What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-02 13:00:59 | IA, cybersécurité et ascension des modèles de grande langue AI, Cybersecurity and the Rise of Large Language Models (lien direct) |
> Découvrez comment l'IA a un impact sur la détection des menaces, la réponse aux incidents et la gestion des risques et découvrez les stratégies d'intégration d'IA sécurisée.
>Discover how AI impacts threat detection, incident response and risk management, and learn about strategies for secure AI integration. |
Threat | ★★ | |
 |
2024-04-02 13:00:04 | Agent Tesla Targeting United States & Australia: Revealing the Attackers\' Identities (lien direct) |  Souleveillance La recherche sur le point de contrôle (RCR) a découvert trois campagnes malveillantes récentes de l'un des logiciels malveillants les plus répandus du marché & # 8211;Agent Tesla.These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating fromvictimes des entreprises, le groupe maintient un grand nombre de serveurs, qui sont utilisés pour la protection de leur identité malgré les efforts des acteurs de la menace pour maintenir leur anonymat, [& # 8230;]
 Highlights Check Point Research (CPR) uncovered three recent malicious campaigns of one of the most prevalent malware in the market – Agent Tesla. These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating from victims of companies, the group maintains a large number of servers, which are used for protection of their identity Despite the efforts of threat actors to keep their anonymity, […]
|
Malware Threat | ★★ | |
 |
2024-04-02 13:00:00 | L'évolution d'un CISO: comment le rôle a changé The evolution of a CISO: How the role has changed (lien direct) |
> Dans de nombreuses organisations, le directeur de la sécurité de l'information (CISO) se concentre principalement & # 8212;et parfois exclusivement & # 8212;sur la cybersécurité.Cependant, avec les menaces sophistiquées d'aujourd'hui et le paysage des menaces évolutives, les entreprises changent de nombreux rôles & # 8217;Responsabilités et élargir le rôle du CISO est à la pointe de ces changements.Selon Gartner, la pression réglementaire et l'expansion de la surface d'attaque seront [& # 8230;]
>In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will […] |
Threat | ★★ | |
 |
2024-04-02 10:24:00 | La campagne de phishing massive frappe l'Amérique latine: Venom Rat ciblant plusieurs secteurs Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (lien direct) |
L'acteur de menace connu sous le nom de & NBSP; TA558 & NBSP; a été attribué à une nouvelle campagne de phishing massive qui cible un large éventail de secteurs en Amérique latine dans le but de déployer Venom Rat.
Les attaques ont principalement distingué l'hôtel, les voyages, le commerce, les finances, la fabrication, l'industrie et le gouvernement en Espagne, au Mexique, aux États-Unis, en Colombie, au Portugal, au Brésil, à la République dominicaine, et
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and |
Threat Industrial | ★★★ | |
 |
2024-04-02 10:00:00 | Arrestations numériques: la nouvelle frontière de la cybercriminalité Digital Arrests: The New Frontier of Cybercrime (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as "digital arrests." In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike. What are Digital Arrests? Digital arrests refer to a type of a sophisticated cyber fraud where cyber-criminals impersonate law enforcement officials or other authorities. The targets of these scams are often contacted out of the blue usually on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims\' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don\'t cooperate with a series of urgent demands. Fraudsters behind digital arrests are masters of psychological manipulation. They understand that fear and urgency are powerful motivators that can cloud judgment and lead people to act against their best interests. By creating a fabricated sense of crisis, they pressure victims into making hasty decisions without the chance for rational thought or verification. The techniques used in digital arrests are diverse and constantly evolving. Here\'s how they typically unfold: Impersonation: Criminals pose as law enforcement, bank representatives, or other authoritative figures, using forged documents and spoofed phone numbers to create a convincing facade of legitimacy. False Accusations: Victims are accused of involvement in illegal activities, money laundering, identity theft, or other serious crimes. Demands and Threats: Scammers demand sensitive information like banking credentials, passwords, and personal identification details. They instil fear with threats of arrest, hefty fines, or the release of compromising information. Technological Trickery: Fraudsters often trick victims into downloading remote access software like TeamViewer or AnyDesk, inadvertently giving criminals extensive control over their devices. Monitored \'Interrogation\': Criminals may insist on video calls to maintain their illusion of authority and monitor victims. They may threaten to fabricate and disseminate compromising evidence to extort large sums of money. Some real-life incidents as to understand these cybercrimes are given below: Case I: A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection. Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money | Vulnerability Threat Legislation Prediction Cloud | ★★ | |
 |
2024-04-02 09:34:09 | ProofPoint en tête de KuppingerCole Leadership Compass pour la sécurité des e-mails Proofpoint Tops KuppingerCole Leadership Compass for Email Security (lien direct) |
