This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T02:57:37+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu 2021-02-07T11:55:04+00:00 https://securityaffairs.co/wordpress/114298/breaking-news/security-affairs-newsletter-round-300.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-300 www.secnews.physaphae.fr/article.php?IdArticle=2307357 False None APT 32 None TroyHunt - Blog Security 2021-02-05T17:50:02+00:00 https://arstechnica.com/?p=1739819 www.secnews.physaphae.fr/article.php?IdArticle=2300055 False None APT 32 None TechRepublic - Security News US 2021-02-04T15:01:01+00:00 https://www.techrepublic.com/article/overall-participation-in-open-source-was-down-in-2020/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2294517 False None APT 32 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-02-01T03:15:16+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/j5O_XD1jTuY/new-cryptojacking-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=2278378 False Malware,Threat APT 32 None Security Affairs - Blog Secu 2021-01-31T11:27:14+00:00 https://securityaffairs.co/wordpress/114005/malware/pro-ocean-miner.html?utm_source=rss&utm_medium=rss&utm_campaign=pro-ocean-miner www.secnews.physaphae.fr/article.php?IdArticle=2275053 False Malware APT 32 None Security Affairs - Blog Secu 2021-01-29T14:49:07+00:00 https://securityaffairs.co/wordpress/113990/apt/zinc-apt-targets-security-experts.html?utm_source=rss&utm_medium=rss&utm_campaign=zinc-apt-targets-security-experts www.secnews.physaphae.fr/article.php?IdArticle=2267129 False Vulnerability,Medical APT 38 None Bleeping Computer - Magazine Américain 2021-01-29T14:06:49+00:00 https://www.bleepingcomputer.com/news/security/new-pro-ocean-malware-worms-through-apache-oracle-redis-servers/ www.secnews.physaphae.fr/article.php?IdArticle=2268844 False Malware APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-29T13:29:10+00:00 https://threatpost.com/lazarus-affiliate-zinc-blamed-for-campaign-against-security-researcher/163474/ www.secnews.physaphae.fr/article.php?IdArticle=2266916 False None APT 38 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-28T20:06:57+00:00 https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/ www.secnews.physaphae.fr/article.php?IdArticle=2262535 False Malware APT 32 None Bleeping Computer - Magazine Américain 2021-01-28T14:47:45+00:00 https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=2261838 False Vulnerability,Medical APT 38 None Wired Threat Level - Security News 2021-01-18T13:00:00+00:00 https://www.wired.com/story/the-autonomous-saildrone-surveyor-preps-for-its-sea-voyage www.secnews.physaphae.fr/article.php?IdArticle=2210662 False None APT 32 None InformationSecurityBuzzNews - Site de News Securite Experts Insight On APT35 Recent Phishing Attacks]]> 2021-01-15T12:14:17+00:00 https://informationsecuritybuzz.com/expert-comments/experts-insight-on-apt35-recent-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=2195754 False Conference APT 35,APT 35 None Wired Threat Level - Security News 2021-01-12T16:00:00+00:00 https://www.wired.com/story/the-arctic-ocean-is-teeming-with-microfibers-from-clothes www.secnews.physaphae.fr/article.php?IdArticle=2176557 False None APT 32 None Wired Threat Level - Security News 2021-01-11T13:00:00+00:00 https://www.wired.com/story/the-plan-to-build-a-global-network-of-floating-power-stations www.secnews.physaphae.fr/article.php?IdArticle=2170067 False None APT 32 None Schneier on Security - Chercheur Cryptologue Américain delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications. Steadfast in its work and objectives, Helix Kitten has a consistent track record of developing meticulous spear-phishing attacks...]]> 2021-01-08T20:19:37+00:00 https://www.schneier.com/blog/archives/2021/01/apt-horoscope.html www.secnews.physaphae.fr/article.php?IdArticle=2160466 False Conference APT 35,APT 35,APT 34 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-08T01:54:44+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/yF4TY5O24po/alert-north-korean-hackers-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=2156910 False Tool,Cloud APT 37 None Security Affairs - Blog Secu 2021-01-07T18:24:41+00:00 https://securityaffairs.co/wordpress/113134/malware/apt37-rokrat-trojan.html?utm_source=rss&utm_medium=rss&utm_campaign=apt37-rokrat-trojan www.secnews.physaphae.fr/article.php?IdArticle=2153437 False Threat APT 37 None Malwarebytes Labs - MalwarebytesLabs A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro. Categories: Social engineeringThreat analysis Tags: APT37HangulkoreaOfficerokratVBA (Read more...) ]]> 2021-01-06T15:14:45+00:00 https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/ www.secnews.physaphae.fr/article.php?IdArticle=2148073 False Threat,Cloud APT 37 None Bleeping Computer - Magazine Américain 2021-01-05T11:55:57+00:00 https://www.bleepingcomputer.com/news/security/north-korean-software-supply-chain-attack-targets-stock-investors/ www.secnews.physaphae.fr/article.php?IdArticle=2146238 False Cloud APT 37 None Security Affairs - Blog Secu 2021-01-03T09:21:19+00:00 https://securityaffairs.co/wordpress/112949/breaking-news/covid-19-themed-attacks-december-19-january-02-2021.html?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-themed-attacks-december-19-january-02-2021 www.secnews.physaphae.fr/article.php?IdArticle=2141886 True None APT 38,APT 28 None Security Affairs - Blog Secu 2020-12-25T18:45:15+00:00 https://securityaffairs.co/wordpress/112621/apt/lazarus-apt-targets-covid-19.