www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-03T02:14:31+00:00 www.secnews.physaphae.fr Wired Threat Level - Security News Mysterous Hack a détruit 600 000 routeurs Internet Mysterious Hack Destroyed 600,000 Internet Routers Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more.]]> 2024-06-01T10:30:00+00:00 https://www.wired.com/story/mysterious-hack-600000-routers-destroyed/ www.secnews.physaphae.fr/article.php?IdArticle=8511153 False Hack None None Intigrity - Blog Cinq façons faciles de pirater des cibles GraphQL Five easy ways to hack GraphQL targets GraphQL est un langage de requête largement utilisé qui offre aux développeurs la possibilité de demander facilement les données.Contrairement à une API REST, les développeurs peuvent envoyer un schéma dans une seule demande HTTP et récupérer toutes les données nécessaires.C'est un langage de requête génial qui peut aider à simplifier plusieurs aspects pendant le développement du Web [& # 8230;]

>GraphQL is a widely used query language that provides developers with the ability to query data easily. Unlike via a REST API, developers can send a schema in a single HTTP request and retrieve back all the necessary data. It’s an awesome query language that can help simplify several aspects during the development of web […] ]]> 2024-05-31T16:10:39+00:00 https://blog.intigriti.com/2024/05/31/five-easy-ways-to-hack-graphql-targets/ www.secnews.physaphae.fr/article.php?IdArticle=8510703 False Hack None None RiskIQ - cyber risk firms (now microsoft) Faits saillants hebdomadaires, 28 mai 2024 Weekly OSINT Highlights, 28 May 2024 2024-05-28T17:37:40+00:00 https://community.riskiq.com/article/eb5e10a2 www.secnews.physaphae.fr/article.php?IdArticle=8508725 False Ransomware,Malware,Hack,Tool,Threat APT 34 3.0000000000000000 SecurityWeek - Security News Vérifier les VPN des points ciblés pour pirater les réseaux d'entreprise Check Point VPNs Targeted to Hack Enterprise Networks Le point de contrôle est averti les clients que les acteurs de la menace ciblent les instances de VPN sans sécurité pour l'accès initial aux réseaux d'entreprise.

>Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks. ]]> 2024-05-28T08:57:31+00:00 https://www.securityweek.com/check-point-vpn-targeted-for-initial-access-in-enterprise-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8508733 False Hack,Threat None 4.0000000000000000 ZD Net - Magazine Info La SEC gifle la société mère de Nyse \\ avec une amende de 10 millions de dollars pour ne pas signaler immédiatement un piratage The SEC slaps NYSE\\'s parent company with a $10M fine for not immediately reporting a hack Intercontinental Exchange failed to notify nine of its subsidiaries about a VPN breach, sitting on the information for days.]]> 2024-05-23T19:27:00+00:00 https://www.zdnet.com/article/the-sec-slaps-nyses-parent-company-with-a-10m-fine-for-not-immediately-reporting-a-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8505675 False Hack None 3.0000000000000000 TroyHunt - Blog Security Teslas peut toujours être volé avec un hack radio bon marché malgré une nouvelle technologie sans clé Teslas can still be stolen with a cheap radio hack despite new keyless tech Tesla owners should enable PIN-to-drive protection to thwart relay attacks.]]> 2024-05-23T14:24:10+00:00 https://arstechnica.com/?p=2026474 www.secnews.physaphae.fr/article.php?IdArticle=8505501 False Hack,Industrial None 4.0000000000000000 Intigrity - Blog Triage: le hack pas si secret aux programmes de primes de bogues percutants Triage: The not-so-secret hack to impactful bug bounty programs Au cœur de chaque plate-forme de prime de bogue florissante se trouve son équipe de triage.Ces équipes évaluent les rapports de vulnérabilité, décidant de l'escalade et de la hiérarchisation.De plus, ils s'assurent que toutes les informations vitales atteignent rapidement les personnes concernées.Pensez à l'opérateur à qui vous parlez lorsque vous appelez les services d'urgence - c'est un rôle essentiel, mais se trouve souvent tranquillement derrière le [& # 8230;]

>At the core of every thriving bug bounty platform lies its triage team. These teams evaluate vulnerability reports, deciding on escalation and prioritization. Moreover, they ensure all the vital information reaches the relevant people promptly. Think about the operator you’d speak to when calling emergency services-it\'s an essential role yet often sits quietly behind the […] ]]> 2024-05-23T13:29:42+00:00 https://blog.intigriti.com/2024/05/23/triage-the-not-so-secret-hack-to-impactful-bug-bounty-programs/ www.secnews.physaphae.fr/article.php?IdArticle=8505462 False Hack,Vulnerability None 3.0000000000000000 SecurityWeek - Security News VMware a maltraité dans le récent hack à mitre pour la persistance, l'évasion VMware Abused in Recent MITRE Hack for Persistence, Evasion Mitre a partagé des informations sur la façon dont les pirates liés à la Chine ont abusé de VMware pour la persistance et l'évasion de détection dans le récent hack.

>MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack. ]]> 2024-05-23T13:22:14+00:00 https://www.securityweek.com/vmware-abused-in-recent-mitre-hack-for-persistence-evasion/ www.secnews.physaphae.fr/article.php?IdArticle=8505504 False Hack None 2.0000000000000000 SecurityWeek - Security News L'opérateur NYSE InterContinental Exchange obtient 10 millions de dollars amende sur 2021 Hack NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack Intercontinental Exchange, la société qui exploite NYSE et d'autres bourses, a accepté de payer une amende de 10 millions de dollars liée à un hack 2021.

>Intercontinental Exchange, the company that operates NYSE and other exchanges, has agreed to pay a $10 million fine related to a 2021 hack. ]]> 2024-05-23T10:11:59+00:00 https://www.securityweek.com/nyse-operator-intercontinental-exchange-gets-10m-sec-fine-over-2021-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8505401 False Hack None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Le groupe Ikaruz Red Team Hacktivist exploite le ransomware pour l'attention et non le profit Ikaruz Red Team Hacktivist Group Leverages Ransomware for Attention Not Profit #### Targeted Geolocations - Philippines ## Snapshot Ikaruz Red Team, a hacktivist group, has been observed leveraging leaked ransomware builders to conduct attacks against Philippine targets. ## Description The group has been actively distributing modified LockBit 3 ransomware payloads and advertising data leaks from a variety of organizations in the Philippines. The group\'s ransom notes use the original LockBit template almost entirely intact with the exception of the top line, where the LockBit ransomware name is replaced by \'Ikaruz Red Team\'. The group has co-opted imagery and branding developed by the Philippine\'s Department of Information and Communications Technology (DICT) and CERT-PH as part of a Hack4Gov challenge. Ikaruz Red Team is neither a participant in nor affiliated with the official HACK4GOV challenges in any way. The group claims affiliation or alignment with other hacktivist groups, in particular Anka Red Team, Anka Underground Team, and Turk Hack Team. Politically-motivated attacks targeting the Philippines have been on the rise, especially in the last year. Individual actors like Ikaruz Red Team aligning themselves with previously known groups such as Turk Hack Team and PHEDS are becoming increasingly destructive in their actions. ## References ["Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit"](https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/) SentinelOne (Accessed 2024-05-22)]]> 2024-05-22T19:32:35+00:00 https://community.riskiq.com/article/624f5ce1 www.secnews.physaphae.fr/article.php?IdArticle=8504993 False Ransomware,Hack None 3.0000000000000000 ProofPoint - Firm Security Un Microsoft attaqué par le gouvernement et les rivaux technologiques après \\ 'empêchant \\' pirater la rémunération des cadres aux cyberthères A Microsoft under attack from government and tech rivals after \\'preventable\\' hack ties executive pay to cyberthreats 2024-05-22T14:31:29+00:00 https://www.proofpoint.com/us/newsroom/news/microsoft-under-attack-government-and-tech-rivals-after-preventable-hack-ties www.secnews.physaphae.fr/article.php?IdArticle=8506460 False Hack None 2.0000000000000000 Korben - Bloger francais Créez vos niveaux Super Mario 64 avec Mario Builder 64 2024-05-20T06:02:08+00:00 https://korben.info/creez-vos-niveaux-super-mario-64-avec-mario-builder-64.html www.secnews.physaphae.fr/article.php?IdArticle=8503208 False Hack None 3.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: Hack Mediseecure, Spanded Spider ciblé par le FBI, une nouvelle attaque Wi-Fi In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack Des histoires remarquables qui auraient pu glisser sous le radar: le FBI cible Sporsed Spider, une nouvelle attaque Wi-Fi d'Australie \\.

>Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia\'s MediSecure hacked, new Wi-Fi attack. ]]> 2024-05-17T14:22:54+00:00 https://www.securityweek.com/in-other-news-medisecure-hack-scattered-spider-targeted-by-fbi-new-wi-fi-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8501706 False Hack None 2.0000000000000000 SecurityWeek - Security News New \\ 'Antidot \\' Android Trojan permet aux cybercriminels de pirater des appareils, de voler des données New \\'Antidot\\' Android Trojan Allows Cybercriminals to Hack Devices, Steal Data The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages. ]]> 2024-05-17T10:57:44+00:00 https://www.securityweek.com/new-antidot-android-trojan-allows-cybercriminals-to-hack-devices-steal-data/ www.secnews.physaphae.fr/article.php?IdArticle=8501585 False Hack,Mobile None 2.0000000000000000 Zataz - Magazine Francais de secu Fuite de données chez Pôle Emploi : une décision de justice révèle les dessous du hack ! 2024-05-16T10:35:19+00:00 https://www.zataz.com/fuite-de-donnees-chez-pole-emploi-une-decision-de-justice-revele-les-dessous-du-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8500867 False Hack None 4.0000000000000000 Recorded Future - FLux Recorded Future Hack du gouvernement canadien provincial soupçonné d'être parrainé par l'État \\ ' Hack of provincial Canadian government suspected to be \\'state-sponsored\\' 2024-05-13T11:32:10+00:00 https://therecord.media/british-columbia-government-hack-state-sponsored www.secnews.physaphae.fr/article.php?IdArticle=8498872 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain Le hack post-millénaire a divulgué des données ayant un impact sur 26 millions de personnes The Post Millennial hack leaked data impacting 26 million people Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. [...]]]> 2024-05-11T11:17:34+00:00 https://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/ www.secnews.physaphae.fr/article.php?IdArticle=8498955 False Hack None 3.0000000000000000 Wired Threat Level - Security News Microsoft déploie une AI générative pour nous espions Microsoft Deploys Generative AI for US Spies Plus: China is suspected in a hack targeting the UK\'s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers.]]> 2024-05-11T10:30:00+00:00 https://www.wired.com/story/microsoft-gpt-4-us-spies-security-roundup/ www.secnews.physaphae.fr/article.php?IdArticle=8497751 False Data Breach,Hack None 3.0000000000000000 Techworm - News Dell Data Breach: 49 millions de clients ont atteint, les données mises en vente Dell Data Breach: 49 Million Customers Hit, Data Put on Sale dell Spécifiez un calendrier pour la violation, mais un post repéré par web quotidien sombre sur les forums de violation révèle qu'il s'agissait d'un long hack. Le Post mentionne que les données ont été volées à Dell entre 2017 et 2024. Sept ans, c'est beaucoup de temps et de négligence massive par Dell parce qu'ils ne pourraient pas identifier la violation. Dell Hasn a confirmé ouvertement la durée de la violation ou si la publication sur les forums de violation vend les mêmes données qu'il informe ses utilisateurs. . Les e-mails reçus par Dell & # 8217; s les clients se lisent, & # 8220; Nous enquêtons actuellement sur un incident impliquant un portail Dell, qui contient une base de données avec des types limités d'informations clients liées aux achats de Dell. & # 8221; Détails de données volées Voici une liste des catégories de données que Dell prétend avoir été volées dans cette violation: Nom Adresse physique Informations sur le matériel et la commande Dell, y compris la balise de service, la description de l'article, la date de commande et les informations de garantie connexes Dell a rassuré les utilisateurs qu'aucune information sensible, telle que les informations financières ou de paiement, les adresses e-mail ou les numéros de téléphone, n'a été volée.Jusqu'à présent, les pirates ont des informations de base sur les appareils vendus et les noms des personnes qui les ont achetées. En outre, la société a informé qu'ils travaillaient avec les enquêteurs des forces de l'ordre et des légissiques pour trouver les coupables. Que devez-vous faire? Vous pouvez être parmi les utilisateurs affectés si vous avez un compte Dell et que vous avez acheté quelque chose en l'utilisant. Modifiez votre mot de passe comme mesure de précaution.Méfiez-vous des escroqueries de phishing qui prétendent être Dell et vous attirez pour partager les informations d'identification de votre compte. À ce stade, vous pouvez croire que Dell travaille à renforcer sa sécurité, mais si le poste sur le forum de violation est correct, ignorer une violation qui se passe depuis sept ans est inacceptable.

Dell made a surprising revelation about a data breach that impacted millions of its customers. The tech giant is sending emails to inform the users about the breach, its severity, and the measures it takes to fix the issue. The data breach of 49 million customers is not something you brush under the carpet. The breach has been going on for almost seven years now and the Texas Tech giant has finally acknowledged it. When Did the Breach Occur? Dell doesn’t specify a timeline for the breach, but a post spotted by ]]> 2024-05-10T16:38:42+00:00 https://www.techworm.net/2024/05/dell-customer-data-breached-put-on-sale.html www.secnews.physaphae.fr/article.php?IdArticle=8497274 False Data Breach,Hack,Legislation None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Nouvelle attaque contre la voiture autonome AI New Attack Against Self-Driving Car AI Ignore des panneaux routiers : En raison de la façon dont les caméras CMOS fonctionnent, le changement rapide de la lumière des diodes clignotants rapides peut être utilisé pour varier la couleur.Par exemple, la nuance de rouge sur un panneau d'arrêt peut être différente sur chaque ligne en fonction du temps entre le flash de diode et la capture de ligne. Le résultat est que la caméra capturant une image pleine de lignes qui ne correspondent pas tout à fait.Les informations sont recadrées et envoyées au classificateur, généralement basées sur des réseaux de neurones profonds, pour l'interprétation.Parce qu'il ne correspond pas aux lignes qui ne correspondent pas, le classificateur ne reconnaît pas l'image comme un panneau de trafic ...

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture. The result is the camera capturing an image full of lines that don’t quite match each other. The information is cropped and sent to the classifier, usually based on deep neural networks, for interpretation. Because it’s full of lines that don’t match, the classifier doesn’t recognize the image as a traffic sign...]]> 2024-05-10T16:01:00+00:00 https://www.schneier.com/blog/archives/2024/05/new-attack-against-self-driving-car-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8497280 False Hack None 3.0000000000000000 SecurityWeek - Security News Le géant des soins de santé Ascension piratée, les hôpitaux détournant les services d'urgence Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service L'un des plus grands systèmes de santé aux États-Unis est de se précipiter pour contenir un hack qui provoque des perturbations et des «procédures de temps d'arrêt» dans les hôpitaux du pays.

>One of the largest healthcare systems in the United States is scrambling to contain a hack that\'s causing disruption and “downtime procedures” at hospitals around the country. ]]> 2024-05-10T13:33:33+00:00 https://www.securityweek.com/healthcare-giant-ascension-hacked-hospitals-diverting-emergency-service/ www.secnews.physaphae.fr/article.php?IdArticle=8497253 False Hack,Medical None 3.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: violation du Parlement européen, Docgo Hack, VMware Advisoires déplacés In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved Des histoires remarquables qui auraient pu glisser sous le radar: une application européenne du Parlement violée, Docgo piraté, les avis de VMware ont déménagé à Broadcom Portal.

>Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal. ]]> 2024-05-10T12:02:40+00:00 https://www.securityweek.com/in-other-news-european-parliament-breach-docgo-hack-vmware-advisories-moved/ www.secnews.physaphae.fr/article.php?IdArticle=8497196 False Hack None 3.0000000000000000 Zimperium - cyber risk firms for mobile Pourquoi la protection des appareils du personnel du secteur public est essentiel Why Protecting Public Sector Personnel\\'s Devices is Essential The recent hack of Senator Lindsey Graham\'s phone offers a critical case study, revealing how smishing attacks can successfully compromise personal devices with alarming consequences. ]]> 2024-05-08T23:16:03+00:00 https://www.zimperium.com/blog/white-box-cryptography-the-key-to-safeguarding-sensitive-data-in-mobile-applications/ www.secnews.physaphae.fr/article.php?IdArticle=8496234 False Hack,Studies None 3.0000000000000000 Wired Threat Level - Security News Il est possible de pirater \\ 'tetris \\' de l'intérieur du jeu lui-même It\\'s Possible to Hack \\'Tetris\\' From Inside the Game Itself Video game hackers have figured out how to manipulate Tetris from its high-score listing screen.]]> 2024-05-08T12:30:00+00:00 https://www.wired.com/story/hack-tetris-from-inside-game-high-score/ www.secnews.physaphae.fr/article.php?IdArticle=8495904 False Hack None 3.0000000000000000 SecurityWeek - Security News Système universitaire de Géorgie dit 800 000 impactés par Moveit Hack University System of Georgia Says 800,000 Impacted by MOVEit Hack Le système universitaire de Géorgie affirme que les numéros de sécurité sociale et les numéros de compte bancaire ont été compromis dans le hack Moveit de mai 2023.

>University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack. ]]> 2024-05-08T09:40:00+00:00 https://www.securityweek.com/university-system-of-georgia-says-800000-impacted-by-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8495845 False Hack None 3.0000000000000000 ComputerWeekly - Computer Magazine APT chinois soupçonné de hack du ministère de la Défense Chinese APT suspected of Ministry of Defence hack 2024-05-07T12:24:00+00:00 https://www.computerweekly.com/news/366583712/Chinese-APT-suspected-of-Ministry-of-Defence-hack www.secnews.physaphae.fr/article.php?IdArticle=8495350 False Hack None 4.0000000000000000 SecurityWeek - Security News Mitre hack: un groupe lié à la Chine a violé les systèmes en décembre 2023 MITRE Hack: China-Linked Group Breached Systems in December 2023 Mitre a partagé plus de détails sur le hack récent, y compris les nouveaux logiciels malveillants impliqués dans l'attaque et un calendrier des activités de l'attaquant. .

>MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker\'s activities. ]]> 2024-05-07T07:33:53+00:00 https://www.securityweek.com/mitre-hack-china-linked-group-breached-systems-in-december-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8495094 False Malware,Hack None 2.0000000000000000 Korben - Bloger francais Reprogrammer Tetris NES en pleine partie – Un hack vraiment dingue ? 2024-05-07T06:59:41+00:00 https://korben.info/reprogrammer-tetris-nes-en-pleine-partie-le-hack-le-plus-dingue.html www.secnews.physaphae.fr/article.php?IdArticle=8495065 False Hack None 3.0000000000000000 Techworm - News Les cyberattaques de la Russie contre l'Allemagne condamnées par l'UE et l'OTAN Russia’s cyberattacks against Germany condemned by EU and NATO hackers russes ne ralentissent pas dans les cyberattaques. L'attaque présumée s'est produite contre le Parti social-démocrate (SPD).Leurs comptes de messagerie ont été compromis dans l'attaque. Cette saga de piratage a commencé il y a plus de deux ans pendant la guerre russe-Ukraine et elle a progressivement augmenté au cours du temps. comment il a commencé Un groupe appelé APT28, également connu sous le nom de Fancy Bear, qui aurait des liens avec le gouvernement russe, a été accusé d'avoir fait de nombreuses cyberattaques partout dans le monde, y compris en Allemagne et quelques entités tchèques. Russian Cyberattack sur l'Allemagne

Ils ont trouvé un Vulnérabilité Dans Microsoft Outlook et l'utiliser pour entrer dans les e-mails SPD. La vulnérabilité, un CVE-2023-23397 zéro-jour, est un bogue d'escalade de privilège essentiel dans Outlook qui pourrait permettre aux attaquants d'accéder aux hachages net-ntlmv2, puis de les utiliser pour s'authentifier à l'aide d'une attaque de relais. Le gouvernement allemand dit que non seulement le SPD mais aussi les entreprises allemandes en défense et en aérospatiale. Il comprenait également des objectifs de technologie de l'information, ainsi que des choses liées à la guerre en Ukraine. Ces cyberattaques ont commencé vers mars 2022, après que la Russie ait envahi l'Ukraine. Le gouvernement allemand a allégué que le service de renseignement militaire de la Russie, Gru, était derrière ces attaques. Ils ont même convoqué un diplomate russe en réponse à ces accusations. La Russie a nié les allégations La Russie a nié les allégations et appelé les accusations comme & # 8220; non fondée et sans fondement & # 8221;. Le gouvernement dirigé par Poutine a nié des cyber-incidences similaires aux actes parrainés par l'État dans le passé. L'Occident a été rigide dans son récit de l'implication de la Russie dans les cyberattaques depuis des décennies maintenant. pas le premier rodéo Récemment, le ministre australien des Affaires étrangères a rejoint d'autres pays en disant que l'APT28, qui serait lié à la Russie, était derrière certaines cyberattaques. Ce n'est pas la première fois que les pirates russes sont accusés d'espionnage de l'Allemagne. En 2020, Angela Merkel, qui était la chancelière de l'Allemagne à l'époque, a accusé la Russie de l'espionner. Un incident majeur imputé aux pirates russes a été en 2015 lorsqu'ils ont attaqué le Parlement de l'Allemagne, ce qui l'a fait fermer pendant des jours. ]]> 2024-05-04T21:52:07+00:00 https://www.techworm.net/2024/05/russian-cyberattack-germany-czechoslovakia.html www.secnews.physaphae.fr/article.php?IdArticle=8493664 False Hack,Vulnerability,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Outlook Flaw exploité par Russia \\'s APT28 à pirater les entités tchèques, allemandes Microsoft Outlook Flaw Exploited by Russia\\'s APT28 to Hack Czech, German Entities Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic\'s Ministry of Foreign Affairs (MFA), in a statement, said some unnamed]]> 2024-05-04T14:08:00+00:00 https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8493491 False Hack APT 28 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les sites Web d'extrême droite pirataient et dégradés Far-right websites hacked and defaced Le piratage a inclus des liens pour télécharger les données des abonnés et un message affirmant que l'éditeur de Post Millennial \\ était en train de passer à une femme.

>The hack included links to download subscriber data and a message claiming that Post Millennial\'s editor was transitioning to a woman. ]]> 2024-05-03T20:05:55+00:00 https://cyberscoop.com/far-right-websites-hacked-and-defaced/ www.secnews.physaphae.fr/article.php?IdArticle=8493155 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain Panda Restaurants révèle la violation des données après le piratage des systèmes d'entreprise Panda Restaurants discloses data breach after corporate systems hack Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. [...]]]> 2024-05-01T13:35:03+00:00 https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8491959 False Data Breach,Hack None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Histoires du SOC & # 8211;Combattre les escroqueries «alertes de sécurité» Stories from the SOC – Combating “Security Alert” Scams phishing/scams is by end-user education and communication with the IT department. In a recent incident, a fake “Microsoft Security Alert” domain targeted one of our Managed Endpoint Security with SentinelOne customers, causing alarm for the end users and IT staff, but fortunately, the end user did not fall into the trap of calling the fraudulent number. The customer immediately contacted their assigned Threat Hunter for support and guidance, and the Threat Hunter was able to quickly utilize the security measures in place, locate multiple domains, and report them to the Alien Labs threat intelligence team. AT&T Cybersecurity was one of the first cybersecurity companies to alert on the domains and share the information via the Open Threat Exchange (OTX) threat intelligence sharing community, helping other organizations protect against it. Investigation Initial Alarm Review Indicators of Compromise (IOCs) The initial security layers failed to raise alarms for several reasons. First, the firewalls did not block the domain because it was newly registered and therefore not yet on any known block lists. Second, the platform did not create any alarms because the domain’s SSL certificates were properly configured. Finally, the EDR tool did not alert because no downloads were initiated from the website. The first indication of an issue came from an end user who feared a hack and reported it to the internal IT team. Utilizing the information provided by the end user, the Threat Hunter was able to locate the user\'s asset. Sniffing the URL data revealed a deceptive “Microsoft Security Alert” domain and a counterfeit McAfee website. These were detected largely because of improvements recommended during the customer\'s monthly meetings with the Threat Hunter, including a recommendation to activate the SentinelOne Deep Visibility browser extension, which is the tool that was instrumental in capturing URL information with greater accuracy after all the redirects. fake support page

Figure I – Fake Microsoft Support page

Figure 2 – Fake McAfee page Artifact (Indicator of Compromise) IOC Fake McAfee Page bavareafastrak[.]org Website Hosting Scam Pages Galaxytracke[.]com Zip file hash Tizer.zip - 43fb8fb69d5cbb8d8651af075059a8d96735a0d5 Figure 3 – Indicators of compromise Expanded Investigation Events Search With the understanding that the e]]> 2024-05-01T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams www.secnews.physaphae.fr/article.php?IdArticle=8491736 False Hack,Tool,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber L'exploitation des vulnérabilités presque triplée comme source de violations de données l'année dernière Exploitation of vulnerabilities almost tripled as a source of data breaches last year Le rapport annuel de violation de données de Verizon \\ a identifié le hack Moveit comme «l'enfant d'affiche» du phénomène.

