This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T10:15:46+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Dans un cas de repère qui brouille les frontières entre la guerre cyber et cinétique, Merck a atteint un règlement avec les assureurs de plus d'une réclamation de 1,4 milliard de dollars provenant de l'attaque de logiciels malveillante NotPetya.

---

>In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack. ]]> 2024-01-05T16:00:49+00:00 https://www.securityweek.com/merck-settles-notpetya-insurance-claim-leaving-cyberwar-definition-unresolved/ www.secnews.physaphae.fr/article.php?IdArticle=8435198 False Malware NotPetya 2.0000000000000000 SecurityWeek - Security News June 2017 “NotPetya” cyberattacks that had a massive impact on companies globally. ]]> 2022-04-26T21:17:48+00:00 https://www.securityweek.com/us-offers-10-million-reward-russian-intelligence-officers-behind-notpetya-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=4510426 False None NotPetya,NotPetya None SecurityWeek - Security News New Jersey court delivers summary judgment against insurance company's refusal to pay based on war exclusion clause ]]> 2022-01-24T20:05:48+00:00 https://www.securityweek.com/court-awards-merck-14b-insurance-claim-over-notpetya-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=4028677 False None NotPetya,NotPetya None SecurityWeek - Security News 2019-04-09T15:36:04+00:00 https://www.securityweek.com/get-ready-first-wave-ai-malware www.secnews.physaphae.fr/article.php?IdArticle=1091626 False Ransomware,Malware,Threat NotPetya,Wannacry None SecurityWeek - Security News 2018-10-11T12:01:05+00:00 https://www.securityweek.com/exaramel-malware-reinforces-link-between-industroyer-and-notpetya www.secnews.physaphae.fr/article.php?IdArticle=843059 False Malware NotPetya 3.0000000000000000 SecurityWeek - Security News 2018-08-27T17:07:03+00:00 https://www.securityweek.com/cyber-risk-business-risk-time-business-aligned-ciso www.secnews.physaphae.fr/article.php?IdArticle=783304 False Ransomware NotPetya,Equifax,Yahoo None SecurityWeek - Security News 2018-05-03T16:36:04+00:00 https://www.securityweek.com/commodity-ransomware-declines-corporate-attacks-increase www.secnews.physaphae.fr/article.php?IdArticle=631812 False None NotPetya,Wannacry None SecurityWeek - Security News 2018-04-13T16:10:02+00:00 https://www.securityweek.com/illumio-qualys-partner-vulnerability-based-micro-segmentation www.secnews.physaphae.fr/article.php?IdArticle=583923 False None NotPetya,Wannacry,Equifax None SecurityWeek - Security News not gone nearly far enough" in the cyber domain.  He also warned that the military still does not have clear authorities and rules of engagement for when and how it can conduct offensive cyber ops. "Cyberspace needs to be looked at as a warfighting domain, and if somebody threatens us in cyberspace, we need to have the authorities to respond," Hyten told lawmakers this week. Hyten's testimony comes after Admiral Michael Rogers, who heads both the NSA -- the leading US electronic eavesdropping agency -- and the new US Cyber Command, last month said President Donald Trump had no]]> 2018-03-26T14:12:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/x6GsIjhGTWw/pentagon-looks-counter-ever-stealthier-warfare www.secnews.physaphae.fr/article.php?IdArticle=542732 True Guideline NotPetya None SecurityWeek - Security News alert to Twitter. In a press conference held Thursday afternoon, mayor Keisha Bottoms announced that the breach had been ransomware. She gave no details of the ransomware demands, but noticeably declined to say whether the ransom would be payed or refused. Bottoms could not at this stage confirm whether personal details had also been stolen in the same breach, but suggested that customers and staff should monitor their credit accounts. Questions on the viability of data backups and the state of system patches were not clearly answered; but it was stressed that the city had adopted a 'cloud first' policy going forwards specifically to improve security and mitigate against future ransomware attacks. A city employee obtained and sent a screenshot of the ransom note to local radio station 11Alive. The screenshot shows a bitcoin demand for $6,800 per system, or $51,000 to unlock all systems. It is suggested that the ransom note is similar to ones used by the SamSam strain of ransomware. Steve Ragan subsequently tweeted, "1 local, 2 remote sources are telling me City of Atlanta was hit by SamSam. The wallet where the ransom is to be sent (if they pay) has collected $590,000 since Jan 27." SamSam ransomware infected two healthcare organizations earlier this year. SamSam is not normally introduced via a phishing attack, but rather following a pre-existing breach. This could explain the concern over data theft on top of the data encryption. It also raises the question over whether the initial breach was due to a security failure, an unpatched system, or via a third-party supplier. Ransomware is not a new threat, and there are mitigations -- but it continues to cause havoc. Official advice is, wherever at all possible, refuse to pay. The theory is if the attackers cease getting a return on their attacks, they will turn to something easier with a better ROI on their time. This approach simply isn't working. Sometimes payment can be avoided by recovering data from backups]]> 2018-03-23T19:45:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/IZwrWfXW7HU/ransomware-hits-city-atlanta www.secnews.physaphae.fr/article.php?IdArticle=537389 True None NotPetya,Wannacry None SecurityWeek - Security News sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the NotPetya attack and campaigns targeting energy firms. Shortly after, US-CERT updated an alert from the DHS and FBI to officially accuse the Russian government of being responsible for critical infrastructure attacks launched by a threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear. A warning issued last year by the UK's National Cyber Security Centre (NCSC) revealed that hackers had targeted the country's energy sector, abusing the Server Message Block (SMB) protocol and attempting to harvest victims' passwords. An investigation conducted by Cylance showed that the attacks were likely carried out by the Dragonfly group. The security firm has observed a series of phishing attacks aimed at the energy sector in the UK using two documents claiming to be resumes belonging to one Jacob Morrison. When opened, the documents fetched a template file and attempted to automatically authenticate to a remote SMB server controlled by the attackers. This template injection technique was detailed last year by Cisco Talos following Dragonfly attacks on critical infrastructure organizations in the United States. When a malicious document is opened using Microsoft Word, it loads a template file from the attacker's SMB server. When the targeted device connects to the SMB server, it will attempt to authenticate using the current Windows user's domain credentials, basically handing them over to the attackers. In a separate analysis of such attacks, Cylance noted that while the credentials will in most cases be encrypted, even an unsophisticated attacker will be able to recover them in a few hours or days, depending on their resources. According to Cylance, Dragonfly used this technique to harvest credentials that were later likely used to hack the systems of energy sector organizations in the United Kingdom. One interesting aspect noticed by Cylance researchers is that the IP address of the SMB server used in the template injection attack was associated with a major state-owned energy congl]]> 2018-03-19T13:51:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/L7ZoccaUHp8/russian-cyberspies-hacked-routers-energy-sector-attacks www.secnews.physaphae.fr/article.php?IdArticle=528748 True None NotPetya None SecurityWeek - Security News sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms. The Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert via US-CERT last year to warn about attacks launched by a group known as Dragonfly, Crouching Yeti and Energetic Bear on critical infrastructure. Researchers previously linked Dragonfly to the Russian government and now the DHS has officially stated the same. US-CERT has updated its alert with some additional information. The new version of the alert replaces “APT actors” with “Russian government cyber actors.” The DHS said that based on its analysis of malware and indicators of compromise, Dragonfly attacks are ongoing, with threat actors “actively pursuing their ultimate objectives over a long-term campaign.” This is not the first time the U.S. has imposed sanctions on Russia over its attempt to influence elections. Russia has also been accused by Washington and others of launching the NotPetya attack last year. The Kremlin has always denied the accusations, but President Vladimir Putin did admit at one point that patriotic hackers could be behind the attacks. If Dragonfly and Sofacy (aka Fancy Bear, APT28, Sednit, Tsar Team and Pawn Storm) are truly operating out of Russia, they don't seem to be discouraged by sanctions and accusations. On March 12 and March 14, security firm Palo Alto Networks spotted attacks launched by Sofacy against an unnamed European government agency using an updated variant of a known tool. Sofacy has been using a Flash Player exploit platform dubbed DealersChoice since at least 2016 and it has continued improving it. The latest version has been delivered to a government organization in Europe using a spear phishing email referencing the “Underwat]]> 2018-03-16T14:40:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/H_qjWOR2vLM/sofacy-targets-european-govt-us-accuses-russia-hacking www.secnews.physaphae.fr/article.php?IdArticle=519656 False None NotPetya,APT 28 None SecurityWeek - Security News 2018-03-15T13:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/8RsFfVHYkpw/microsoft-publishes-bi-annual-security-intelligence-report-sir www.secnews.physaphae.fr/article.php?IdArticle=516128 True None NotPetya,Wannacry None SecurityWeek - Security News fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we]]> 2018-03-13T15:50:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/oZrY8mCN0zo/usual-threats-more-sophisticated-and-faster-report www.secnews.physaphae.fr/article.php?IdArticle=510719 True None NotPetya,Equifax,APT 28 None SecurityWeek - Security News 2018-03-02T15:45:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/iVq-Rj9xBzs/nuance-estimates-notpetya-impact-90-million www.secnews.physaphae.fr/article.php?IdArticle=494829 False None NotPetya None SecurityWeek - Security News 2018-02-16T06:00:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/lfYSJkC-i6A/us-canada-australia-attribute-notpetya-attack-russia www.secnews.physaphae.fr/article.php?IdArticle=480840 False None NotPetya None SecurityWeek - Security News 2018-01-26T08:31:06+00:00 http://feedproxy.google.com/~r/Securityweek/~3/NmZ19bWqAHQ/maersk-reinstalled-50000-computers-after-notpetya-attack www.secnews.physaphae.fr/article.php?IdArticle=460411 False None NotPetya None SecurityWeek - Security News 2017-10-30T08:33:54+00:00 http://feedproxy.google.com/~r/Securityweek/~3/DhRduPclqXw/notpetya-attack-had-significant-impact-merck-revenue www.secnews.physaphae.fr/article.php?IdArticle=425072 False None NotPetya None SecurityWeek - Security News Bad Rabbit ransomware was set up months ago and an increasing amount of evidence links the malware to the NotPetya attack launched in late June, which some experts believe was the work of a Russian threat actor. ]]> 2017-10-26T09:36:43+00:00 http://feedproxy.google.com/~r/Securityweek/~3/WE2QXCtgJkM/bad-rabbit-attack-infrastructure-set-months-ago www.secnews.physaphae.fr/article.php?IdArticle=424165 False None NotPetya None SecurityWeek - Security News Bad Rabbit ransomware attack that hit Russia and Ukraine on Tuesday has been linked to the recent NotPetya outbreak, but the number of infections appears to be far smaller. ]]> 2017-10-25T09:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/_XRKgdT-ZgI/bad-rabbit-linked-notpetya-not-widespread www.secnews.physaphae.fr/article.php?IdArticle=423364 False None NotPetya None SecurityWeek - Security News costing companies millions of dollars. ]]> 2017-10-24T16:33:57+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4YFRJnWJlCo/bad-rabbit-ransomware-attack-hits-russia-ukraine www.secnews.physaphae.fr/article.php?IdArticle=422963 False None NotPetya None SecurityWeek - Security News 2017-08-17T14:50:12+00:00 http://feedproxy.google.com/~r/Securityweek/~3/NSug7xzPUVg/notpetya-attack-costs-big-companies-millions www.secnews.physaphae.fr/article.php?IdArticle=397826 False None NotPetya None SecurityWeek - Security News 2017-07-20T13:54:09+00:00 http://feedproxy.google.com/~r/Securityweek/~3/eCGvmlp1bRM/fedex-may-have-permanently-lost-data-encrypted-notpetya www.secnews.physaphae.fr/article.php?IdArticle=387281 False None FedEx,NotPetya None SecurityWeek - Security News NotPetya attack was able to access M.E.Doc's update server and use it for their nefarious purposes courtesy of stolen credentials, Cisco has discovered. ]]> 2017-07-06T15:43:15+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4oFE5nHjbo0/notpetya-operators-accessed-medoc-server-using-stolen-credentials-cisco www.secnews.physaphae.fr/article.php?IdArticle=381865 False None NotPetya None SecurityWeek - Security News 2017-07-06T15:26:48+00:00 http://feedproxy.google.com/~r/Securityweek/~3/LPLk8-MGfnc/notpetya-decryption-key-sale-genuine-or-curveball-charade www.secnews.physaphae.fr/article.php?IdArticle=381866 False None NotPetya None SecurityWeek - Security News The NotPetya wiper wasn't the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports. ]]> 2017-07-05T16:41:06+00:00 http://feedproxy.google.com/~r/Securityweek/~3/9I0kK4UoB-c/fake-wannacry-ransomware-uses-notpetyas-distribution-system www.secnews.physaphae.fr/article.php?IdArticle=381453 False None NotPetya,Wannacry None SecurityWeek - Security News NotPetya destructive wiper and injected into the legitimate resources of tax accounting software M.E.Doc earlier this year. ]]> 2017-07-05T13:06:00+00:00 http://feedproxy.google.com/~r/Securityweek/~3/tFcrzS4uDss/researchers-dissect-stealthy-backdoor-used-notpetya-operators www.secnews.physaphae.fr/article.php?IdArticle=381457 False None NotPetya None SecurityWeek - Security News devastating NotPetya attack might have been launched by the same threat group that previously used the Russia-linked BlackEnergy malware family in attacks against Ukraine, security researchers reveal. ]]> 2017-07-03T12:38:14+00:00 http://feedproxy.google.com/~r/Securityweek/~3/rdwfYPTxtOM/notpetya-connected-blackenergykilldisk-researchers www.secnews.physaphae.fr/article.php?IdArticle=380572 False None NotPetya None SecurityWeek - Security News WannaCry and NotPetya, Microsoft this week announced a new feature meant to keep users' data safe from ransomware and other type of malware. ]]> 2017-06-30T19:43:37+00:00 http://feedproxy.google.com/~r/Securityweek/~3/PLZk1MkxD2s/microsoft-tackles-ransomware-controlled-folder-access www.secnews.physaphae.fr/article.php?IdArticle=380292 False None NotPetya,Wannacry None SecurityWeek - Security News 2017-06-30T14:30:46+00:00 http://feedproxy.google.com/~r/Securityweek/~3/6LGEqSvUHzg/industry-reactions-destructive-notpetya-attacks-feedback-friday www.secnews.physaphae.fr/article.php?IdArticle=380297 False None NotPetya None SecurityWeek - Security News 2017-06-29T12:42:39+00:00 http://feedproxy.google.com/~r/Securityweek/~3/jhdBAuWL-wg/notpetya-destructive-wiper-disguised-ransomware www.secnews.physaphae.fr/article.php?IdArticle=379723 False None NotPetya None SecurityWeek - Security News WannaCry outbreak last month followed by the current 'NotPetya' outbreak -- both using a vulnerability patched in newer versions of Windows, but initially unpatched in XP -- highlights the problem. ]]> 2017-06-28T14:56:16+00:00 http://feedproxy.google.com/~r/Securityweek/~3/zsc4aKi7wjc/uks-metropolitan-police-still-using-10000-windows-xp-computers www.secnews.physaphae.fr/article.php?IdArticle=379386 False None NotPetya,Wannacry None SecurityWeek - Security News 2017-06-28T12:59:55+00:00 http://feedproxy.google.com/~r/Securityweek/~3/UoPmcmgZ-_A/petyanotpetya-what-we-know-first-24-hours www.secnews.physaphae.fr/article.php?IdArticle=379388 False None NotPetya None SecurityWeek - Security News 2017-06-27T15:14:15+00:00 http://feedproxy.google.com/~r/Securityweek/~3/8V8tJ_gdUkY/petya-ransomware-outbreak-hits-organizations-globally www.secnews.physaphae.fr/article.php?IdArticle=378996 False None NotPetya None