This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:06:44+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated]]> 2023-10-03T20:29:00+00:00 https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8391037 False Threat,General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers\' websites, rendering the]]> 2023-10-03T14:59:00+00:00 https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html www.secnews.physaphae.fr/article.php?IdArticle=8390869 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that\'s being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more," Zscaler ThreatLabz researchers Niraj Shivtarkar and]]> 2023-10-02T11:01:00+00:00 https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html www.secnews.physaphae.fr/article.php?IdArticle=8390353 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants]]> 2023-09-30T15:19:00+00:00 https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html www.secnews.physaphae.fr/article.php?IdArticle=8389842 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability]]> 2023-09-30T09:44:00+00:00 https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html www.secnews.physaphae.fr/article.php?IdArticle=8389745 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first]]> 2023-09-29T22:13:00+00:00 https://thehackernews.com/2023/09/cybercriminals-using-new-asmcrypt.html www.secnews.physaphae.fr/article.php?IdArticle=8389581 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding]]> 2023-09-29T17:40:00+00:00 https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html www.secnews.physaphae.fr/article.php?IdArticle=8389485 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team,]]> 2023-09-28T15:43:00+00:00 https://thehackernews.com/2023/09/china-linked-budworm-targeting-middle.html www.secnews.physaphae.fr/article.php?IdArticle=8389005 False Malware,Threat APT 27 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker\'s targeted strike on]]> 2023-09-27T20:12:00+00:00 https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8388434 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a new joint report. The actor, active since]]> 2023-09-26T21:26:00+00:00 https://thehackernews.com/2023/09/shadowsyndicate-new-cybercrime-group.html www.secnews.physaphae.fr/article.php?IdArticle=8388055 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization\'s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly\'s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report]]> 2023-09-26T16:02:00+00:00 https://thehackernews.com/2023/09/threat-report-high-tech-industry.html www.secnews.physaphae.fr/article.php?IdArticle=8387963 False Threat,Studies None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future\'s Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government,]]> 2023-09-26T15:19:00+00:00 https://thehackernews.com/2023/09/chinese-hackers-tag-74-targets-south.html www.secnews.physaphae.fr/article.php?IdArticle=8387932 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy browser-based exploits against targeted users," Volexity security researchers Callum Roxan, Paul]]> 2023-09-25T16:04:00+00:00 https://thehackernews.com/2023/09/from-watering-hole-to-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8387555 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims\' machines, each cluster is characterized by distinct tools, modus operandi and infrastructure," Palo Alto]]> 2023-09-25T12:15:00+00:00 https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html www.secnews.physaphae.fr/article.php?IdArticle=8387516 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph\'s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination]]> 2023-09-23T16:40:00+00:00 https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html www.secnews.physaphae.fr/article.php?IdArticle=8387051 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream. "The activities we]]> 2023-09-22T01:25:00+00:00 https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8386440 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated]]> 2023-09-21T14:41:00+00:00 https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html www.secnews.physaphae.fr/article.php?IdArticle=8386223 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current]]> 2023-09-20T14:59:00+00:00 https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html www.secnews.physaphae.fr/article.php?IdArticle=8385730 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Targets located in Azerbaijan have been singled out as part of a new campaign that\'s designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers]]> 2023-09-19T17:35:00+00:00 https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html www.secnews.physaphae.fr/article.php?IdArticle=8385300 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary\'s attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on]]> 2023-09-19T16:40:00+00:00 https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8385302 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security]]> 2023-09-19T12:26:00+00:00 https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html www.secnews.physaphae.fr/article.php?IdArticle=8385200 False Malware,Tool,Threat APT 36 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,]]> 2023-09-18T08:46:00+00:00 https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8384683 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still]]> 2023-09-15T16:43:00+00:00 https://thehackernews.com/2023/09/the-interdependence-between-automated.html www.secnews.physaphae.fr/article.php?IdArticle=8383674 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this]]> 2023-09-15T14:19:00+00:00 https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html www.secnews.physaphae.fr/article.php?IdArticle=8383639 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate]]> 2023-09-15T09:44:00+00:00 https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html www.secnews.physaphae.fr/article.php?IdArticle=8383564 False Threat APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program\'s context or perform other malicious]]> 2023-09-14T19:37:00+00:00 https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html www.secnews.physaphae.fr/article.php?IdArticle=8382693 