This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T15:19:20+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and]]> 2024-05-14T21:19:00+00:00 https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8499667 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically]]> 2024-05-14T19:21:00+00:00 https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html www.secnews.physaphae.fr/article.php?IdArticle=8499603 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user\'s email with junk and calling the user, offering assistance," Rapid7 researchers Tyler McGraw, Thomas Elkins, and]]> 2024-05-14T16:14:00+00:00 https://thehackernews.com/2024/05/ongoing-campaign-bombarded-enterprises.html www.secnews.physaphae.fr/article.php?IdArticle=8499504 False Spam,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT]]> 2024-05-13T15:42:00+00:00 https://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.html www.secnews.physaphae.fr/article.php?IdArticle=8498847 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall]]> 2024-05-11T12:59:00+00:00 https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8497683 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files," Kaspersky&]]> 2024-05-10T20:24:00+00:00 https://thehackernews.com/2024/05/north-korean-hackers-deploy-new-golang.html www.secnews.physaphae.fr/article.php?IdArticle=8497283 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you\'ll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will]]> 2024-05-10T18:22:00+00:00 https://thehackernews.com/2024/05/censysgpt-ai-powered-threat-hunting-for.html www.secnews.physaphae.fr/article.php?IdArticle=8497223 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program]]> 2024-05-10T15:53:00+00:00 https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html www.secnews.physaphae.fr/article.php?IdArticle=8497139 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users\' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The]]> 2024-05-10T15:51:00+00:00 https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html www.secnews.physaphae.fr/article.php?IdArticle=8497141 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained]]> 2024-05-10T13:11:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8497059 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim\'s network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has]]> 2024-05-09T23:25:00+00:00 https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8496733 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That\'s according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw,]]> 2024-05-09T16:34:00+00:00 https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html www.secnews.physaphae.fr/article.php?IdArticle=8496525 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next]]> 2024-05-09T11:41:00+00:00 https://thehackernews.com/2024/05/critical-f5-central-manager.html www.secnews.physaphae.fr/article.php?IdArticle=8496390 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user ]]> 2024-05-08T12:33:00+00:00 https://thehackernews.com/2024/05/hackers-exploiting-litespeed-cache-bug.html www.secnews.physaphae.fr/article.php?IdArticle=8495787 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE\'s Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day]]> 2024-05-07T18:25:00+00:00 https://thehackernews.com/2024/05/china-linked-hackers-used-rootrot.html www.secnews.physaphae.fr/article.php?IdArticle=8495242 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary]]> 2024-05-03T18:23:00+00:00 https://thehackernews.com/2024/05/expert-led-webinar-learn-latest-ddos.html www.secnews.physaphae.fr/article.php?IdArticle=8492990 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors\' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The]]> 2024-05-03T15:07:00+00:00 https://thehackernews.com/2024/05/nsa-fbi-alert-on-n-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8492888 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the]]> 2024-04-29T19:16:00+00:00 https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html www.secnews.physaphae.fr/article.php?IdArticle=8490672 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It comes as no surprise that today\'s cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many]]> 2024-04-29T16:24:00+00:00 https://thehackernews.com/2024/04/navigating-threat-landscape.html www.secnews.physaphae.fr/article.php?IdArticle=8490619 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security]]> 2024-04-29T16:20:00+00:00 https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8490673 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked]]> 2024-04-27T10:42:00+00:00 https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html www.secnews.physaphae.fr/article.php?IdArticle=8489428 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0. "This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as]]> 2024-04-26T11:19:00+00:00 https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html www.secnews.physaphae.fr/article.php?IdArticle=8488912 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino]]> 2024-04-25T22:17:00+00:00 https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html www.secnews.physaphae.fr/article.php?IdArticle=8488646 False Malware,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit]]> 2024-04-25T16:43:00+00:00 https://thehackernews.com/2024/04/network-threats-step-by-step-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8488507 False Tool,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "]]> 