>Verizon\'s annual data breach report identified the MOVEit hack as the “poster child” of the phenomenon. ]]> 2024-05-01T04:01:00+00:00 https://cyberscoop.com/verizon-data-breach-report-vulnerabilities-moveit-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8491605 False Data Breach,Hack,Vulnerability None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Le géant des soins de santé est propre au sujet du hack récent et de la rançon payée Health care giant comes clean about recent hack and paid ransom Ransomware attack on the $371 billion company hamstrung US prescription market.]]> 2024-04-30T20:44:58+00:00 https://arstechnica.com/?p=2020827 www.secnews.physaphae.fr/article.php?IdArticle=8491485 False Ransomware,Hack None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant De l'assistant à l'analyste: la puissance de Gemini 1.5 Pro pour l'analyse des logiciels malveillants From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list of activities and indicators of compromise. We did this for multiple malware files, testing with both decompiled and disassembled code, and Gemini 1.5 Pro was notably accurate each time, generating summary reports in human-readable language. Gemini 1.5 Pro was even able to make an accurate determination of code that - at the time - was receiving zero detections on VirusTotal. In our testing with other similar gen AI tools, we were required to divide the code into chunks, which led to vague and non-specific outcomes, and affected the overall analysis. Gemini 1.5 Pro, however, processed the entire code in a single pass, and often in about 30 to 40 seconds. Introduction The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some aspects of malware analysis, yet their effectiveness in handling large and complex malware samples has been limited. The introduction of Gemini 1.5 Pro, capable of processing up to 1 million tokens, marks a significant breakthrough. This advancement not only empowers AI to function as a powerful assistant in automating the malware analysis workflow but also significantly scales up the automation of code analysis. By substantially increasing the processing capacity, Gemini 1.5 Pro paves the way for a more adaptive and robust approach to cybersecurity, helping analysts manage the asymmetric volume of threats more effectively and efficiently. Traditional Techniques for Automated Malware Analysis The foundation of automated malware analysis is built on a combination of static and dynamic analysis techniques, both of which play crucial roles in dissecting and understanding malware behavior. Static analysis involves examining the malware without executing it, providing insights into its code structure and unobfuscated logic. Dynamic analysis, on the other hand, involves observing the execution of the malware in a controlled environment to monitor its behavior, regardless of obfuscation. Together, these techniques are leveraged to gain a comprehensive understanding of malware. Parallel to these techniques, AI and machine learning (ML) have increasingly been employed to classify and cluster malware based on behavioral patterns, signatures, and anomalies. These methodologies have ranged from supervised learning, where models are trained on labeled datasets, to unsupervised learning for clustering, which identifies patterns without predefined labels to group similar malware.]]> 2024-04-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8500392 False Malware,Hack,Tool,Vulnerability,Threat,Studies,Prediction,Cloud,Conference Wannacry 3.0000000000000000 Zataz - Magazine Francais de secu Le piratage massif de Volkswagen : une faille révélée plusieurs années après 2024-04-26T11:52:10+00:00 https://www.zataz.com/le-piratage-massif-de-volkswagen-une-faille-revelee-plusieurs-annees-apres/ www.secnews.physaphae.fr/article.php?IdArticle=8489034 False Hack None 4.0000000000000000 Mandiant - Blog Sécu de Mandiant Pole Voûte: cyber-menaces aux élections mondiales Poll Vaulting: Cyber Threats to Global Elections Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts. When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure. Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity. Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture. The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence. ]]> 2024-04-25T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8500393 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Legislation,Cloud,Technical APT 43,APT 29,APT 31,APT 42,APT 28,APT 40 3.0000000000000000 Recorded Future - FLux Recorded Future Le projet anti-Trump Pac Lincoln a arnaqué 35 000 $ après le piratage de e-mail du fournisseur Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack 2024-04-24T16:07:23+00:00 https://therecord.media/lincoln-project-super-pac-email-scam www.secnews.physaphae.fr/article.php?IdArticle=8488096 False Hack None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Des millions d'Américains \\ 'Données potentiellement exposées dans le changement de santé du changement de santé Millions of Americans\\' Data Potentially Exposed in Change Healthcare Hack Millions of Americans may be impacted by the Change Healthcare data breach as UnitedHealth confirms exposed data includes personal and health information]]> 2024-04-23T14:45:00+00:00 https://www.infosecurity-magazine.com/news/americans-data-exposed-change/ www.secnews.physaphae.fr/article.php?IdArticle=8487453 False Data Breach,Hack,Medical None 3.0000000000000000 SecurityWeek - Security News Microsoft DRM Hack pourrait autoriser les téléchargements de films à partir de services de streaming populaires Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services Microsoft Playready Vulnérabilités qui pourraient permettre aux abonnés Rogue de télécharger illégalement des films à partir de services de streaming populaires.

>Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services. ]]> 2024-04-23T09:52:00+00:00 https://www.securityweek.com/microsoft-drm-hacking-could-allow-movie-downloads-from-popular-streaming-services/ www.secnews.physaphae.fr/article.php?IdArticle=8487335 False Hack,Vulnerability None 3.0000000000000000 SecurityWeek - Security News Les villes rurales du Texas rapportent des cyberattaques qui ont fait déborder un système d'eau Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow Un hack qui a provoqué un débordement du système d'eau de Texas Town \\ en janvier a été lié à un groupe hacktiviste russe sombre, le dernier cas d'un utilitaire public américain devenant une cible de cyberattaques étrangères.

>A hack that caused a small Texas town\'s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks. ]]> 2024-04-22T13:28:31+00:00 https://www.securityweek.com/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/ www.secnews.physaphae.fr/article.php?IdArticle=8486830 False Hack None 3.0000000000000000 Bleeping Computer - Magazine Américain Les cybercriminels se présentent en tant que personnel de LastPass pour pirater les voûtes de mot de passe Cybercriminals pose as LastPass staff to hack password vaults LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [...]]]> 2024-04-18T10:56:41+00:00 https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults/ www.secnews.physaphae.fr/article.php?IdArticle=8484776 False Hack LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain Plusieurs botnets exploitant une faille TP-Link d'un an pour pirater des routeurs Multiple botnets exploiting one-year-old TP-Link flaw to hack routers At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [...]]]> 2024-04-17T09:03:09+00:00 https://www.bleepingcomputer.com/news/security/multiple-botnets-exploiting-one-year-old-tp-link-flaw-to-hack-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8484115 False Malware,Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Le duo cybercriminal mondial est en cas d'emprisonnement après le programme de rats Hive Global Cybercriminal Duo Face Imprisonment After Hive RAT Scheme The two allegedly sold the Trojan on Hack Forums, allowing other threat actors to gain unauthorized control, disable programs, browse files, record keystrokes, and steal credentials.]]> 2024-04-16T18:08:40+00:00 https://www.darkreading.com/cybersecurity-operations/global-cybercriminal-duo-face-imprisonment-after-hive-rat-scheme www.secnews.physaphae.fr/article.php?IdArticle=8483622 False Hack,Threat None 2.0000000000000000 HackRead - Chercher Cyber Global Hack expose les données personnelles: implications et protection de la vie privée & # 8211;Groupe de sécurité Axios Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group cyber nowswire À l'ère numérique où les informations sont la nouvelle monnaie, le récent hack mondial a à nouveau mis en évidence & # 8230; Ceci est un article de HackRead.com Lire le post original: Global Hack expose les données personnelles: implications &Protection de la vie privée & # 8211;Axios Security Group

By Cyber Newswire In a digital age where information is the new currency, the recent global hack has once again highlighted… This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group]]> 2024-04-16T12:27:30+00:00 https://www.hackread.com/global-hack-exposes-personal-data-protection-axios-security-group/ www.secnews.physaphae.fr/article.php?IdArticle=8483429 False Hack None 2.0000000000000000 SecurityWeek - Security News Cisco Duo dit que le piratage chez le fournisseur de téléphonie Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs Cisco Duo avertit que la violation des numéros de téléphone exposés, des opérateurs de téléphone, des métadonnées et d'autres journaux qui pourraient conduire à des attaques d'ingénierie sociale en aval.

>Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks. ]]> 2024-04-15T18:34:59+00:00 https://www.securityweek.com/cisco-duo-says-hack-at-telephony-supplier-exposed-mfa-sms-logs/ www.secnews.physaphae.fr/article.php?IdArticle=8482929 False Hack None 2.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: Moscou Set Sheage Hack, Report des femmes dans la cybersécurité, des problèmes de sécurité des barrages In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns Des histoires remarquables qui auraient pu glisser sous le Radar: Moscou Setwage System Piraked, un nouveau rapport Women in Cybersecurity, Domain Pastehub saisi par les forces de l'ordre.

>Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. ]]> 2024-04-12T13:48:52+00:00 https://www.securityweek.com/in-other-news-moscow-sewage-hack-women-in-cybersecurity-report-dam-security-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8480783 False Hack,Legislation None 2.0000000000000000 Bleeping Computer - Magazine Américain CISA Orde les agences affectées par Microsoft Hack pour atténuer les risques CISA orders agencies impacted by Microsoft hack to mitigate risks CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...]]]> 2024-04-11T13:47:19+00:00 https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-impacted-by-microsoft-hack-to-mitigate-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8480159 False Hack APT 29 3.0000000000000000 Bleeping Computer - Magazine Américain CISA dit que le piratage de SISENSE a un impact sur les organes d'infrastructure critiques CISA says Sisense hack impacts critical infrastructure orgs The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. [...]]]> 2024-04-11T10:55:04+00:00 https://www.bleepingcomputer.com/news/security/cisa-says-sisense-hack-impacts-critical-infrastructure-orgs/ www.secnews.physaphae.fr/article.php?IdArticle=8480129 False Hack None 2.0000000000000000 IT Security Guru - Blog Sécurité Hack the Box redéfinit les performances de la cybersécurité, établissant de nouvelles normes dans le cyber-préparation des organisations Hack The Box redefines cybersecurity performance, setting new standards in the cyber readiness of organizations Hack the Box Redéfinit les performances de la cybersécurité, établissant de nouvelles normes dans la cyber-préparation des organisations est apparu pour la première fois sur Guru de sécurité informatique.

Companies can level up their cybersecurity defenses – eliminating the skills and knowledge gaps that criminals regularly exploit thanks to Hack The Box\'s Cyber Performance Center. Hack The Box\'s Cyber Performance Center unites individual ability, business management practices, and the human factor in the cybersecurity industry and it is designed to help organizations take a […] The post Hack The Box redefines cybersecurity performance, setting new standards in the cyber readiness of organizations first appeared on IT Security Guru. ]]> 2024-04-10T12:25:50+00:00 https://www.itsecurityguru.org/2024/04/10/hack-the-box-redefines-cybersecurity-performance-setting-new-standards-in-the-cyber-readiness-of-organizations/?utm_source=rss&utm_medium=rss&utm_campaign=hack-the-box-redefines-cybersecurity-performance-setting-new-standards-in-the-cyber-readiness-of-organizations www.secnews.physaphae.fr/article.php?IdArticle=8479304 False Hack,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) ## Snapshot The AhnLab Security Intelligence Center (ASEC) has identified a concerning trend where threat actors are exploiting YouTube channels to distribute Infostealers, specifically Vidar and LummaC2. ## Description Rather than creating new channels, the attackers are hijacking existing, popular channels with hundreds of thousands of subscribers. The malware is disguised as cracked versions of legitimate software, and the attackers use YouTube\'s video descriptions and comments to distribute the malicious links. The Vidar malware, for example, is disguised as an installer for Adobe software, and it communicates with its command and control (C&C) server via Telegram and Steam Community. Similarly, LummaC2 is distributed under the guise of cracked commercial software and is designed to steal account credentials and cryptocurrency wallet files. The threat actors\' method of infiltrating well-known YouTube channels with a large subscriber base raises concerns about the potential reach and impact of the distributed malware. The disguised malware is often compressed with password protection to evade detection by security solutions. It is crucial for users to exercise caution when downloading software from unofficial sources and to ensure that their security software is up to date to prevent malware infections. ## References [https://asec.ahnlab.com/en/63980/](https://asec.ahnlab.com/en/63980/)]]> 2024-04-09T19:48:57+00:00 https://community.riskiq.com/article/e9f5e219 www.secnews.physaphae.fr/article.php?IdArticle=8478894 False Malware,Hack,Threat,Prediction,Commercial None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain US Cyber Safety Review Board sur le hack d'échange Microsoft 2023 US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack 2024-04-09T13:56:55+00:00 https://www.schneier.com/blog/archives/2024/04/us-cyber-safety-review-board-on-the-2023-microsoft-exchange-hack.html www.secnews.physaphae.fr/article.php?IdArticle=8478706 False Hack None 2.0000000000000000 SecurityWeek - Security News Des machines virtuelles confidentielles piratées via de nouvelles attaques ahoi Confidential VMs Hacked via New Ahoi Attacks Les nouvelles attaques Ahoi Heckler et WESEE ciblent AMD SEV-SNP et Intel TDX avec des interruptions malveillantes pour pirater des VM confidentiels.

>New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. ]]> 2024-04-08T13:16:22+00:00 https://www.securityweek.com/confidential-vms-hacked-via-new-ahoi-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8478127 False Hack None 3.0000000000000000 AhnLab - Korean Security Firm Les acteurs de la menace piratent les chaînes YouTube pour distribuer des infostelleurs (Vidar et Lummac2) Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) Ahnlab Security Intelligence Center (ASEC) a récemment découvert qu'il y avait un nombre croissant de cas où les acteurs de la menace utilisentYouTube pour distribuer des logiciels malveillants.Les attaquants ne créent pas simplement des canaux YouTube et distribuent des logiciels malveillants - ils volent des canaux bien connus qui existent déjà pour atteindre leur objectif.Dans l'un des cas, le canal ciblé comptait plus de 800 000 abonnés.Les acteurs de la menace qui abusent de YouTube distribuent principalement des infostelleurs.L'infostaler Redline qui a été distribué via YouTube en 2020 aussi ...

AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware-they are stealing well-known channels that already exist to achieve their goal. In one of the cases, the targeted channel had more than 800,000 subscribers. The threat actors who abuse YouTube are mainly distributing Infostealers. The RedLine Infostealer that was distributed via YouTube in 2020 as well... ]]> 2024-04-08T05:47:42+00:00 https://asec.ahnlab.com/en/63980/ www.secnews.physaphae.fr/article.php?IdArticle=8477929 False Malware,Hack,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CORNE CISO: Mea culpa d'Ivanti \\;Hack de la Coupe du monde;CISOS &Cyber Sensibilisation CISO Corner: Ivanti\\'s Mea Culpa; World Cup Hack; CISOs & Cyber Awareness Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft\'s Azure AI changes.]]> 2024-04-05T19:26:33+00:00 https://www.darkreading.com/remote-workforce/ciso-corner-ivanti-mea-culpa-world-cup-hack-cyber-awareness www.secnews.physaphae.fr/article.php?IdArticle=8476668 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future Tentative de piratage sur New York continue une vague de cyberattaques contre les gouvernements municipaux Attempted hack on NYC continues wave of cyberattacks against municipal governments

2024 a déjà vu des dizaines de gouvernements locaux critiqués par des incidents de ransomwares et des cyberattaques, limitant les services de millions de personnes aux États-Unis.Le dernier incident de haut niveau concerne New York, qui a été contraint de retirer un site Web de paie de la ville hors ligne et de le retirer de la vue du public après avoir traité un incident de phishing.