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,]]> 2023-09-13T19:01:00+00:00 https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html www.secnews.physaphae.fr/article.php?IdArticle=8382318 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust]]> 2023-09-13T17:16:00+00:00 https://thehackernews.com/2023/09/webinar-identity-threat-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8382301 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit (aka Bitwise Spider or Syrphid) in the target network. "3AM is written in Rust and appears to be a completely new malware family," the Symantec Threat Hunter Team, part of Broadcom, said in]]> 2023-09-13T15:26:00+00:00 https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html www.secnews.physaphae.fr/article.php?IdArticle=8382266 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant\'s Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA543 and Sagrid. "Beginning in July 2023, Storm-0324 was observed distributing payloads using an]]> 2023-09-13T14:47:00+00:00 https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8382203 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the organization\'s network," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with]]> 2023-09-12T15:48:00+00:00 https://thehackernews.com/2023/09/chinese-redfly-group-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=8381754 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as Charming Kiten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat. Victimology patterns suggest that the group primarily singles out education, government, and healthcare]]> 2023-09-11T18:54:00+00:00 https://thehackernews.com/2023/09/charming-kitens-new-backdoor-sponsor.html www.secnews.physaphae.fr/article.php?IdArticle=8381375 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang\'s]]> 2023-09-11T13:24:00+00:00 https://thehackernews.com/2023/09/cybercriminals-using-powershell-to.html www.secnews.physaphae.fr/article.php?IdArticle=8381180 False Tool,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses]]> 2023-09-09T11:55:00+00:00 https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html www.secnews.physaphae.fr/article.php?IdArticle=8380666 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a]]> 2023-09-08T16:57:00+00:00 https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8380410 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It\'s described as an authentication bypass flaw in the Cisco BroadWorks]]> 2023-09-08T16:56:00+00:00 https://thehackernews.com/2023/09/cisco-issues-urgent-fix-for.html www.secnews.physaphae.fr/article.php?IdArticle=8380411 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google\'s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships]]> 2023-09-08T14:22:00+00:00 https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8380377 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized]]> 2023-09-08T11:06:00+00:00 https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8380335 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer\'s corporate account. This enabled the adversary to access a debugging environment that contained a crash dump of the consumer signing system that took place in April 2021 and steal the key. “A consumer]]> 2023-09-07T12:44:00+00:00 https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html www.secnews.physaphae.fr/article.php?IdArticle=8379965 False Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs said in a report published last week. APT34, also known by]]> 2023-09-06T19:20:00+00:00 https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html www.secnews.physaphae.fr/article.php?IdArticle=8379668 False Threat APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, tracked as CVE-2023-34392 and from CVE-2023-31168]]> 2023-09-06T15:43:00+00:00 https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8379593 False Vulnerability,Threat,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16]]> 2023-09-06T14:14:00+00:00 https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8379554 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous malware strains developed in the Go language,” the AhnLab Security Emergency Response Center (ASEC) said in a deep dive]]> 2023-09-05T15:45:00+00:00 https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html www.secnews.physaphae.fr/article.php?IdArticle=8379144 False Malware,Tool,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.5) and]]> 2023-09-04T19:43:00+00:00 https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html www.secnews.physaphae.fr/article.php?IdArticle=8378786 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. “The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in the]]> 2023-09-04T11:00:00+00:00 https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html www.secnews.physaphae.fr/article.php?IdArticle=8378724 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller\'s strategy was to convince service desk personnel to reset all]]> 2023-09-02T09:42:00+00:00 https://thehackernews.com/2023/09/okta-warns-of-social-engineering.html www.secnews.physaphae.fr/article.php?IdArticle=8377865 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software]]> 2023-09-01T21:11:00+00:00 https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8377866 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional]]> 2023-08-31T19:45:00+00:00 https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html www.secnews.physaphae.fr/article.php?IdArticle=8377227 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three additional malicious Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at]]> 2023-08-31T18:16:00+00:00 https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html www.secnews.physaphae.fr/article.php?IdArticle=8377201 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics.]]> 2023-08-31T17:10:00+00:00 https://thehackernews.com/2023/08/numbers-dont-lie-exposing-harsh-truths.html www.secnews.physaphae.fr/article.php?IdArticle=8377174 False Threat,Studies None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit]]> 2023-08-31T14:52:00+00:00 https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8377104 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service, residential proxies, CAPTCHA farms, and other easily accessible tools.  