFA fatigue attacks-and how do they work?  MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device.  Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence.   So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it.  Here\'s an overview of how an MFA attack works:  A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web.  The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.)  Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go.  3 examples of successful MFA fatigue attacks  To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor:  Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites.  Cisco. Cisco suffer Ransomware Data Breach Malware Tool Threat Technical ★★★
DarkReading.png 2023-11-20 22:01:00 Les logiciels malveillants utilisent la trigonométrie pour suivre les traits de souris
Malware Uses Trigonometry to Track Mouse Strokes
(lien direct)
La dernière version de l'infosaler Lummac2 comprend une nouvelle astuce anti-sandbox pour éviter de faire exploser lorsqu'aucun mouvement de souris humain n'est détecté.
The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.
Malware Technical ★★★
The_Hackers_News.png 2023-11-20 20:49:00 Infections de rats Netsupport à la hausse - ciblant les secteurs du gouvernement et des affaires
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
(lien direct)
Les acteurs de la menace visent les secteurs de l'éducation, du gouvernement et des services aux entreprises avec un cheval de Troie à distance appelé Netsupport Rat. "Les mécanismes de livraison pour le rat Netsupport englobent des mises à jour frauduleuses, des téléchargements d'entraînement, l'utilisation de chargeurs de logiciels malveillants (tels que Ghostpulse) et diverses formes de campagnes de phishing", ont déclaré les chercheurs de VMware Carbon Black dans un rapport partagé avec le
Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said in a report shared with The
Malware Threat ★★★
The_Hackers_News.png 2023-11-20 20:20:00 Tactiques de Darkgate et Pikabot Resurrect Qakbot \\ dans les nouvelles attaques de phishing
DarkGate and PikaBot Malware Resurrect QakBot\\'s Tactics in New Phishing Attacks
(lien direct)
Les campagnes de phishing offrant des familles de logiciels malveillantes telles que Darkgate et Pikabot suivent les mêmes tactiques précédemment utilisées dans les attaques en tirant parti du Trojan Qakbot maintenant disparu. "Ceux-ci incluent les fils de messagerie détournés comme infection initiale, les URL avec des modèles uniques qui limitent l'accès des utilisateurs et une chaîne d'infection presque identique à ce que nous avons vu avec la livraison de Qakbot", a déclaré Cofense dans un rapport
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense said in a report
Malware ★★★
Blog.png 2023-11-20 17:57:48 LUMMAC2 V4.0 MALWOWIRS VOLAGNE DES DONNÉES AVEC TRIGONOMÉTRIE pour détecter les utilisateurs humains
LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users
(lien direct)
> Par deeba ahmed Lummac2 est de retour en tant que Lummac2 v4.0. Ceci est un article de HackRead.com Lire la publication originale: Lummac2 V4.0 MALWOWIRS VOLAGNE DES DONNÉES AVEC TRIGONOMÉTRIE Pour détecter les utilisateurs humains
>By Deeba Ahmed LummaC2 is back as LummaC2 v4.0. This is a post from HackRead.com Read the original post: LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users
Malware Technical ★★★★
bleepingcomputer.png 2023-11-20 17:32:01 Le petit malware USB de Gamaredon \\ se propage au-delà de l'Ukraine
Gamaredon\\'s LittleDrifter USB malware spreads beyond Ukraine
(lien direct)
Un ver récemment découvert que les chercheurs appellent Littledrifter se propagent sur les disques USB infectieux des systèmes dans plusieurs pays dans le cadre d'une campagne du groupe d'espionnage parrainé par l'État de Gamaredon.[...]
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. [...]
