This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-29T04:47:14+00:00 www.secnews.physaphae.fr SecurityWeek - Security News 2022-05-13T13:26:53+00:00 https://www.securityweek.com/devocean-emerges-stealth-cloud-native-security-operations-platform www.secnews.physaphae.fr/article.php?IdArticle=4590972 False None APT 32 None SecurityWeek - Security News 2021-04-29T14:35:46+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ChohrSXNhAY/digitalocean-discloses-breach-involving-billing-information www.secnews.physaphae.fr/article.php?IdArticle=2714728 False Vulnerability APT 32 None SecurityWeek - Security News 2021-02-24T12:46:50+00:00 http://feedproxy.google.com/~r/Securityweek/~3/vz_bQiZcJU8/vietnamese-hackers-target-human-rights-defenders-amnesty www.secnews.physaphae.fr/article.php?IdArticle=2392196 False None APT 32 None SecurityWeek - Security News 2019-07-02T04:54:05+00:00 https://www.securityweek.com/researchers-analyze-vietnamese-hackers-suite-rats www.secnews.physaphae.fr/article.php?IdArticle=1182468 False Threat APT 32 None SecurityWeek - Security News 2018-10-18T12:03:00+00:00 https://www.securityweek.com/operation-oceansalt-reuses-code-chinese-group-apt1 www.secnews.physaphae.fr/article.php?IdArticle=853572 False None APT 32 None SecurityWeek - Security News A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques. ]]> 2018-04-05T15:23:03+00:00 https://www.securityweek.com/new-macos-backdoor-linked-cyber-espionage-group www.secnews.physaphae.fr/article.php?IdArticle=568102 False None APT 32 None SecurityWeek - Security News Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant. The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016. On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016. Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days). Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation. In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor. Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region. When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups. Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten). ]]> 2018-04-04T14:00:03+00:00 https://www.securityweek.com/breaches-increasingly-discovered-internally-mandiant www.secnews.physaphae.fr/article.php?IdArticle=565681 False Conference APT 35,APT 32,APT33,APT 33,APT 34 None SecurityWeek - Security News Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. Also known as Qarallax, Quaverse, QRAT, and Qontroller, Forcepoint explains that Qrypter]]> 2018-03-15T03:15:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/VR3MNokljaA/qrypter-rat-hits-hundreds-organizations-worldwide www.secnews.physaphae.fr/article.php?IdArticle=514801 False None APT 32 None SecurityWeek - Security News connected]]> 2018-03-15T03:01:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/aBLXMNe3-2k/new-%E2%80%9Chenbox%E2%80%9D-android-malware-discovered www.secnews.physaphae.fr/article.php?IdArticle=514802 False None APT 32 None SecurityWeek - Security News March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target system. The authentication provider, Microsoft explains, processes authentication requests for other applications, meaning that the vulnerability puts all applications that depend on CredSSP at risk. Preempt, which discovered the bug, explains]]> 2018-03-14T16:39:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ZyvlNR9ld1Y/microsoft-patches-remote-code-execution-flaw-credssp www.secnews.physaphae.fr/article.php?IdArticle=513563 True None APT 32 None SecurityWeek - Security News included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released Security Notes. SAP this month included 17 Support Package Notes in the Security Patch Day, for a total of 17 Security Notes, ERPScan (a company that specializes in securing Oracle and SAP applications) reports. 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month. The most severe of the Security Notes addresses three vulnerabilities in SAP Internet Graphics Server (IGS) and carries a High priority rating (CVSS Base Score: 8.8). The bugs include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remot]]> 2018-03-14T03:00:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/jJWOz5Y-uVE/sap-patches-decade-old-flaws-march-2018-patches www.secnews.physaphae.fr/article.php?IdArticle=512180 False None APT 32 None SecurityWeek - Security News has been targeting high-profile corporate and government organizations in Southeast Asia, particularly in Vietnam, the Philippines, Laos, and Cambodia. The group is well-resourced and determined and is known to be using custom-built malware in combination with techniques long known to be successful. One of the latest malware families used by the group is a fully-fledged backdoor that provides operators with remote access to compromised machines, along with the ability to manipulate files, registries, and processes, as well as the option to load additional components if needed. For distribution purposes, OceanLotus uses a two-stage attack that employs a dropper to gain initial foothold on the targeted system and prepare the stage for the backdoor, ESET explains in a new report (]]> 2018-03-13T17:58:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/KW_8x7927vI/oceanlotus-spies-use-new-backdoor-recent-attacks www.secnews.physaphae.fr/article.php?IdArticle=511124 False None APT 32 None SecurityWeek - Security News 2017-09-19T10:47:28+00:00 http://feedproxy.google.com/~r/Securityweek/~3/MTvQwjfBmF8/digitalocean-warns-vulnerability-affecting-cloud-users www.secnews.physaphae.fr/article.php?IdArticle=409628 False None APT 32 None SecurityWeek - Security News 2017-05-24T11:37:10+00:00 http://feedproxy.google.com/~r/Securityweek/~3/HWIBBzsHrbQ/how-apt32-hacked-global-asian-firm-persistence www.secnews.physaphae.fr/article.php?IdArticle=368108 False None APT 32 None