www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-14T11:14:50+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les chercheurs découvrent de nouveaux défauts BGP dans le logiciel de protocole de routage Internet populaire<br>Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It\'s currently used by several]]> 2023-05-02T19:56:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8332873 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BouldSpy Android Spyware: Tool présumé du gouvernement iranien pour espionner des groupes minoritaires<br>BouldSpy Android Spyware: Iranian Government\\'s Alleged Tool for Spying on Minority Groups A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware]]> 2023-05-02T17:26:00+00:00 https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=8332818 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pourquoi les télécommunications ont du mal avec la sécurité SaaS<br>Why Telecoms Struggle with SaaS Security The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It\'s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications - in addition to reputational damage, which can be]]> 2023-05-02T17:10:00+00:00 https://thehackernews.com/2023/05/why-telecoms-struggle-with-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8332819 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) LOBSHOT: un troie furtif et financier et un voleur d'informations diffusé via Google Ads<br>LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One]]> 2023-05-02T12:39:00+00:00 https://thehackernews.com/2023/05/lobshot-stealthy-financial-trojan-and.html www.secnews.physaphae.fr/article.php?IdArticle=8332731 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Scarcruft de la Corée du Nord déploie des logiciels malveillants Rokrat via des chaînes d'infection des fichiers LNK<br>North Korea\\'s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate]]> 2023-05-02T12:24:00+00:00 https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html www.secnews.physaphae.fr/article.php?IdArticle=8332732 False Malware,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Alerte: exploitation active des vulnérabilités TP-Link, Apache et Oracle détectées<br>Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted]]> 2023-05-02T11:05:00+00:00 https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html www.secnews.physaphae.fr/article.php?IdArticle=8332704 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) NOUVEAUX DE DOG DE DOG DOG<br>New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion. "]]> 2023-05-01T18:01:00+00:00 https://thehackernews.com/2023/05/new-decoy-dog-malware-toolkit-uncovered.html www.secnews.physaphae.fr/article.php?IdArticle=8332531 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Recherché mort ou vivant: protection en temps réel contre le mouvement latéral<br>Wanted Dead or Alive: Real-Time Protection Against Lateral Movement Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across all industries. But the disturbing truth]]> 2023-05-01T16:23:00+00:00 https://thehackernews.com/2023/05/wanted-dead-or-alive-real-time.html www.secnews.physaphae.fr/article.php?IdArticle=8332521 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'acteur de menace vietnamienne infecte 500 000 appareils utilisant des tactiques \\ 'malverposting \\'<br>Vietnamese Threat Actor Infects 500,000 Devices Using \\'Malverposting\\' Tactics A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious]]> 2023-05-01T14:47:00+00:00 https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html www.secnews.physaphae.fr/article.php?IdArticle=8332505 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) APT28 cible les entités gouvernementales ukrainiennes avec de fausses e-mails "Windows Update"<br>APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "]]> 2023-05-01T14:22:00+00:00 https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html www.secnews.physaphae.fr/article.php?IdArticle=8332497 False None APT 28,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google bloque 1,43 million d'applications malveillantes, interdit 73 000 mauvais comptes en 2022<br>Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022 Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity]]> 2023-05-01T10:40:00+00:00 https://thehackernews.com/2023/05/google-blocks-143-million-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8332476 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\<br>CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA]]> 2023-04-29T10:04:00+00:00 https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8332120 False Industrial,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chatgpt est de retour en Italie après avoir répondu aux problèmes de confidentialité des données<br>ChatGPT is Back in Italy After Addressing Data Privacy Concerns OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority\'s demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI\'s CEO, Sam Altman, tweeted, "we\'re excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante\'s decision to temporarily block]]> 2023-04-29T09:53:00+00:00 https://thehackernews.com/2023/04/chatgpt-is-back-in-italy-after.html www.secnews.physaphae.fr/article.php?IdArticle=8332121 