Now, the latest technology damaging]]> 2023-08-30T17:18:00+00:00 https://thehackernews.com/2023/08/how-to-prevent-chatgpt-from-stealing.html www.secnews.physaphae.fr/article.php?IdArticle=8376696 False Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious activity dating back to 2021," software supply chain security firm Checkmarx said in a report shared]]> 2023-08-30T16:57:00+00:00 https://thehackernews.com/2023/08/malicious-npm-packages-aim-to-target.html www.secnews.physaphae.fr/article.php?IdArticle=8376697 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to]]> 2023-08-29T20:24:00+00:00 https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8376270 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what\'s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could]]> 2023-08-29T14:47:00+00:00 https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8376137 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (]]> 2023-08-28T21:35:00+00:00 https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html www.secnews.physaphae.fr/article.php?IdArticle=8375782 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing monitoring are necessary to fully protect web applications, identifying weaknesses so they can be]]> 2023-08-28T16:57:00+00:00 https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html www.secnews.physaphae.fr/article.php?IdArticle=8375669 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The attacker behind this incident decided to use a different ransom note with a headline related to a]]> 2023-08-26T15:56:00+00:00 https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html www.secnews.physaphae.fr/article.php?IdArticle=8374839 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital landscape, your business data is more than just numbers-it\'s a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn\'t a dream. It\'s reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic,]]> 2023-08-25T17:19:00+00:00 https://thehackernews.com/2023/08/learn-how-your-business-data-can.html www.secnews.physaphae.fr/article.php?IdArticle=8374508 False Threat,General Information None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda. "Flax Typhoon gains and maintains long-term access to Taiwanese organizations\' networks with minimal]]> 2023-08-25T16:11:00+00:00 https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8374472 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed Mammoths by the criminals. "This toolkit is]]> 2023-08-24T18:03:00+00:00 https://thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html www.secnews.physaphae.fr/article.php?IdArticle=8374067 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems\' positions by scanning nearby Wi-Fi access points as a data point for Google\'s geolocation API," Secureworks Counter Threat Unit (CTU) said in a statement]]> 2023-08-24T16:54:00+00:00 https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html www.secnews.physaphae.fr/article.php?IdArticle=8374039 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files.]]> 2023-08-24T16:42:00+00:00 https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8374040 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also known by the name Jade Sleet. An investigation undertaken by the FBI found]]> 2023-08-23T18:13:00+00:00 https://thehackernews.com/2023/08/north-korean-affiliates-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8373643 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device\'s camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said to be offered to other cybercriminals as]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html www.secnews.physaphae.fr/article.php?IdArticle=8373615 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at]]> 2023-08-22T16:50:00+00:00 https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8373073 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called]]> 2023-08-22T15:42:00+00:00 https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html www.secnews.physaphae.fr/article.php?IdArticle=8373055 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied]]> 2023-08-21T19:14:00+00:00 https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8372770 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it\'s not immediately clear how many of them were co-opted by malware installed on]]> 2023-08-21T15:39:00+00:00 https://thehackernews.com/2023/08/this-malware-turned-thousands-of-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8372694 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs said in a report]]> 2023-08-21T11:07:00+00:00 https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8372598 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That\'s according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the]]> 2023-08-19T11:58:00+00:00 https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html www.secnews.physaphae.fr/article.php?IdArticle=8372107 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems.  Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived]]> 2023-08-17T21:10:00+00:00 https://thehackernews.com/2023/08/china-linked-bronze-starlight-group.html www.secnews.physaphae.fr/article.php?IdArticle=8371316 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,]]> 2023-08-17T15:09:00+00:00 https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html www.secnews.physaphae.fr/article.php?IdArticle=8371161 False Malware,Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry\'s users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared]]> 2023-08-16T17:26:00+00:00 https://thehackernews.com/2023/08/experts-uncover-weaknesses-in.html www.secnews.physaphae.fr/article.php?IdArticle=8370674 False Threat None 5.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors\' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and]]> 2023-08-15T23:44:00+00:00 https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html www.secnews.physaphae.fr/article.php?IdArticle=8370359 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.]]