This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T12:32:53+00:00 www.secnews.physaphae.fr CybeReason - Vendor blog Takeways clés Comprendre les attaques de bacs: Les attaques de bacs exploitent les numéros d'identification bancaire (bacs) accessibles au public sur les cartes de paiement aux détails de la carte brute valides, permettant des transactions frauduleuses. L'identification des modèles d'échec des tentatives d'autorisation est essentielle pour la détection précoce. Stratégies d'atténuation efficaces: Mise en œuvre de la limitation des taux, de l'authentification améliorée (par exemple, CAPTCHA, MFA), des pare-feu d'application Web (WAFS), du géofencing et des outils de détection basés sur l'apprentissage automatique peuvent réduire considérablement la probabilité d'attaques de bac à succès. Réponse des incidents collaboratifs: Engagez les processeurs de paiement, les émetteurs de cartes et les équipes de criminalistique numérique pour tracer des attaques, geler les cartes compromises et mettre en œuvre des mesures à long terme comme la tokenisation et la conformité PCI DSS pour renforcer la sécurité des paiements. Les acteurs de menace ayant des motivations financières exploitent souvent des attaques de bacs lors du ciblage des services financiers ou des victimes de commerce électronique. Les attaques de bacs impliquent des acteurs de menace testant systématiquement les numéros de carte résultant d'un numéro d'identification bancaire (BIN) pour trouver des détails de carte valides. Les valeurs de bac sont affectées aux émetteurs de cartes et forment les 6 à 8 premiers chiffres sur les cartes de paiement. Ces valeurs sont publiées auprès des commerçants, des processeurs de paiement et d'autres fournisseurs de services pour faciliter les transactions et sont accessibles au public. Le bac est ensuite suivi d'un ensemble supplémentaire de nombres (le numéro de compte) pour former un complete numéro de compte primaire (pan), ou numéro de carte.

---

KEY TAKEAWAYS Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection. Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks. Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS complianc]]> 2025-03-11T18:06:18+00:00 https://www.cybereason.com/blog/identifying-and-preventing-bin-attacks www.secnews.physaphae.fr/article.php?IdArticle=8655091 False Tool,Threat None 2.0000000000000000 CybeReason - Vendor blog les principaux plats à retenir Trois vulnérabilités à jour zéro ont été découvertes dans les produits VMware, suivis comme CVE-2025-22224 , CVE-2025-22225 , et CVE-2025-22226 . . Presque tous les produits VMware pris en charge et non pris en charge sont touchés, notamment VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation et VMware Telco Cloud Platform. Chaîner ces 3 vulnérabilités ensemble permet à un attaquant d'échapper ou de «sortir» d'une machine virtuelle «enfant» (VM), d'accéder à l'hyperviseur ESXi «parent» et potentiellement accéder à toute autre machine virtuelle accessible ainsi que pour le réseau de gestion du cluster VMware exposé. Nous recommandons la mise à niveau vers des «versions fixes» indiquées dans le vmware par Broadcom Matrix immédiatement. ]]> 2025-03-05T22:04:21+00:00 https://www.cybereason.com/blog/zero-day-vulnerabilities-vmware www.secnews.physaphae.fr/article.php?IdArticle=8654034 False Vulnerability,Threat,Cloud None 2.0000000000000000 CybeReason - Vendor blog Takeways clés Sophistication des attaques de BEC: Les attaques de compromis par e-mail (BEC) sont de plus en plus sophistiquées, tirant parti de l'ingénierie sociale avancée, de la personnalisation axée sur l'IA et des kits de phishing afin de surmonter les protections du MFA. Exploitation de la confiance: Certains groupes d'acteurs de menace ont été découverts en tirant une technique qui implique d'intégrer des leurres de phishing dans des blocs de signature de messagerie sur les comptes d'utilisateurs. Cette tactique trompeuse exploite les destinataires et la confiance et l'attention à la nature bénigne des sections de signature en la remplaçant par un e-mail formaté. Il peut également rester non détecté pendant certaines étapes d'investigation car elle n'est pas considérée comme un changement de règle de boîte de réception qui pourrait être associée à l'exploitation et à l'alerte d'audit spécifiques. Impact en cascade: Une fois que les informations d'identification initiales sont compromises, les attaquants utilisent souvent ces comptes pour lancer des campagnes de phishing secondaire, élargissant leur portée et augmentant les dommages financiers et de réputation aux organisations. De plus, même après un changement de mot de passe et qu'un acteur de menace a perdu accès à un compte précédemment compromis, si la modification de la signature du bloc n'est pas capturé et corrigée rapidement, l'envoi normal des e-mails par l'utilisateur peut perpétuer sans le savoir l'attaque vers l'avant. Les attaques de compromis par courrier électronique d'entreprise sont devenues de plus en plus courantes ces dernières années, motivées par des tactiques sophistiquées d'ingénierie sociale qui facilitent la dupe des victimes. Ceci est en partie à la crédibilité que les acteurs de la menace peuvent réaliser en collectant des informations sensibles à partir de sources accessibles au public, y compris des sites Web d'entreprise et des médias sociaux. Les criminels exploitent ces informations pour poser en tant que collègues de confiance ou partenaires commerciaux, en utilisant des comptes de messagerie volés ou usurpés pour livrer des messages convaincants qui incitent les destinataires à transférer des fonds ou à divulguer des informations confidentielles. La nature évolutive de ces régimes est caractérisée par leur taux de réussite élevé, les faibles obstacles technologiques à l'entrée pour les acteurs de la menace et les pertes financières substantielles subies par les organisations victimes. Les progrès de l'automatisation, de la personnalisation dirigée par l'IA et des kits de phishing prêts à l'emploi ont accéléré encore la prolifération des attaques de BEC, créant un marché lucratif pour les cybercriminels.