Malware ★★★
The_Hackers_News.png 2023-11-20 16:19:00 Lummac2 Malware déploie une nouvelle technique anti-sandbox basée sur la trigonométrie
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
(lien direct)
Le voleur malveillant connu sous le nom de Lummac2 (aka Lummma Stealer) propose désormais une nouvelle technique anti-sandbox qui exploite le principe mathématique de la trigonométrie pour échapper à la détection et exfiltrer des informations précieuses des hôtes infectés. La méthode est conçue pour "retarder la détonation de l'échantillon jusqu'à ce que l'activité de la souris humaine soit détectée", a déclaré le chercheur en sécurité d'Outpost24 Alberto Mar & iacute; n dans une technique
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical
Malware Technical ★★
bleepingcomputer.png 2023-11-20 15:42:54 Vx-Underground Malware Collective encadré par Phobos Ransomware
VX-Underground malware collective framed by Phobos ransomware
(lien direct)
Une nouvelle variante de ransomware Phobos encadre le populaire collectif de partage de logiciels malveillants VX-Underground, indiquant que le groupe est derrière les attaques à l'aide de l'encrypteur.[...]
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. [...]
Ransomware Malware Technical ★★★★
itsecurityguru.png 2023-11-20 14:41:21 La nouvelle technique anti-sandbox de Lummac2 Stealer \\?Trigonométrie
LummaC2 Stealer\\'s New Anti-Sandbox Technique? Trigonometry
(lien direct)
Les nouvelles recherches de UptPost24 ont révélé que les développeurs de logiciels malveillants utilisent des techniques d'évasion de bac à sable pour éviter d'exposer un comportement malveillant dans un bac à sable où les logiciels malveillants sont analysés par des recherches sur la sécurité.L'équipe de renseignement des menaces d'OutPost24, Krakenlabs, a découvert que les développeurs de logiciels malveillants utilisent la trigonométrie pour détecter le comportement humain en fonction des positions de curseur pour éviter une analyse de sécurité automatisée.Le malware-as-a-Service (MaaS) [& # 8230;] le post Lummac2 Stealer \'s New anti-anti- Technique SandBox?La trigonométrie est apparue pour la première fois sur gourou de la sécurité informatique .
New research by Outpost24 has revealed that malware developers are using sandbox evasion techniques to avoid exposing malicious behaviour inside a sandbox where malware is analysed by security researches. Outpost24\'s threat intelligence team, KrakenLabs, discovered that malware developers are using trigonometry to detect human behaviour based on cursor positions to avoid automated security analysis. The Malware-as-a-Service (MaaS) […] The post LummaC2 Stealer\'s New Anti-Sandbox Technique? Trigonometry first appeared on IT Security Guru.
Malware Threat ★★
Blog.png 2023-11-20 13:35:27 Tablette de dragon populaire pour les enfants infectés par des logiciels malveillants corejava
Popular Dragon Touch Tablet for Kids Infected with Corejava Malware
(lien direct)
> Par deeba ahmed La tablette budgétaire, annoncée pour les enfants sur Amazon, est très populaire parmi les enfants. Ceci est un article de HackRead.com Lire le post original: Tablette de dragon populaire pour les enfants infectés par des logiciels malveillants corejava
>By Deeba Ahmed The budget tablet, advertised for kids on Amazon, is highly popular among children. This is a post from HackRead.com Read the original post: Popular Dragon Touch Tablet for Kids Infected with Corejava Malware
Malware Threat ★★★
no_ico.png 2023-11-20 12:23:23 La montée des manifestations en temps de guerre
The Rising of Protestware During Times of War
(lien direct)
Dans le paysage en constante évolution des menaces de cybersécurité, un phénomène déconcertant a émergé, ce qui remet en question les notions conventionnelles de logiciel malveillant.Entrez & # 8220; Protestware & # 8221;- Un terme qui envoie des frissons dans les épines des experts en cybersécurité et des individus.Contrairement aux logiciels malveillants traditionnels, Protestware n'est pas conçu dans le seul but d'exploiter les vulnérabilités ou de voler des informations sensibles.Au lieu de cela, c'est [& # 8230;]
In the ever-evolving landscape of cybersecurity threats, a disconcerting phenomenon has emerged, challenging the conventional notions of malicious software. Enter “protestware” - a term that sends shivers down the spines of cybersecurity experts and individuals alike. Unlike traditional malware, protestware isn’t designed with the sole purpose of exploiting vulnerabilities or stealing sensitive information. Instead, it […]
Malware Vulnerability ★★★
bleepingcomputer.png 2023-11-20 11:54:44 Kinsing malware exploite Apache activemq rce pour planter rootkits
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
(lien direct)
L'opérateur de logiciels malveillants Kinsing exploite activement la vulnérabilité critique CVE-2023-46604 dans le courtier de messages open-source Apache ActiveMQ pour compromettre les systèmes Linux.[...]
