This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T00:35:07+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The takedown is part of an ongoing international initiative dubbed Operation PowerOFF that\'s aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. The development comes almost five months after a "sweep" in December 2022 dismantled 48 similar services]]> 2023-05-09T22:27:00+00:00 https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html www.secnews.physaphae.fr/article.php?IdArticle=8334886 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin. "These attacks use a specific tactic: targeting the victim companies\' support agents via chat]]> 2023-05-09T18:59:00+00:00 https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8334791 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let\'s dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains. Application security and product security Regrettably, application security teams often intervene]]> 2023-05-09T18:24:00+00:00 https://thehackernews.com/2023/05/strengthening-product-security.html www.secnews.physaphae.fr/article.php?IdArticle=8334792 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry]]> 2023-05-09T15:09:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-sidewinders-latest.html www.secnews.physaphae.fr/article.php?IdArticle=8334747 False Threat APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant\'s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint]]> 2023-05-09T14:23:00+00:00 https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html www.secnews.physaphae.fr/article.php?IdArticle=8334732 False Vulnerability,Threat APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition to reachable endpoints before creating new user accounts and leveraging custom scripts to automate]]> 2023-05-09T11:18:00+00:00 https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8334705 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company\'s private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend. "It appears that Intel Boot Guard may not be]]> 2023-05-08T20:53:00+00:00 https://thehackernews.com/2023/05/msi-data-breach-private-code-signing.html www.secnews.physaphae.fr/article.php?IdArticle=8334306 False Ransomware,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company\'s online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company said in a disclosure last week. "In addition, the database]]> 2023-05-08T19:36:00+00:00 https://thehackernews.com/2023/05/western-digital-confirms-customer-data.html www.secnews.physaphae.fr/article.php?IdArticle=8334283 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Are you concerned about ransomware attacks? You\'re not alone. In recent years, these attacks have become increasingly common and can cause significant damage to organizations of all sizes. But there\'s good news - with the right security measures in place, such as real-time MFA and service account protection, you can effectively protect yourself against these types of attacks. That\'s why we\'re]]> 2023-05-08T19:01:00+00:00 https://thehackernews.com/2023/05/join-our-webinar-learn-how-to-defeat.html www.secnews.physaphae.fr/article.php?IdArticle=8334274 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The suspected Pakistan-aligned threat actor known as SideCopy has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India\'s Defence Research and Development Organization (DRDO) to deliver a malicious payload capable of harvesting sensitive information, Fortinet]]> 2023-05-08T18:57:00+00:00 https://thehackernews.com/2023/05/sidecopy-using-action-rat-and-allakore.html www.secnews.physaphae.fr/article.php?IdArticle=8334275 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunting is an essential component of your cybersecurity strategy. Whether you\'re getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive approach. Instead of waiting for cybersecurity alerts and then addressing them, security organizations are]]> 2023-05-08T17:19:00+00:00 https://thehackernews.com/2023/05/how-to-set-up-threat-hunting-and-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8334263 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is a polyglot file containing a decoy document and a JavaScript file. The]]> 2023-05-08T11:40:00+00:00 https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html www.secnews.physaphae.fr/article.php?IdArticle=8334212 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher]]> 2023-05-06T16:54:00+00:00 https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html www.secnews.physaphae.fr/article.php?IdArticle=8333977 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro]]> 2023-05-06T11:11:00+00:00 https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8333932 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in]]> 2023-05-05T19:17:00+00:00 https://thehackernews.com/2023/05/new-android-malware-fluhorse-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8333796 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and transferring]]> 2023-05-05T17:19:00+00:00 https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html www.secnews.physaphae.fr/article.php?IdArticle=8333767 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel]]> 2023-05-05T15:49:00+00:00 https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8333757 False Tool,Threat APT 43 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete visibility]]> 2023-05-05T15:48:00+00:00 https://thehackernews.com/2023/05/lack-of-visibility-challenge-of.html www.secnews.physaphae.fr/article.php?IdArticle=8333758 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," Packagist\'s Nils Adermann said]]> 2023-05-05T15:22:00+00:00 https://thehackernews.com/2023/05/packagist-repository-hacked-over-dozen.html www.secnews.physaphae.fr/article.php?IdArticle=8333736 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation primarily targeted users]]> 2023-05-05T12:51:00+00:00 https://thehackernews.com/2023/05/fleckpe-android-malware-sneaks-onto.html www.secnews.physaphae.fr/article.php?IdArticle=8333713 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming. The product in question makes it possible]]> 2023-05-05T10:46:00+00:00 https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8333691 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic. "]]> 2023-05-04T18:49:00+00:00 https://thehackernews.com/2023/05/researchers-discover-3-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8333476 False Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched by the]]> 2023-05-04T18:33:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html www.secnews.physaphae.fr/article.php?IdArticle=8333477 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it\'s difficult to monitor external malicious environments – which only makes them that much more threatening.  