Email is the primary threat vector for cybersecurity threats. And these days, many malware, phishing and social engineering schemes target your people. The 2023 Verizon Data Breach Investigations Report notes that 74% of all data breaches include a human element. Threats are constantly evolving, too. It doesn\'t matter how sophisticated or complex your business is, it is a daunting task to protect your people from modern threats. At Proofpoint, we understand how critical it is for any business to protect its people from today\'s email threats. That\'s why we innovate every day. Recently, the industry has once again recognized our efforts to help our customers protect their people and their businesses. This time, our email security was recognized by major industry analyst firm KuppingerCole. Here is what they said about Proofpoint Threat Protection-and what makes it stand out from the competition. Proofpoint named an Overall Leader KuppingerCole just named Proofpoint an Overall Leader in the KuppingerCole Leadership Compass for Email Security Report, 2023. This is the third time in the past year that our email security has been named a leader by a major industry analyst firm. This recognition “triple crown” is the direct result of our commitment to helping businesses protect their people from modern email threats and change user behavior for the better. It keeps us innovating year after year. In the report from KuppingerCole, Proofpoint Threat Protection received the highest “strong positive” rating in all categories, including: Security Functionality Deployment Interoperability Usability With its ratings, KuppingerCole positioned Proofpoint as a leader in all evaluation categories, including product, technology, innovation and market. KuppingerCole named Proofpoint a leader in the product, technology, innovation and market categories. What makes Proofpoint stand out Here is a closer look at how we can help you protect your people from advanced email threats. Stop the widest variety of threats with accuracy Proofpoint uses a multilayered detection stack to identify a wide array of email threats with accuracy. Because we have a broad set of detection technology, we can apply the right technique to the right threat. For example, we have robust sandbox technology to detect URL-based threats, like quick response codes (QR Codes) and behavioral analysis for business email compromise (BEC) and telephone-oriented attack delivery (TOAD) threats. Our machine learning (ML) and artificial intelligence (AI) models are trained by our experts using one of the richest sets of data in the industry. This ensures we provide superior accuracy. Every year, we analyze more than 3 trillion messages across our 230,000+ customer, global ecosystem. Our modular detection stack enables agility and speed to adapt to changes in the threat landscape. It allows us to quickly deploy new models to address new threats like BEC, TOAD and QR Codes. And it enables us to tune our existing detection models more frequently. Prevent email threats before they reach your people\'s inboxes Predelivery detection from Proofpoint stops known and emerging threats at the front door of your business-not after they are delivered. Proofpoint threat intelligence and research found that nearly 1 in 7 malicious URL clicks happen within one minute of an email\'s arrival. That\'s why predelivery protection is so critical. If a threat ends up in your users\' inboxes, it increases your risk of a cyberattack or data breach. We analyze all messages, links and attachments with our robust detection stack before they can reach an inbox. This analysis, combined with our predelivery sandboxing and behavioral analysis of suspicious QR codes, allows us to stop malicious messages before they become a risk to your business. Gain actionable insights into your human risks Proofpoint quantifies your people\'s risk so that you can prioritize budget and resources to focus o | Data Breach Malware Threat Mobile Commercial | ★★★ | |
 |
2024-04-02 09:30:00 | Des logiciels malveillants se cachent dans les photos?Plus probable que vous ne le pensez Malware hiding in pictures? More likely than you think (lien direct) |
Il y a plus dans certaines images qui rencontrent l'œil & # 8211;Leurs fa & ccedil apparemment innocents; Ade peut masquer une menace sinistre.
There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat. |
Malware Threat | ★★★ | |
 |
2024-04-02 02:56:47 | Qu'est-ce qui est nouveau dans le cadre de cybersécurité de NIST \\. What\\'s New in NIST\\'s Cybersecurity Framework 2.0? (lien direct) |
Le cadre du National Institute of Standards and Technology Cybersecurity (NIST CSF) a été publié en 2014 dans le but de fournir des conseils de cybersécurité aux organisations dans les infrastructures critiques.Au cours des années qui ont suivi, beaucoup de choses ont changé dans le paysage des menaces, les types de technologie que les organisations utilisent et les façons dont la technologie opérationnelle (OT) et les technologies de l'information (TI) fonctionnent et interagissent.Dans un effort pour mettre à jour le NIST CSF pour un public plus large et plus actuel, l'agence a finalisé et publié CSF 2.0, le premier changement majeur au LCR.Il y a une vaste ...
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that operational technology (OT) and information technology (IT) work and interact. In an effort to update NIST CSF for a broader and more current audience, the agency has finalized and released CSF 2.0 , the first major change to the CSF. There are extensive... |
Threat | ★★ | |
 |
2024-04-02 00:00:00 | Embrasser l'innovation: la transition de Derrick \\ de l'équipe de renseignement des menaces de Microsoft \\ Embracing innovation: Derrick\\'s transition from banking to Microsoft\\'s Threat Intelligence team (lien direct) |
Rencontrez Derrick, un responsable de programme senior au sein de l'équipe de renseignement sur les menaces opérationnelles de Microsoft.Le rôle de Derrick \\ implique la compréhension et la carte de route de l'ensemble complet d'outils que les analystes d'Intel menacent pour collecter, analyser, traiter et diffuser l'intelligence des menaces à travers Microsoft.
L'amour de Derrick de l'apprentissage et sa curiosité naturelle l'ont conduit à une carrière dans la technologie et, finalement, à son rôle actuel chez Microsoft.
Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick\'s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick\'s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft. |
Tool Threat | ★★ | |
 |
2024-04-01 20:52:40 | Les cybercriminels pèsent les options pour l'utilisation de LLMS: acheter, construire ou casser? Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break? (lien direct) |
Bien que certains cybercriminels aient contourné les garde-corps pour forcer les modèles d'IA légitimes pour devenir mauvais, construire leurs propres plates-formes de chatbot malveillantes et l'utilisation de modèles open source est une plus grande menace.