False None ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les nouveaux logiciels malveillants atomiques volent les mots de porte des porte-clés et les portefeuilles cryptographiques<br>New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim\'s machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and]]> 2023-04-28T17:29:00+00:00 https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html www.secnews.physaphae.fr/article.php?IdArticle=8331871 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pourquoi votre approche de sécurité avant de détection ne fonctionne pas<br>Why Your Detection-First Security Approach Isn\\'t Working Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly]]> 2023-04-28T17:23:00+00:00 https://thehackernews.com/2023/04/why-your-detection-first-security.html www.secnews.physaphae.fr/article.php?IdArticle=8331872 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Dispositifs de pare-feu zyxel vulnérables aux attaques d'exécution de code distantes - patch maintenant<br>Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks - Patch Now Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions]]> 2023-04-28T17:11:00+00:00 https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331873 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'infosteller de Vipersoftx adopte des techniques sophistiquées pour éviter la détection<br>ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension]]> 2023-04-28T17:00:00+00:00 https://thehackernews.com/2023/04/vipersoftx-infostealer-adopts.html www.secnews.physaphae.fr/article.php?IdArticle=8331854 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attention acheteurs en ligne: ne soyez pas dupe par leurs looks élégants et modernes - c'est Magecart!<br>Attention Online Shoppers: Don\\'t Be Fooled by Their Sleek, Modern Looks - It\\'s Magecart! An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at]]> 2023-04-28T14:48:00+00:00 https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html www.secnews.physaphae.fr/article.php?IdArticle=8331831 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'équipe Tonto utilise un fichier anti-malware pour lancer des attaques contre les institutions sud-coréennes<br>Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report]]> 2023-04-28T12:14:00+00:00 https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331811 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google obtient l'ordre du tribunal pour éliminer le cryptbot qui a infecté plus de 670 000 ordinateurs<br>Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant\'s Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.]]> 2023-04-27T21:26:00+00:00 https://thehackernews.com/2023/04/google-gets-court-order-to-take-down.html www.secnews.physaphae.fr/article.php?IdArticle=8331645 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Paperbug Attack: Nouvelle campagne de surveillance politiquement motivée au Tadjikistan<br>Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The]]> 2023-04-27T19:12:00+00:00 https://thehackernews.com/2023/04/paperbug-attack-new-politically.html www.secnews.physaphae.fr/article.php?IdArticle=8331587 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Analyse des logiciels malveillants Limerat: Extraction de la configuration<br>LimeRAT Malware Analysis: Extracting the Config Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN\'s Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data]]> 2023-04-27T17:15:00+00:00 https://thehackernews.com/2023/04/limerat-malware-analysis-extracting.html www.secnews.physaphae.fr/article.php?IdArticle=8331552 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La première souche ransomware Linux de RTM Locker \\ ciblant les hôtes NAS et ESXi<br>RTM Locker\\'s First Linux Ransomware Strain Targeting NAS and ESXi Hosts The threat actors behind RTM Locker have developed a ransomware strain that\'s capable of targeting Linux machines, marking the group\'s first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware\'s leaked source code," Uptycs said in a new report published Wednesday. "It uses a combination of ECDH on]]> 2023-04-27T15:45:00+00:00 https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8331525 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft confirme les serveurs Papercut utilisés pour fournir des ransomwares de verrouillage et CL0P<br>Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant\'s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil]]> 2023-04-27T13:50:00+00:00 https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8331487 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates chinois repérés en utilisant la variante Linux de Pingpull dans les cyberattaques ciblées<br>Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That\'s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a]]> 2023-04-26T21:01:00+00:00 https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8331287 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Charmant Kitten \\'s New Bellaciao Malware découvert dans les attaques multi-pays<br>Charming Kitten\\'s New BellaCiao Malware Discovered in Multi-Country Attacks The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that\'s capable of delivering other malware payloads onto a victim machine based on commands received]]> 2023-04-26T18:46:00+00:00 https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8331253 False Malware APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates chinois utilisant des logiciels malveillants MGBOT pour cibler les ONG internationales en Chine continentale<br>Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new]]> 2023-04-26T18:03:00+00:00 https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331239 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enquête sur la sécurité du navigateur: 87% des adoptants SaaS exposés aux attaques transmises par le navigateur<br>Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.  