In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The]]> 2023-05-04T16:45:00+00:00 https://thehackernews.com/2023/05/why-things-you-dont-know-about-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=8333428 False Data Breach,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information]]> 2023-05-04T16:21:00+00:00 https://thehackernews.com/2023/05/meta-uncovers-massive-social-media.html www.secnews.physaphae.fr/article.php?IdArticle=8333429 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI\'s ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users\' Facebook account credentials with an aim to run]]> 2023-05-04T14:27:00+00:00 https://thehackernews.com/2023/05/meta-takes-down-malware-campaign-that.html www.secnews.physaphae.fr/article.php?IdArticle=8333398 False Malware ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to use a traditional password. This, in turn, can be achieved by simply unlocking their computer or]]> 2023-05-03T19:15:00+00:00 https://thehackernews.com/2023/05/google-introduces-passwordless-secure.html www.secnews.physaphae.fr/article.php?IdArticle=8333156 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 (aka HOODOO]]> 2023-05-03T18:57:00+00:00 https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html www.secnews.physaphae.fr/article.php?IdArticle=8333157 False Malware APT 41 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An international law enforcement operation has resulted in the arrest of 288 vendors who are believed to be involved in drug trafficking on the dark web, adding to a long list of criminal enterprises that have been shuttered in recent years. The effort, codenamed Operation SpecTor, also saw the authorities confiscating more than $53.4 million in cash and virtual currencies, 850 kg of drugs, and]]> 2023-05-03T16:28:00+00:00 https://thehackernews.com/2023/05/operation-spector-534-million-seized.html www.secnews.physaphae.fr/article.php?IdArticle=8333102 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance]]> 2023-05-03T16:28:00+00:00 https://thehackernews.com/2023/05/download-ebook-what-does-it-take-to-be.html www.secnews.physaphae.fr/article.php?IdArticle=8333103 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple and Google have teamed up to work on a draft industry-wide specification that\'s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and]]> 2023-05-03T14:54:00+00:00 https://thehackernews.com/2023/05/apple-and-google-join-forces-to-stop.html www.secnews.physaphae.fr/article.php?IdArticle=8333084 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (]]> 2023-05-03T13:00:00+00:00 https://thehackernews.com/2023/05/hackers-exploiting-5-year-old-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8333043 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity. "Successful exploitation of this]]> 2023-05-03T10:37:00+00:00 https://thehackernews.com/2023/05/cisa-issues-advisory-on-critical-rce.html www.secnews.physaphae.fr/article.php?IdArticle=8333012 False Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It\'s currently used by several]]> 2023-05-02T19:56:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8332873 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware]]> 2023-05-02T17:26:00+00:00 https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=8332818 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It\'s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications - in addition to reputational damage, which can be]]> 2023-05-02T17:10:00+00:00 https://thehackernews.com/2023/05/why-telecoms-struggle-with-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8332819 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One]]> 2023-05-02T12:39:00+00:00 https://thehackernews.com/2023/05/lobshot-stealthy-financial-trojan-and.html www.secnews.physaphae.fr/article.php?IdArticle=8332731 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate]]> 2023-05-02T12:24:00+00:00 https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html www.secnews.physaphae.fr/article.php?IdArticle=8332732 False Malware,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted]]> 2023-05-02T11:05:00+00:00 https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html www.secnews.physaphae.fr/article.php?IdArticle=8332704 False None None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion. "]]> 2023-05-01T18:01:00+00:00 https://thehackernews.com/2023/05/new-decoy-dog-malware-toolkit-uncovered.html www.secnews.physaphae.fr/article.php?IdArticle=8332531 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across all industries. But the disturbing truth]]> 2023-05-01T16:23:00+00:00 https://thehackernews.com/2023/05/wanted-dead-or-alive-real-time.html www.secnews.physaphae.fr/article.php?IdArticle=8332521 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious]]> 2023-05-01T14:47:00+00:00 https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html www.secnews.physaphae.fr/article.php?IdArticle=8332505 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "]]> 2023-05-01T14:22:00+00:00 https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html www.secnews.physaphae.fr/article.php?IdArticle=8332497 False None APT 28,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity]]> 2023-05-01T10:40:00+00:00 https://thehackernews.com/2023/05/google-blocks-143-million-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8332476 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA]]> 2023-04-29T10:04:00+00:00 https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8332120 False Industrial,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority\'s demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI\'s CEO, Sam Altman, tweeted, "we\'re excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante\'s decision to temporarily block]]> 2023-04-29T09:53:00+00:00 https://thehackernews.com/2023/04/chatgpt-is-back-in-italy-after.html