2024-04-25T11:20:00+00:00 https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html www.secnews.physaphae.fr/article.php?IdArticle=8488387 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed ]]> 2024-04-24T12:32:00+00:00 https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html www.secnews.physaphae.fr/article.php?IdArticle=8487847 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin]]> 2024-04-24T10:20:00+00:00 https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8487798 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&]]> 2024-04-23T19:30:00+00:00 https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html www.secnews.physaphae.fr/article.php?IdArticle=8487481 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc? We invite you to join us for an]]> 2024-04-23T16:58:00+00:00 https://thehackernews.com/2024/04/webinar-learn-proactive-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=8487390 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for]]> 2024-04-23T09:53:00+00:00 https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html www.secnews.physaphae.fr/article.php?IdArticle=8487211 False Malware,Tool,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in]]> 2024-04-22T20:41:00+00:00 https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8486890 False Tool,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance]]> 2024-04-22T16:35:00+00:00 https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html www.secnews.physaphae.fr/article.php?IdArticle=8486779 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to]]> 2024-04-22T15:52:00+00:00 https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html www.secnews.physaphae.fr/article.php?IdArticle=8486755 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said&]]> 2024-04-22T14:52:00+00:00 https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8486727 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.]]> 2024-04-20T10:48:00+00:00 https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8485660 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it]]> 2024-04-19T19:14:00+00:00 https://thehackernews.com/2024/04/blacktech-targets-tech-research-and-gov.html www.secnews.physaphae.fr/article.php?IdArticle=8485329 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S.,]]> 2024-04-19T16:31:00+00:00 https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html www.secnews.physaphae.fr/article.php?IdArticle=8485253 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to]]> 2024-04-18T16:01:00+00:00 https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html www.secnews.physaphae.fr/article.php?IdArticle=8484687 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That\'s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a]]> 2024-04-18T11:24:00+00:00 https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html www.secnews.physaphae.fr/article.php?IdArticle=8484537 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby]]> 2024-04-18T10:18:00+00:00 https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html www.secnews.physaphae.fr/article.php?IdArticle=8484514 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or]]> 2024-04-17T19:02:00+00:00 https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8484148 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a]]> 2024-04-17T16:27:00+00:00 https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html www.secnews.physaphae.fr/article.php?IdArticle=8484052 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new campaign that\'s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or]]> 2024-04-17T15:53:00+00:00 https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8484053 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside]]> 2024-04-16T19:09:00+00:00 https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html www.secnews.physaphae.fr/article.php?IdArticle=8483498 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat]]> 2024-04-15T18:59:00+00:00 https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html www.secnews.physaphae.fr/article.php?IdArticle=8482752 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed \'F_Warehouse,\' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team said in a report published last]]> 2024-04-15T14:34:00+00:00 https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8482613 False Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company\'s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of]]> 2024-04-13T13:55:00+00:00 https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html www.secnews.physaphae.fr/article.php?IdArticle=8481314 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater\'s methods remain constant," Deep]]> 2024-04-12T15:19:00+00:00 https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html www.secnews.physaphae.fr/article.php?IdArticle=8480647 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature]]> 2024-04-12T14:26:00+00:00 https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html www.secnews.physaphae.fr/article.php?IdArticle=8480648 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to]]> 2024-04-11T17:02:00+00:00 https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html www.secnews.physaphae.fr/article.php?IdArticle=8479962 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted]]> 2024-04-11T12:14:00+00:00 https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html www.secnews.physaphae.fr/article.php?IdArticle=8479812 False Tool,Threat,Commercial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It\'s