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. [...]
Malware Vulnerability ★★
bleepingcomputer.png 2023-11-20 09:40:21 Lumma Stealer Malware utilise désormais la trigonométrie pour échapper à la détection
Lumma Stealer malware now uses trigonometry to evade detection
(lien direct)
Le logiciel malveillant de l'observation des informations Lumma utilise désormais une tactique intéressante pour échapper à la détection par un logiciel de sécurité - la mesure des mouvements de souris en utilisant la trigonométrie pour déterminer si le malware s'exécute sur une vraie machine ou un bac à sable antivirus.[...]
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. [...]
Malware ★★
DarkReading.png 2023-11-20 08:00:00 Tirer parti de Sandbox et des aliments de renseignement sur les menaces pour lutter contre les cyber-menaces
Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats
(lien direct)
La combinaison d'un bac à sable malveillant avec des flux d'intelligence de menace améliore la détection de sécurité, l'analyse et les capacités de réponse.
Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.
Malware Threat ★★
Blog.png 2023-11-20 06:31:18 Circonstances d'une attaque exploitant un programme de gestion des actifs (Andariel Group)
Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)
(lien direct)
L'équipe d'analyse ASEC a identifié les circonstances du groupe Andariel distribuant des logiciels malveillants via une attaque en utilisant une certaine gestion des actifsprogramme.Le groupe Andariel est connu pour être dans une relation coopérative avec ou une organisation filiale du groupe Lazare.Le groupe Andariel lance généralement des attaques de phishing de lance, d'arrosage ou de chaîne d'approvisionnement pour la pénétration initiale.Il existe également un cas où le groupe a exploité une solution de gestion centrale pendant le processus d'installation de logiciels malveillants.Récemment, le groupe Andariel ...
The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group...
Malware Technical APT 38 ★★★
Trend.png 2023-11-20 00:00:00 CVE-2023-46604 (Apache ActiveMQ) exploité pour infecter les systèmes avec des cryptomineurs et des rootkits
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
(lien direct)
Nous avons découvert l'exploitation active de la vulnérabilité Apache ActiveMQ CVE-2023-46604 pour télécharger et infecter les systèmes Linux avec les logiciels malveillants (également connus sous le nom de H2Miner) et le mineur de crypto-monnaie.
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Malware Vulnerability ★★
The_Hackers_News.png 2023-11-17 19:01:00 Méfiez-vous: les utilisateurs malveillants de Google Ads WinSCP dans l'installation de logiciels malveillants
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
(lien direct)
Les acteurs de la menace tirent parti des résultats de recherche manipulés et de faux annonces Google qui trompent les utilisateurs qui cherchent à télécharger des logiciels légitimes tels que WinSCP dans l'installation de logiciels malveillants à la place. La société de cybersécurité Securonix suit l'activité en cours sous le nom de SEO # Lurker. «La publicité malveillante dirige l'utilisateur vers un site Web WordPress compromis Gameeweb [.] Com, qui redirige le
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the
Malware Threat ★★
Fortinet.png 2023-11-17 16:00:00 Gestion des risques OT: détection proactive de la menace OT et prévention des logiciels malveillants
OT Risk Management: Proactive OT Threat Detection and Malware Prevention
(lien direct)
Comprenez comment la gestion des risques OT et la détection des menaces OT sont des éléments clés à mettre en œuvre dans votre cyber-défense.