---

KEY TAKEAWAYS Sophistication of BEC Attacks: Business Email Compromi]]> 2025-02-25T21:57:44+00:00 https://www.cybereason.com/blog/bec-email-signature-technique www.secnews.physaphae.fr/article.php?IdArticle=8651026 False Threat None 3.0000000000000000 CybeReason - Vendor blog KEY TAKEAWAYS Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion   Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns Requires no additional client involvement to run Available for M365 and Google Workspace Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.

---

KEY TAKEAWAYS Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion   Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns Requires no additional client involvement to run Available for M365 and Google Workspace Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.]]> 2025-02-18T21:50:13+00:00 https://www.cybereason.com/blog/bec-security-configuration-snapshot www.secnews.physaphae.fr/article.php?IdArticle=8648917 False Threat,Cloud,Technical None 3.0000000000000000 CybeReason - Vendor blog Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

---

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. ]]> 2025-01-28T15:16:45+00:00 https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader www.secnews.physaphae.fr/article.php?IdArticle=8643918 False Ransomware,Threat None 3.0000000000000000 CybeReason - Vendor blog Key Takeaways Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956 Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft We recommend upgrading to version 5.8.0.24 immediately ]]> 2024-12-17T18:18:17+00:00 https://www.cybereason.com/blog/cve-2024-55956-cleo-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8626734 False Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-24T16:00:44+00:00 https://www.cybereason.com/blog/unlocking-the-potential-of-ai-in-cybersecurity-embracing-the-future-and-its-complexities www.secnews.physaphae.fr/article.php?IdArticle=8601584 False Tool,Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-18T14:16:35+00:00 https://www.cybereason.com/blog/threat-analysis-beast-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8599760 False Ransomware,Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-10-04T16:09:32+00:00 https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal www.secnews.physaphae.fr/article.php?IdArticle=8592106 False Tool,Threat None 2.0000000000000000 CybeReason - Vendor blog À l'ère numérique d'aujourd'hui, les cyberattaques sont devenues une menace commune et constante pour les individus et les organisations.Des escroqueries à phishing aux attaques de logiciels malveillants, les cybercriminels trouvent constamment de nouvelles façons d'exploiter les vulnérabilités et de voler des informations sensibles.Les ransomwares sont de plus en plus répandus, avec des attaques de haut niveau ciblant les grandes organisations, les agences gouvernementales et les systèmes de santé.Les conséquences d'une attaque de ransomware peuvent être dévastatrices, entraînant une perte financière, des dommages de réputation et même le compromis de données sensibles.

---

In today\'s digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data.]]> 2024-10-03T13:00:00+00:00 https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it www.secnews.physaphae.fr/article.php?IdArticle=8591265 False Ransomware,Malware,Vulnerability,Threat,Medical None 2.0000000000000000 CybeReason - Vendor blog This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims\' network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent these attacks. ]]> 2024-09-13T20:25:22+00:00 https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor www.secnews.physaphae.fr/article.php?IdArticle=8576221 False Threat None 2.0000000000000000 CybeReason - Vendor blog Les menaces de cybersécurité hautement sophistiquées, bien financées et à motivation stratégique sont complexes et difficiles, nécessitant des mesures de cybersécurité avancées, une intelligence des menaces et une coopération internationale.Les agences gouvernementales ou les groupes parrainés par l'État se livrent à des cyberattaques pour diverses raisons, notamment l'espionnage, le sabotage ou pour l'influence politique. & NBSP;

---

Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. Government agencies or state-sponsored groups, are engaging in cyber-attacks for various reasons, including espionage, sabotage, or for political influence. ]]> 2024-07-25T13:08:08+00:00 https://www.cybereason.com/blog/cuckoo-spear www.secnews.physaphae.fr/article.php?IdArticle=8544165 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2024-07-10T14:12:01+00:00 https://www.cybereason.com/blog/hardening-of-hardbit www.secnews.physaphae.fr/article.php?IdArticle=8534392 False Threat None 3.0000000000000000 CybeReason - Vendor blog 2024-06-25T17:01:23+00:00 https://www.cybereason.com/blog/i-am-goot-loader www.secnews.physaphae.fr/article.php?IdArticle=8525516 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2024-05-29T16:12:47+00:00 https://www.cybereason.com/blog/threat-alert-the-xz-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8509419 False Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2024-05-06T16:15:31+00:00 https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access www.secnews.physaphae.fr/article.php?IdArticle=8494707 False Threat None 3.0000000000000000 CybeReason - Vendor blog Dans les années décroissantes du 20e siècle, au milieu des angoisses croissantes à propos du tournant du millénaire, un homme, Robert Bemer, a observé le drame qui se déroule de sa maison éloignée sur le lac King Possum.Un chiffre vénéré dans l'informatique, Bemer avait tôt signalé un problème important et imminent connu sous le nom de Bug Y2K, qui menaçait de perturber les systèmes mondiaux alors que les calendriers sont réduits en 2000. Cet épisode plonge dans la vie de Bemer \\ au cours de cette critiquepériode, explorant ses prédictions, la frénésie mondiale qui s'ensuivit pour éviter la catastrophe et les opinions disparates sur le fait que les milliards dépensés en prévention étaient justifiés ou simplement une réponse à une menace mal comprise.

