This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:07:07+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian]]> 2023-08-02T09:11:00+00:00 https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8364582 False Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals\' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive]]> 2023-08-01T15:27:00+00:00 https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8364236 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that]]> 2023-07-31T18:00:00+00:00 https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html www.secnews.physaphae.fr/article.php?IdArticle=8363854 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity]]> 2023-07-31T14:08:00+00:00 https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html www.secnews.physaphae.fr/article.php?IdArticle=8363801 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description]]> 2023-07-31T12:12:00+00:00 https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html www.secnews.physaphae.fr/article.php?IdArticle=8363783 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. "SUBMARINE comprises multiple artifacts - including a SQL trigger, shell scripts, and a loaded library for a Linux daemon - that together enable]]> 2023-07-29T10:29:00+00:00 https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html www.secnews.physaphae.fr/article.php?IdArticle=8363087 False Hack,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that\'s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator]]> 2023-07-28T18:40:00+00:00 https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html www.secnews.physaphae.fr/article.php?IdArticle=8362759 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs\' whitepaper, Stealers are Organization Killers, a variety of new info stealers have emerged this year, preying]]> 2023-07-26T16:23:00+00:00 https://thehackernews.com/2023/07/the-alarming-rise-of-infostealers-how.html www.secnews.physaphae.fr/article.php?IdArticle=8361688 False Threat,Studies,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. "This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.," Netenrich security researcher Rakesh Krishnan]]> 2023-07-26T15:32:00+00:00 https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html www.secnews.physaphae.fr/article.php?IdArticle=8361668 False Tool,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already]]> 2023-07-25T20:16:00+00:00 https://thehackernews.com/2023/07/north-korean-nation-state-actors.html www.secnews.physaphae.fr/article.php?IdArticle=8361273 False Hack,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. "They are still heavily focused on Latin American]]> 2023-07-25T17:40:00+00:00 https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html www.secnews.physaphae.fr/article.php?IdArticle=8361218 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple\'s operating system.  What Are the Rising Threats to macOS? There is a common misconception among macOS fans that Apple devices are immune to hacking and malware infection. However, users have been facing more and more dangers recently. Inventive attackers are specifically]]> 2023-07-25T16:54:00+00:00 https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html www.secnews.physaphae.fr/article.php?IdArticle=8361219 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. "BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check Point said in a report]]> 2023-07-21T17:40:00+00:00 https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8359714 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical]]> 2023-07-21T10:56:00+00:00 https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html www.secnews.physaphae.fr/article.php?IdArticle=8359580 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser]]> 2023-07-20T22:26:00+00:00 https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html www.secnews.physaphae.fr/article.php?IdArticle=8359336 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization\'s files, and then threatening to publish the stolen data on a leak site as leverage to convince]]> 2023-07-20T22:26:00+00:00 https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8359337 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that\'s capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is]]> 2023-07-20T15:10:00+00:00 https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8359199 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. "The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over]]> 2023-07-19T17:20:00+00:00 https://thehackernews.com/2023/07/cisa-and-nsa-issue-new-guidance-to.html www.secnews.physaphae.fr/article.php?IdArticle=8358810 False Threat,Guideline None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value]]> 2023-07-19T15:50:00+00:00 https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html www.secnews.physaphae.fr/article.php?IdArticle=8358765 False Malware,Threat APT 41,APT 41 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that\'s commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and]]> 2023-07-18T18:28:00+00:00 https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8358303 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Discover stories about threat actors\' latest tactics, techniques, and procedures from Cybersixgill\'s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT]]> 2023-07-18T16:24:00+00:00 https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html www.secnews.physaphae.fr/article.php?IdArticle=8358216 False Ransomware,Malware,Vulnerability,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN8 has been observed using a "revamped" version of a backdoor called Sardonic to deliver the BlackCat ransomware. According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in]]> 2023-07-18T15:49:00+00:00 https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html www.secnews.physaphae.fr/article.php?IdArticle=8358195 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an]]> 2023-07-18T11:26:00+00:00 https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html www.secnews.physaphae.fr/article.php?IdArticle=8358125 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are taking advantage of Android\'s WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The]]> 2023-07-17T18:56:00+00:00 https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html www.secnews.physaphae.fr/article.php?IdArticle=8357771 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts," the Computer Emergency Response Team of Ukraine (CERT-UA) said in]]> 2023-07-17T10:47:00+00:00 https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html www.secnews.physaphae.fr/article.php?IdArticle=8357589 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft\'s discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation]]> 2023-07-13T11:44:00+00:00 https://thehackernews.com/2023/07/us-government-agencies-emails.html www.secnews.physaphae.fr/article.php?IdArticle=8355815 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four]]> 2023-07-13T10:46:00+00:00 https://thehackernews.com/2023/07/new-vulnerabilities-disclosed-in.html www.secnews.physaphae.fr/article.php?IdArticle=8355729 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared]]> 2023-07-11T22:29:00+00:00 https://thehackernews.com/2023/07/hackers-exploit-windows-policy-loophole.html www.secnews.physaphae.fr/article.php?IdArticle=8354561 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control]]> 2023-07-11T15:28:00+00:00 https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8354411 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks]]> 2023-07-11T09:38:00+00:00 https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8354338 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad. The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023. RomCom, also tracked under the names]]> 2023-07-10T12:12:00+00:00 https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=8353990 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors exploited an unknown flaw in Revolut\'s payment systems to steal more than $20 million of the company\'s funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly. The fault stemmed from discrepancies between Revolut\'s U.S. and European systems, causing funds]]> 2023-07-10T10:50:00+00:00 https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8353991 False Hack,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets. As advanced threat actors constantly search for easily]]> 2023-07-07T16:07:00+00:00 https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html www.secnews.physaphae.fr/article.php?IdArticle=8353343 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This]]> 2023-07-07T10:42:00+00:00 https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html www.secnews.physaphae.fr/article.php?IdArticle=8353305 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks effectively. It serves as an insight for businesses and individuals seeking to stay informed about the]]> 2023-07-06T16:52:00+00:00 https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html www.secnews.physaphae.fr/article.php?IdArticle=8352871 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for]]> 2023-07-05T19:40:00+00:00 https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8352495 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The npm registry for the Node.js JavaScript runtime environment is susceptible to what\'s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package\'s manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager]]> 2023-07-05T14:30:00+00:00 https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html www.secnews.physaphae.fr/article.php?IdArticle=8352397 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland\'s Data Protection Commission (DPC). The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won\'t extend to the E.U. "at this]]> 2023-07-05T14:08:00+00:00 https://thehackernews.com/2023/07/instagrams-twitter-alternative-threads.html www.secnews.physaphae.fr/article.php?IdArticle=8352383 False Threat,General Information,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the]]> 2023-07-04T16:14:00+00:00 https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html www.secnews.physaphae.fr/article.php?IdArticle=8352130 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution]]> 2023-07-03T10:16:00+00:00 https://thehackernews.com/2023/07/blackcat-operators-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=8351711 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber threat intelligence is an effective weapon in the ongoing battle to protect digital assets and infrastructure - especially when combined with AI. But AI is only as good as the data feeding it. Access to unique, underground sources is key. Threat Intelligence offers tremendous value to people and companies. At the same time, its ability to address organizations\' cybersecurity needs and the]]> 2023-06-29T16:26:00+00:00 https://thehackernews.com/2023/06/the-right-way-to-enhance-cti-with-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8350590 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server," Kaspersky said in a new report. Also called Silent Chollima and Stonefly,]]> 2023-06-29T16:19:00+00:00 https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html www.secnews.physaphae.fr/article.php?IdArticle=8350591 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Drones that don\'t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is "feasible to compromise the targeted device by injecting a specific EM glitch at the right time]]> 2023-06-28T20:35:00+00:00 https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html www.secnews.physaphae.fr/article.php?IdArticle=8350195 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a "massive spike in activity" in May and June 2023. "The group utilizes encryption paired with \'name-and-shame\' techniques to compel their victims to pay their ransoms," VMware Carbon Black researchers Deborah Snyder and Fae Carlisle said in a report shared with The Hacker News. "8Base]]> 2023-06-28T15:45:00+00:00 https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html www.secnews.physaphae.fr/article.php?IdArticle=8350103 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers Thiago Peixoto, Felipe Duarte, and  Ido Naor said in a report shared with The Hacker News. "The]]> 2023-06-27T19:52:00+00:00 https://thehackernews.com/2023/06/new-mockingjay-process-injection.html www.secnews.physaphae.fr/article.php?IdArticle=8349749 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has disclosed that it\'s detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which made use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service providers, NGOs, defense, and critical manufacturing sectors, the tech giant\'s threat]]> 2023-06-26T16:24:00+00:00 https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html www.secnews.physaphae.fr/article.php?IdArticle=8349311 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates,"]]> 2023-06-23T20:14:00+00:00 https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8348565 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.]]> 2023-06-23T13:00:00+00:00 https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8348406 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.]]> 2023-06-22T12:26:00+00:00 https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html www.secnews.physaphae.fr/article.php?IdArticle=8347960 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center (]]> 2023-06-21T21:46:00+00:00 https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html www.secnews.physaphae.fr/article.php?IdArticle=8347758 False Malware,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel]]> 2023-06-21T11:06:00+00:00 https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html www.secnews.physaphae.fr/article.php?IdArticle=8347607 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as APT-C-35 and Viceroy Tiger. The espionage activity involves duping Android smartphone owners into]]> 2023-06-20T10:35:00+00:00 https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html www.secnews.physaphae.fr/article.php?IdArticle=8347203 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it\'s also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. "In addition,]]> 2023-06-17T12:29:00+00:00 https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8346428 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor\'s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed by Russian cybersecurity firm Positive Technologies in September 2021,]]> 2023-06-16T19:24:00+00:00 https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html www.secnews.physaphae.fr/article.php?IdArticle=8346182 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As Threat Actors Continuously Adapt their TTPs in Today\'s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill\'s collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous]]> 2023-06-16T16:42:00+00:00 https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html www.secnews.physaphae.fr/article.php?IdArticle=8346145 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People\'s Republic of China," Google-owned Mandiant said in a new report published today, describing the group as "]]> 2023-06-15T20:26:00+00:00 https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8345792 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared]]> 2023-06-15T19:18:00+00:00 https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html www.secnews.physaphae.fr/article.php?IdArticle=8345749 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In what\'s a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked]]> 2023-06-15T17:26:00+00:00 https://thehackernews.com/2023/06/new-supply-chain-attack-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8345728 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and government organizations, Symantec said in a new report shared with The Hacker News. "In some cases, the]]> 2023-06-15T15:31:00+00:00 https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html www.secnews.physaphae.fr/article.php?IdArticle=8345704 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday took the lid off a "novel and distinct Russian threat actor," which it said is linked to the General Staff Main Intelligence Directorate (GRU) and has a "relatively low success rate." The tech giant\'s Threat Intelligence team, which was previously tracking the group under its emerging moniker DEV-0586, has graduated it to a named actor dubbed Cadet Blizzard. "Cadet]]> 2023-06-15T14:30:00+00:00 https://thehackernews.com/2023/06/microsoft-warns-of-new-russian-state.html www.secnews.physaphae.fr/article.php?IdArticle=8345658 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That\'s according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC]]> 2023-06-15T10:39:00+00:00 https://thehackernews.com/2023/06/lockbit-ransomware-extorts-91-million.html www.secnews.physaphae.fr/article.php?IdArticle=8345607 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) "Dozens" of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee\'s account and executed an \'adversary-in-the-middle\' attack to bypass]]> 2023-06-13T19:09:00+00:00 https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8344822 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said. "Malicious]]> 2023-06-12T18:17:00+00:00 https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html www.secnews.physaphae.fr/article.php?IdArticle=8344399 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named "Impulse]]> 2023-06-12T13:00:00+00:00 https://thehackernews.com/2023/06/beware-1000-fake-cryptocurrency-sites.html www.secnews.physaphae.fr/article.php?IdArticle=8344320 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend. Details]]> 2023-06-12T12:19:00+00:00 https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8344305 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an analysis published Thursday. "Asylum Ambuscade also does espionage against government entities in Europe]]> 2023-06-09T19:07:00+00:00 https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html www.secnews.physaphae.fr/article.php?IdArticle=8343674 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain]]> 2023-06-08T20:29:00+00:00 https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html www.secnews.physaphae.fr/article.php?IdArticle=8343331 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky\'s objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The]]> 2023-06-08T09:53:00+00:00 https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html www.secnews.physaphae.fr/article.php?IdArticle=8343243 False Threat APT 43 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. "PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. "The name is derived from the tool,]]> 2023-06-07T10:10:00+00:00 https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html www.secnews.physaphae.fr/article.php?IdArticle=8342807 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google\'s Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type]]> 2023-06-06T15:51:00+00:00 https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8342518 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that\'s designed to capture sensitive data from infected hosts. "The threat actor behind this [ransomware-as-a-service] promotes its offering on forums," Uptycs said in a new report. "There it requests a share of profits from those engaging in malicious activities using its malware."]]> 2023-06-06T12:27:00+00:00 https://thehackernews.com/2023/06/cyclops-ransomware-gang-offers-go-based.html www.secnews.physaphae.fr/article.php?IdArticle=8342414 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to]]> 2023-06-05T17:33:00+00:00 https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html www.secnews.physaphae.fr/article.php?IdArticle=8342144 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report]]> 2023-06-05T10:18:00+00:00 https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html www.secnews.physaphae.fr/article.php?IdArticle=8342039 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim\'s Outlook mailbox, exfiltrate contacts\' email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim\'s mailbox," Cisco Talos researcher Chetan Raghuprasad]]> 2023-06-02T17:33:00+00:00 https://thehackernews.com/2023/06/new-botnet-malware-horabot-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8341484 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said. The Russian]]> 2023-06-01T20:44:00+00:00 https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html www.secnews.physaphae.fr/article.php?IdArticle=8341248 False Malware,Hack,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group\'s efforts to evade detection," IBM Security X-Force said in a new analysis. The "]]> 2023-06-01T14:49:00+00:00 https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html www.secnews.physaphae.fr/article.php?IdArticle=8341159 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that\'s employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially]]> 2023-06-01T12:28:00+00:00 https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8341141 False Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. “Persistence is achieved via timed processors or entries to cron,” said Dr.]]> 2023-05-31T21:14:00+00:00 https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html www.secnews.physaphae.fr/article.php?IdArticle=8340928 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis]]> 2023-05-31T18:30:00+00:00 https://thehackernews.com/2023/05/beware-of-ghost-sites-silent-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8340881 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which]]> 2023-05-31T17:27:00+00:00 https://thehackernews.com/2023/05/microsoft-details-critical-apple-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8340867 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime will take a $10.5 trillion toll on the global]]> 2023-05-31T17:17:00+00:00 https://thehackernews.com/2023/05/6-steps-to-effective-threat-hunting.html www.secnews.physaphae.fr/article.php?IdArticle=8340868 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew\'s continued focus on high-value targets. Dark Pink, also called Saaiwc]]> 2023-05-31T14:28:00+00:00 https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html www.secnews.physaphae.fr/article.php?IdArticle=8340823 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant). "These lure sites are most likely only meant for a small]]> 2023-05-31T14:00:00+00:00 https://thehackernews.com/2023/05/romcom-rat-using-deceptive-web-of-rogue.html www.secnews.physaphae.fr/article.php?IdArticle=8340811 False Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.]]> 2023-05-31T10:55:00+00:00 https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html www.secnews.physaphae.fr/article.php?IdArticle=8340751 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If you\'re a cybersecurity professional, you\'re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we\'ll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come]]> 2023-05-29T17:17:00+00:00 https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html www.secnews.physaphae.fr/article.php?IdArticle=8340196 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google\'s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of]]> 2023-05-26T18:09:00+00:00 https://thehackernews.com/2023/05/predator-android-spyware-researchers.html www.secnews.physaphae.fr/article.php?IdArticle=8339597 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new strain of malicious software that\'s engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild. "The]]> 2023-05-26T12:08:00+00:00 https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html www.secnews.physaphae.fr/article.php?IdArticle=8339559 False Malware,Threat,Industrial CosmicEnergy 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim\'s Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the intrusion relied on email phishing as an initial access pathway, leading to the execution of a .NET]]> 2023-05-25T19:09:00+00:00 https://thehackernews.com/2023/05/new-powerexchange-backdoor-used-in.html www.secnews.physaphae.fr/article.php?IdArticle=8339380 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Brazilian threat actor is targeting Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users\' data and personal information, which can be leveraged for malicious activities beyond financial gain," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a]]> 2023-05-25T17:02:00+00:00 https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html www.secnews.physaphae.fr/article.php?IdArticle=8339327 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn\'t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a]]> 2023-05-25T16:10:00+00:00 https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html www.secnews.physaphae.fr/article.php?IdArticle=8339329 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant\'s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The]]> 2023-05-25T13:58:00+00:00 https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html www.secnews.physaphae.fr/article.php?IdArticle=8339287 False Threat Guam 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm (formerly Americium), has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections. Microsoft has attributed the threat actor to Iran\'s Ministry of]]> 2023-05-25T11:33:00+00:00 https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8339260 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected]]> 2023-05-24T19:19:00+00:00 https://thehackernews.com/2023/05/iranian-tortoiseshell-hackers-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8339046 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In]]> 2023-05-24T12:24:00+00:00 https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html www.secnews.physaphae.fr/article.php?IdArticle=8338946 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group\'s activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,]]> 2023-05-23T21:00:00+00:00 https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8338799 False Threat GoldenJackal 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean advanced persistent threat (APT) group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks," SentinelOne researchers Aleksandar Milenkoski and Tom]]> 2023-05-23T19:26:00+00:00 https://thehackernews.com/2023/05/north-korean-kimsuky-hackers-strike.html www.secnews.physaphae.fr/article.php?IdArticle=8338750 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The most precious asset in today\'s information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity.  The report shows a 67% year-over-year increase in the number of secrets found, with 10 million hard-coded secrets detected]]> 2023-05-23T16:46:00+00:00 https://thehackernews.com/2023/05/the-rising-threat-of-secrets-sprawl-and.html www.secnews.physaphae.fr/article.php?IdArticle=8338697 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor. "WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said]]> 2023-05-23T16:41:00+00:00 https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html www.secnews.physaphae.fr/article.php?IdArticle=8338698 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations. Cloud security company\'s Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil (pronounced Goo-ee-vil). "The group displays a preference for Graphical]]> 2023-05-22T21:35:00+00:00 https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html www.secnews.physaphae.fr/article.php?IdArticle=8338466 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh sophisticated campaign, but also to an activity cluster that first came to light in May 2016. "While the]]> 2023-05-22T18:17:00+00:00 https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8338435 False Threat None 2.0000000000000000