Understand how OT risk management and OT threat detection are key components to implement in your cyber defense.
Malware Threat Industrial ★★★
The_Hackers_News.png 2023-11-17 15:26:00 27 packages PYPI malveillants avec des milliers de téléchargements trouvés pour cibler des experts
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
(lien direct)
Un acteur de menace inconnu a été observé de publication de packages de typosquat au référentiel Python Package Index (PYPI) pendant près de six mois dans le but de fournir des logiciels malveillants capables d'obtenir de la persistance, de voler des données sensibles et d'accès à des portefeuilles de crypto-monnaie pour un gain financier. Les 27 packages, qui se faisaient passer pour des bibliothèques Python légitimes populaires, ont attiré des milliers de téléchargements,
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,
Malware Threat ★★★
Checkpoint.png 2023-11-17 13:29:05 Spotlight de logiciels malveillants & # 8211;Dans la poubelle: analyser les litthes
Malware Spotlight – Into the Trash: Analyzing LitterDrifter
(lien direct)
> Introduction Gamaredon, également connue sous le nom de Primitive Bear, Actinium et Shuckworm, est un acteur unique de l'écosystème d'espionnage russe qui cible une grande variété d'entités presque exclusivement ukrainiennes.Alors que les chercheurs ont souvent du mal à découvrir des preuves des activités d'espionnage russe, Gamaredon est notamment visible.Le groupe derrière lui mène des campagnes à grande échelle tout en se concentrant principalement [& # 8230;]
>Introduction Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing […]
Malware ★★
ProofPoint.png 2023-11-17 12:01:12 Démystifier l'IA et ML: six questions critiques à poser à votre fournisseur de cybersécurité
Demystifying AI and ML: Six Critical Questions to Ask Your Cybersecurity Vendor
(lien direct)
As cyber threats continue to evolve at an unprecedented pace, many organizations are turning to artificial intelligence (AI) and machine learning (ML) in hopes of keeping up.  While these advanced technologies hold immense promise, they\'re also more complex and far less efficient than traditional threat detection approaches. The tradeoff isn\'t always worth it.  And not all AI and ML processes are created equal. The models used, the size and quality of the data sets they\'re trained on-and whether an advanced computational process is suitable for the problem at hand-are all critical factors to consider when deciding how both AI and ML fit into your cybersecurity strategy.  In this blog post, we explore the vital questions you should ask your cybersecurity vendor about these technologies. We will also demystify their role in safeguarding your people, data and environment.  Note: Though often conflated, AL and ML are related but distinct concepts. For simplicity, we\'re using AI when discussing the broader technology category and ML to discuss narrower learning models used in AI.  Question 1: Why is AI suitable for this security problem?  You\'ve probably heard the old saying that when your only tool is a hammer, every problem looks like a nail. While AI has rightly generated enthusiasm in cybersecurity, it may not be the optimal approach to every task.  On one hand, the technologies can help analyze large amounts of data and find anomalies, trends and behaviors that indicate potential attacks. And the technologies can automate response and mitigation of security incidents.   But depending on the size and complexity of the learning model, they can also be computationally intensive (read: expensive) to maintain. And worse, execution time can be much longer than less complex approaches such as rules and signatures.  On the other hand, rules and signatures are static, so they don\'t automatically evolve to detect new threats. But they\'re also fast, easy on computing resources and highly effective for certain aspects of threat detection. Other signals, such as email sender reputation and IP addresses, can also be as effective as AI for many detections-and in most cases are faster and much more cost-effective.  Getting AI right starts with understanding what cybersecurity tasks they\'re best suited to and applying them to the right problems. In the same vein, how the technology is applied matters.   In cybersecurity, every second counts. Making decisions in real time and blocking malicious content before it can be delivered is today\'s key challenge. If the processing time of the vendor\'s AI means the technology is relegated solely to post-delivery inspection and remediation, that\'s a major drawback.   