tracking the group behind the operation under the]]> 2024-04-10T19:54:00+00:00 https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8479379 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are now taking advantage of GitHub\'s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that\'s designed to download next-stage payloads from a remote URL,]]> 2024-04-10T18:08:00+00:00 https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html www.secnews.physaphae.fr/article.php?IdArticle=8479340 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and]]> 2024-04-10T14:56:00+00:00 https://thehackernews.com/2024/04/researchers-uncover-first-native.html www.secnews.physaphae.fr/article.php?IdArticle=8479247 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers]]> 2024-04-10T14:32:00+00:00 https://thehackernews.com/2024/04/webinar-learn-how-to-stop-hackers-from.html www.secnews.physaphae.fr/article.php?IdArticle=8479216 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation]]> 2024-04-09T19:31:00+00:00 https://thehackernews.com/2024/04/10-year-old-rubycarp-romanian-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8478745 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with]]> 2024-04-09T19:15:00+00:00 https://thehackernews.com/2024/04/hackers-targeting-human-rights.html www.secnews.physaphae.fr/article.php?IdArticle=8478746 False Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in]]> 2024-04-09T11:16:00+00:00 https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html www.secnews.physaphae.fr/article.php?IdArticle=8478517 False Malware,Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it\'s designed to retrieve]]> 2024-04-08T16:59:00+00:00 https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8478076 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of]]> 2024-04-06T15:13:00+00:00 https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=8477009 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers\' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems,]]> 2024-04-05T19:38:00+00:00 https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8476537 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud]]> 2024-04-05T12:45:00+00:00 https://thehackernews.com/2024/04/researchers-identify-multiple-china.html www.secnews.physaphae.fr/article.php?IdArticle=8476377 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia,]]> 2024-04-04T21:12:00+00:00 https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html www.secnews.physaphae.fr/article.php?IdArticle=8476000 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the []]> 2024-04-03T21:40:00+00:00 https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8475338 False Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to]]> 2024-04-02T16:30:00+00:00 https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html www.secnews.physaphae.fr/article.php?IdArticle=8474613 False Malware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and]]> 2024-04-02T10:24:00+00:00 https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html www.secnews.physaphae.fr/article.php?IdArticle=8474426 False Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN\'s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user\'s device into a proxy node without their knowledge.]]> 2024-04-01T15:40:00+00:00 https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html www.secnews.physaphae.fr/article.php?IdArticle=8473977 False Threat,Mobile Satori 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims\' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One]]> 2024-03-30T12:46:00+00:00 https://thehackernews.com/2024/03/hackers-target-macos-users-with.html www.secnews.physaphae.fr/article.php?IdArticle=8472978 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security vulnerabilities discovered in Dormakaba\'s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based]]> 2024-03-29T20:24:00+00:00 https://thehackernews.com/2024/03/dormakaba-locks-used-in-millions-of.html www.secnews.physaphae.fr/article.php?IdArticle=8472611 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter]]> 2024-03-27T20:54:00+00:00 https://thehackernews.com/2024/03/hackers-target-indian-defense-and.html www.secnews.physaphae.fr/article.php?IdArticle=8471481 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users\' systems and carry out malicious actions.  "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user\'s knowledge," Guardio]]> 2024-03-27T18:24:00+00:00 https://thehackernews.com/2024/03/microsoft-edge-bug-could-have-allowed.html www.secnews.physaphae.fr/article.php?IdArticle=8471360 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies\' computing power and leak sensitive data," Oligo Security researchers Avi]]> 2024-03-27T16:09:00+00:00 https://thehackernews.com/2024/03/critical-unpatched-ray-ai-platform.html www.secnews.physaphae.fr/article.php?IdArticle=8471301 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar as well as]]> 2024-03-27T09:50:00+00:00 https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8471179 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have identified a suspicious package in the NuGet package manager that\'s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded ]]> 2024-03-26T22:24:00+00:00 https://thehackernews.com/2024/03/malicious-nuget-package-linked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8470884 False Tool,Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom]]> 2024-03-25T17:28:00+00:00 https://thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html