In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and]]> 2023-04-26T17:16:00+00:00 https://thehackernews.com/2023/04/browser-security-survey-87-of-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8331227 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnérabilité Apache SuperSet: la configuration par défaut insécurité expose les serveurs aux attaques RCE<br>Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access]]> 2023-04-26T14:59:00+00:00 https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html www.secnews.physaphae.fr/article.php?IdArticle=8331201 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware libère des correctifs critiques pour les stations de travail et les logiciels de fusion<br>VMware Releases Critical Patches for Workstation and Fusion Software VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the]]> 2023-04-26T12:35:00+00:00 https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8331175 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La nouvelle vulnérabilité SLP pourrait permettre aux attaquants de lancer 2200x d'attaques DDOS puissantes<br>New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it]]> 2023-04-25T18:56:00+00:00 https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8330957 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates iraniens lancent des attaques sophistiquées ciblant Israël avec une porte dérobée impuissante<br>Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that\'s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt]]> 2023-04-25T18:34:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html www.secnews.physaphae.fr/article.php?IdArticle=8330923 False Threat APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Modernisation de la gestion de la vulnérabilité: l'amélioration de la gestion de l'exposition<br>Modernizing Vulnerability Management: The Move Toward Exposure Management Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of]]> 2023-04-25T17:23:00+00:00 https://thehackernews.com/2023/04/modernizing-vulnerability-management.html www.secnews.physaphae.fr/article.php?IdArticle=8330907 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sous-groupe Lazarus ciblant les appareils Apple avec un nouveau malware macOS de RustBucket<br>Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it]]> 2023-04-25T16:57:00+00:00 https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html www.secnews.physaphae.fr/article.php?IdArticle=8330891 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Cloud présente une sécurité de sécurité pour une détection et une analyse des menaces plus rapides<br>Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis Google\'s cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that\'s "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment]]> 2023-04-25T16:09:00+00:00 https://thehackernews.com/2023/04/google-cloud-introduces-security-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8330892 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'application Google Authenticator obtient la fonction de sauvegarde cloud pour les codes TOTP<br>Google Authenticator App Gets Cloud Backup Feature for TOTP Codes Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"]]> 2023-04-25T10:03:00+00:00 https://thehackernews.com/2023/04/google-authenticator-app-gets-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8330828 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers russes Tomiris ciblant l'Asie centrale pour la collecte de renseignements<br>Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris\'s endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government and]]> 2023-04-24T19:30:00+00:00 https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8330610 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware hackers utilisant l'outil Aukill pour désactiver le logiciel EDR à l'aide de l'attaque BYOVD<br>Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that\'s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying]]> 2023-04-24T19:14:00+00:00 https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html www.secnews.physaphae.fr/article.php?IdArticle=8330611 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Étude: 84% des entreprises utilisent des applications SaaS violées - voici comment le réparer gratuitement!