2024 has already seen dozens of local governments slammed by ransomware incidents and cyberattacks, limiting services for millions of people across the United States. The latest high-profile incident involves New York City, which was forced to take a city payroll website offline and remove it from public view after dealing with a phishing incident.]]> 2024-04-05T19:15:19+00:00 https://therecord.media/new-york-city-government-smishing-attack www.secnews.physaphae.fr/article.php?IdArticle=8476666 False Ransomware,Hack None 2.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: 100 000 touchés par la violation de la CISA, Microsoft AI Copilot Ban, Poursuite du site nucléaire In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution Des histoires remarquables qui auraient pu glisser sous le radar: le piratage de la CISA pourrait avoir un impact sur 100 000 personnes, Microsoft AI Copilot interdit par US House, UK Nuclear Site Prosecution.

>Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution. ]]> 2024-04-05T11:59:41+00:00 https://www.securityweek.com/in-other-news-100000-affected-by-cisa-breach-microsoft-ai-copilot-ban-nuclear-site-prosecution/ www.secnews.physaphae.fr/article.php?IdArticle=8476480 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future Des milliers de membres du personnel, les étudiants ont des données sensibles volées à l'Université de Winnipeg Hack Thousands of staff, students have sensitive data stolen in University of Winnipeg hack

L'Université de Winnipeg au Canada a confirmé que les pirates ont volé des informations sensibles à l'institution dans un incident qui s'est produit à la fin du mois dernier, affectant les étudiants et le personnel actuels et actuels.L'université, qui compte jeudi plus de 18 000 étudiants et 800 employés, a déclaré dans un communiqué que «les informations volées probablement

The University of Winnipeg in Canada has confirmed that hackers stole sensitive information from the institution in an incident that took place late last month, affecting former and current students and staff. The university, which has more than 18,000 students and 800 staff, said in a statement on Thursday that “the stolen information likely]]> 2024-04-05T11:42:02+00:00 https://therecord.media/university-of-winnipeg-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8476453 False Hack None 2.0000000000000000 SecurityWeek - Security News Acuité répond aux allégations de vol de données du gouvernement américain, dit que les pirates ont obtenu de vieilles informations Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info Acuité, l'entreprise technologique à partir de laquelle les pirates ont prétendu avoir volé le département d'État et d'autres données gouvernementales, confirme le piratage, mais dit que les informations volées sont anciennes.

>Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old. ]]> 2024-04-05T10:00:00+00:00 https://www.securityweek.com/acuity-responds-to-us-government-data-theft-claims-says-hackers-obtained-old-info/ www.secnews.physaphae.fr/article.php?IdArticle=8476425 False Hack None 3.0000000000000000 Amensty International - International Orgs Mise à jour de la recherche des partenaires: nouveaux cas de Pegasus en Jordanie et au Togo Partner research update: new cases of Pegasus in Jordan and Togo Des recherches récentes des organisations partenaires de laboratoire de sécurité, Access Now, Citizen Lab et Reporters Without Borders ont démontré l'utilisation continue de la très invasive de logiciel espionus.Entre un piratage et un endroit dur: comment Pegasus Spyware écrase l'espace civique en Jordanie & # 160;Une nouvelle enquête d'Access Now, Citizen Lab et des partenaires locaux a découvert le [& # 8230;]

>Recent research by Security Lab partner organisations, Access Now, Citizen Lab and Reporters Without Borders has demonstrated the continued use of the highly invasive spyware Pegasus. Between a hack and a hard place: how Pegasus spyware crushes civic space in Jordan A new investigation by Access Now, Citizen Lab, and local partners has uncovered the […] ]]> 2024-04-04T14:40:55+00:00 https://securitylab.amnesty.org/latest/2024/04/partner-research-update-new-cases-of-pegasus-in-jordan-and-togo/ www.secnews.physaphae.fr/article.php?IdArticle=8475929 False Hack None 2.0000000000000000 SecurityWeek - Security News Les poulets de sécurité de Microsoft \\ sont rentrés à la maison pour percher Microsoft\\'s Security Chickens Have Come Home to Roost News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China\'s audacious Microsoft\'s Exchange Online hack and isn\'t at all surprised by the findings. ]]> 2024-04-04T10:00:00+00:00 https://www.securityweek.com/microsofts-security-chickens-have-come-home-to-roost/ www.secnews.physaphae.fr/article.php?IdArticle=8475806 False Hack None 3.0000000000000000 The Intercept - Site journalistique Anglais Les autres joueurs qui ont aidé (presque) à faire le plus grand piratage de la porte dérobée du monde \\ The Other Players Who Helped (Almost) Make the World\\'s Biggest Backdoor Hack Un chiffre ténébreux a passé des années à se confier à un développeur, puis a injecté une porte dérobée qui aurait pu reprendre des millions d'ordinateurs.

>A shadowy figure spent years ingratiating themself to a developer, then injected a backdoor that could have taken over millions of computers. ]]> 2024-04-03T23:05:38+00:00 https://theintercept.com/2024/04/03/linux-hack-xz-utils-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8475509 False Hack None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Comment pirater les Jaguars de Jacksonville \\ 'Jumbotron (et se retrouver en prison pendant 220 ans) How to hack the Jacksonville Jaguars\\' jumbotron (and end up in jail for 220 years) The story that just keeps getting worse.]]> 2024-04-03T20:26:58+00:00 https://arstechnica.com/?p=2014671 www.secnews.physaphae.fr/article.php?IdArticle=8475448 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future DHS blâme \\ 'Cascade of Security défaillance de Microsoft \\' pour le piratage en Chine sur le gouvernement américain DHS blames \\'cascade of security failures at Microsoft\\' for China hack on US government

Microsoft n'a toujours pas une compréhension complète de la façon dont les pirates de gouvernement chinois présumés ont violé ses systèmes et accédé aux e-mails des hauts dirigeants américains, selon un examen du Department of Homeland Security. & NBSP;Dans un rapport de 34 pages réalisé par le Cyber Sécurité Review Board (CSRB), les responsables américains ont conclu que les pirates chinois,

Microsoft still does not have a full understanding of how alleged Chinese government hackers breached its systems and accessed the emails of senior U.S. government leaders, according to a review by the Department of Homeland Security. In a 34-page report conducted by the Cyber Safety Review Board (CSRB), U.S. officials concluded that Chinese hackers,]]> 2024-04-03T16:59:08+00:00 https://therecord.media/dhs-cascade-of-security-failures-microsoft-china-hack www.secnews.physaphae.fr/article.php?IdArticle=8475334 False Hack None 2.0000000000000000 Dark Reading - Informationweek Branch Feds à Microsoft: Nettoyez votre acte de sécurité cloud maintenant Feds to Microsoft: Clean Up Your Cloud Security Act Now A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year\'s Microsoft 365 breach that allowed China\'s Storm-0558 to hack the email accounts of key government officials.]]> 2024-04-03T15:29:31+00:00 https://www.darkreading.com/cloud-security/feds-microsoft-clean-up-cloud-security-act www.secnews.physaphae.fr/article.php?IdArticle=8475302 False Hack,Cloud None 2.0000000000000000 SecurityWeek - Security News Le rapport fédéral cinglant déchire Microsoft pour une sécurité de mauvaise qualité, insincérité en réponse au piratage chinois Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack Cyber Safety Review Board, a déclaré que «une cascade d'erreurs» de Microsoft a permis aux cyber-opérateurs chinois soutenus par l'État de s'introduire dans les comptes de messagerie des hauts responsables américains.

>Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. ]]> 2024-04-03T13:08:00+00:00 https://www.securityweek.com/scathing-federal-report-rips-microsoft-for-shoddy-security-insincerity-in-response-to-chinese-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8475237 False Hack None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cyber Review Board blâme les échecs Microsoft en cascade pour le piratage chinois Cyber review board blames cascading Microsoft failures for Chinese hack Le comité d'examen de la cybersécurité a conclu dans un rapport que la culture d'entreprise de Microsoft \\ a une garantie de dépression de manière inappropriée.