While some cybercriminals have bypassed guardrails to force legitimate AI models to turn bad, building their own malicious chatbot platforms and making use of open source models are a greater threat. |
Threat | ★★ | |
 |
2024-04-01 20:02:08 | Rescoms monte des vagues de spam d'acceptor Rescoms Rides Waves of AceCryptor Spam (lien direct) |
#### Description
ESET Research partage des informations sur l'accryptor, l'une des Cryptors-as-a-Service les plus populaires et les plus répandues en seconde période de 2023, en mettant l'accent sur les campagnes de rescoms dans les pays européens.Même si bien connu selon les produits de sécurité, la prévalence d'Acecryptor \\ ne montre pas les indications de déclin: au contraire, le nombre d'attaques a considérablement augmenté en raison des campagnes Rescoms.
L'acteur de menace derrière ces campagnes dans certains cas a abusé des comptes a compromis les comptes pour envoyer des e-mails de spam afin de les rendre aussi crédibles que possible.L'objectif des campagnes de spam était d'obtenir des titres de compétences stockés dans des navigateurs ou des clients de messagerie, ce qui, en cas de compromis réussi, ouvrirait des possibilités d'attaques supplémentaires.
#### URL de référence (s)
1. https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
#### Date de publication
20 mars 2024
#### Auteurs)
Jakub Kaloč
#### Description ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries. Even though well known by security products, AceCryptor\'s prevalence is not showing indications of decline: on the contrary, the number of attacks significantly increased due to the Rescoms campaigns. The threat actor behind those campaigns in some cases abused compromised accounts to send spam emails in order to make them look as credible as possible. The goal of the spam campaigns was to obtain credentials stored in browsers or email clients, which in case of a successful compromise would open possibilities for further attacks. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/ #### Publication Date March 20, 2024 #### Author(s) Jakub Kaloč |
Spam Threat | ★★ | |
|
2024-04-01 15:40:00 | Les applications malveillantes ont été capturées secrètement transformant les téléphones Android en procurations pour les cybercriminels Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals (lien direct) |
Plusieurs applications Android malveillantes qui transforment les appareils mobiles exécutant le système d'exploitation en proxys résidentiels (RESIP) pour d'autres acteurs de menace ont été observés sur le Google Play Store.
Les résultats proviennent de l'équipe de renseignement sur les menaces Satori de Human \\, qui a déclaré que le cluster d'applications VPN était équipé d'une bibliothèque Golang qui a transformé l'appareil de l'utilisateur \\ en un nœud proxy à leur insu.
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN\'s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user\'s device into a proxy node without their knowledge. |
Threat Mobile | Satori | ★★ |
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★ | |
 |
2024-04-01 11:00:28 | Plateforme d'achat Pandabuy La fuite des données a un impact de 1,3 million d'utilisateurs Shopping platform PandaBuy data leak impacts 1.3 million users (lien direct) |
Les données appartenant à plus de 1,3 million de clients de la plate-forme d'achat en ligne Pandabuy ont été divulguées, prétendument après que deux acteurs de menace ont exploité de multiples vulnérabilités aux systèmes de violation.[...]
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [...] |
Vulnerability Threat | ★★ | |
|
2024-04-01 08:18:43 | 1er avril & # 8211;Rapport de renseignement sur les menaces 1st April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 1er avril, veuillez télécharger notre bulletin Threat_Intelligence.Les meilleures attaques et violations que les gouvernements américains et britanniques ont annoncé un acte d'accusation criminel et des sanctions contre l'APT31, un groupe de pirates chinois, pour leur rôle dans les attaques prétendument contre des entreprises aux États-Unis, ainsi que [& # 8230;]
>For the latest discoveries in cyber research for the week of 1st April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The US and UK governments have announced a criminal indictment and sanctions against APT31, a group of Chinese hackers, for their role in allegedly conducting attacks against companies in the US, as well […] |
Threat | APT 31 | ★★ |
|
2024-03-31 18:01:02 | Spotlight malware: linodas aka dinodasrat pour Linux Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) |
> Introduction Au cours des derniers mois, Check Point Research (RCR) a surveillé de près l'activité d'un acteur de menace de cyber-espionnage chinois-nexus qui se concentre sur l'Asie du Sud-Est, l'Afrique et l'Amérique du Sud.Cette activité s'aligne considérablement sur les idées que les micro-chercheurs de tendance ont publiquement partagées dans leur analyse complète d'un acteur de menace appelé & # 160; Terre Krahang.Ce [& # 8230;]
>Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insights the Trend Micro researchers publicly shared in their comprehensive analysis of a threat actor called Earth Krahang. This […] |
Malware Threat Prediction | ★★ | |
 |
2024-03-31 10:00:00 | Vous devez mettre à jour Apple iOS et Google Chrome dès que possible You Should Update Apple iOS and Google Chrome ASAP (lien direct) |
Plus: Microsoft patch sur 60 vulnérabilités, Mozilla corrige deux bogues de Firefox Zero-Day, Google patchs 40 problèmes dans Android, et plus encore.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more. |
Vulnerability Threat Mobile | ★★ | |
|
2024-03-30 12:46:00 | Les pirates ciblent les utilisateurs de macOS avec des publicités malveillantes répartissant le malware du voleur Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (lien direct) |
Les annonces malveillantes et fausses sites Web agissent comme un conduit pour livrer deux logiciels malveillants de voleur différents, y compris le voleur atomique, ciblant les utilisateurs d'Apple MacOS.
Les attaques d'infostaler en cours ciblant les utilisateurs de MacOS peuvent avoir adopté différentes méthodes pour compromettre les victimes de Mac, mais fonctionnent dans l'objectif final de voler des données sensibles, Jamf Threat Labs & nbsp; dit & nbsp; dans un rapport publié vendredi.
