This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-09T02:52:56+00:00 www.secnews.physaphae.fr ProofPoint - Cyber Firms 2024-04-12T06:00:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/defeating-malicious-application-creation-attacks www.secnews.physaphae.fr/article.php?IdArticle=8480713 False Spam,Malware,Tool,Threat,Cloud APT 29 3.0000000000000000 ProofPoint - Cyber Firms Réponse cible> Réponse de l'acteur avec web.app URL> Redirection> zip> lnk> syncappvpublishingServer.vbs lolbas> PowerShell> mshta exécute HTA à partir de l'URL> PowerShell cryptée> Obfuscated PowerShell> Télécharger et exécuter l'exe exe Les campagnes de 2024 de TA576 \\ sont notables car il s'agit du premier point de preuve a observé que l'acteur livrant Parallax Rat.De plus, la chaîne d'attaque de l'acteur \\ à l'aide de techniques LOLBAS et de plusieurs scripts PowerShell est nettement différente des campagnes précédemment observées qui ont utilisé des URL pour zipper les charges utiles JavaScript ou des documents Microsoft Word en macro. Attribution TA576 est un acteur de menace cybercriminale.ProofPoint a suivi TA576 depuis 2018 via des techniques de création de courriels de spam, une utilisation des logiciels malveillants, des techniques de livraison de logiciels malveillants et d'autres caractéristiques.Cet acteur utilise des leurres d'impôt contenant des caractéristiques et des thèmes similaires pendant la saison fiscale américaine pour livrer et installer des rats.Les objectifs de suivi de Ta576 \\ sont inconnus.Bien que les secteurs les plus fréquemment observés ciblés incluent les entités comptables et financières, Proof Point a également observé le ciblage des industries connexes telles que le légal. Pourquoi est-ce important Les campagnes annuelles sur le thème de l'impôt de TA576 \\ servent de rappel récurrent que les acteurs des menaces de cybercri]]> 2024-01-30T05:00:16+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-tis-season-tax-hax www.secnews.physaphae.fr/article.php?IdArticle=8444774 False Spam,Malware,Threat,Prediction None 2.0000000000000000 ProofPoint - Cyber Firms 2024-01-23T15:29:37+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/more-one-quarter-global-2000-are-not-ready-upcoming-stringent-email www.secnews.physaphae.fr/article.php?IdArticle=8442630 False Spam,Tool,Threat,Cloud,Technical None 3.0000000000000000 ProofPoint - Cyber Firms PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.)  One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body.  Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability).  Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”.  Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server.  Attribution  There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers.  Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated.  Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors.  Why it matters  The following are notable characteristics of TA866\'s return to email threat data:  TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile ]]> 2024-01-18T05:00:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign www.secnews.physaphae.fr/article.php?IdArticle=8440209 False Spam,Malware,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2023-12-14T07:44:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/i-broke-my-phone-update-new-developments-conversational-attacks-mobile www.secnews.physaphae.fr/article.php?IdArticle=8422695 False Spam,Threat,Mobile,Prediction None 3.0000000000000000 ProofPoint - Cyber Firms Proofpoint has made more investments in our Aegis threat protection platform this year that can help support our federal agency customer]]> 2023-11-30T07:23:34+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/enhancements-federal-solutions www.secnews.physaphae.fr/article.php?IdArticle=8418095 False Ransomware,Spam,Malware,Vulnerability,Threat,Industrial,Cloud,Commercial None 2.0000000000000000 ProofPoint - Cyber Firms 2023-11-13T06:18:08+00:00 https://www.proofpoint.com/us/blog/engineering-insights/enabling-realtime-spam-signature-updates www.secnews.physaphae.fr/article.php?IdArticle=8411687 False Spam,Cloud,Technical None 3.0000000000000000 ProofPoint - Cyber Firms 2023-11-09T07:02:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/power-simplicity-elevating-your-security-experience www.secnews.physaphae.fr/article.php?IdArticle=8408572 False Ransomware,Spam,Tool,Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2023-10-30T07:40:00+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta571-delivers-icedid-forked-loader www.secnews.physaphae.fr/article.php?IdArticle=8402897 False Ransomware,Spam,Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2023-10-11T17:00:26+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements www.secnews.physaphae.fr/article.php?IdArticle=8394335 False Spam,Threat Yahoo 2.0000000000000000