This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:32:15+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world\'s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace]]> 2024-10-11T11:31:00+00:00 https://thehackernews.com/2024/10/bohemia-and-cannabia-dark-web-markets.html www.secnews.physaphae.fr/article.php?IdArticle=8595850 False Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat]]> 2024-10-10T18:57:00+00:00 https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8595444 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows]]> 2024-10-10T17:40:00+00:00 https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8595417 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond]]> 2024-10-10T16:30:00+00:00 https://thehackernews.com/2024/10/6-simple-steps-to-eliminate-soc-analyst.html www.secnews.physaphae.fr/article.php?IdArticle=8595386 False Technical None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script\'s obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many]]> 2024-10-10T12:48:00+00:00 https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html www.secnews.physaphae.fr/article.php?IdArticle=8595282 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A]]> 2024-10-10T11:14:00+00:00 https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html www.secnews.physaphae.fr/article.php?IdArticle=8595237 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in]]> 2024-10-10T09:54:00+00:00 https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html www.secnews.physaphae.fr/article.php?IdArticle=8595215 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create]]> 2024-10-09T22:30:00+00:00 https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html www.secnews.physaphae.fr/article.php?IdArticle=8594959 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera]]> 2024-10-09T21:03:00+00:00 https://thehackernews.com/2024/10/researchers-uncover-major-security.html www.secnews.physaphae.fr/article.php?IdArticle=8594910 False Vulnerability,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240]]> 2024-10-09T19:03:00+00:00 https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html www.secnews.physaphae.fr/article.php?IdArticle=8594874 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Social media accounts help shape a brand\'s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access - a situation no organization wants as]]> 2024-10-09T16:30:00+00:00 https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html www.secnews.physaphae.fr/article.php?IdArticle=8594792 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn\'t include the 25 additional flaws that the tech giant addressed in its Chromium-based]]> 2024-10-09T12:23:00+00:00 https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html www.secnews.physaphae.fr/article.php?IdArticle=8594696 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result]]> 2024-10-09T09:52:00+00:00 https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html www.secnews.physaphae.fr/article.php?IdArticle=8594634 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated]]> 2024-10-08T22:08:00+00:00 https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8594380 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware]]> 2024-10-08T21:56:00+00:00 https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html www.secnews.physaphae.fr/article.php?IdArticle=8594381 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until]]> 2024-10-08T16:47:00+00:00 https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8594214 False Tool,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it\'s an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking]]> 2024-10-08T16:28:00+00:00 https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html www.secnews.physaphae.fr/article.php?IdArticle=8594215 False Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cybersecurity, one of the most important areas of application of AI is augmenting and enhancing identity management]]> 2024-10-08T15:40:00+00:00 https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html www.secnews.physaphae.fr/article.php?IdArticle=8594216 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. "The ultimate goal of]]> 2024-10-08T14:51:00+00:00 https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html www.secnews.physaphae.fr/article.php?IdArticle=8594153 False Malware,Threat GoldenJackal 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack." However, it said "no significant damage" was caused and that everything was working normally]]> 2024-10-08T11:19:00+00:00 https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html www.secnews.physaphae.fr/article.php?IdArticle=8594038 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption]]> 2024-10-08T09:37:00+00:00 https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8594013 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That\'s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating]]> 2024-10-07T16:55:00+00:00 https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html www.secnews.physaphae.fr/article.php?IdArticle=8593616 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.  While traditional password-based systems offer]]> 2024-10-07T15:35:00+00:00 https://thehackernews.com/2024/10/modernization-of-authentication-webinar.html www.secnews.physaphae.fr/article.php?IdArticle=8593591 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000 commands designed]]> 2024-10-07T15:29:00+00:00 https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html www.secnews.physaphae.fr/article.php?IdArticle=8593592 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute]]> 2024-10-07T15:00:00+00:00 https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8593566 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week\'s cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it\'s too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four]]> 2024-10-07T14:46:00+00:00 https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html www.secnews.physaphae.fr/article.php?IdArticle=8593567 False Malware,Threat,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has announced that it\'s piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,]]> 2024-10-07T14:45:00+00:00 https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html www.secnews.physaphae.fr/article.php?IdArticle=8593568 