Un
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims\' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One |
Malware Threat | ★★ | |
|
2024-03-29 20:51:51 | Coin Ciso: escroquerie cyber-pro;Nouveaux visages de risque;Cyber stimule l'évaluation CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation (lien direct) |
Notre collection des perspectives de rapport et de l'industrie les plus pertinentes pour ceux qui guident les stratégies de cybersécurité et se sont concentrées sur SECOPS.Également inclus: l'Australie récupère son cyber-roove et la journée de terrain zéro-jour 2023.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023\'s zero-day field day. |
Vulnerability Threat | ★★ | |
|
2024-03-29 20:24:00 | Les serrures de Dormakaba utilisées dans des millions de chambres d'hôtel pourraient être craquées en quelques secondes Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds (lien direct) |
Les vulnérabilités de sécurité découvertes dans les serrures RFID électroniques de Dormakaba \'s Saflok utilisées dans les hôtels pourraient être armées par les acteurs de la menace pour forger des clés et se glisser furtivement dans des pièces verrouillées.
Les lacunes ont été collectivement nommées & nbsp; DeSaflok & nbsp; par les chercheurs Lennert Wouters, Ian Carroll, RQU, Buscanfly, Sam Curry, Sshell et Will Caruana.Ils ont été signalés à la base de Zurich
Security vulnerabilities discovered in Dormakaba\'s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based |
Vulnerability Threat | ★★★ | |
|
2024-03-29 19:00:47 | New Go Loader pousse le voleur de Rhadamanthys New Go Loader Pushes Rhadamanthys Stealer (lien direct) |
#### Description
Une nouvelle campagne de malvertising a été découverte qui utilise un chargeur de langage Go pour déployer le voleur de Rhadamanthys.
L'acteur de menace a acheté une annonce qui apparaît en haut des résultats de la recherche Google, affirmant être la page d'accueil du mastic.L'URL AD indique un domaine contrôlé par l'attaquant où il peut montrer une page légitime aux visiteurs qui ne sont pas de vraies victimes.Les vraies victimes venant des États-Unis seront redirigées vers un faux site qui ressemble exactement à Putty.org.La charge utile malveillante est téléchargée via une chaîne de redirection en deux étapes, et le serveur est censé effectuer des vérifications pour les procurations tout en enregistrant l'adresse IP de la victime.Lors de l'exécution du compte-gouttes, il y a une vérification IP pour l'adresse IP publique de la victime.Si une correspondance est trouvée, le compte-gouttes procède à la récupération d'une charge utile de suivi d'un autre serveur.La charge utile est Rhadamanthys, qui est exécuté par le processus parent putty.exe.Le chargeur est étroitement lié à l'infrastructure de malvertisation, et il est très probable que le même acteur de menace contrôle les deux.
#### URL de référence (s)
1. https://www.malwarebytes.com/blog/thereat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
#### Date de publication
22 mars 2024
#### Auteurs)
J & eacute; r & ocirc; moi segura
#### Description A new malvertising campaign has been discovered that uses a Go language loader to deploy the Rhadamanthys stealer. The threat actor purchased an ad that appears at the top of Google search results, claiming to be the PuTTY homepage. The ad URL points to an attacker-controlled domain where they can show a legitimate page to visitors that are not real victims. Real victims coming from the US will be redirected to a fake site that looks and feels exactly like putty.org. The malicious payload is downloaded via a two-step redirection chain, and the server is believed to perform some checks for proxies while also logging the victim\'s IP address. Upon executing the dropper, there is an IP check for the victim\'s public IP address. If a match is found, the dropper proceeds to retrieve a follow-up payload from another server. The payload is Rhadamanthys, which is executed by the parent process PuTTy.exe. The loader is closely tied to the malvertising infrastructure, and it is quite likely that the same threat actor is controlling both. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys #### Publication Date March 22, 2024 #### Author(s) Jérôme Segura |
Threat | ★★ | |
 |
2024-03-29 16:07:32 | Narwhal Spider Threat Group derrière une nouvelle campagne de phishing usurpant l'identité de cabinets d'avocats réputés Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms (lien direct) |
|
Threat | ★★ | |
 |
2024-03-29 13:53:15 | Ensemble Linux 64 bits et codage de coquille 64-bit Linux Assembly and Shellcoding (lien direct) |
INTRODUCTION Les codes de shell sont des instructions de machine qui sont utilisées comme charge utile dans l'exploitation d'une vulnérabilité.Un exploit est un petit code qui cible
Introduction Shellcodes are machine instructions that are used as a payload in the exploitation of a vulnerability. An exploit is a small code that targets |
Vulnerability Threat | ★★ | |
|
2024-03-29 13:00:13 | Journée mondiale de la sauvegarde 2024: naviguer dans l'avenir de la cybersécurité avec des solutions cloud World Backup Day 2024: Navigating the Future of Cyber security with Cloud Solutions (lien direct) |
> Le 31 mars marque la célébration de la Journée mondiale de la sauvegarde, un rappel opportun de l'importance d'obtenir des données critiques dans le paysage numérique d'aujourd'hui.Dans un monde où «les données sont le nouveau pétrole \\», car les entreprises s'appuient fortement sur les informations et les données pour générer des opérations, les protéger de la menace croissante des cyberattaques est devenue une priorité.Selon Statista, plus de 353 millions de personnes aux États-Unis ont été touchées en 2023 par des compromis de données, notamment les violations de données, les fuites et l'exposition.Les violations mondiales de données qui ont eu lieu dans de grandes entreprises comme Facebook et même dans les grands hôpitaux du monde entier et [& # 8230;]
>March 31st marks the celebration of World Backup Day, a timely reminder of the importance of securing critical data in today’s digital landscape. In a world where “data is the new oil\' as businesses rely heavily on information and data to drive operations, safeguarding them from the growing threat of cyberattacks has become a priority. According to Statista, over 353 million individuals in the United States were affected in 2023 by data compromises, including data breaches, leakage, and exposure. Global data breaches which have taken place at big companies like Facebook and even in large hospitals around the world and […] |
Threat Cloud | ★★ | |
|
2024-03-29 12:00:00 | Iran\'s Evolving Cyber-Enabled Influence Operations to Support Hamas (lien direct) | La compréhension des techniques de l'Iran \\, associées à une menace complète, peut donner aux organisations un avantage dans l'identification et la défense contre ces attaques.