www.secnews.physaphae.fr/article.php?IdArticle=8332121 False None ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim\'s machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and]]> 2023-04-28T17:29:00+00:00 https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html www.secnews.physaphae.fr/article.php?IdArticle=8331871 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly]]> 2023-04-28T17:23:00+00:00 https://thehackernews.com/2023/04/why-your-detection-first-security.html www.secnews.physaphae.fr/article.php?IdArticle=8331872 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions]]> 2023-04-28T17:11:00+00:00 https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331873 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension]]> 2023-04-28T17:00:00+00:00 https://thehackernews.com/2023/04/vipersoftx-infostealer-adopts.html www.secnews.physaphae.fr/article.php?IdArticle=8331854 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at]]> 2023-04-28T14:48:00+00:00 https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html www.secnews.physaphae.fr/article.php?IdArticle=8331831 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report]]> 2023-04-28T12:14:00+00:00 https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331811 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant\'s Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.]]> 2023-04-27T21:26:00+00:00 https://thehackernews.com/2023/04/google-gets-court-order-to-take-down.html www.secnews.physaphae.fr/article.php?IdArticle=8331645 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The]]> 2023-04-27T19:12:00+00:00 https://thehackernews.com/2023/04/paperbug-attack-new-politically.html www.secnews.physaphae.fr/article.php?IdArticle=8331587 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN\'s Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data]]> 2023-04-27T17:15:00+00:00 https://thehackernews.com/2023/04/limerat-malware-analysis-extracting.html www.secnews.physaphae.fr/article.php?IdArticle=8331552 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind RTM Locker have developed a ransomware strain that\'s capable of targeting Linux machines, marking the group\'s first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware\'s leaked source code," Uptycs said in a new report published Wednesday. "It uses a combination of ECDH on]]> 2023-04-27T15:45:00+00:00 https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8331525 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant\'s threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil]]> 2023-04-27T13:50:00+00:00 https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8331487 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That\'s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a]]> 2023-04-26T21:01:00+00:00 https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8331287 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that\'s capable of delivering other malware payloads onto a victim machine based on commands received]]> 2023-04-26T18:46:00+00:00 https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8331253 False Malware APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new]]> 2023-04-26T18:03:00+00:00 https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8331239 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.  In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and]]> 2023-04-26T17:16:00+00:00 https://thehackernews.com/2023/04/browser-security-survey-87-of-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8331227 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access]]> 2023-04-26T14:59:00+00:00 https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html www.secnews.physaphae.fr/article.php?IdArticle=8331201 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the]]> 2023-04-26T12:35:00+00:00 https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8331175 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it]]> 2023-04-25T18:56:00+00:00 https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8330957 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that\'s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt]]> 2023-04-25T18:34:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html www.secnews.physaphae.fr/article.php?IdArticle=8330923 False Threat APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of]]> 2023-04-25T17:23:00+00:00 https://thehackernews.com/2023/04/modernizing-vulnerability-management.html www.secnews.physaphae.fr/article.php?IdArticle=8330907 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it]]> 2023-04-25T16:57:00+00:00 https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html www.secnews.physaphae.fr/article.php?IdArticle=8330891 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google\'s cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that\'s "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment]]> 2023-04-25T16:09:00+00:00 https://thehackernews.com/2023/04/google-cloud-introduces-security-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8330892 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"]]> 2023-04-25T10:03:00+00:00 https://thehackernews.com/2023/04/google-authenticator-app-gets-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8330828 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris\'s endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government and]]> 2023-04-24T19:30:00+00:00 https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8330610 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that\'s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying]]> 2023-04-24T19:14:00+00:00 https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html www.secnews.physaphae.fr/article.php?IdArticle=8330611 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn\'t much of a surprise. The exponential growth in SaaS usage has security and]]> 2023-04-24T17:25:00+00:00 https://thehackernews.com/2023/04/study-84-of-companies-use-breached-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8330576 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that\'s then executed every time the posts are]]> 2023-04-24T17:11:00+00:00 https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8330577 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to]]> 