www.secnews.physaphae.fr/article.php?IdArticle=8470152 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In January 2024, Microsoft discovered they\'d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn\'t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of]]> 2024-03-25T17:07:00+00:00 https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html www.secnews.physaphae.fr/article.php?IdArticle=8470153 False Hack,Vulnerability,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera. The activity, which took place from March 7 through the week of March 11, targeted Israeli entities spanning global manufacturing, technology, and]]> 2024-03-25T13:07:00+00:00 https://thehackernews.com/2024/03/iran-linked-muddywater-deploys-atera.html www.secnews.physaphae.fr/article.php?IdArticle=8470039 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe. According]]> 2024-03-24T11:08:00+00:00 https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html www.secnews.physaphae.fr/article.php?IdArticle=8469454 False Malware,Threat APT 43 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a "former]]> 2024-03-22T16:58:00+00:00 https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8468470 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour\'s expanded capabilities would enable it to better]]> 2024-03-22T08:36:00+00:00 https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html www.secnews.physaphae.fr/article.php?IdArticle=8468270 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco]]> 2024-03-21T21:33:00+00:00 https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html www.secnews.physaphae.fr/article.php?IdArticle=8468001 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code. "It\'s an actual threat since]]> 2024-03-21T19:56:00+00:00 https://thehackernews.com/2024/03/over-800-npm-packages-found-with.html www.secnews.physaphae.fr/article.php?IdArticle=8467951 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP]]> 2024-03-21T18:18:00+00:00 https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html www.secnews.physaphae.fr/article.php?IdArticle=8467923 False Malware,Tool,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance]]> 2024-03-21T09:25:00+00:00 https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8467691 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative]]> 2024-03-20T16:56:00+00:00 https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html www.secnews.physaphae.fr/article.php?IdArticle=8467287 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends. "Hosting phishing lures on DDP sites increases the likelihood]]> 2024-03-19T16:02:00+00:00 https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html www.secnews.physaphae.fr/article.php?IdArticle=8466609 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs]]> 2024-03-18T18:05:00+00:00 https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html www.secnews.physaphae.fr/article.php?IdArticle=8466033 False Malware,Threat,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated]]> 2024-03-18T11:29:00+00:00 https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8465853 False Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users\' consent]]> 2024-03-15T17:04:00+00:00 https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html www.secnews.physaphae.fr/article.php?IdArticle=8464322 False Threat ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit]]> 2024-03-14T17:29:00+00:00 https://thehackernews.com/2024/03/researchers-detail-kubernetes.html www.secnews.physaphae.fr/article.php?IdArticle=8463772 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor&]]> 2024-03-14T12:47:00+00:00 https://thehackernews.com/2024/03/ande-loader-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8463656 False Malware,Threat APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass]]> 2024-03-14T10:27:00+00:00 https://thehackernews.com/2024/03/darkgate-malware-exploits-recently.html www.secnews.physaphae.fr/article.php?IdArticle=8463587 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app\'s icon from the home screen of the victim\'s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance]]> 2024-03-13T19:25:00+00:00 https://thehackernews.com/2024/03/pixpirate-android-banking-trojan-using.html www.secnews.physaphae.fr/article.php?IdArticle=8463199 False Threat,Mobile,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from]]> 2024-03-12T17:43:00+00:00 https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html www.secnews.physaphae.fr/article.php?IdArticle=8462621 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you\'d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a Continuous Threat Exposure]]> 2024-03-12T16:37:00+00:00 https://thehackernews.com/2024/03/ctem-101-go-beyond-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8462597 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of]]> 2024-03-11T15:23:00+00:00 https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8462076 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It]]> 2024-03-11T11:58:00+00:00 https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html www.secnews.physaphae.fr/article.php?IdArticle=8461989 False Vulnerability,Threat,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin\'s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting]]> 2024-03-11T11:29:00+00:00 https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html www.secnews.physaphae.fr/article.php?IdArticle=8461990 False Malware,Vulnerability,Threat None 2.0000000000000000