<br>Study: 84% of Companies Use Breached SaaS Applications - Here\\'s How to Fix it for Free! A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn\'t much of a surprise. The exponential growth in SaaS usage has security and]]> 2023-04-24T17:25:00+00:00 https://thehackernews.com/2023/04/study-84-of-companies-use-breached-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8330576 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates exploitent le plugin WordPress obsolète pour se portez dérobée des milliers de sites WordPress<br>Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that\'s then executed every time the posts are]]> 2023-04-24T17:11:00+00:00 https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8330577 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) NOUVEAU INTOL-IN-ONE "Evilextractor" Stealer pour Windows Systems Surfaces sur le Web Dark<br>New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to]]> 2023-04-24T12:06:00+00:00 https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8330502 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates russes soupçonnés de l'exploitation en cours de serveurs de papier non corrigées<br>Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01]]> 2023-04-24T11:35:00+00:00 https://thehackernews.com/2023/04/russian-hackers-suspected-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8330503 False Vulnerability,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus X_Trader Hack a un impact sur les infrastructures critiques au-delà<br>Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the]]> 2023-04-22T12:16:00+00:00 https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8330173 False Hack,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La CISA ajoute 3 défauts exploités activement au catalogue KEV, y compris le bug de papier critique<br>CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control]]> 2023-04-22T11:30:00+00:00 https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html www.secnews.physaphae.fr/article.php?IdArticle=8330174 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Kubernetes RBAC a exploité dans une campagne à grande échelle pour l'exploitation de la crypto-monnaie<br>Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack]]> 2023-04-21T18:56:00+00:00 https://thehackernews.com/2023/04/kubernetes-rbac-exploited-in-large.html www.secnews.physaphae.fr/article.php?IdArticle=8329960 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GhostToken Flaw pourrait laisser les attaquants masquer les applications malveillantes dans Google Cloud Platform<br>GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim\'s Google account. Israeli cybersecurity startup Astrix Security, which discovered and reported the issue to Google on June 19, 2022, dubbed the shortcoming GhostToken. The issue]]> 2023-04-21T17:43:00+00:00 https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329931 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 14 Kubernetes et défis de sécurité cloud et comment les résoudre<br>14 Kubernetes and Cloud Security Challenges and How to Solve Them Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first]]> 2023-04-21T17:20:00+00:00 https://thehackernews.com/2023/04/14-kubernetes-and-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8329932 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) N.K.Les pirates emploient une attaque de chaîne d'approvisionnement en cascade de style poupée Matryoshka sur 3cx<br>N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software]]> 2023-04-21T15:25:00+00:00 https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html www.secnews.physaphae.fr/article.php?IdArticle=8329907 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco et VMware publient des mises à jour de sécurité pour corriger les défauts critiques de leurs produits<br>Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of]]> 2023-04-21T11:11:00+00:00 https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html www.secnews.physaphae.fr/article.php?IdArticle=8329856 False Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Deux défauts critiques trouvés dans les bases de données postgresql d'Alibaba Cloud \\<br>Two Critical Flaws Found in Alibaba Cloud\\'s PostgreSQL Databases A chain of two critical flaws has been disclosed in Alibaba Cloud\'s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers\' PostgreSQL databases and the ability to perform a supply chain]]> 2023-04-20T19:23:00+00:00 https://thehackernews.com/2023/04/two-critical-flaws-found-in-alibaba.html www.secnews.physaphae.fr/article.php?IdArticle=8329705 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Au-delà de la sécurité traditionnelle: le rôle pivot de NDR \\ dans la sauvegarde des réseaux OT<br>Beyond Traditional Security: NDR\\'s Pivotal Role in Safeguarding OT Networks Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the]]> 2023-04-20T17:26:00+00:00 https://thehackernews.com/2023/04/beyond-traditional-security-ndrs.html www.secnews.physaphae.fr/article.php?IdArticle=8329660 False Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le groupe Lazarus ajoute des logiciels malveillants Linux à Arsenal dans l'opération Dream Job<br>Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of the]]> 2023-04-20T17:26:00+00:00 https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8329661 False Malware APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortra met en lumière Goanywhere MFT Zero-Day Exploit utilisé dans les attaques de ransomwares<br>Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The]]> 2023-04-20T16:52:00+00:00 https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html www.secnews.physaphae.fr/article.php?IdArticle=8329643 False Ransomware,Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les angles morts de la protection des données de Chatgpt \\ et comment les équipes de sécurité peuvent les résoudre<br>ChatGPT\\'s Data Protection Blind Spots and How Security Teams Can Solve Them In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,]]> 2023-04-20T16:48:00+00:00 https://thehackernews.com/2023/04/chatgpts-data-protection-blind-spots.html www.secnews.physaphae.fr/article.php?IdArticle=8329644 False None ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La campagne de cyberattaque de poignard frappe les fournisseurs de services de télécommunications africains<br>Daggerfly Cyberattack Campaign Hits African Telecom Services Providers Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from]]> 2023-04-20T15:56:00+00:00 https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html www.secnews.physaphae.fr/article.php?IdArticle=8329617 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le groupe NSO a utilisé 3 exploits iPhone en clic zéro contre les défenseurs des droits de l'homme<br>NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory]]> 2023-04-20T15:41:00+00:00 https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html www.secnews.physaphae.fr/article.php?IdArticle=8329618 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Tag met en garde contre les pirates russes menant des attaques de phishing en Ukraine<br>Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine Elite hackers associated with Russia\'s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google\'s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group\'s 2022 focus]]> 2023-04-19T21:11:00+00:00 https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329398 False Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Blind Eagle Cyber Espionage Group frappe à nouveau: une nouvelle chaîne d'attaque à découvert<br>Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also]]> 2023-04-19T20:45:00+00:00 https://thehackernews.com/2023/04/blind-eagle-cyber-espionage-group.html www.secnews.physaphae.fr/article.php?IdArticle=8329399 False None APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Chrome frappé par la deuxième attaque zéro-jour - Urgent Patch Update publié<br>Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google\'s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "]]> 2023-04-19T19:17:00+00:00 https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8329359 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates pakistanais utilisent le poseidon de logiciels malveillants Linux pour cibler les agences gouvernementales indiennes<br>Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.]]> 2023-04-19T16:58:00+00:00 https://thehackernews.com/2023/04/pakistani-hackers-use-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8329331 False Malware,Tool,Threat APT 36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Découvrir (et comprendre) les risques cachés des applications SaaS<br>Uncovering (and Understanding) the Hidden Risks of SaaS Apps Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access]]> 2023-04-19T16:02:00+00:00 https://thehackernews.com/2023/04/uncovering-and-understanding-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8329310 False Cloud LastPass,LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les États-Unis et le Royaume-Uni mettent en garde contre les pirates russes exploitant les défauts du routeur Cisco pour l'espionnage<br>U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims. The]]> 2023-04-19T15:00:00+00:00 https://thehackernews.com/2023/04/us-and-uk-warn-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329311 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates de gouvernement iranien soutenues par le gouvernement ciblant les systèmes d'énergie et de transit américains<br>Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. "This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align]]> 2023-04-19T12:12:00+00:00 https://thehackernews.com/2023/04/iranian-government-backed-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329272 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les défauts critiques dans la bibliothèque JavaScript VM2 peuvent conduire à l'exécution du code distant<br>Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful exploitation of the bugs, which allow]]> 2023-04-19T10:23:00+00:00 https://thehackernews.com/2023/04/critical-flaws-in-vm2-javascript.html www.secnews.physaphae.fr/article.php?IdArticle=8329223 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vidéos YouTube Distribuant un malware du voleur Aurora via un chargeur hautement évasif<br>YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that\'s used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report]]> 2023-04-18T19:15:00+00:00 https://thehackernews.com/2023/04/youtube-videos-distributing-aurora.html