> 2023-08-15T19:41:00+00:00 https://thehackernews.com/2023/08/monti-ransomware-returns-with-new-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8370268 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling]]> 2023-08-15T17:45:00+00:00 https://thehackernews.com/2023/08/malware-unleashed-public-sector-hit-in.html www.secnews.physaphae.fr/article.php?IdArticle=8370232 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join]]> 2023-08-15T13:01:00+00:00 https://thehackernews.com/2023/08/catching-catphish-join-expert-webinar.html www.secnews.physaphae.fr/article.php?IdArticle=8370106 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine]]> 2023-08-15T12:38:00+00:00 https://thehackernews.com/2023/08/north-korean-hackers-suspected-in-new.html www.secnews.physaphae.fr/article.php?IdArticle=8370107 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim\'s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker\'s Telegram bot, providing them with unauthorized access to the victim\'s sensitive information," Uptycs said in a new]]> 2023-08-14T21:24:00+00:00 https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8369978 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why SaaS Security Is a Challenge In today\'s digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a]]> 2023-08-14T16:43:00+00:00 https://thehackernews.com/2023/08/identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8369891 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu]]> 2023-08-11T19:53:00+00:00 https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8368956 False Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe]]> 2023-08-11T15:42:00+00:00 https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html www.secnews.physaphae.fr/article.php?IdArticle=8368885 False Malware,Threat,Industrial APT 31,APT 31 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation\'s critical infrastructure," Kurt Baumgartner, principal security researcher at]]> 2023-08-11T15:10:00+00:00 https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8368855 False Ransomware,Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations]]> 2023-08-10T15:15:00+00:00 https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html www.secnews.physaphae.fr/article.php?IdArticle=8368321 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers associated with China\'s Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel (previously Threat Activity Group-22 or TAG-222), which overlaps with a cluster of activity broadly]]> 2023-08-09T19:13:00+00:00 https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html www.secnews.physaphae.fr/article.php?IdArticle=8367909 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first]]> 2023-08-09T15:52:00+00:00 https://thehackernews.com/2023/08/uk-electoral-commission-breach-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8367831 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security, said. "However, Cloudflared differs from ngrok in that it provides a lot more usability for free,]]> 2023-08-08T17:52:00+00:00 https://thehackernews.com/2023/08/hackers-abusing-cloudflare-tunnels-for.html www.secnews.physaphae.fr/article.php?IdArticle=8367210 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. "The threat actor uses an uncommon technique to deliver the ransom note," security]]> 2023-08-08T14:23:00+00:00 https://thehackernews.com/2023/08/new-yashma-ransomware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8367147 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities.  "LOLBAS is an attack method that uses binaries and scripts that are already part of the system for malicious purposes," Pentera security researcher Nir Chako said. "This makes it hard for security teams]]> 2023-08-08T12:53:00+00:00 https://thehackernews.com/2023/08/lolbas-in-wild-11-living-off-land.html www.secnews.physaphae.fr/article.php?IdArticle=8367116 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to "exploit trusted criminal networks," describing it as an instance of advanced threat actors "]]> 2023-08-07T21:27:00+00:00 https://thehackernews.com/2023/08/new-malware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8366834 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. "Port]]> 2023-08-05T13:22:00+00:00 https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8366011 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging a technique called versioning to evade Google Play Store\'s malware detections and target Android users. "Campaigns using versioning commonly target users\' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it\'s sneaky and hard]]> 2023-08-03T21:48:00+00:00 https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html www.secnews.physaphae.fr/article.php?IdArticle=8365329 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global]]> 2023-08-03T15:31:00+00:00 https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8365179 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It\'s also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.]]> 2023-08-03T12:08:00+00:00 https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8365093 False Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that\'s broadly known by the names Blue Callisto, Callisto (or Calisto),]]> 2023-08-02T19:42:00+00:00 https://thehackernews.com/2023/08/russian-cyber-adversary-bluecharlie.html www.secnews.physaphae.fr/article.php?IdArticle=8364787 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce\'s email services, allowing threat actors to craft targeted phishing messages using the company\'s domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook\'s Web Games platform,"]]> 2023-08-02T18:25:00+00:00 https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html www.secnews.physaphae.fr/article.php?IdArticle=8364755 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by]]> 2023-08-02T17:22:00+00:00 https://thehackernews.com/2023/08/top-industries-significantly-impacted.html www.secnews.physaphae.fr/article.php?IdArticle=8364717 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone  going by the name Hassan Nozari," Halcyon said in a]]> 2023-08-02T13:01:00+00:00 https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html www.secnews.physaphae.fr/article.php?IdArticle=8364642 False Threat None 2.0000000000000000