>The Cyber Safety Review Board concluded in a report that Microsoft\'s corporate culture has inappropriately deprioritized security. ]]> 2024-04-03T01:03:06+00:00 https://cyberscoop.com/microsoft-csrb-china-hacking/ www.secnews.physaphae.fr/article.php?IdArticle=8475269 False Hack None 2.0000000000000000 SecurityWeek - Security News Dans d'autres nouvelles: Airline Privacy Review, Sec \\'s Solarwinds Hack Probe, Apple MFA Bombing In Other News: Airline Privacy Review, SEC\\'s SolarWinds Hack Probe, Apple MFA Bombing Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC\'s overreaching SolarWinds hack probe, MFA bombing of Apple users. ]]> 2024-03-29T13:52:02+00:00 https://www.securityweek.com/in-other-news-airline-privacy-review-secs-solarwinds-hack-probe-apple-mfa-bombing/ www.secnews.physaphae.fr/article.php?IdArticle=8472610 False Hack None 2.0000000000000000 SecurityWeek - Security News La vulnérabilité du cadre Ray AI exploite pour pirater des centaines de clusters Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters La vulnérabilité du cadre Ray AI contesté exploitée pour voler des informations et déployer des cryptomines sur des centaines de clusters.

>Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. ]]> 2024-03-27T12:22:05+00:00 https://www.securityweek.com/attackers-exploit-ray-ai-framework-vulnerability-to-hack-hundreds-of-clusters/ www.secnews.physaphae.fr/article.php?IdArticle=8471353 False Hack,Vulnerability None 3.0000000000000000 ZD Net - Magazine Info Tout ce que vous devez savoir sur le piratage du serveur d'échange Microsoft Everything you need to know about the Microsoft Exchange Server hack Updated: A new critical vulnerability impacting Exchange Server is being exploited in the wild.]]> 2024-03-26T18:57:00+00:00 https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8470942 False Hack,Vulnerability None 2.0000000000000000 TroyHunt - Blog Security Le ministère de la Justice réduit 7 accusés dans une campagne de piratage de 14 ans par le gouvernement chinois Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Hacks allegedly targeted US officials and politicians, their spouses, and dozens of companies.]]> 2024-03-25T20:20:53+00:00 https://arstechnica.com/?p=2012482 www.secnews.physaphae.fr/article.php?IdArticle=8470347 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Leçon clé du piratage de pulvérisation de mot de passe de Microsoft \\: sécuriser chaque compte Key Lesson from Microsoft\\'s Password Spray Hack: Secure Every Account In January 2024, Microsoft discovered they\'d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn\'t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of]]> 2024-03-25T17:07:00+00:00 https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html www.secnews.physaphae.fr/article.php?IdArticle=8470153 False Hack,Vulnerability,Threat,Technical None 2.0000000000000000 Recorded Future - FLux Recorded Future \\ 'de la grande portée \\' hack voler des informations aux développeurs de Python \\'Far-reaching\\' hack stole information from Python developers

Une récente campagne de logiciels malveillants contre les développeurs de Python est le dernier exemple de l'adhérence et de l'ingéniosité des attaquants qui ciblent la chaîne d'approvisionnement des logiciels, selon des chercheurs en cybersécurité.Les victimes de l'opération «de grande envergure» comprenaient des développeurs individuels qui ont publié publiquement sur leurs incidents, ainsi que les membres de Top.gg - une communauté pour les personnes qui

A recent malware campaign against Python developers is the latest example of the craftiness and resourcefulness of attackers who target the software supply chain, according to cybersecurity researchers. Victims of the “far-reaching” operation included individual developers who publicly wrote about their incidents, as well as members of Top.gg - a community for people who]]> 2024-03-25T16:52:20+00:00 https://therecord.media/far-reaching-hack-stole-information-from-python-developers www.secnews.physaphae.fr/article.php?IdArticle=8470255 False Malware,Hack None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le Royaume-Uni blâme la Chine pour 2021 Hack ciblant des millions d'électeurs \\ 'Data UK Blames China for 2021 Hack Targeting Millions of Voters\\' Data The UK\'s NCSC assesses that China-backed APT31 was “almost certainly” responsible for hacking the email accounts of UK parliamentarians]]> 2024-03-25T15:50:00+00:00 https://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/ www.secnews.physaphae.fr/article.php?IdArticle=8470233 False Hack APT 31 2.0000000000000000 The Register - Site journalistique Anglais Microsoft confirme la fuite de mémoire en mars à la mise à jour de la sécurité Windows Server Microsoft confirms memory leak in March Windows Server security update ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security update was installed earlier this month, there\'s no longer any need to speculate why: Microsoft has admitted it introduced a memory leak in its March patches and fixed the issue.…]]> 2024-03-25T01:15:21+00:00 https://go.theregister.com/feed/www.theregister.com/2024/03/25/microsoft_confirms_memory_leak_in/ www.secnews.physaphae.fr/article.php?IdArticle=8469882 False Malware,Hack None 3.0000000000000000 Korben - Bloger francais Unsaflok – Le hack qui ouvre toutes les chambres d\'hôtel (ou presque) 2024-03-22T06:00:16+00:00 https://korben.info/failles-securite-serrures-hotel-saflok-technique-unsaflok-revelee.html www.secnews.physaphae.fr/article.php?IdArticle=8468314 False Hack,Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch L'équipe Tesla Hack gagne 200 000 $ et une nouvelle voiture Tesla Hack Team Wins $200K and a New Car Zero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.]]> 2024-03-21T22:32:49+00:00 https://www.darkreading.com/threat-intelligence/team-s-tesla-hack-wins-them-200k-and-a-new-car www.secnews.physaphae.fr/article.php?IdArticle=8468149 False Hack,Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News 200 000 $ attribués à PWN2OWN 2024 pour Tesla Hack $200,000 Awarded at Pwn2Own 2024 for Tesla Hack Les participants ont gagné un total de 732 500 $ le premier jour de PWN2OWN VANCOUVER 2024 pour le piratage d'une Tesla, des systèmes d'exploitation et d'autres logiciels.

>Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. ]]> 2024-03-21T08:55:23+00:00 https://www.securityweek.com/200000-awarded-at-pwn2own-2024-for-tesla-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8467805 False Hack None 2.0000000000000000 Wired Threat Level - Security News Les zones humides d'inondation pourraient être le prochain gros hack de capture de carbone Flooding Wetlands Could Be the Next Big Carbon Capture Hack The Nywaigi people in Australia have discovered a way to sequester carbon, boost coastal biodiversity, and create jobs.]]> 2024-03-20T03:53:30+00:00 https://www.wired.com/story/australia-wetlands-restoration/ www.secnews.physaphae.fr/article.php?IdArticle=8467074 False Hack None 3.0000000000000000 Dark Reading - Informationweek Branch Triating Hack Harts Apex Legends Esports tournoi Cheating Hack Halts Apex Legends E-Sports Tourney Electronic Arts is trying to track down the RCE exploit that allowed hackers to inject cheats into games during the recent Apex Legends Global Series.]]> 2024-03-19T21:10:11+00:00 https://www.darkreading.com/cyber-risk/apex-legends-tourney-spoiled-by-hackers www.secnews.physaphae.fr/article.php?IdArticle=8466939 False Hack,Threat None 2.0000000000000000 Zataz - Magazine Francais de secu Lazarus Group : Hack de HTX et Heco 2024-03-19T14:01:20+00:00 https://www.zataz.com/lazarus-group-htx-heco/ www.secnews.physaphae.fr/article.php?IdArticle=8466703 False Hack APT 38 3.0000000000000000 BBC - BBC News - Technology Apex Legends Esports final retardé par les réclamations de piratage Apex Legends esports final delayed by hack claims A major tournament is postponed after unwanted cheats appear during matches in the online shooter.]]> 2024-03-18T10:50:38+00:00 https://www.bbc.co.uk/news/newsbeat-68596055 www.secnews.physaphae.fr/article.php?IdArticle=8465994 False Hack None 2.0000000000000000 Recorded Future - FLux Recorded Future Exclusif: après le démontage de Lockbit \\, son prétendu leader promet de pirater Exclusive: After LockBit\\'s takedown, its purported leader vows to hack on

Cette semaine, le podcast Click Here a décroché une entrevue rare avec le prétendu leader du groupe Ransomware Lockbit - il porte le nom LockbitsUpp.Il est sous pression parce que le mois dernier, une opération de police internationale a infiltré le groupe et a saisi non seulement leur plate-forme, mais aussi leurs outils de piratage, les comptes de crypto-monnaie et le code source

This week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware group - he goes by the name LockBitSupp. He\'s under pressure because last month an international police operation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts and source code]]> 2024-03-15T13:45:16+00:00 https://therecord.media/after-lockbit-takedown-its-purported-leader-vows-to-hack-on www.secnews.physaphae.fr/article.php?IdArticle=8464369 False Ransomware,Hack,Tool,Legislation None 3.0000000000000000 Bleeping Computer - Magazine Américain L'ancien directeur des télécommunications admet avoir fait des échanges SIM pour 1 000 $ Former telecom manager admits to doing SIM swaps for $1,000 A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. [...]]]> 2024-03-15T11:26:17+00:00 https://www.bleepingcomputer.com/news/security/former-telecom-manager-admits-to-doing-sim-swaps-for-1-000/ www.secnews.physaphae.fr/article.php?IdArticle=8464419 False Hack None 3.0000000000000000 Recorded Future - FLux Recorded Future La Russie affirme que nous et les pays occidentaux \\ 'tentent de pirater son élection présidentielle Russia claims US and \\'Western countries\\' are trying to hack its presidential election

Alors que la Russie se prépare à son élection présidentielle cette semaine, ses systèmes seraient ciblés par des cyberattaques «massives», selon les autorités locales.Le président russe Vladimir Poutine se comporte contre trois «Officiellement autorisé» Les opposants aux élections prévues auront lieu du 15 au 17 mars. Ce sera la toute première élection présidentielle de la Russie et de la Russie et la

As Russia prepares for its presidential election this week, its systems are reportedly being targeted by “massive” cyberattacks, according to local authorities. Russian President Vladimir Putin is running against three “officially permitted” opponents in the election scheduled to take place from March 15 to 17. It will be Russia\'s first-ever three-day-long presidential election and the]]> 2024-03-13T14:58:57+00:00 https://therecord.media/russia-presidential-election-hack-claims-united-states-putin www.secnews.physaphae.fr/article.php?IdArticle=8463230 False Hack None 3.0000000000000000 Dark Reading - Informationweek Branch Comment ne pas devenir la cible du prochain hack Microsoft How Not to Become the Target of the Next Microsoft Hack The alarming number of cyber threats targeting Microsoft cloud applications shows cybersecurity needs an overhaul.]]> 2024-03-11T15:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/how-not-to-become-target-of-next-microsoft-hack www.secnews.physaphae.fr/article.php?IdArticle=8462143 False Hack,Cloud None 3.0000000000000000 TroyHunt - Blog Security Op-ed: les accusations contre le journaliste Tim Burke sont un travail de piratage Op-ed: Charges against journalist Tim Burke are a hack job Burke was indicted after sharing outtakes of a Fox News interview.]]> 2024-03-11T10:30:57+00:00 https://arstechnica.com/?p=2009060 www.secnews.physaphae.fr/article.php?IdArticle=8462072 False Hack None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft confirme que les pirates russes ont volé le code source, certains secrets des clients Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our]]> 2024-03-09T09:31:00+00:00 https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8461117 False Hack,Threat APT 29 3.0000000000000000 HackRead - Chercher Cyber Expliquez le piratage après: jouer au ransomware des fuites Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data Par deeba ahmed En juin 2023, Xplain, un fournisseur de services informatiques suisses, a été victime d'une cyberattaque revendiquée par le groupe de ransomware de jeu. Ceci est un article de HackRead.com Lire la publication originale: Aftermath de piratage XPLAIN: Play Ransomware fuit les données du gouvernement suisse sensibles

>By Deeba Ahmed In June 2023, Xplain, a Swiss IT services provider, fell victim to a cyberattack claimed by the Play ransomware group. This is a post from HackRead.com Read the original post: Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data]]> 2024-03-07T18:09:36+00:00 https://www.hackread.com/xplain-hack-play-ransomware-leak-swiss-govt-data/ www.secnews.physaphae.fr/article.php?IdArticle=8460450 False Ransomware,Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain PetSmart met en garde contre les attaques de rembourrage des diplômes essayant de pirater des comptes PetSmart warns of credential stuffing attacks trying to hack accounts Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [...]]]> 2024-03-06T19:25:59+00:00 https://www.bleepingcomputer.com/news/security/petsmart-warns-of-credential-stuffing-attacks-trying-to-hack-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8460075 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain Les sites WordPress piratés utilisent les navigateurs des visiteurs pour pirater d'autres sites Hacked WordPress sites use visitors\\' browsers to hack other sites Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors\' browsers to bruteforce passwords for other sites. [...]]]> 2024-03-06T17:35:05+00:00 https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8460037 False Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les États-Unis facturent un piratage iranien, offre une récompense de 10 millions de dollars pour la capture U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of]]> 2024-03-02T10:08:00+00:00 https://thehackernews.com/2024/03/us-charges-iranian-hacker-offers-10.html www.secnews.physaphae.fr/article.php?IdArticle=8457834 False Hack None 3.0000000000000000 Dark Reading - Informationweek Branch Les plus grands télécommunications de Taiwan \\ sont violés par des pirates chinois présumés Taiwan\\'s Biggest Telco Breached by Suspected Chinese Hackers Stolen data from Chunghwa Telecom - including government-related details - are up for sale on the Dark Web, the Taiwanese defense ministry confirms.]]> 2024-03-01T20:21:40+00:00 https://www.darkreading.com/cyberattacks-data-breaches/taiwan-telco-breached-data-sold-on-dark-web www.secnews.physaphae.fr/article.php?IdArticle=8457681 False Hack None 4.0000000000000000 Techworm - News Epic Games nie les allégations d'être piratés Epic Games Denies Claims Of Being Hacked Epic Games, the developer behind the hugely popular Fortnite game, has denied claims of allegedly being hacked by a new ransomware gang, Mogilevich. Mogilevich, a relatively new extortion group likely to have originated from Russia, on Tuesday posted on a darknet site that it had quietly carried out an attack on Epic Games\' servers. As a result of the hack, they are currently in possession of 189GB of Epic Games\' data, including emails, passwords, full name, payment information, source code and many other data. However, it is unclear if this contains information about Epic Games employees, customers, or both. The post also says that the above data is now available for sale with a deadline of March 4, 2024. The group has added a link that says, “An employee of the company or someone who would like to buy the data, click on me,” which takes the group\'s contact page to a secured email. “There is zero evidence right now that the ransomware claims from Mogilevich are legitimate. Mogilevich has not contacted Epic or provided any pro]]> 2024-02-29T16:04:45+00:00 https://www.techworm.net/2024/02/epic-games-denies-claims-of-being-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=8457018 False Ransomware,Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain CISA met en garde contre l'utilisation des passerelles VPN Ivanti piratées même après la réinitialisation de l'usine CISA cautions against using hacked Ivanti VPN gateways even after factory resets The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. [...]]]> 2024-02-29T15:35:08+00:00 https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/ www.secnews.physaphae.fr/article.php?IdArticle=8457254 False Hack,Vulnerability None 3.0000000000000000 The Register - Site journalistique Anglais Openai affirme que le New York Times a payé quelqu'un à \\ 'hack \\' chatppt OpenAI claims New York Times paid someone to \\'hack\\' ChatGPT Super lab claims \'deceptive prompts\' that it happily processed - and may have tracked - weren\'t fair, so case should be dismissed OpenAI has accused The New York Times Company of paying someone to "hack" ChatGPT to generate verbatim paragraphs from articles in its newspaper. By hack, presumably the biz means: Logged in as normal and asked it annoying questions.…]]> 2024-02-28T01:45:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/28/openai_nyt_lawsuit/ www.secnews.physaphae.fr/article.php?IdArticle=8456167 False Hack ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch Hack the Box lance un expert en exploitation Web certifié à mesure que la demande d'atténuation des risques augmente Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows 2024-02-26T21:01:40+00:00 https://www.darkreading.com/cyber-risk/hack-the-box-launches-certified-web-exploitation-expert-as-demand-for-risk-mitigation-grows www.secnews.physaphae.fr/article.php?IdArticle=8455553 False Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain UnitedHealth filiale Optum Hack lié à Blackcat Ransomware UnitedHealth subsidiary Optum hack linked to BlackCat ransomware A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. [...]]]> 2024-02-26T19:13:21+00:00 https://www.bleepingcomputer.com/news/security/unitedhealth-subsidiary-optum-hack-linked-to-blackcat-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8455632 False Ransomware,Hack None 2.0000000000000000