---

In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer\'s life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat.]]> 2024-04-23T13:17:04+00:00 https://www.cybereason.com/blog/malicious-life-podcast-the-y2k-bug-part-2 www.secnews.physaphae.fr/article.php?IdArticle=8487441 False Threat None 3.0000000000000000 CybeReason - Vendor blog Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.

---

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2024-03-26T14:39:15+00:00 https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath www.secnews.physaphae.fr/article.php?IdArticle=8470864 False Vulnerability,Threat None 3.0000000000000000 CybeReason - Vendor blog Aujourd'hui, les entreprises accélèrent pour investir dans la numérisation pour rester en avance sur la concurrence.Ils rencontrent de plus en plus un paysage en évolution des menaces et des défis de sécurité complexes - avec plus de charges de travail dans des nuages multiples, plus de main-d'œuvre dans des environnements hybrides et des appareils plus intelligents liés dans les opérations critiques de la mission.Ce parcours de transformation est exacerbé par une augmentation exponentielle des ressources de calcul, des volumes de données et des outils de sécurité, ce qui fait augmenter le coût du stockage, de la gestion et de l'analyse des données à des fins de sécurité.

---

Today enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by exponential increase in compute resources, data volumes and security tooling, driving up the cost of storing, managing and analyzing the data for security purposes.]]> 2024-03-25T03:28:07+00:00 https://www.cybereason.com/blog/cybereasons-evolution-to-disrupt-beyond-siem-and-xdr-market www.secnews.physaphae.fr/article.php?IdArticle=8469949 False Threat None 2.0000000000000000 CybeReason - Vendor blog Cybearason Security Services Problème des rapports d'analyse des menaces pour informer sur l'impact des menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.

---

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2024-03-13T14:50:52+00:00 https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8463286 False Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog Les services de sécurité de la cyberison des problèmes d'analyse des menaces pour informer les menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.

---

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2024-03-05T14:41:54+00:00 https://www.cybereason.com/blog/unboxing-snake-python-infostealer-lurking-through-messaging-service www.secnews.physaphae.fr/article.php?IdArticle=8459406 False Threat None 2.0000000000000000 CybeReason - Vendor blog Ce rapport d'analyse des menaces se plongera dans les comptes YouTube compromis utilisés comme vecteur pour la propagation des logiciels malveillants.Il décrira comment ce vecteur d'attaque est exploité pour les campagnes à faible combustion et à faible coût, mettant en évidence les stratégies utilisées par les acteurs de la menace et comment les défenseurs peuvent détecter et prévenir ces attaques. & NBSP;

---

This Threat Analysis Report will delve into compromised YouTube accounts being used as a vector for the spread of malware. It will outline how this attack vector is exploited for low-burn, low-cost campaigns, highlighting strategies used by threat actors and how defenders can detect and prevent these attacks. ]]> 2024-02-12T16:37:24+00:00 https://www.cybereason.com/blog/from-cracked-to-hacked-malware-spread-via-youtube-videos www.secnews.physaphae.fr/article.php?IdArticle=8449326 False Malware,Threat None 3.0000000000000000 CybeReason - Vendor blog Cybereason Issues Menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris des vulnérabilités critiques telles que l'exploitation Ivanti Secure VPN Zero-Day.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.

---

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities such as the Ivanti Connect Secure VPN Zero-Day exploitation. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2024-02-06T04:35:35+00:00 https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8447166 False Vulnerability,Threat None 2.0000000000000000 CybeReason - Vendor blog Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

---

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2024-01-29T15:39:52+00:00 https://www.cybereason.com/blog/threat-alert-darkgate-loader www.secnews.physaphae.fr/article.php?IdArticle=8444479 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-12-18T16:09:11+00:00 https://www.cybereason.com/blog/threat-alert-citrixbleed-cve-2023-4966 www.secnews.physaphae.fr/article.php?IdArticle=8424932 False Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2023-11-28T15:41:00+00:00 https://www.cybereason.com/blog/threat-alert-djvu-variant-delivered-by-loader-masquerading-as-freeware www.secnews.physaphae.fr/article.php?IdArticle=8417601 False Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-11-20T18:11:31+00:00 https://www.cybereason.com/blog/threat-alert-inc-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8415051 False Ransomware,Threat None 3.0000000000000000 CybeReason - Vendor blog ]]> 2023-10-06T17:53:23+00:00 https://www.cybereason.com/blog/threat-analysis-taking-shortcuts-using-lnk-files-for-initial-infection-and-persistence www.secnews.physaphae.fr/article.php?IdArticle=8392318 False Threat None 3.0000000000000000 CybeReason - Vendor blog Fresh Off the Press: Les résultats de la 2023 MITER ENNÉNUITION ATT & AMP; CK & reg; Évaluations: Entreprise ont été publiés, mettant 30 solutions de sécurité au test dans des scénarios réels qui imitent l'acteur de la menace Turla.

---

Fresh off the press: the results of the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise have been published, putting 30 security solutions to the test in real world scenarios that mimic the Turla threat actor.]]> 2023-09-20T13:10:48+00:00 https://www.cybereason.com/blog/cybereason-delivers-100-scores-in-2023-mitre-attck-evaluations-for-enterprise www.secnews.physaphae.fr/article.php?IdArticle=8385858 False Threat None 2.0000000000000000 CybeReason - Vendor blog ]]> 2023-08-21T20:45:00+00:00 https://www.cybereason.com/blog/threat-analysis-assemble-lockbit-3 www.secnews.physaphae.fr/article.php?IdArticle=8372917 False Threat None 2.0000000000000000 CybeReason - Vendor blog La cyberréasie est ravie d'annoncer un développement significatif dans son approche pour stocker des données de chasse à long terme (télémétrie collectée par nos capteurs pas \\ 'Données bénignes \' détectées par et liées à un malveillantOpération, ou ]]> 2023-04-26T14:16:20+00:00 https://www.cybereason.com/blog/cybereason-announces-unified-threat-hunting-and-investigation www.secnews.physaphae.fr/article.php?IdArticle=8331281 False Threat None 2.0000000000000000 CybeReason - Vendor blog The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of GootLoader through heavily-obfuscated JavaScript files. In addition to the new techniques used to load GootLoader, Cybereason also observed Cobalt Strike deployment, which leveraged DLL Hijacking, on top of a VLC MediaPlayer executable. ]]> 2023-02-07T18:17:40+00:00 https://www.cybereason.com/blog/threat-alert-gootloader-seo-poisoning-and-large-payloads-leading-to-compromise www.secnews.physaphae.fr/article.php?IdArticle=8308008 False Threat,Guideline None 3.0000000000000000 CybeReason - Vendor blog What you need to know about this attack framework before it replaces Cobalt Strike ]]> 2023-01-19T13:00:00+00:00 https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors www.secnews.physaphae.fr/article.php?IdArticle=8302538 False Threat None 5.0000000000000000 CybeReason - Vendor blog BACKGROUND In this Threat Analysis report, the Cybereason team investigates a recent IcedID infection that illustrates the tactics, techniques, and procedures (TTPs) used in a recent campaign. IcedID, also known as BokBot, is traditionally known as a banking trojan used to steal financial information from its victims. It has been around since at least 2017 and has been tied to the threat group TA551. ]]> 2023-01-10T12:00:00+00:00 https://www.cybereason.com/blog/threat-analysis-from-icedid-to-domain-compromise www.secnews.physaphae.fr/article.php?IdArticle=8299550 False Threat None 4.0000000000000000 CybeReason - Vendor blog ]]> 2022-12-05T06:00:00+00:00 https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer www.secnews.physaphae.fr/article.php?IdArticle=8287706 False Threat,Threat None 3.0000000000000000 CybeReason - Vendor blog In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organizations worldwide. The cyber gang Conti with Russian-linked ties managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor. ]]> 2022-12-01T11:00:00+00:00 https://www.cybereason.com/blog/nine-cybersecurity-predictions-for-2023 www.secnews.physaphae.fr/article.php?IdArticle=8286221 False Ransomware,Threat None 3.0000000000000000 CybeReason - Vendor blog When it was founded in 2011, Norse Corp.-which described itself as "the world's largest dedicated threat intelligence network"-had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millions of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.?]]> 2022-11-29T16:09:58+00:00 https://www.cybereason.com/blog/malicious-life-podcast-how-to-not-build-a-cybersecurity-startup www.secnews.physaphae.fr/article.php?IdArticle=8282772 False Threat None 3.0000000000000000 CybeReason - Vendor blog This Threat Analysis Report is part of the Purple Team Series. In this series, the Managed Detection and Response (MDR) and Threat Intelligence teams from the Cybereason Global Security Operations Center (GSOC) explore widely used attack techniques, outline how threat actors leverage these techniques, describe how to reproduce an attack, and report how defenders can detect and prevent these attacks.]]> 2022-10-21T12:00:00+00:00 https://www.cybereason.com/blog/threat-analysis-report-dll-side-loading-widely-abused www.secnews.physaphae.fr/article.php?IdArticle=7604633 False Threat None None CybeReason - Vendor blog ]]> 2022-08-31T14:41:39+00:00 https://www.cybereason.com/blog/the-importance-of-actionable-threat-intelligence www.secnews.physaphae.fr/article.php?IdArticle=6647969 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. In this article, the Cybereason Research team exposes Redeemer 2.0, an updated version of the original ransomware.]]> 2022-08-19T14:57:16+00:00 https://www.cybereason.com/blog/threat-alert-inside-the-redeemer-2.0-ransomware www.secnews.physaphae.fr/article.php?IdArticle=6415545 False Ransomware,Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2022-07-07T14:02:10+00:00 https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices www.secnews.physaphae.fr/article.php?IdArticle=5595490 True Threat None None CybeReason - Vendor blog The looming threat of new ransomware models was the top concern of executives in the fall of 2021, reported Gartner. Less than a year later, organizations find themselves facing an escalation of that very threat. ]]> 2022-07-07T13:25:56+00:00 https://www.cybereason.com/blog/whats-new-with-ransomware-gangs www.secnews.physaphae.fr/article.php?IdArticle=5595491 False Ransomware,Threat None None CybeReason - Vendor blog Ransomware continues to dominate the threat landscape in 2022. Organizations are under siege from a wide variety of threats, but ransomware offers threat actors a unique combination of very low risk with very high reward-which is why the volume of ransomware attacks nearly doubled from the previous year, and the total cost of ransomware was estimated to exceed $20 billion.]]> 2022-06-07T10:00:00+00:00 https://www.cybereason.com/blog/report-ransomware-attacks-and-the-true-cost-to-business-2022 www.secnews.physaphae.fr/article.php?IdArticle=5020824 False Ransomware,Threat None None CybeReason - Vendor blog ]]> 2022-06-03T13:10:32+00:00 https://www.cybereason.com/blog/webinar-june-30th-2022-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4952687 True Ransomware,Threat None None CybeReason - Vendor blog ]]> 2022-05-16T17:03:08+00:00 https://www.cybereason.com/blog/achieve-faster-more-accurate-response-with-cybereason-threat-intelligence www.secnews.physaphae.fr/article.php?IdArticle=4659375 False Threat None None CybeReason - Vendor blog ]]> 2022-05-16T13:26:55+00:00 https://www.cybereason.com/blog/webinar-june-2nd-2022-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4657307 True Ransomware,Threat None None CybeReason - Vendor blog The atrocities taking place in Ukraine are truly tragic. It is personal to me. I've had the opportunity to work alongside cyber experts in Ukraine–providing time and resources over the years to help with cyber deterrence, and I watched anxiously as tensions escalated earlier this year. Russia may have launched its physical invasion of its neighbor on February 24, but Russia and threat actors aligned with Russia have been targeting Ukraine with cyberattacks for years. ]]> 2022-05-12T15:54:00+00:00 https://www.cybereason.com/blog/russia-is-waging-cyberwar-with-little-success www.secnews.physaphae.fr/article.php?IdArticle=4584870 False Threat None 4.0000000000000000 CybeReason - Vendor blog Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand under the assumption it will return business operations to normal–ultimately encouraging more attacks–and we have a big problem with no easy remedies. ]]> 2022-05-09T12:40:12+00:00 https://www.cybereason.com/blog/how-do-ransomware-attacks-impact-victim-organizations-stock www.secnews.physaphae.fr/article.php?IdArticle=4567955 False Ransomware,Threat None 3.0000000000000000 CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2022-05-02T18:35:55+00:00 https://www.cybereason.com/blog/webinar-may-12th-2022-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4534265 True Ransomware,Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2022-04-25T11:47:39+00:00 https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems www.secnews.physaphae.fr/article.php?IdArticle=4504263 True Threat None None CybeReason - Vendor blog Ransomware operators have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises.]]> 2022-04-13T15:38:18+00:00 https://www.cybereason.com/blog/webinar-april-26th-profile-of-the-dark-economy-of-ransomware www.secnews.physaphae.fr/article.php?IdArticle=4442028 False Ransomware,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. Join this session to learn more about how mature security teams can more effectively manage a modern ransomware operation and avoid a system-wide takeover by bad actors - delivered through a step-by-step walkthrough of an attack: Why ransomware continues to evolve & common delivery methods The differences and similarities between ransomware and other forms of malware Common methods attackers use to escalate their operations Reliable techniques Defenders can use to end active ransomware operators in their environments ]]> 2022-04-01T05:00:00+00:00 https://www.cybereason.com/blog/webinar-april-14th-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4394832 True Ransomware,Threat None None CybeReason - Vendor blog The MITRE Engenuity ATT&CK® Evaluations for Enterprise has quickly become the de facto authority for measuring the effectiveness of security solutions against real world scenarios that mimic advanced persistent threat attack progressions.]]> 2022-03-31T20:07:58+00:00 https://www.cybereason.com/blog/cybereason-excels-in-the-2022-mitre-attck-evaluations-100-prevention-visibility-and-real-time-protection www.secnews.physaphae.fr/article.php?IdArticle=4375400 False Threat None None CybeReason - Vendor blog Later this week MITRE Engenuity will be releasing the results from their fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. In this article, we'll review why MITRE is the preeminent organization providing third-party evaluations of vendor solutions, and the key metrics to look for when evaluating the effectiveness of a solution.]]> 2022-03-28T15:00:25+00:00 https://www.cybereason.com/blog/mitre-attck-wizard-spider-and-sandworm-evaluations-explained www.secnews.physaphae.fr/article.php?IdArticle=4354342 False Threat None None CybeReason - Vendor blog The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks.]]> 2022-03-25T20:02:36+00:00 https://www.cybereason.com/blog/webinar-april-7th-2021-mitre-attck-evaluations-explained www.secnews.physaphae.fr/article.php?IdArticle=4342032 False Ransomware,Threat NotPetya,NotPetya None CybeReason - Vendor blog What is an AI-driven XDR solution? AI-driven Extended Detection and Response (XDR) is a specific approach for advanced threat detection and automated response. AI-driven XDR extends continuous threat detection and monitoring across an organization's endpoints, cloud workloads, applications, and the network.]]> 2022-03-23T12:59:50+00:00 https://www.cybereason.com/blog/ai-driven-xdr-defeating-the-most-complex-attack-sequences www.secnews.physaphae.fr/article.php?IdArticle=4329237 False Threat None None CybeReason - Vendor blog Authentication platform Okta is reportedly investigating a potential breach after threat actors under the moniker Lapsus$ posted screenshots allegedly showing they had gained access to the company's internal environment. If confirmed, the attack could put the security of Okta's customers at risk. ]]> 2022-03-22T15:40:28+00:00 https://www.cybereason.com/blog/authentication-platform-okta-investigates-alleged-breach www.secnews.physaphae.fr/article.php?IdArticle=4324473 False Threat None None CybeReason - Vendor blog The U.S. Treasury Department estimates that U.S. companies have paid $1.6 billion in ransomware attacks since 2011. Given the lucrative nature of ransomware attacks, the threat shows no signs of diminishing. In fact, the ransomware threat is constantly changing and evolving as attackers use more and more sophisticated techniques and vulnerabilities to gain access to organizations' data and networks. ]]> 2022-03-22T13:15:00+00:00 https://www.cybereason.com/blog/cybereason-vs.-carbon-black-why-delayed-detections-matter www.secnews.physaphae.fr/article.php?IdArticle=4323833 False Ransomware,Threat None None CybeReason - Vendor blog Regardless of whether you are performing Threat Hunting across your most recent dataset or your long-term historical datasets, an important dimension to your data is the enrichment and contextualization process. Contextual data provides the Threat Hunter (“hunter”) with additional data points and a more complete picture of the activity, allowing them to make more informed decisions about whether the activity should be investigated further or disregarded.  ]]> 2022-03-17T13:50:48+00:00 https://www.cybereason.com/blog/enriching-raw-telemetry-with-the-cybereason-historical-data-lake www.secnews.physaphae.fr/article.php?IdArticle=4298497 False Threat None None CybeReason - Vendor blog Several trends are driving Managed Detection and Response (MDR) adoption as a viable alternative for organizations that don't necessarily have the resources on-hand to conduct intense threat hunting internally. The MDR market is expected to reach over $7 billion by 2028. That's up from $974.9 million in 2020, per Big News Network.]]> 2022-03-16T12:43:23+00:00 https://www.cybereason.com/blog/leveraging-the-x-in-xdr-correlating-across-multiple-sources-of-telemetry www.secnews.physaphae.fr/article.php?IdArticle=4292050 False Threat None None CybeReason - Vendor blog The situation in Ukraine continues to be tenuous, and global intelligence sources are advising that the threat of Russian state-sponsored and state-condoned attacks targeting Western nations and organizations remains high. Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive…yet.]]> 2022-03-16T12:33:41+00:00 https://www.cybereason.com/blog/webinar-march-29th-assessing-the-cyberattack-risk-in-the-russia-ukraine-conflict www.secnews.physaphae.fr/article.php?IdArticle=4292051 False Threat None None CybeReason - Vendor blog Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990's and now represent over 20 industry sectors. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community - check it out...]]> 2022-03-10T14:39:49+00:00 https://www.cybereason.com/blog/ciso-stories-podcast-lessons-learned-from-building-an-isac www.secnews.physaphae.fr/article.php?IdArticle=4254730 False Threat None None CybeReason - Vendor blog Continuous, real-time threat hunting is one of the key capabilities that organizations need today. By sharing the strategies that our Threat Hunting and Incident Response teams use, I hope to show you how you can implement threat hunting on your network as an integral part of your security operations.]]> 2022-03-09T14:41:21+00:00 https://www.cybereason.com/blog/threat-hunting-from-lolbins-to-your-crown-jewels www.secnews.physaphae.fr/article.php?IdArticle=4250340 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2022-03-07T16:57:52+00:00 https://www.cybereason.com/blog/threat-alert-emotet-targeting-japanese-organizations www.secnews.physaphae.fr/article.php?IdArticle=4242496 True Threat None None CybeReason - Vendor blog In January, CISA, the FBI and the NSA released a joint Cybersecurity Advisory (CSA), titled Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, that provided an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures (TTPs), as well as detection actions, incident response guidance, and recommended mitigations. "Russian state-sponsored APT actors have used sophisticated cyber capabilities to target a variety of U.S. and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors," the advisory states.  "Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware... CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting." While critical infrastructure defense has always been high priority objective, there's still some disconnect in the world of critical infrastructure security around preparedness. According to a report covered by PRNewswire, a majority (84%) of critical infrastructure organizations indicated they had suffered at least one security breach involving their Operational Technology (OT) between 2018 and 2021; yet, 56% of respondents to the same study said they were “highly confident” that they wouldn't experience an OT breach in 2022.]]> 2022-02-16T14:10:02+00:00 https://www.cybereason.com/blog/securing-critical-infrastructure-with-xdr www.secnews.physaphae.fr/article.php?IdArticle=4137694 False Threat None None CybeReason - Vendor blog The situation in Ukraine continues to fluctuate, and U.S. intelligence sources are advising that Russia is preparing for an imminent invasion. Cyberattacks have already been observed in the conflict, and I expect diversions, distractions, and false flags as tensions escalate. There is also the potential risk of other threat actors being opportunistic under the cover of Russian aggression.]]> 2022-02-15T22:11:13+00:00 https://www.cybereason.com/blog/addressing-the-risk-from-cyberattacks-in-the-russia-ukraine-conflict www.secnews.physaphae.fr/article.php?IdArticle=4136011 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center Team (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. ]]> 2022-02-10T11:00:00+00:00 https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot www.secnews.physaphae.fr/article.php?IdArticle=4105031 True Threat,Guideline None None CybeReason - Vendor blog There's no doubt about it, ransomware attackers are increasingly targeting organizations in the financial services sector. As reported by Berkley Financial Specialists, financial institutions reported 635 ransomware-related events in the first half of 2021. That's a 30% increase over the same from the previous year. ]]> 2022-02-08T14:13:21+00:00 http://www.cybereason.com/blog/financial-services-and-the-evolving-ransomware-threat www.secnews.physaphae.fr/article.php?IdArticle=4094316 False Ransomware,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2022-02-08T10:00:00+00:00 http://www.cybereason.com/blog/webinar-february-24th-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4095691 True Ransomware,Threat None None CybeReason - Vendor blog Cybereason released new reports this week sharing discoveries made by our researchers related to two different Iranian threat actors. One of the keys to giving Defenders the tools they need to reverse the adversary advantage is understanding how attackers think and the tools they use-which is why research into emerging tactics and techniques is essential. ]]> 2022-02-04T15:18:38+00:00 http://www.cybereason.com/blog/iranian-threat-actors-turn-up-heat-on-cyber-cold-war www.secnews.physaphae.fr/article.php?IdArticle=4081134 False Threat None None CybeReason - Vendor blog Today's advanced threat actors are capable of gaining access to your network and moving laterally to more sensitive systems in just minutes. Therefore, detection, insight, and speed of response are critical to preventing business disruption, data theft or ransomware.]]> 2022-02-04T11:00:00+00:00 http://www.cybereason.com/blog/responding-to-multi-endpoint-threats-with-xdr www.secnews.physaphae.fr/article.php?IdArticle=4091162 False Threat None None CybeReason - Vendor blog For many Security Operations Centers (SOCs), conducting effective queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt. ]]> 2022-01-20T13:33:58+00:00 https://www.cybereason.com/blog/cybereason-xdr-10x-faster-threat-hunting www.secnews.physaphae.fr/article.php?IdArticle=4003763 False Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2022-01-19T10:00:00+00:00 https://www.cybereason.com/blog/webinar-february-3rd-2022-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=4003768 True Ransomware,Threat None None CybeReason - Vendor blog Managed Detection and Response (MDR) isn't a new concept. Organizations of all shapes and sizes work with security vendors to help manage their network security and address common use cases such as; talent shortages, operations teams that are stretched thin, alert fatigue, and 24x7 threat hunting and remediation.  ]]> 2022-01-14T17:03:05+00:00 https://www.cybereason.com/blog/the-malop-severity-score-because-every-second-counts www.secnews.physaphae.fr/article.php?IdArticle=3965495 False Threat None None CybeReason - Vendor blog As attacks get more complex, organizations are increasingly prioritizing threat detection and response capabilities. In a January 2020 survey, the SANS Institute learned that half of IT and security leaders planned on increasing their investment in network detection and response tools to help their organizations better defend against emerging threats. ]]> 2022-01-12T14:00:22+00:00 http://www.cybereason.com/blog/edr-mdr-and-xdr-what-are-the-differences www.secnews.physaphae.fr/article.php?IdArticle=3952463 False Threat,Guideline None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. ]]> 2021-12-16T17:48:04+00:00 https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool www.secnews.physaphae.fr/article.php?IdArticle=3808681 True Tool,Threat None None CybeReason - Vendor blog Cybereason and Google Cloud have unveiled Cybereason XDR powered by Google Chronicle, the first AI-driven XDR platform capable of ingesting and analyzing threat data from across the entire IT environment.]]> 2021-12-14T13:41:32+00:00 https://www.cybereason.com/blog/introducing-cybereason-xdr-powered-by-google-chronicle www.secnews.physaphae.fr/article.php?IdArticle=3793899 False Threat None None CybeReason - Vendor blog In November of 2021, Cybereason released a special report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our senior producer, talked with Ken Westin, Director of Security Strategy at Cybereason, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous - check it out...]]> 2021-12-13T13:08:24+00:00 https://www.cybereason.com/blog/malicious-life-podcast-ransomware-attackers-dont-take-holidays www.secnews.physaphae.fr/article.php?IdArticle=3788417 False Ransomware,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-12-10T02:00:00+00:00 https://www.cybereason.com/blog/webinar-january-11th-2022-live-attack-simulation-ransomware-threat-hunte www.secnews.physaphae.fr/article.php?IdArticle=3793905 True Ransomware,Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. ]]> 2021-12-09T20:10:19+00:00 https://www.cybereason.com/blog/threat-alert-the-return-of-emotet www.secnews.physaphae.fr/article.php?IdArticle=3770547 True Threat None None CybeReason - Vendor blog Cybereason recently released a research report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, that focuses on the threat that ransomware attacks during the weekends and holidays pose to organizations as we move into the holiday season. The global survey includes responses from 1,200+ security professionals at organizations that have previously suffered a successful ransomware attack.]]> 2021-11-29T06:00:00+00:00 https://www.cybereason.com/blog/webinar-december-1st-ransomware-attackers-dont-take-holidays www.secnews.physaphae.fr/article.php?IdArticle=3727969 False Ransomware,Threat None None CybeReason - Vendor blog Double extortion is one of the most prevalent ransomware tactics today. The attackers first exfiltrate sensitive information from their target before launching the ransomware encryption routine. The threat actor then demands a ransom payment in order to regain access to the encrypted assets along with an additional threat to publicly expose or otherwise release the data if the ransom demand is not met promptly.]]> 2021-11-23T13:29:20+00:00 https://www.cybereason.com/blog/which-data-do-ransomware-attackers-target-for-double-extortion www.secnews.physaphae.fr/article.php?IdArticle=3698148 False Ransomware,Threat None None CybeReason - Vendor blog Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? Ricardo Lafosse, CISO at Kraft Heinz, explains - check it out...]]> 2021-11-18T12:06:57+00:00 https://www.cybereason.com/blog/ciso-stories-podcast-who-is-your-soc-really-for www.secnews.physaphae.fr/article.php?IdArticle=3674384 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. ]]> 2021-11-09T18:46:51+00:00 https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3634022 True Ransomware,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-29T15:49:18+00:00 https://www.cybereason.com/blog/webinar-november-11-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3581299 True Ransomware,Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2021-10-28T13:00:12+00:00 https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware www.secnews.physaphae.fr/article.php?IdArticle=3576713 True Malware,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-28T12:00:00+00:00 https://www.cybereason.com/blog/webinar-live-attack-simulation-emea-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3576715 True Ransomware,Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2021-10-27T17:25:51+00:00 https://www.cybereason.com/blog/threat-alert-malicious-code-implant-in-the-uaparser.js-library www.secnews.physaphae.fr/article.php?IdArticle=3574114 True Threat None None CybeReason - Vendor blog The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM-the threat actor behind the SolarWinds attacks-is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and IT services organizations in what at first glance appears to be a standard threat intelligence report, but upon examination more closely resembles a technical vulnerability disclosure. ]]> 2021-10-26T15:21:56+00:00 https://www.cybereason.com/blog/microsoft-publishes-veiled-mea-culpa-disguised-as-research www.secnews.physaphae.fr/article.php?IdArticle=3567535 False Vulnerability,Threat None None CybeReason - Vendor blog Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. ]]> 2021-10-25T16:22:58+00:00 https://www.cybereason.com/blog/webinar-live-attack-simulation-ransomware-threat-hunter-series www.secnews.physaphae.fr/article.php?IdArticle=3561119 False Ransomware,Threat None None CybeReason - Vendor blog Robust telemetry is essential to any threat detection and response strategy. Organizations need the ability to collect threat information from across their IT infrastructure so that they can see what's going on in their environments and correlate the intelligence across devices, personas, application suites, and the cloud so that it's actionable.]]> 2021-10-20T12:39:41+00:00 https://www.cybereason.com/blog/why-all-telemetry-is-essential-for-xdr-performance www.secnews.physaphae.fr/article.php?IdArticle=3537025 False Threat None None CybeReason - Vendor blog In July 2021, Nocturnus - the Cybereason Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies globally. Their investigation resulted in the discovery of a new threat actor dubbed MalKamak that has been operating since at least 2018, and a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control).]]> 2021-10-18T11:52:07+00:00 https://www.cybereason.com/blog/malicious-life-podcast-operation-ghostshell-an-iranian-espionage-campaign www.secnews.physaphae.fr/article.php?IdArticle=3526978 False Threat None None CybeReason - Vendor blog Cybersecurity defenders are under unprecedented pressure and attack from nearly every angle and every threat vector. To properly defend businesses, governments, hospitals, financial institutions and our critical infrastructure, security teams are accelerating their move to Extended Detection and Response (XDR). Properly executing and implementing XDR involves cutting-edge innovation, the very latest in detection technology, and most importantly the ability to collect and analyze all event telemetry data at scale. ]]> 2021-10-12T12:00:20+00:00 https://www.cybereason.com/blog/cybereason-and-google-cloud-join-forces-to-drive-xdr-innovation www.secnews.physaphae.fr/article.php?IdArticle=3504651 False Threat None None CybeReason - Vendor blog Editor's Note: Unlock the knowledge, resources and expert guidance you need to successfully prevent ransomware attacks from impacting your organization's operations with this complimentary Ransomware Toolkit... Recently, we introduced a blog series where we'll break down some key drivers of the ransomware threat landscape for Cybersecurity Awareness Month (formerly National Cybersecurity Awareness Month). We spent the first week analyzing Initial Access Brokers (IABs). For this week, let's focus on Ransomware-as-a-Service (RaaS). ]]> 2021-10-12T08:00:00+00:00 https://www.cybereason.com/blog/what-is-ransomware-as-a-service-and-how-does-it-work www.secnews.physaphae.fr/article.php?IdArticle=3507909 False Ransomware,Threat None None CybeReason - Vendor blog Information security practitioners have published a lot of articles around topics like how to build and run a security operations center (SOC) and specific SOC functions such as incident response and threat hunting. These topics are always important, as threat actors are constantly coming up with more sophisticated attack strategies and vectors.]]> 2021-10-04T11:59:49+00:00 https://www.cybereason.com/blog/running-robust-managed-detection-and-response-services www.secnews.physaphae.fr/article.php?IdArticle=3464876 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2021-09-27T17:05:50+00:00 https://www.cybereason.com/blog/threat-analysis-report-inside-the-destructive-pysa-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3434386 True Ransomware,Threat None None CybeReason - Vendor blog Every year, seemingly, there's a new story of some software like 'Tik Tok' or 'FaceApp' from a hostile country that may or may not be a security threat to us in the West. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible? Ira Winkler joins the discussion - check it out...]]> 2021-09-27T12:03:13+00:00 https://www.cybereason.com/blog/malicious-life-podcast-should-the-u.s.-ban-chinese-and-russian-technology www.secnews.physaphae.fr/article.php?IdArticle=3432870 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.]]> 2021-09-22T17:26:23+00:00 https://www.cybereason.com/blog/threat-analysis-report-printnightmare-and-magniber-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3413317 False Ransomware,Threat None None CybeReason - Vendor blog There's a growing need for the more holistic approach to threat detection and response that XDR can deliver. Why? Just look at what's going on in the digital threat landscape...]]> 2021-09-15T12:46:32+00:00 https://www.cybereason.com/blog/four-considerations-for-evaluating-xdr-platforms www.secnews.physaphae.fr/article.php?IdArticle=3371888 False Threat None None CybeReason - Vendor blog The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them.]]> 2021-09-10T16:00:00+00:00 https://www.cybereason.com/blog/threat-alert-microsoft-mshtml-remote-code-execution-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=3368203 False Vulnerability,Threat None None