Question 2: Where do you get your training data?  The performance of ML models hinges on the source and quality of their data. That\'s because AI models learn from examples and patterns, not rules. And that requires a large amount of data. The more data, and the higher the quality of that data, the better the model can learn and generalize to new conditions.  Like any ML model, those used in cybersecurity need a wide-ranging, diverse data set that accurately reflects the real world. Or more precisely, the data used to train your vendor\'s AI model should reflect your world-the threats targeting your organization and users.  Finding data for general-purpose AI applications is easy. It\'s all over the internet. But threat data-especially data well-suited for the type of ML model the vendor intends to use- is scarcer. Gaining malware samples is a lot harder than acquiring data used in applications such as image and natural language processing.   First, not much attack data is publicly available. Most security vendors hold on tightly to the threat data they collect, and for good reason. Beyond the obvious competitive advantages it offers, threat data is sensitive and comes with a bevy of privacy concerns. As a result, few cybersecurity vendors have a dataset large enough to trai Malware Tool Vulnerability Threat ★★
AlienVault.png 2023-11-17 11:00:00 Procurations gratuites et dangers cachés
Free proxies and the hidden dangers
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Data privacy continues to be a growing concern for all internet users. While the internet gives us so much more freedom and access to information we might not have otherwise, online privacy continues to be a significant risk. It’s not just cybercriminals that invade your privacy, but businesses as well. Data has become more valuable than ever, and companies will do whatever they can to collect your information. Proxies have been a popular option for protecting your online privacy. Now, these proxies offer even more benefits and specific use cases. You might even be looking into getting one and considering a free proxy. In this article, we’ll look at free proxies and why they can be a bigger danger than you might realize. We’ll also examine why residential proxies from a reliable provider like Smartproxy are better if security and privacy are your goals. Keep reading to discover how free proxies work and the dangers they pose. What is a proxy? A proxy is an intermediary server that accepts and forwards all your requests to the web server. This means that instead of connecting directly to the internet, you first connect to the proxy server. You might be wondering why using an intermediary server like a proxy is effective. Usually, it’s better to cut out the middleman, right? In this case, by connecting to the proxy first, your personal information, such as your IP and other associated data, is replaced by a new IP. This completely hides your information from the websites you visit. By changing your IP address through a proxy, websites or apps cannot track you, and your data is more secure. However, that’s not all a proxy does. What can you use a proxy for? By now, we know that proxies are great tools when it comes to online security and privacy. By hiding your real IP, the websites that you visit won’t be able to collect the data associated with your IP. This usually includes your name, location, ISP, devices, operating system, and more. Residential proxies, in particular, are great for anonymity because they use the IPs from real devices. As such, they don’t look like proxies and are much less likely to be detected as such. However, proxies can be used for many other ways aside from security and privacy. Another use is managing multiple social media accounts. Social media platforms are quick to issue IP bans if they find the same IP address creating multiple accounts. Account limits are usually only a handful per IP address, and the moment you create too many, you might receive an IP ban. This is frustrating if you’re a digital marketer who creates and manages accounts for clients. However, by using a proxy, you can change the IP that creates the accounts and avoid IP bans. Another use of proxies is related to automation. This can affect a wide range of automated tools, from sneaker bots to data scrapers and even social media automation. Many websites and social media platforms block automation tools as part of their anti-bot protection. However, by linking residential proxies to these tools, you can make them appear like natural users and bypass these limitations. However, to be successful, you’ll need to use residential proxies with a real IP. Finally, proxies can also help improve your connection speed and stabilize it. This is because you’re routing all your traffic through larger servers instead of your own device. These servers are much more capa Malware Tool Vulnerability Threat ★★