Understanding Iran\'s techniques, coupled with comprehensive threat intel, can give organizations an edge in identifying and defending against these attacks. |
Threat | ★★ | |
|
2024-03-29 12:00:00 | Les opérations d'influence cyber-cyber-activés de l'Iran \\ pour soutenir le Hamas Iran\\'s Evolving Cyber-Enabled Influence Operations to Support Hamas (lien direct) |
Comprendre les techniques d'Iran \\, associées à des informations complètes sur les menaces, peut donner aux organisations un avantage pour identifier et défendre contre ces attaques.
Understanding Iran\'s techniques, coupled with comprehensive threat intel, can give organizations an edge in identifying and defending against these attacks. |
Threat | ★★ | |
|
2024-03-29 06:00:11 | Déverrouiller l'efficacité de la cybersécurité dans les soins de santé: utiliser des informations sur les menaces pour naviguer dans la surface d'attaque humaine Unlocking Cybersecurity Efficiency in Healthcare: Using Threat Insights to Navigate the Human Attack Surface (lien direct) |
Understanding your organization\'s human attack surface is not just a good idea in today\'s threat landscape; it\'s essential. Why? Because it can make all the difference in your efforts to allocate your limited resources efficiently. Let\'s face it-in the world of cybersecurity, one size does not fit all. It is not feasible to adopt a uniform approach to secure your business. And while most of your users may pose a minimal risk, there are smaller, high-risk groups that attract the lion\'s share of attention from cyberthreat actors. Identifying these groups and understanding what makes these users so enticing to attackers is key to creating an effective defense. At Proofpoint, we recognize the importance of understanding the human attack surface. Our approach to cybersecurity revolves around a human-centric defense strategy. And email serves as a valuable window into the most vulnerable parts of your business. We analyze inbound threats directed at email addresses and enrich them with directory information. This is a Proofpoint Targeted Attack Protection (TAP) feature that\'s available to all customers. As a result, we provide valuable insights into the job roles and departments that are prime targets for attackers. In this blog, we\'ll go through some of our most recent insights for the healthcare industry-and the job roles that attracted the most interest from attackers. 2023 research overview For our research in 2023, we created a healthcare peer group of over 50 similar hospital systems to track within the Proofpoint TAP platform. We meticulously analyzed “people data” from these systems to identify trends in attack patterns. We tracked: Attack index Click rates Malicious message volume Total clicks across various departments More specifically, we looked for outlier clusters that exhibited movement beyond the average. What follows are a few of our insights. Threat actors target roles related to finance and the revenue cycle back-end As it turns out, attackers have a penchant for people in finance-related jobs and those who are involved in transactions. These users were consistently attacked more than others. When we drill down further on our findings, we see that departments involved in the supply chain and facilities management exhibit similar deviations from the average. The reason? These roles often require people to be involved in transactions, making them attractive targets for attackers. 2023 department-level average attack index: Finance and transactional job roles averaged a significantly higher attack index per month per user. Money is a bigger draw than data But here is where it gets interesting. When we compare job roles and departments based on access to transactions versus access to health information, the difference is stark. It seems that attackers are more determined to interdict financial transactions than to gain access to users with large amounts of health data. 2023 department-level average attack index; medical and information services departments averaged a significantly lower attack index per month per user than financial and transactional job roles. Threat actors go after roles that deal with patient service revenue Going a step further, we wanted to understand the impact of threats on people in administrative and clinical roles who help capture, manage and collect patient service revenue. We examined the revenue cycle by categorizing job roles and departments in the following ways. Front-end (admin and pre-visit) Middle (visit, claim submission) Back-end (inbound processing, payer, patient) The disparity between groups with access to transactions and those with access to health data is evident. The revenue cycle back-end category exhibits the highest average attack index among revenue cycle labeled data, which we attribute to finance job roles associated with billing. 2023 average of attack index trends; revenue cycle quarterly comparison. The interest of attackers in finance-related job roles comes | Threat Medical | ★★ | |
 |
2024-03-28 20:51:46 | Hillary Clinton: Ai et Deepfakes posent un type de menace totalement différent \\ ' Hillary Clinton: AI and deepfakes pose a \\'totally different type of threat\\' (lien direct) |
Appelant l'intelligence artificielle et Deepfakes «un saut de technologie», l'ancienne secrétaire d'État Hillary Rodham Clinton a déclaré jeudi que les personnes utilisant l'IA à des fins antidémocratiques permettent à leurs compétences en travaillant avec sa ressemblance.«Parce qu'ils ont une telle bibliothèque de trucs sur moi, ils l'utilisent pour pratiquer et voir comment plus
Calling artificial intelligence and deepfakes “a leap in technology,” former Secretary of State Hillary Rodham Clinton said Thursday that people using AI for undemocratic purposes are honing their skills by working with her likeness. “Because they\'ve got such a library of stuff about me, they\'re using it to practice on and see how more |
Threat | ★★ | |
 |
2024-03-28 14:30:22 | Sécurité électorale: défendre la démocratie dans le paysage dynamique du cyber-menace d'aujourd'hui Election Security: Defending Democracy in Today\\'s Dynamic Cyber Threat Landscape (lien direct) |
Avec plus de 50 pays qui se dirigent vers les urnes cette année, y compris les grandes économies comme les États-Unis, l'Inde et le Royaume-Uni, 2024, d'une manière ou d'une autre, sera une année déterminante avec plus de 4 milliards d'électeurs ...