2023-04-24T12:06:00+00:00 https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8330502 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01]]> 2023-04-24T11:35:00+00:00 https://thehackernews.com/2023/04/russian-hackers-suspected-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8330503 False Vulnerability,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the]]> 2023-04-22T12:16:00+00:00 https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8330173 False Hack,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control]]> 2023-04-22T11:30:00+00:00 https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html www.secnews.physaphae.fr/article.php?IdArticle=8330174 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack]]> 2023-04-21T18:56:00+00:00 https://thehackernews.com/2023/04/kubernetes-rbac-exploited-in-large.html www.secnews.physaphae.fr/article.php?IdArticle=8329960 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim\'s Google account. Israeli cybersecurity startup Astrix Security, which discovered and reported the issue to Google on June 19, 2022, dubbed the shortcoming GhostToken. The issue]]> 2023-04-21T17:43:00+00:00 https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329931 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first]]> 2023-04-21T17:20:00+00:00 https://thehackernews.com/2023/04/14-kubernetes-and-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8329932 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software]]> 2023-04-21T15:25:00+00:00 https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html www.secnews.physaphae.fr/article.php?IdArticle=8329907 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of]]> 2023-04-21T11:11:00+00:00 https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html www.secnews.physaphae.fr/article.php?IdArticle=8329856 False Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A chain of two critical flaws has been disclosed in Alibaba Cloud\'s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers\' PostgreSQL databases and the ability to perform a supply chain]]> 2023-04-20T19:23:00+00:00 https://thehackernews.com/2023/04/two-critical-flaws-found-in-alibaba.html www.secnews.physaphae.fr/article.php?IdArticle=8329705 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of the]]> 2023-04-20T17:26:00+00:00 https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html www.secnews.physaphae.fr/article.php?IdArticle=8329661 False Malware APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the]]> 2023-04-20T17:26:00+00:00 https://thehackernews.com/2023/04/beyond-traditional-security-ndrs.html www.secnews.physaphae.fr/article.php?IdArticle=8329660 False Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The]]> 2023-04-20T16:52:00+00:00 https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html www.secnews.physaphae.fr/article.php?IdArticle=8329643 False Ransomware,Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,]]> 2023-04-20T16:48:00+00:00 https://thehackernews.com/2023/04/chatgpts-data-protection-blind-spots.html www.secnews.physaphae.fr/article.php?IdArticle=8329644 False None ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from]]> 2023-04-20T15:56:00+00:00 https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html www.secnews.physaphae.fr/article.php?IdArticle=8329617 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory]]> 2023-04-20T15:41:00+00:00 https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html www.secnews.physaphae.fr/article.php?IdArticle=8329618 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Elite hackers associated with Russia\'s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google\'s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group\'s 2022 focus]]> 2023-04-19T21:11:00+00:00 https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329398 False Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also]]> 2023-04-19T20:45:00+00:00 https://thehackernews.com/2023/04/blind-eagle-cyber-espionage-group.html www.secnews.physaphae.fr/article.php?IdArticle=8329399 False None APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google\'s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "]]> 2023-04-19T19:17:00+00:00 https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8329359 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.]]> 2023-04-19T16:58:00+00:00 https://thehackernews.com/2023/04/pakistani-hackers-use-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8329331 False Malware,Tool,Threat APT 36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access]]> 2023-04-19T16:02:00+00:00 https://thehackernews.com/2023/04/uncovering-and-understanding-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8329310 False Cloud LastPass,LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims. The]]> 2023-04-19T15:00:00+00:00 https://thehackernews.com/2023/04/us-and-uk-warn-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329311 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. "This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align]]> 2023-04-19T12:12:00+00:00 https://thehackernews.com/2023/04/iranian-government-backed-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329272 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful exploitation of the bugs, which allow]]> 2023-04-19T10:23:00+00:00 https://thehackernews.com/2023/04/critical-flaws-in-vm2-javascript.html www.secnews.physaphae.fr/article.php?IdArticle=8329223 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that\'s used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report]]> 2023-04-18T19:15:00+00:00 https://thehackernews.com/2023/04/youtube-videos-distributing-aurora.html www.secnews.physaphae.fr/article.php?IdArticle=8328933 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in]]> 2023-04-18T17:57:00+00:00 https://thehackernews.com/2023/04/goldoson-android-malware-infects-over.html www.secnews.physaphae.fr/article.php?IdArticle=8328883 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics\' aspect and how XDR fits into the picture. Before we dive into the details, let\'s first break down the main components of DFIR and]]> 2023-04-18T17:01:00+00:00 https://thehackernews.com/2023/04/dfir-via-xdr-how-to-expedite-your.html www.secnews.physaphae.fr/article.php?IdArticle=8328868 False None None 3.0000000000000000