Blog.png 2023-11-16 22:03:54 Le gang de ransomware alphv (blackcat) utilise des annonces Google pour les victimes ciblées
ALPHV (BlackCat) Ransomware Gang Uses Google Ads for Targeted Victims
(lien direct)
> Par deeba ahmed Encore un autre jour, une autre instance d'un service Google exploité pour répandre les infections de logiciels malveillants. Ceci est un article de HackRead.com Lire le post original: ALPHV (Blackcat) Ransomware Gang utilise des annonces Google pour les victimes ciblées
>By Deeba Ahmed Yet another day, another instance of a Google service being exploited for spreading malware infections. This is a post from HackRead.com Read the original post: ALPHV (BlackCat) Ransomware Gang Uses Google Ads for Targeted Victims
Ransomware Malware ★★
globalsecuritymag.png 2023-11-16 18:21:38 Sysdig annonce la détection des menaces de logiciels malveillants et la détection de Windows Server
Sysdig announces malware threat detection and Windows server detection
(lien direct)
Sysdig étend la puissance de la détection et de la réponse pour inclure Windows Server et une détection de menace de logiciels malveillants élargir ses capacités CDR au sein de la plate-forme de protection des applications natives de la société de la société - revues de produits
Sysdig Extends the Power of Detection and Response to Include Windows Server and Malware Threat Detection Expanding its CDR capabilities within the company\'s cloud native application protection platform - Product Reviews
Malware Threat Cloud ★★
bleepingcomputer.png 2023-11-16 15:11:49 Serveurs MySQL ciblés par \\ 'ddostf \\' ddos-as-a-service botnet
MySQL servers targeted by \\'Ddostf\\' DDoS-as-a-Service botnet
(lien direct)
Les serveurs MySQL sont ciblés par le botnet malware \\ 'ddostf \' pour les asservir pour une plate-forme DDOS-AS-A-SERVICE dont la puissance de feu est louée à d'autres cybercriminels.[...]
MySQL servers are being targeted by the \'Ddostf\' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. [...]
Malware ★★
Securonix.webp 2023-11-16 15:00:01 New SEO#LURKER Attack Campaign: Threat Actors Use SEO Poisoning and Fake Google Ads to Lure Victims Into Installing Malware (lien direct) Une campagne d'empoisonnement / malvertisation en cours en cours tirant parti des leurres WinSCP ainsi qu'une chaîne d'infection furtive attire des victimes de logiciels malveillants (aux côtés du logiciel WinSCP légitime).Les attaquants tirent probablement parti des annonces de recherche dynamique qui permettent aux acteurs de menace injecter leur propre code malveillant tout en imitant des sources légitimes comme les pages de recherche Google.
An ongoing SEO poisoning/malvertising campaign leveraging WinSCP lures along with a stealthy  infection chain lures victims into installing malware (alongside the legitimate WinSCP software). Attackers are likely leveraging dynamic search ads which let threat actors inject their own malicious code while mimicking legitimate sources like Google search pages.
Malware Threat ★★★
Securonix.webp 2023-11-16 15:00:01 Nouvelle campagne d'attaque SEO # Lurker: les acteurs de la menace utilisent l'empoisonnement du référencement et les fausses publicités Google pour attirer les victimes d'installation
New SEO#LURKER Attack Campaign: Threat Actors Use SEO Poisoning and Fake Google Ads to Lure Victims Into Installing Malware
(lien direct)
Une campagne d'empoisonnement / malvertisation en cours en cours tirant parti des leurres WinSCP ainsi qu'une chaîne d'infection furtive attire des victimes de logiciels malveillants (aux côtés du logiciel WinSCP légitime).Les attaquants tirent probablement parti des annonces de recherche dynamique qui permettent aux acteurs de menace injecter leur propre code malveillant tout en imitant des sources légitimes comme les pages de recherche Google.
An ongoing SEO poisoning/malvertising campaign leveraging WinSCP lures along with a stealthy  infection chain lures victims into installing malware (alongside the legitimate WinSCP software). Attackers are likely leveraging dynamic search ads which let threat actors inject their own malicious code while mimicking legitimate sources like Google search pages.
