This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T10:19:49+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-02-02T01:00:00+00:00 https://www.csoonline.com/article/3686580/apt-groups-use-ransomware-ttps-as-cover-for-intelligence-gathering-and-sabotage.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8306508 False Ransomware,Threat,Medical APT 38 2.0000000000000000 CSO - CSO Daily Dashboard CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here]]> 2022-10-05T12:15:00+00:00 https://www.csoonline.com/article/3675948/north-korea-s-lazarus-group-uses-vulnerable-dell-driver-to-blind-security-solutions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7310080 False Tool,Vulnerability APT 38 None CSO - CSO Daily Dashboard remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack.Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications. Since the Trojan doesn't have a GUI, researchers from Cisco Talos believe the reason for using Qt was to make detection harder.To read this article in full, please click here]]> 2022-09-08T14:14:00+00:00 https://www.csoonline.com/article/3673094/north-korean-state-sponsored-hacker-group-lazarus-adds-new-rat-to-its-malware-toolset.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6790810 False Malware,Threat APT 38 None CSO - CSO Daily Dashboard ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.To read this article in full, please click here]]> 2022-08-24T12:34:00+00:00 https://www.csoonline.com/article/3227906/wannacry-explained-a-perfect-ransomware-storm.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6506640 False Ransomware,Vulnerability,Medical APT 38,Wannacry,Wannacry None CSO - CSO Daily Dashboard NETSCOUT's 2H 2021 Threat Report. Why target VoIP providers? The short answer is financial gain. Attackers know bringing down VoIP providers that service a large number of customers causes a lot of pain and therefore is ripe for extortion.Cyber attackers launched three worldwide distributed denial-of-service (DDoS) extortion attack campaigns in 2021 – a startling new achievement carried out by a REvil copycat, Lazarus Bear Armada (LBA), and Fancy Lazarus. But threat actors did more than simply increase such global attacks.To read this article in full, please click here]]> 2022-05-17T08:44:00+00:00 https://www.csoonline.com/article/3660514/ddos-extortion-takes-voip-providers-offline.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4668820 False Threat APT 38 None CSO - CSO Daily Dashboard worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10.]]> 2018-11-06T08:56:00+00:00 https://www.csoonline.com/article/3319116/malware/worst-malware-and-threat-actors-of-2018-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=883049 False Malware,Threat,Medical APT 38 None