With over 50 countries heading to the polls this year, including major economies like the U.S., India and the U.K., 2024, one way or another, will be a defining year with over 4 billion voters... |
Threat | ★★★ | |
 |
2024-03-28 11:05:01 | Vulnérabilité matérielle dans les puces de la série M Apple \\ Hardware Vulnerability in Apple\\'s M-Series Chips (lien direct) |
Une autre Attaque du canal latéral matériel:
La menace réside dans le préfetcher dépendant de la mémoire des données, une optimisation matérielle qui prédit les adresses mémoire des données à laquelle le code exécutif est susceptible d'accéder dans un avenir proche.En chargeant le contenu dans le cache CPU avant qu'il soit réellement nécessaire, le DMP, comme la fonctionnalité est abrégée, réduit la latence entre la mémoire principale et le CPU, un goulot d'étranglement commun dans l'informatique moderne.Les DMP sont un phénomène relativement nouveau trouvé uniquement dans les puces de la série M et la microarchitecture du lac Raptor de 13217;
It’s yet another hardware side-channel attack: The threat resides in the chips\' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it\'s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years... |
Vulnerability Threat | ★★★ | |
|
2024-03-28 10:21:02 | Améliorations de la sensibilisation à la sécurité de ProofPoint: 2024 Release hivernale et au-delà Proofpoint Security Awareness Enhancements: 2024 Winter Release and Beyond (lien direct) |
Proofpoint Security Awareness has long been at the forefront of innovative awareness strategies. In today\'s complex threat landscape, a human-centric strategy has never been more important. And we have never been more dedicated to creating a program that helps users change their behavior. In this post, we share a few enhancements that show how committed we are to helping users transform their behavior. We cover a key educational campaign and outline the benefits of several new functional enhancements within four focus areas. 1: Keeping users engaged There are two recent and upcoming enhancements in this focus area. We launched the Yearlong campaign: Cybersecurity Heroes We released this pioneering, comprehensive educational program late last year. It provides an ongoing, curriculum-based approach to cybersecurity training. It is a testament to our belief in the power of continuous learning and helping users change their behavior. The Cybersecurity Heroes campaign covers an array of key security topics in detail every month. Here are a few examples: Elements of data encryption Intricacies of strong password protocols Deceptive nature of ransomware Long-term training schedules can be an administrative burden. That\'s why we\'ve made this training available through stand-alone monthly modules. This flexibility helps ease administrative workloads. An article from the Cybersecurity Heroes campaign. QR code phishing simulations will launch soon In the second quarter of 2024, we will be releasing QR code phishing simulations. They are our proactive response to a novel and alarming trend. Recent intelligence from industry-leading analyses, including an eye-opening blog on QR code phishing from Tessian, underscores the urgent need for education. QR code phishing attacks are on the rise. Yet, 80% of end users perceive QR codes as safe. This highlights a dangerous gap in threat perception. How a QR code phishing attack works. Our new simulations will provide administrative visibility into which users are most vulnerable to an attack, as well as a dynamic environment for users to hone their threat detection abilities in alignment with real-world scenarios. They are based on our threat intelligence and designed to challenge and refine user reactions. With an understanding of who is most at risk and how users may react to a QR code phishing attack, administrators will be able to design a program that is tailored to each individual, resulting in maximum learning comprehension and retention. QR code phishing simulations will be available in the second quarter of 2024. 2: Enhancing how people learn We want to help businesses maximize their users\' learning comprehension and behavior change. One recent enhancement in this focus area is the integration of “Phish Hooks” into Teachable Moments. It was released in late 2023. Here\'s how it helps users learn better and retain what they\'ve learned. “Phish Hooks” is now integrated with Teachable Moments This enhancement helps users understand why a phishing simulation would have been an actual threat. Users get immediate and clear feedback so that they know what to look out for next time. A view of Teachable Moments with “Phish Hooks.” By dissecting the anatomy of a phishing attack, we can give a big boost to a user\'s ability to critically assess an attack. That, in turn, helps them to improve their understanding and retention of safe cybersecurity behaviors. 3: Gaining visibility into vulnerable users Proofpoint recognizes that security administrators play a critical role in orchestrating awareness efforts. That is why we refined our Repeat Behavior Report. It\'s designed to help administrators identify the users who can benefit from targeted training about phishing risks. Here\'s how. The Repeat Behavior Report is more detailed This enhancement gives you actionable insights that can help you identify vulnerability trends. To this end, the report now provides a more de | Vulnerability Threat Prediction | ★★★ | |
 |
2024-03-28 09:30:00 | Appels à la réponse à la réponse aux incidents Double en un an Calls to Incident Response Helpline Double in a Year (lien direct) |
Un volume croissant d'appels au Centre écossais de cyber et de fraude met en évidence les niveaux de menace croissants
A rising volume of calls to the Scottish Cyber and Fraud Centre highlights surging threat levels |
Threat | ★★★ | |
|
2024-03-28 06:00:00 | Arabie saoudite, la liste supérieure des Émirats arabes unis des nations ciblées au Moyen-Orient Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East (lien direct) |
Le gouvernement, la fabrication et l'industrie de l'énergie sont les cibles les plus importantes des acteurs avancés et persistants, avec des attaques de phishing et des exploits à distance les vecteurs les plus courants.
Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors. |
Threat | ★★★ | |
 |
2024-03-27 21:50:12 | Eclecticiq détaille l'opération Flightnight ciblant les entités gouvernementales indiennes, le secteur de l'énergie EclecticIQ details Operation FlightNight targeting Indian government entities, energy sector (lien direct) |
> Les analystes d'EclectiCIQ ont découvert un acteur de menace non identifié, connu sous le nom d'Operation Flightnight, en utilisant une version personnalisée du ...
>EclecticIQ analysts have uncovered an unidentified threat actor, known as Operation FlightNight, utilizing a customized version of the... |
Threat | ★★★★ | |
|
2024-03-27 20:56:32 | Flare acquiert la préclusion pour accélérer la croissance de la gestion de l'exposition aux menaces Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth (lien direct) |
> Les analystes d'EclectiCIQ ont découvert un acteur de menace non identifié, connu sous le nom d'Operation Flightnight, en utilisant une version personnalisée du ...
>EclecticIQ analysts have uncovered an unidentified threat actor, known as Operation FlightNight, utilizing a customized version of the... |
Threat | ★★★ | |
|
2024-03-27 20:54:00 | Les pirates ont frappé la défense indienne, les secteurs de l'énergie avec des logiciels malveillants se faisant passer pour l'invitation de l'Air Force Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (lien direct) |
Les entités gouvernementales indiennes et les sociétés énergétiques ont été ciblées par des acteurs de menace inconnus dans le but de livrer une version modifiée d'un malware d'informations open source, un voleur malveillant appelé Hackbrowserdata et des informations sensibles exfiltrates dans certains cas en utilisant Slack comme commandement et contrainte (C2).
"Le voleur d'informations a été livré via un e-mail de phishing, se faisant passer pour une lettre d'invitation
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter |
Malware Threat | ★★★ | |
|
2024-03-27 20:13:37 | Google Tag rapporte que la surtension zéro-jour et la montée des menaces de piratage d'État Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats (lien direct) |
> Par waqas
Le groupe d'analyse des menaces de Google (TAG) rapporte une augmentation préoccupante des exploits zéro-jours et une activité accrue à partir de pirates soutenus par l'État. & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Google Tag rapporte que la surtension zéro-jour et la montée des menaces de pirate d'État
>By Waqas Google’s Threat Analysis Group (TAG) reports a concerning rise in zero-day exploits and increased activity from state-backed hackers.… This is a post from HackRead.com Read the original post: Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats |
Vulnerability Threat | ★★★★ | |
|
2024-03-27 20:10:46 | Des millions de chambres d'hôtel dans le monde vulnérables à l'exploitation de verrouillage de porte Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit (lien direct) |
Les verrous de l'hôtel sont vulnérables au cyber-compromis depuis des décennies et étendent leur course à l'ère numérique.
Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age. |
Threat | ★★★ | |
 |
2024-03-27 20:00:58 | Flashpoint libère le rapport annuel de renseignement sur les menaces mondiales Flashpoint Releases Annual Global Threat Intelligence Report (lien direct) |
Flashpoint a publié son rapport de renseignement sur les menaces mondiales en 2024 qui revient à 2023 pour faire la lumière sur les cyber-menaces, les troubles géopolitiques et l'escalade des conflits physiques dans le monde pour aider les organisations à renforcer les défenses, à garantir la résilience opérationnelle et à confronter de manière proactive les menaces multifacet./ p>
-
rapports spéciaux
Flashpoint released its 2024 Global Threat Intelligence Report that looks back at 2023 to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world to help organizations strengthen defenses, ensure operational resilience, and proactively confront multifaceted threats. - Special Reports |
Threat Studies | ★★★★ | |
|
2024-03-27 19:56:09 | Rapport de menace: examiner l'utilisation de l'IA dans les techniques d'attaque Threat Report: Examining the Use of AI in Attack Techniques (lien direct) |
Plus que jamais, il est essentiel pour les organisations de comprendre la nature des menaces basées sur l'IA et la façon dont elles peuvent émousser l'avantage que l'IA transmet aux mauvais acteurs.
More than ever, it\'s critical for organizations to understand the nature of AI-based threats and how they can blunt the advantage that AI conveys to bad actors. |
Threat | ★★★ | |
|
2024-03-27 18:24:00 | Microsoft Edge Bug aurait pu permettre aux attaquants d'installer silencieusement des extensions malveillantes Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (lien direct) |
Un défaut de sécurité désormais réglé dans le navigateur Web Microsoft Edge aurait pu être maltraité pour installer des extensions arbitraires sur les systèmes des utilisateurs et effectuer des actions malveillantes. & Nbsp;
"Cette faille aurait pu permettre à un attaquant d'exploiter une API privée, initialement destinée à des fins de marketing, pour installer secrètement des extensions de navigateur supplémentaires avec des autorisations larges sans la connaissance de l'utilisateur", Guardio
A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users\' systems and carry out malicious actions. "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user\'s knowledge," Guardio |
Threat | ★★★ | |
|
2024-03-27 16:57:55 | \\ 'Tycoon \\' Kit malware contourne Microsoft, Google MFA \\'Tycoon\\' Malware Kit Bypasses Microsoft, Google MFA (lien direct) |
Les acteurs de la menace adoptent largement la plate-forme de phishing à faible coût à faible coût (PHAAS), qui est vendu via Telegram.
Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. |
Malware Threat | ★★ | |
|
2024-03-27 16:49:44 | Nozomi Networks étend son partenariat avec Yokogawa (lien direct) | Nozomi Networks étend son partenariat avec Yokogawa pour délivrer ses services de sécurité OT et IoT dans le monde entier Les fonctionnalités de Nozomi Networks sur la visibilité OT / IoT et la détection des menaces sont désormais intégrées aux services gérés de cybersécurité de Yokogawa et proposés à des clients dans 60 pays à travers le monde. - Business | Threat Industrial | ★★ | |
|
2024-03-27 16:09:00 | Vulnérabilité de plate-forme Ray Ai non corrigée critique exploitée pour l'exploration de crypto-monnaie Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (lien direct) |
Les chercheurs en cybersécurité avertissent que les acteurs de la menace exploitent activement une vulnérabilité "contestée" et non corrigée dans une plate-forme d'intelligence artificielle open source (IA) appelée Anyscale Ray à détourner le pouvoir de calcul pour l'extraction de crypto-monnaie illicite.
"Cette vulnérabilité permet aux attaquants de prendre le contrôle de la puissance de calcul des sociétés et de divulguer des données sensibles", cherche des chercheurs en sécurité Oligo AVI
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies\' computing power and leak sensitive data," Oligo Security researchers Avi |
Vulnerability Threat | ★★ | |
|
2024-03-27 15:27:37 | Le bonanza zéro-jour conduit plus d'exploits contre les entreprises Zero-Day Bonanza Drives More Exploits Against Enterprises (lien direct) |
Les adversaires avancés se concentrent de plus en plus sur les technologies d'entreprise et leurs fournisseurs, tandis que les plates-formes d'utilisateurs finaux réussissent à étouffer les exploits zéro-jour avec les investissements en cybersécurité, selon Google.
Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google. |
Vulnerability Threat | ★★★ | |
 |
2024-03-27 13:50:41 | Rapport Google: Malgré la montée des attaques zéro-jour, les atténuations d'exploitation fonctionnent Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working (lien direct) |
> Malgré une augmentation des attaques zéro-jour, les données montrent que les investissements de sécurité dans les expositions d'exploitation du système d'exploitation et des logiciels obligent les attaquants à trouver de nouvelles surfaces d'attaque et des modèles de bogues.
>Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. |
Vulnerability Threat | ★★★ | |
|
2024-03-27 13:01:00 | Les vulnérabilités zéro-jour ont bondi par plus de 50% par an, explique Google Zero-Day Vulnerabilities Surged by Over 50% Annually, Says Google (lien direct) |
Google a détecté des vulnérabilités de près de 100 jours zéro exploitées dans la nature en 2023
Google detected nearly 100 zero-day vulnerabilities exploited in the wild in 2023 |
Vulnerability Threat | ★★★ | |
 |
2024-03-27 13:00:00 | Les logiciels espions et les exploits zéro-jours vont de plus en plus de pair, les chercheurs trouvent Spyware and zero-day exploits increasingly go hand-in-hand, researchers find (lien direct) |
> Les chercheurs ont trouvé 97 jours zéro exploités dans la nature en 2023;Près des deux tiers des défauts mobiles et du navigateur ont été utilisés par les entreprises spyware.
>Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms. |
Vulnerability Threat Mobile | ★★ | |
|
2024-03-27 13:00:00 | Les jours zéro exploités dans la nature ont bondi de 50% en 2023, alimenté par des vendeurs de logiciels espions Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors (lien direct) |
Les experts en cybersécurité avertissent que les exploits zéro-jours, qui peuvent être utilisés pour compromettre les appareils avant que quiconque ne sache qu'ils sont vulnérables, sont devenus plus courants en tant que pirates et cybercriminels à l'État-nation et en train de trouver des moyens sophistiqués de mener à bien leurs attaques.Des chercheurs de Google ont déclaré mercredi avoir observé 97 jours zéro exploités dans la nature en 2023, comparés
Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they\'re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks. Researchers from Google on Wednesday said they observed 97 zero-days exploited in the wild in 2023, compared |
Vulnerability Threat | ★★★ | |
 |
2024-03-27 11:15:00 | Cyber Spies, pas les cybercriminels, derrière la plupart des exploitations zéro-jours Cyber spies, not cyber criminals, behind most zero-day exploitation (lien direct) |
Les experts en cybersécurité avertissent que les exploits zéro-jours, qui peuvent être utilisés pour compromettre les appareils avant que quiconque ne sache qu'ils sont vulnérables, sont devenus plus courants en tant que pirates et cybercriminels à l'État-nation et en train de trouver des moyens sophistiqués de mener à bien leurs attaques.Des chercheurs de Google ont déclaré mercredi avoir observé 97 jours zéro exploités dans la nature en 2023, comparés
Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they\'re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks. Researchers from Google on Wednesday said they observed 97 zero-days exploited in the wild in 2023, compared |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