Malware Threat ★★★
globalsecuritymag.png 2023-11-16 09:00:58 CyberThreat Report : Trellix révèle la collaboration entre les pirates informatiques et les cybercriminels étatiques (lien direct) CyberThreat Report : Trellix révèle la collaboration entre les pirates informatiques et les cybercriminels étatiques Le rapport met à jour l'émergence de nouveaux langages de malware et le développement accéléré de l'IA à des fins malveillantes et une montée des cyberattaques dans les conflits géopolitiques. - Points de Vue Malware Studies ★★★
globalsecuritymag.png 2023-11-15 16:32:49 Top Malware Check Point - Octobre 2023 (lien direct) Top Malware Check Point - Octobre 2023 : En France, Formbook est de retour à la tête du classement, Emotet et Remcos chutent chacun d'une place mais restent sur le podium La France passe de la 97ème à la 104ème place dans l'indice des menaces, qui classe les pays en fonction du niveau de menaces moyen auquel ils sont exposés chaque mois. A l'échelle mondiale, NJRat a gagné quatre places pour arriver en 2ème position le mois dernier. Entre-temps, une nouvelle campagne de malvertising a été découverte dans laquelle AgentTesla, le sixième malware le plus utilisé, circule via des pièces jointes corrompues. - Malwares Malware Threat ★★
InfoSecurityMag.png 2023-11-15 14:30:00 Blackcat Ransomware Gang cible les entreprises via des annonces Google
BlackCat Ransomware Gang Targets Businesses Via Google Ads
(lien direct)
L'azote sert de logiciels malveillants à accès initial, en utilisant des bibliothèques Python obscurcies pour la furtivité
Nitrogen serves as initial-access malware, using obfuscated Python libraries for stealth
Ransomware Malware ★★★
Checkpoint.png 2023-11-15 12:33:20 Analyse GPT contre malware: défis et atténuations
GPT vs Malware Analysis: Challenges and Mitigations
(lien direct)
> Les principaux plats à retenir l'introduction de la technologie GPT est le véritable miracle du cycle technologique actuel.Les sceptiques insistent sur le fait qu'il a juste l'apparence de l'intelligence et essaie de le lancer comme le dernier mot à la mode, faisant des comparaisons sombres avec les NFT et les blockchains.Mais par expérience intime, nous pouvons dire que ces comparaisons sont profondément injustes - nous avons eu [& # 8230;]
>Key Takeaways Introduction GPT technology is the current tech cycle\'s veritable miracle. The skeptics insist that it just has the appearance of intelligence, and try to cast it as \'just the latest buzzword\', making snide comparisons to NFTs and blockchains. But from intimate experience, we can say these comparisons are deeply unfair - we\'ve had […]
Malware ★★
AlienVault.png 2023-11-15 11:00:00 Dans quelle mesure votre entreprise est-elle préparée pour une attaque en chaîne d'approvisionnement?
How prepared is your company for a supply chain attack?