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Europe\'s top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. "An online social network such as Facebook cannot use all of the personal data]]> 2024-10-07T12:02:00+00:00 https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html www.secnews.physaphae.fr/article.php?IdArticle=8593494 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user\'s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with]]> 2024-10-05T10:20:00+00:00 https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html www.secnews.physaphae.fr/article.php?IdArticle=8592407 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans\' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials]]> 2024-10-04T18:36:00+00:00 https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html www.secnews.physaphae.fr/article.php?IdArticle=8592022 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -]]> 2024-10-04T15:23:00+00:00 https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html www.secnews.physaphae.fr/article.php?IdArticle=8591909 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (]]> 2024-10-04T15:20:00+00:00 https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html www.secnews.physaphae.fr/article.php?IdArticle=8591910 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was]]> 2024-10-04T14:41:00+00:00 https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html www.secnews.physaphae.fr/article.php?IdArticle=8591911 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that\'s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This]]> 2024-10-03T22:30:00+00:00 https://thehackernews.com/2024/10/android-14-adds-new-security-features.html www.secnews.physaphae.fr/article.php?IdArticle=8591425 False Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) For years, securing a company\'s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem]]> 2024-10-03T20:36:00+00:00 https://thehackernews.com/2024/10/the-secret-weakness-execs-are.html www.secnews.physaphae.fr/article.php?IdArticle=8591355 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. "When a new user logs]]> 2024-10-03T19:45:00+00:00 https://thehackernews.com/2024/10/new-perfctl-malware-targets-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8591314 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,]]> 2024-10-03T18:30:00+00:00 https://thehackernews.com/2024/10/north-korean-hackers-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8591272 False Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) INTERPOL has announced the arrest of eight individuals in Côte d\'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune]]> 2024-10-03T14:40:00+00:00 https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8591161 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who]]> 2024-10-03T12:45:00+00:00 https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=8591058 False Ransomware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An]]> 2024-10-03T11:36:00+00:00 https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html www.secnews.physaphae.fr/article.php?IdArticle=8591026 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that\'s also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial]]> 2024-10-02T22:24:00+00:00 https://thehackernews.com/2024/10/fake-trading-apps-target-victims.html www.secnews.physaphae.fr/article.php?IdArticle=8590637 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The]]> 2024-10-02T20:51:00+00:00 https://thehackernews.com/2024/10/china-linked-ceranakeeper-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8590559 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"]]> 2024-10-02T20:38:00+00:00 https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html www.secnews.physaphae.fr/article.php?IdArticle=8590560 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout]]> 2024-10-02T18:30:00+00:00 https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html www.secnews.physaphae.fr/article.php?IdArticle=8590487 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,]]> 2024-10-02T17:43:00+00:00 https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html www.secnews.physaphae.fr/article.php?IdArticle=8590451 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the]]> 2024-10-02T16:30:00+00:00 https://thehackernews.com/2024/10/5-must-have-tools-for-effective-dynamic.html www.secnews.physaphae.fr/article.php?IdArticle=8590411 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn\'t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a]]> 2024-10-02T15:30:00+00:00 https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html www.secnews.physaphae.fr/article.php?IdArticle=8590379 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor\'s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in its postjournal service that could enable unauthenticated attackers to]]> 2024-10-02T11:26:00+00:00 https://thehackernews.com/2024/10/researchers-sound-alarm-on-active.html www.secnews.physaphae.fr/article.php?IdArticle=8590232 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"]]> 2024-10-02T11:01:00+00:00 https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8590233 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what\'s called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in]]> 2024-10-01T22:04:00+00:00 https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8589787 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security]]> 2024-10-01T16:00:00+00:00 https://thehackernews.com/2024/10/5-actionable-steps-to-prevent-genai.html www.secnews.physaphae.fr/article.php?IdArticle=8589611 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it\'s being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,]]> 2024-10-01T12:02:00+00:00 https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html www.secnews.physaphae.fr/article.php?IdArticle=8589480 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm\'s orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks]]> 2024-10-01T10:42:00+00:00 https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html www.secnews.physaphae.fr/article.php?IdArticle=8589420 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court]]> 2024-10-01T07:32:00+00:00 https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html www.secnews.physaphae.fr/article.php?IdArticle=8589337 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could\'ve opened the door to remote attacks. Google\'s switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn\'t all good news – Kaspersky\'s forced exit from the US market left users with more]]> 2024-09-30T18:39:00+00:00 https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html www.secnews.physaphae.fr/article.php?IdArticle=8588897 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher]]> 2024-09-30T17:25:00+00:00 https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html www.secnews.physaphae.fr/article.php?IdArticle=8588854 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn\'t a new technique – so]]> 2024-09-30T16:50:00+00:00 https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html www.secnews.physaphae.fr/article.php?IdArticle=8588855 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Imagine a sophisticated cyberattack cripples your organization\'s most critical productivity and collaboration tool - the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock]]> 2024-09-30T16:00:00+00:00 https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html www.secnews.physaphae.fr/article.php?IdArticle=8588782 False Ransomware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users\' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union\'s]]> 2024-09-30T11:42:00+00:00 https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html www.secnews.physaphae.fr/article.php?IdArticle=8588629 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake]]> 2024-09-28T15:24:00+00:00 https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html www.secnews.physaphae.fr/article.php?IdArticle=8587241 False Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy]]> 2024-09-28T11:33:00+00:00 https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html www.secnews.physaphae.fr/article.php?IdArticle=8587109 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8) ]]> 2024-09-27T21:14:00+00:00 https://thehackernews.com/2024/09/progress-software-releases-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8586643 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers\' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print]]> 2024-09-27T18:03:00+00:00 https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html www.secnews.physaphae.fr/article.php?IdArticle=8586529 False Vulnerability None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.]]> 2024-09-27T16:56:00+00:00 https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html www.secnews.physaphae.fr/article.php?IdArticle=8586456 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent]]> 2024-09-27T16:41:00+00:00 https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html www.secnews.physaphae.fr/article.php?IdArticle=8586457 False Ransomware,Threat,Legislation,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you\'re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you\'re always informed and equipped for]]> 2024-09-27T14:34:00+00:00 https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html www.secnews.physaphae.fr/article.php?IdArticle=8586376 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF]]> 2024-09-27T14:30:00+00:00 https://thehackernews.com/2024/09/new-html-smuggling-campaign-delivers.html www.secnews.physaphae.fr/article.php?IdArticle=8586377 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through]]> 2024-09-27T13:17:00+00:00 https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html www.secnews.physaphae.fr/article.php?IdArticle=8586336 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and]]> 2024-09-27T11:24:00+00:00 https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html www.secnews.physaphae.fr/article.php?IdArticle=8586271 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security]]> 2024-09-26T21:32:00+00:00 https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html www.secnews.physaphae.fr/article.php?IdArticle=8585750 False Vulnerability None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That\'s what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It\'s time for a change.]]> 2024-09-26T17:58:00+00:00 https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html www.secnews.physaphae.fr/article.php?IdArticle=8585628 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces\' already extensive arsenal]]> 2024-09-26T17:58:00+00:00 https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html www.secnews.physaphae.fr/article.php?IdArticle=8585629 False Malware,Threat APT 43 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don\'t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don\'t have the time - or the budget - to]]> 2024-09-26T16:30:00+00:00 https://thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html www.secnews.physaphae.fr/article.php?IdArticle=8585579 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The]]> 2024-09-26T16:13:00+00:00 https://thehackernews.com/2024/09/watering-hole-attack-on-kurdish-sites.html www.secnews.physaphae.fr/article.php?IdArticle=8585580 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming]]> 2024-09-26T11:48:00+00:00 https://thehackernews.com/2024/09/cloudflare-warns-of-india-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8585401 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators]]> 2024-09-26T10:19:00+00:00 https://thehackernews.com/2024/09/chinese-hackers-infiltrate-us-internet.html www.secnews.physaphae.fr/article.php?IdArticle=8585335 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch]]> 2024-09-25T22:30:00+00:00 https://thehackernews.com/2024/09/googles-shift-to-rust-programming-cuts.html www.secnews.physaphae.fr/article.php?IdArticle=8584894 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users\' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said]]> 2024-09-25T19:42:00+00:00 https://thehackernews.com/2024/09/mozilla-faces-privacy-complaint-for.html www.secnews.physaphae.fr/article.php?IdArticle=8584804 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers\' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42\'s Dominik]]> 2024-09-25T18:08:00+00:00 https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html www.secnews.physaphae.fr/article.php?IdArticle=8584805 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it\'s too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link\'s true destination]]> 2024-09-25T16:50:00+00:00 https://thehackernews.com/2024/09/expert-tips-on-how-to-spot-phishing-link.html www.secnews.physaphae.fr/article.php?IdArticle=8584685 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn\'t fully delivered on its potential, leaving SOCs still grappling with many of the same]]> 2024-09-25T15:20:00+00:00 https://thehackernews.com/2024/09/agentic-ai-in-socs-solution-to-soars.html www.secnews.physaphae.fr/article.php?IdArticle=8584650 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched security vulnerability in OpenAI\'s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool\'s memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions]]> 2024-09-25T15:01:00+00:00 https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html www.secnews.physaphae.fr/article.php?IdArticle=8584616 False Tool,Vulnerability ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many]]> 2024-09-25T12:33:00+00:00 https://thehackernews.com/2024/09/transportation-companies-hit-by.html www.secnews.physaphae.fr/article.php?IdArticle=8584546 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the]]> 2024-09-25T11:31:00+00:00 https://thehackernews.com/2024/09/cisa-flags-critical-ivanti-vtm.html www.secnews.physaphae.fr/article.php?IdArticle=8584503 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include - Wuta Camera - Nice Shot Always (com.benqu.wuta) - 10+ million]]> 2024-09-24T21:43:00+00:00 https://thehackernews.com/2024/09/necro-android-malware-found-in-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8584015 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Commerce (DoC) said it\'s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People\'s Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated]]> 2024-09-24T18:33:00+00:00 https://thehackernews.com/2024/09/us-proposes-ban-on-connected-vehicles.html www.secnews.physaphae.fr/article.php?IdArticle=8583870 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware is no longer just a threat; it\'s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there\'s good news: you don\'t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and]]> 2024-09-24T17:30:00+00:00 https://thehackernews.com/2024/09/discover-latest-ransomware-tactics-and.html www.secnews.physaphae.fr/article.php?IdArticle=8583774 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. "Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," the company said in a post announcing the move on September 21. "This update ensured that users]]> 2024-09-24T17:28:00+00:00 https://thehackernews.com/2024/09/kaspersky-exits-us-automatically.html www.secnews.physaphae.fr/article.php?IdArticle=8583823 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If]]> 2024-09-24T16:30:00+00:00 https://thehackernews.com/2024/09/the-sspm-justification-kit.html www.secnews.physaphae.fr/article.php?IdArticle=8583775 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have]]> 2024-09-24T15:07:00+00:00 https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8583727 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a major policy reversal, the popular messaging app Telegram has announced it will give users\' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We\'ve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal]]> 2024-09-24T12:03:00+00:00 https://thehackernews.com/2024/09/telegram-agrees-to-share-user-data-with.html www.secnews.physaphae.fr/article.php?IdArticle=8583616 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hold on tight, folks, because last week\'s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let\'s dive into the details and see what lessons we can glean]]> 2024-09-23T16:50:00+00:00 https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html www.secnews.physaphae.fr/article.php?IdArticle=8582899 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Password resets can be frustrating for end users. Nobody likes being interrupted by the \'time to change your password\' notification – and they like it even less when the new passwords they create are rejected by their organization\'s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it\'s commonly]]> 2024-09-23T16:30:00+00:00 https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html www.secnews.physaphae.fr/article.php?IdArticle=8582900 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF\'s implementation of the tinydhcp server stemming from a lack of]]> 2024-09-23T15:28:00+00:00 https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8582860 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Popular social messaging platform Discord has announced that it\'s rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord\'s audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to]]> 2024-09-23T15:13:00+00:00 https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html www.secnews.physaphae.fr/article.php?IdArticle=8582861 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in]]> 2024-09-23T12:09:00+00:00 https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html www.secnews.physaphae.fr/article.php?IdArticle=8582747 False Malware,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia]]> 2024-09-23T10:19:00+00:00 https://thehackernews.com/2024/09/chinese-hackers-exploit-geoserver-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8582674 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims\' data and then destroy their infrastructure with a wiper to prevent recovery," Kaspersky said in a Friday analysis. "The approach is indicative of a]]> 2024-09-21T20:09:00+00:00 https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html www.secnews.physaphae.fr/article.php?IdArticle=8581440 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. Information Commissioner\'s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users\' data in the country to train its artificial intelligence (AI) models. "We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its U.K. users," Stephen]]> 2024-09-21T18:48:00+00:00 https://thehackernews.com/2024/09/linkedin-halts-ai-data-processing-in-uk.html www.secnews.physaphae.fr/article.php?IdArticle=8581371 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) in a post shared on Facebook. "I have always advocated and advocate for freedom of speech, but the issue of Telegram is]]> 2024-09-21T18:37:00+00:00 https://thehackernews.com/2024/09/ukraine-bans-telegram-use-for.html www.secnews.physaphae.fr/article.php?IdArticle=8581372 False None None 2.0000000000000000