www.secnews.physaphae.fr/article.php?IdArticle=8328933 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Goldoson Android Malware infecte plus de 100 millions de téléchargements Google Play Store<br>Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in]]> 2023-04-18T17:57:00+00:00 https://thehackernews.com/2023/04/goldoson-android-malware-infects-over.html www.secnews.physaphae.fr/article.php?IdArticle=8328883 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) DFIR via XDR: Comment accélérer vos enquêtes avec une approche DFirent<br>DFIR via XDR: How to expedite your investigations with a DFIRent approach Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics\' aspect and how XDR fits into the picture. Before we dive into the details, let\'s first break down the main components of DFIR and]]> 2023-04-18T17:01:00+00:00 https://thehackernews.com/2023/04/dfir-via-xdr-how-to-expedite-your.html www.secnews.physaphae.fr/article.php?IdArticle=8328868 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers iraniens utilisant un logiciel de support à distance SimpleHelp pour un accès persistant<br>Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary\'s use of the SimpleHelp remote support software in June 2022. MuddyWater,]]> 2023-04-18T14:35:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-using-simplehelp-remote.html www.secnews.physaphae.fr/article.php?IdArticle=8328848 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lockbit Ransomware ciblant désormais les appareils Apple MacOS<br>LockBit Ransomware Now Targeting Apple macOS Devices Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple\'s macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS]]> 2023-04-18T12:40:00+00:00 https://thehackernews.com/2023/04/lockbit-ransomware-now-targeting-apple.html www.secnews.physaphae.fr/article.php?IdArticle=8328827 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Quadream du fournisseur de logiciels espions israéliens pour arrêter après Citizen Lab et Microsoft Expose<br>Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company "hasn\'t been fully active for a while" and that it "has been in a difficult situation for several]]> 2023-04-17T22:02:00+00:00 https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html www.secnews.physaphae.fr/article.php?IdArticle=8328671 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nouveau QBOT Banking Trojan Campaign détourne les e-mails commerciaux pour répandre les logiciels malveillants<br>New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) is a banking]]> 2023-04-17T21:36:00+00:00 https://thehackernews.com/2023/04/new-qbot-banking-trojan-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=8328672 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les gangs de cybercriminalité Fin7 et Ex-Conti se joignent à<br>FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that]]> 2023-04-17T19:20:00+00:00 https://thehackernews.com/2023/04/fin7-and-ex-conti-cybercrime-gangs-join.html www.secnews.physaphae.fr/article.php?IdArticle=8328617 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Quelle est la différence entre CSPM & SSPM?<br>What\\'s the Difference Between CSPM & SSPM? Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure]]> 2023-04-17T19:02:00+00:00 https://thehackernews.com/2023/04/whats-difference-between-cspm-sspm.html www.secnews.physaphae.fr/article.php?IdArticle=8328618 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google découvre l'utilisation par APT41 \\ de l'outil GC2 open source pour cibler les médias et les sites d'emploi<br>Google Uncovers APT41\\'s Use of Open Source GC2 Tool to Target Media and Job Sites A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google\'s infrastructure for malicious ends. The tech giant\'s Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is]]> 2023-04-17T17:16:00+00:00 https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html www.secnews.physaphae.fr/article.php?IdArticle=8328593 False Tool,Threat APT 41,APT 41 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Visite de la sous-terre: Master The Art of Dark Web Intelligence Gathering<br>Tour of the Underground: Master the Art of Dark Web Intelligence Gathering The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right]]> 2023-04-17T17:06:00+00:00 https://thehackernews.com/2023/04/tour-of-underground-master-art-of-dark.html www.secnews.physaphae.fr/article.php?IdArticle=8328594 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware de la vice Society Utilisation de l'outil PowerShell furtif pour l'exfiltration des données<br>Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by]]> 2023-04-17T13:31:00+00:00 https://thehackernews.com/2023/04/vice-society-ransomware-using-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=8328559 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New Zaraza Bot Credential Steacheur vendu sur Telegram ciblant 38 navigateurs Web<br>New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week. "Once the]]> 2023-04-17T12:29:00+00:00 https://thehackernews.com/2023/04/new-zaraza-bot-credential-stealer-sold.html www.secnews.physaphae.fr/article.php?IdArticle=8328537 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google