(lien direct)
The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In a supply chain attack, hackers aim to breach a target\'s defenses by exploiting vulnerabilities in third-party companies. These attacks typically follow one of two paths. The first involves targeting a service provider or contractor, often a smaller entity with less robust security. The second path targets software developers, embedding malicious code into their products. This code, masquerading as a legitimate update, may later infiltrate the IT systems of customers. This article delves into specific instances of supply chain attacks, explores the inherent risks, examines common strategies employed by attackers, as well as effective defense mechanisms, and offers supply chain risk management tips. Understanding the scope and danger of supply chain cyberattacks In their assaults on supply chains, attackers are driven by various objectives, which can range from espionage and extortion to other malicious intents. These attacks are merely one of many strategies hackers use to infiltrate a victim\'s infrastructure. What makes supply chain attacks particularly dangerous is their unpredictability and extensive reach. Companies can find themselves compromised by mere misfortune. A case in point is the 2020 incident involving SolarWinds, a network management software firm. The company fell victim to a hack that resulted in extensive breaches across various government agencies and private corporations. Over 18,000 SolarWinds customers unknowingly installed malicious updates, which led to an undetected, widespread malware infiltration. Why do companies fall victim to supply chain attacks? Several factors contribute to the susceptibility of companies to supply chain attacks: Inadequate security measures A staggering 84% of businesses have high-risk vulnerabilities within their networks. For companies involved in software production and distribution, a supply chain attack represents a significant breach of security protocols. Reliance on unsafe components Many firms utilize components from third-party vendors and open-source software (OSS), seeking to cut costs and expedite product development. However, this practice can backfire by introducing severe vulnerabilities into a company\'s infrastructure. OSS platforms and repositories frequently contain security loopholes. Cybersecurity professionals have identified over 10,000 GitHub repositories susceptible to RepoJacking, a form of supply chain attack exploiting dependency hijacking. Furthermore, the layered nature of OSS, often integrating third-party components, creates a chain of transitive dependencies and potential security threats. Overconfidence in partners Not many companies conduct thorough security evaluations of their service providers, typically relying on superficial questionnaires or legal compliance checks. These measures fall short of providing an accurate picture of a partner\'s cybersecurity maturity. In most cases, real audits are an afterthought triggered by a security incident that has already taken place. Additional risk factors precipit Malware Hack Tool Vulnerability Threat ★★
Warning Against Distribution of Malware Impersonating a Public Organization (LNK)
(lien direct)
Ahnlab Security Emergency Response Center (ASEC) a observé la distribution des dossiers de raccourci malveillant (* .lnk)une organisation publique.L'acteur de menace semble distribuer un fichier de script malveillant (HTML) déguisé en e-mail de sécurité en le joignant aux e-mails.Ceux-ci ciblent généralement les individus dans le domaine de la réunification coréenne et de la sécurité nationale.Notamment, ceux-ci étaient déguisés par des sujets de paiement honoraire pour les faire ressembler à des documents légitimes.La méthode de fonctionnement des logiciels malveillants et le format C2 sont similaires à ceux ...
AhnLab Security Emergency response Center (ASEC) observed the distribution of malicious shortcut (*.lnk) files impersonating a public organization. The threat actor seems to be distributing a malicious script (HTML) file disguised as a security email by attaching it to emails. These usually target individuals in the field of Korean reunification and national security. Notably, these were disguised with topics of honorarium payment to make them seem like legitimate documents. The malware’s operation method and C2 format are similar to those...
Malware Threat ★★
RecordedFuture.png 2023-11-14 18:30:00 Le FBI supprime le botnet malware ipstorm en tant que pirate derrière elle plaide coupable
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
(lien direct)
Le FBI a démantelé le réseau proxy IPStorm Botnet et son infrastructure cette semaine après un accord de plaidoyer de septembre avec le pirate derrière l'opération.Le ministère de la Justice a déclaré avoir supprimé l'infrastructure associée au logiciel malveillant IPStorm - qui, selon les experts
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation. The Justice Department said it took down the infrastructure associated with the IPStorm malware - which experts said infected thousands of Linux, Mac, and Android devices across Asia, Europe, North America
Malware Android ★★★
ProofPoint.png 2023-11-14 18:13:23 New Campaign Targets Middle East Governments with IronWind Malware (lien direct) Le FBI a démantelé le réseau proxy IPStorm Botnet et son infrastructure cette semaine après un accord de plaidoyer de septembre avec le pirate derrière l'opération.Le ministère de la Justice a déclaré avoir supprimé l'infrastructure associée au logiciel malveillant IPStorm - qui, selon les experts
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation. The Justice Department said it took down the infrastructure associated with the IPStorm malware - which experts said infected thousands of Linux, Mac, and Android devices across Asia, Europe, North America
Malware ★★★
Last update at: 2023-11-29 21:09:40
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter