This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-14T17:29:17+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Plate-forme de logiciels malveillants semi-ruisseaux errant autour des routeurs SOHO d'entreprise capables de récolter secrètement les données d'authentification du cloud public à partir du trafic Internet.

---

>Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic. ]]> 2024-05-01T14:33:31+00:00 https://www.securityweek.com/cuttlefish-malware-targets-routers-harvests-cloud-authentication-data/ www.secnews.physaphae.fr/article.php?IdArticle=8491900 False Malware,Cloud None 3.0000000000000000 SecurityWeek - Security News Une nouvelle campagne de logiciels malveillants a été observée ciblant les instances d'apache Hadoop, Confluence, Docker et Redis. .

---

>A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. ]]> 2024-03-06T15:50:14+00:00 https://www.securityweek.com/linux-malware-campaign-targets-misconfigured-cloud-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8459917 False Malware,Cloud None 2.0000000000000000 SecurityWeek - Security News Une campagne de rachat actif du cloud a eu un impact sur des dizaines d'environnements Azure et compromis des centaines de comptes d'utilisateurs

---

>An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts. ]]> 2024-02-12T15:06:28+00:00 https://www.securityweek.com/ongoing-azure-cloud-account-takeover-campaign-targeting-senior-personnel/ www.secnews.physaphae.fr/article.php?IdArticle=8449309 False Cloud None 3.0000000000000000 SecurityWeek - Security News Google héberge Capture the Flag (CTF).

---

>Google is hosting capture the flag (CTF) events focused on Chrome\'s V8 engine and on Kernel-based Virtual Machine (KVM). ]]> 2023-10-09T10:37:36+00:00 https://www.securityweek.com/google-expands-bug-bounty-program-with-chrome-cloud-ctf-events/ www.secnews.physaphae.fr/article.php?IdArticle=8393134 False Cloud None 2.0000000000000000 SecurityWeek - Security News Sysdig a amélioré son offre CNApp existante avec un graphique d'attaque cloud, une hiérarchisation des risques, une analyse du chemin d'attaque, un inventaire consultable et une numérisation complète sans agent.

---

>Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning. ]]> 2023-09-28T11:00:00+00:00 https://www.securityweek.com/sysdig-launches-realtime-attack-graph-for-cloud-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8389041 False Cloud None 2.0000000000000000 SecurityWeek - Security News Le fournisseur d'hébergement de cloud danois CloudNordic affirme que la plupart des clients ont perdu toutes les données après que les ransomwares ont arrêté tous ses systèmes et serveurs.

---

>Danish cloud hosting provider CloudNordic says most customers lost all data after ransomware shut down all its systems and servers. ]]> 2023-08-24T10:22:08+00:00 https://www.securityweek.com/hosting-provider-cloudnordic-loses-all-customer-data-in-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8374034 False Ransomware,Cloud None 3.0000000000000000 SecurityWeek - Security News Le CSRB du gouvernement américain \\ procédera à un examen de la sécurité du cloud pour fournir des recommandations sur l'amélioration de la gestion et de l'authentification de l'identité.

---

>The US government\'s CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication. ]]> 2023-08-14T13:52:34+00:00 https://www.securityweek.com/us-cyber-safety-board-to-review-cloud-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8369962 False Cloud None 2.0000000000000000 SecurityWeek - Security News Le chercheur à la sécurité du cloud avertit que la clé de signature de Microsoft volée était plus puissante et non limitée à Outlook.com et échange en ligne.

---

>Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. ]]> 2023-07-21T16:39:28+00:00 https://www.securityweek.com/microsoft-cloud-hack-exposed-more-than-exchange-outlook-emails/ www.secnews.physaphae.fr/article.php?IdArticle=8359802 False Hack,Cloud None 3.0000000000000000 SecurityWeek - Security News A SaaS ransomware attack against a company\'s Sharepoint Online was done without using a compromised endpoint. ]]> 2023-06-09T11:00:00+00:00 https://www.securityweek.com/saas-ransomware-attack-hit-sharepoint-online-without-using-a-compromised-endpoint/ www.secnews.physaphae.fr/article.php?IdArticle=8343655 False Ransomware,Cloud None 2.0000000000000000 SecurityWeek - Security News Toyota says improper cloud configurations exposed vehicle and customer information in Japan and overseas for years. ]]> 2023-06-01T13:31:54+00:00 https://www.securityweek.com/toyota-discloses-new-data-breach-involving-vehicle-customer-information/ www.secnews.physaphae.fr/article.php?IdArticle=8341226 False Data Breach,Cloud None 3.0000000000000000 SecurityWeek - Security News Une erreur de configuration Azure Active Directory (AAD) menant à Bing.com a obtenu les chercheurs WIZ a gagné une récompense de prime de bogue de 40 000 $.

---

>An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. ]]> 2023-03-30T11:42:24+00:00 https://www.securityweek.com/microsoft-cloud-vulnerability-led-to-bing-search-hijacking-exposure-of-office-365-data/ www.secnews.physaphae.fr/article.php?IdArticle=8323418 False Vulnerability,Cloud None 4.0000000000000000 SecurityWeek - Security News LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. ]]> 2023-02-27T20:40:16+00:00 https://www.securityweek.com/lastpass-says-devops-engineer-home-computer-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8313961 False Malware,Cloud LastPass 1.00000000000000000000 SecurityWeek - Security News New QNAP Systems bug bounty program covers vulnerabilities in applications, cloud services, and operating systems. ]]> 2023-02-27T11:49:41+00:00 https://www.securityweek.com/qnap-offering-20000-rewards-via-new-bug-bounty-program/ www.secnews.physaphae.fr/article.php?IdArticle=8313660 False Cloud None 3.0000000000000000 SecurityWeek - Security News 2021-11-30T12:24:19+00:00 https://www.securityweek.com/north-korean-hackers-use-new-chinotto-malware-target-windows-android-devices www.secnews.physaphae.fr/article.php?IdArticle=3727853 False Malware,Threat,Cloud APT 37 None SecurityWeek - Security News 2019-05-13T15:29:00+00:00 https://www.securityweek.com/north-korea-linked-scarcruft-adds-bluetooth-harvester-toolkit www.secnews.physaphae.fr/article.php?IdArticle=1106316 False Threat,Cloud APT 37 None SecurityWeek - Security News 2018-04-06T14:54:05+00:00 https://www.securityweek.com/researchers-link-new-android-backdoor-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=577113 False Cloud APT 37 None SecurityWeek - Security News A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity.  The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic]]> 2018-04-06T12:08:04+00:00 https://www.securityweek.com/new-strain-atm-jackpotting-malware-discovered www.secnews.physaphae.fr/article.php?IdArticle=570159 False Guideline,Cloud APT 37 None SecurityWeek - Security News Recorded Future's "Insikt" threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size was disputed. What was clear, however, was its potential for growth. In January 2018, the financial services sector in the Netherlands was hit by a number of DDoS attacks. Targets included ABN Amro, Rabobank and Ing; but at that time the source of the attack was unknown. Insikt researchers now report  that at least one these financial services attacks -- and possibly more -- was the first known use of IoTroop to deliver a DDoS attack. "IoTroop is a powerful internet of things (IoT) botnet," reports Insikt, "primarily comprised of compromised home routers, TVs, DVRs, and IP cameras exploiting vulnerabilities in products from major vendors including MikroTik, Ubiquity and GoAhead." The attack itself was not excessively high by modern standards. "The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gb/s," reports Insikt -- far short of the 1.7Tb/s attack that occurred in February. If the IoTroop assumption is correct, it is clear the botnet has evolved extensively since its discovery last year. Fortinet's SVP products and solutions reported last month, "the Reaper [IoTroop] exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available." Insikt reports that the malware can use at least a dozen vulnerabilities and can be updated by the attackers as new vulnerabilities are exposed. "Our analysis," it says, "shows the botnet involved in the first company attack was 80% comprised of compromised MikroTik routers with the remaining 20% composed of various IoT devices ranging from vulnerable Apache and IIS web servers to routers from Ubiquity, Cisco and ZyXEL. We also discovered Webcams, TVs and DVRs among the 20% of IoT devices, which included products from major vendors such as MikroTik, GoAhead, Ubiquity, Linksys, TP-Link and Dahua." This list adds new devices now vulnerable to IoTroop in addition to those noted in the original October 2017 research -- which suggests, says Insikt, "a widespread and rapidly evolving botnet that appears to be leveraging publicly disclosed vulnerabilities in many IoT devices." ]]> 2018-04-05T16:59:01+00:00 https://www.securityweek.com/financial-services-ddos-attacks-tied-reaper-botnet www.secnews.physaphae.fr/article.php?IdArticle=568368 False Cloud APT 37 None SecurityWeek - Security News Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos. ]]> 2018-04-03T18:30:03+00:00 https://www.securityweek.com/new-kevdroid-android-backdoor-discovered www.secnews.physaphae.fr/article.php?IdArticle=564075 False Guideline,Cloud APT 37 None SecurityWeek - Security News Bill No. 2/2018, referred to as “the Cybersecurity Bill.” Local infosec professionals consider it, overall, a good bill, covering exactly the topics one would expect to see from the Singaporean government. After a first draft, lively debate ensued during the public commentary period, and the government folded the best suggestions into its final bill. The administration of the statute will be completed by a Cybersecurity Commissioner. This person will define many of the finer points of policy, which have been purposely left out of the framework.  The bill comprises three main themes: 1. Critical Infrastructure. The Cybersecurity Bill defines the criteria by which the commissioner should identify critical infrastructure (sections 7–9). These include 11 groupings of “essential services,” including aviation, banking, and healthcare. Fun Fact #1: The Philippine government is working on a similar project, called the “National Cybersecurity Plan 2022”, and word is that they copied the groupings, in order, from the Singaporean version. Nothing wrong with that, though. The local cybersecurity community applauds the Singapore bill's requirements for bi-annual audits and regular penetration tests. That's just good policy, so it might as well be a law; after all, this is Singapore. 2. Incident Response. Sections 19–23 define the powers the commissioner has to investigate, prevent, and respond to cybersecurity incidents. Fun Fact #2: Of interest is that the bill allows the designation of temporary technical experts, who will be issued cards identifying themselves as such. Your reporter personally finds this pretty cool, and would be tickled to be a card-carrying Singaporean crime fighter (temporarily) someday. He imagines himself holding up a badge and saying, with authority, “Everyone calm down, I'm here to help.” 3. Cybersecurity Service Providers. Sections 24–35 describe the governance of so-called cybersecurity service providers-penetration testers and security operations centers (SOCs). Perhaps the most significant aspect of the bill is Fun Fact #3: Provid]]> 2018-03-21T11:29:00+00:00 http://feedproxy.google.com/~r/Securityweek/~3/WDFUJCCVTUY/5-fun-facts-about-2018-singapore-cybersecurity-statute www.secnews.physaphae.fr/article.php?IdArticle=533209 True Cloud APT 37 None SecurityWeek - Security News injecting malicious JavaScript into vulnerable websites, or delivering it via phishing campaigns. Simply browsing an infected site can enable attackers to hijack CPU cycles to perform cryptomining on behalf of a cybercriminal. While such attacks initially hijacked all available CPU, causing machines to become virtually unusable, new, more sophisticated attacks, now monitor device CPU and rate limit the amount of processing power they leverage, often using 50% or less of available processing power at any given moment in order to evade detection. Cryptojacking can result in everything from annoying side effects such browser hang-ups and system crashes, to degraded network performance, sophisticated data theft, and increasingly, even the delivery of ransomware. IoT Botnets  IoT-based botnets also continue to dominate the threat landscape. But unlike the first generation of IoT attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime simultaneously target multiple vulnerabilities, making them much harder to combat. Even worse, because many IoT manufacturers don't have a PSIRT team in place, many of these attacks target known IoT vulnerabilities for which no CVE has been named, which means there is little opportunity to even report vulnerabilities when they are discovered, let alone prepare for them. To complicate things further, the Reaper exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available.  Ransomware ]]> 2018-03-14T15:56:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/pVXSqpoZfuc/combatting-transformation-cybercrime www.secnews.physaphae.fr/article.php?IdArticle=513565 False Cloud APT 37 None SecurityWeek - Security News warned Tuesday, as it identified a Pyongyang-linked group as an "advanced persistent threat". ]]> 2018-02-21T15:20:05+00:00 http://feedproxy.google.com/~r/Securityweek/~3/QMJAPQcpioU/north-korea-cyber-threat-more-aggressive-china-us-firm www.secnews.physaphae.fr/article.php?IdArticle=487344 False Guideline,Cloud APT 37 None SecurityWeek - Security News Reaper ups the ante for IoT security. ]]> 2017-12-13T17:37:49+00:00 http://feedproxy.google.com/~r/Securityweek/~3/1CSmjFi03Wg/threat-modeling-internet-things-modeling-reaper www.secnews.physaphae.fr/article.php?IdArticle=449937 False Cloud APT 37 None SecurityWeek - Security News The Mirai-like "Reaper" botnet that began infecting Internet of Things (IoT) devices in late September has only ensnared up to 20,000 bots so far, according to estimates from Arbor Networks. ]]> 2017-10-30T12:55:31+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Ale8wQm96CM/researchers-downplay-size-reaper-iot-botnet www.secnews.physaphae.fr/article.php?IdArticle=425241 False Cloud APT 37 None