publie une mise à jour d'urgence chromée pour corriger la vulnérabilité zéro-jour exploitée activement<br>Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google\'s Threat Analysis Group (TAG) has been]]> 2023-04-15T09:28:00+00:00 https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html www.secnews.physaphae.fr/article.php?IdArticle=8328023 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates liés à la Russie lancent des attaques d'espionnage contre des entités diplomatiques étrangères<br>Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland\'s Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as]]> 2023-04-14T18:27:00+00:00 https://thehackernews.com/2023/04/russia-linked-hackers-launches.html www.secnews.physaphae.fr/article.php?IdArticle=8327789 False Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Kodi confirme la violation des données: 400k enregistrements d'utilisateurs et messages privés volés<br>Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company\'s MyBB forum database containing user data and private messages. What\'s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently]]> 2023-04-14T15:52:00+00:00 https://thehackernews.com/2023/04/kodi-confirms-data-breach-400k-user.html www.secnews.physaphae.fr/article.php?IdArticle=8327742 False Data Breach,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnérabilités sévères de l'enquête Android et Novi sous exploitation active<br>Severe Android and Novi Survey Vulnerabilities Under Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability]]> 2023-04-14T12:45:00+00:00 https://thehackernews.com/2023/04/severe-android-and-novi-survey.html www.secnews.physaphae.fr/article.php?IdArticle=8327705 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Webinaire: conseils des MSSP à MSSPS & # 8211;Construire une pratique VCISO rentable<br>Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice In today\'s fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers\' cyber resilience.  The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic]]> 2023-04-14T12:43:00+00:00 https://thehackernews.com/2023/04/webinar-tips-from-mssps-to-mssps.html www.secnews.physaphae.fr/article.php?IdArticle=8327706 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google lance de nouvelles initiatives de cybersécurité pour renforcer la gestion de la vulnérabilité<br>Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they\'re known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from]]> 2023-04-14T01:30:00+00:00 https://thehackernews.com/2023/04/google-launches-new-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8327559 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) RTM Locker: Group de cybercriminalité émergente ciblant les entreprises avec des ransomwares<br>RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. "The \'Read The Manual\' Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang\'s strict rules,"]]> 2023-04-13T22:10:00+00:00 https://thehackernews.com/2023/04/rtm-locker-emerging-cybercrime-group.html www.secnews.physaphae.fr/article.php?IdArticle=8327519 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) WhatsApp introduit une nouvelle fonctionnalité de vérification de l'appareil pour éviter les attaques de prise de contrôle du compte<br>WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user\'s mobile device doesn\'t impact their account. "Mobile device malware is one of the biggest threats to people\'s privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,"]]> 2023-04-13T18:32:00+00:00 https://thehackernews.com/2023/04/whatsapp-introduces-new-device.html www.secnews.physaphae.fr/article.php?IdArticle=8327447 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le nouvel outil de piratage "Légion" basé sur Python émerge sur Telegram<br>New Python-Based "Legion" Hacking Tool Emerges on Telegram An emerging Python-based credential harvester and a hacking tool named Legion are being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and]]> 2023-04-13T16:40:00+00:00 https://thehackernews.com/2023/04/new-python-based-legion-hacking-tool.html www.secnews.physaphae.fr/article.php?IdArticle=8327436 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pirates de tribu transparente basées au Pakistan ciblant les établissements d'enseignement indiens<br>Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education]]> 2023-04-13T15:49:00+00:00 https://thehackernews.com/2023/04/pakistan-based-transparent-tribe.html www.secnews.physaphae.fr/article.php?IdArticle=8327425 False Malware,Threat APT 36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pourquoi les API d'ombre sont plus dangereuses que vous ne le pensez<br>Why Shadow APIs are More Dangerous than You Think Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren\'t familiar with the term, shadow APIs are a type of application programming interface (API) that isn\'t officially documented or supported.  Contrary to popular belief, it\'s unfortunately all too common to have APIs in production that no one on]]> 2023-04-13T15:49:00+00:00 https://thehackernews.com/2023/04/why-shadow-apis-are-more-dangerous-than.html www.secnews.physaphae.fr/article.php?IdArticle=8327424 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le groupe de pirates de Lazarus évolue des tactiques, des outils et des cibles dans la campagne DeathNote<br>Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world]]> 2023-04-13T14:37:00+00:00 https://thehackernews.com/2023/04/lazarus-hacker-group-evolves-tactics.html www.secnews.physaphae.fr/article.php?IdArticle=8327373 False Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sécurité Chatgpt: le programme de primes de bug d'Openai \\ offre jusqu'à 20 000 $<br>ChatGPT Security: OpenAI\\'s Bug Bounty Program Offers Up to $20,000 Prizes OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to]]> 2023-04-13T10:05:00+00:00 https://thehackernews.com/2023/04/chatgpt-security-openais-bug-bounty.html www.secnews.physaphae.fr/article.php?IdArticle=8327327 False None ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La société de logiciels espions basée à Israël cible les iPhones à haut risque avec un exploit zéro clique<br>Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.]]> 2023-04-12T17:28:00+00:00 https://thehackernews.com/2023/04/israel-based-spyware-firm-quadream.html www.secnews.physaphae.fr/article.php?IdArticle=8327072 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le défi des comptes de service: ne peut pas les voir ou les sécuriser jusqu'à ce qu'il soit trop tard<br>The Service Accounts Challenge: Can\\'t See or Secure Them Until It\\'s Too Late Here\'s a hard question to answer: \'How many service accounts do you have in your environment?\'. A harder one is: \'Do you know what these accounts are doing?\'. And the hardest is probably: \'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?\'.  Since most identity and security teams would provide a negative reply,]]> 2023-04-12T17:20:00+00:00 https://thehackernews.com/2023/04/the-service-accounts-challenge-cant-see.html www.secnews.physaphae.fr/article.php?IdArticle=8327073 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Urgent: Microsoft émet des correctifs pour 97 défauts, y compris l'exploit de ransomware actif<br>Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit It\'s the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20]]> 2023-04-12T12:08:00+00:00 https://thehackernews.com/2023/04/urgent-microsoft-issues-patches-for-97.html www.secnews.physaphae.fr/article.php?IdArticle=8327000 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le labyrinthe sous-groupe de Lazarus Chollima découvert comme cerveau dans l'attaque de la chaîne d'approvisionnement 3CX<br>Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat intelligence]]> 2023-04-12T09:36:00+00:00 https://thehackernews.com/2023/04/lazarus-sub-group-labyrinth-chollima.html www.secnews.physaphae.fr/article.php?IdArticle=8326981 False Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le défaut "par conception" récemment découvert dans Microsoft Azure pourrait exposer les comptes de stockage aux pirates<br>Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and]]> 2023-04-11T18:30:00+00:00 https://thehackernews.com/2023/04/newly-discovered-by-design-flaw-in.html www.secnews.physaphae.fr/article.php?IdArticle=8326651 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les cybercriminels se tournent vers les chargeurs Android sur Dark Web pour échapper à Google Play Security<br>Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages]]> 2023-04-11T17:59:00+00:00 https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html www.secnews.physaphae.fr/article.php?IdArticle=8326634 False Malware None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) [ebook] un guide étape par étape pour l'évaluation des cyber-risques<br>[eBook] A Step-by-Step Guide to Cyber Risk Assessment In today\'s perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely.  One of the most effective ways for CISOs and]]> 2023-04-11T17:12:00+00:00 https://thehackernews.com/2023/04/ebook-step-by-step-guide-to-cyber-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8326602 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sneware de crypto-monnaie Distribué via 13 packages NuGet<br>Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary]]> 2023-04-11T14:46:00+00:00 https://thehackernews.com/2023/04/cryptocurrency-stealer-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8326568 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) National estonien chargé aux États-Unis pour avoir acquis l'électronique et Metasploit Pro pour l'armée russe<br>Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. Court documents allege that Shevlyakov operated]]> 2023-04-10T18:31:00+00:00 https://thehackernews.com/2023/04/estonian-national-charged-in-us-for.html www.secnews.physaphae.fr/article.php?IdArticle=8326338 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates inondent NPM avec de faux packages provoquant une attaque DOS<br>Hackers Flood NPM with Bogus Packages Causing a DoS Attack Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems\' good reputation on search engines," Checkmarx\'s Jossef Harush Kadouri said in a report]]> 2023-04-10T18:15:00+00:00 https://thehackernews.com/2023/04/hackers-flood-npm-with-bogus-packages.html www.secnews.physaphae.fr/article.php?IdArticle=8326339 False Threat None 2.0000000000000000