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-apt-targets-covid-19 www.secnews.physaphae.fr/article.php?IdArticle=2127161 True Malware APT 38,APT 28 None Bleeping Computer - Magazine Américain 2020-12-24T12:00:11+00:00 https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-breach-covid-19-research-entities/ www.secnews.physaphae.fr/article.php?IdArticle=2125285 False Medical APT 38,APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-23T23:24:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/B8Tg68yvkZc/north-korean-hackers-trying-to-steal.html www.secnews.physaphae.fr/article.php?IdArticle=2124093 False Threat,Medical APT 38,APT 28 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-23T19:02:30+00:00 https://threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/ www.secnews.physaphae.fr/article.php?IdArticle=2123213 False None APT 38 None InfoSecurity Mag - InfoSecurity Magazine 2020-12-23T18:14:00+00:00 https://www.infosecurity-magazine.com:443/news/lazarus-attacks-vaccine-research/ www.secnews.physaphae.fr/article.php?IdArticle=2123238 False None APT 38,APT 28 None Global Security Mag - Site de news francais Malwares ]]> 2020-12-23T11:33:10+00:00 http://www.globalsecuritymag.fr/Les-recherches-du-vaccin-contre-la,20201223,106528.html www.secnews.physaphae.fr/article.php?IdArticle=2122669 False None APT 38 None Kaspersky - Kaspersky Research blog 2020-12-23T10:00:08+00:00 https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ www.secnews.physaphae.fr/article.php?IdArticle=2122402 False Threat,Medical APT 38,APT 28 None Wired Threat Level - Security News 2020-12-21T17:04:00+00:00 https://www.wired.com/story/the-oldest-crewed-deep-sea-submarine-just-got-a-big-makeover www.secnews.physaphae.fr/article.php?IdArticle=2117450 False None APT 32 None Security Affairs - Blog Secu 2020-12-11T17:49:36+00:00 https://securityaffairs.co/wordpress/112204/apt/facebook-apt32-vietnamese-firm.html?utm_source=rss&utm_medium=rss&utm_campaign=facebook-apt32-vietnamese-firm www.secnews.physaphae.fr/article.php?IdArticle=2092846 False None APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-11T17:05:37+00:00 https://threatpost.com/facebook-accounts-apt32-cyberattacks/162186/ www.secnews.physaphae.fr/article.php?IdArticle=2092716 False Malware,Threat APT 32 None Bleeping Computer - Magazine Américain 2020-12-11T10:06:12+00:00 https://www.bleepingcomputer.com/news/security/facebook-unmasks-vietnam-s-apt32-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=2092513 False None APT 32 None ZD Net - Magazine Info 2020-12-11T01:56:06+00:00 https://www.zdnet.com/article/facebook-doxes-apt32-links-vietnams-primary-hacking-group-to-local-it-firm/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2090940 False None APT 32 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-10T23:42:22+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/WobQ7zMc8KA/facebook-tracks-apt32-oceanlotus.html www.secnews.physaphae.fr/article.php?IdArticle=2091583 False Hack,Threat APT 32 None Wired Threat Level - Security News 2020-12-08T12:00:00+00:00 https://www.wired.com/story/fleetwood-mac-dreams-friends-nostalgia www.secnews.physaphae.fr/article.php?IdArticle=2084747 False None APT 32 None The State of Security - Magazine Américain Read More ]]> 2020-12-03T04:01:42+00:00 https://www.tripwire.com/state-of-security/featured/protect-your-business-from-multi-platform-malware-systems/ www.secnews.physaphae.fr/article.php?IdArticle=2073744 False Malware,Medical APT 38 None Wired Threat Level - Security News 2020-12-02T19:00:00+00:00 https://www.wired.com/story/the-incredible-journey-of-the-electronic-plastic-bottle www.secnews.physaphae.fr/article.php?IdArticle=2072807 False None APT 32 None Graham Cluley - Blog Security 2020-12-02T16:26:10+00:00 https://grahamcluley.com/mac-users-warned-of-more-ocean-lotus-malware-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=2072670 False Malware APT 32 None Security Affairs - Blog Secu 2020-12-01T11:56:54+00:00 https://securityaffairs.co/wordpress/111716/apt/bismuth-crypto-miners.html?utm_source=rss&utm_medium=rss&utm_campaign=bismuth-crypto-miners www.secnews.physaphae.fr/article.php?IdArticle=2070054 False None APT 32 None IT Security Guru - Blog Sécurité 2020-12-01T11:11:20+00:00 https://www.itsecurityguru.org/2020/12/01/macos-users-targeted-with-updated-malware/?utm_source=rss&utm_medium=rss&utm_campaign=macos-users-targeted-with-updated-malware www.secnews.physaphae.fr/article.php?IdArticle=2070074 False Malware APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-11-30T17:52:50+00:00 https://threatpost.com/macos-users-targeted-oceanlotus-backdoor/161655/ www.secnews.physaphae.fr/article.php?IdArticle=2067832 False None APT 32 None Global Security Mag - Site de news francais Malwares ]]> 2020-11-18T09:09:22+00:00 http://www.globalsecuritymag.fr/ESET-Research-decode-les-procedes,20201118,105121.html www.secnews.physaphae.fr/article.php?IdArticle=2041823 False Malware APT 38 None InformationSecurityBuzzNews - Site de News Securite Experts Reacted On Lazarus Malware Strikes South Korean Supply Chains]]> 2020-11-17T14:14:34+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-reacted-on-lazarus-malware-strikes-south-korean-supply-chains/ www.secnews.physaphae.fr/article.php?IdArticle=2040125 True Malware APT 38 None InformationSecurityBuzzNews - Site de News Securite Hackers Pose As WHO Officials To Attack COVID-19 Vaccines]]> 2020-11-17T14:10:55+00:00 https://www.informationsecuritybuzz.com/expert-comments/hackers-pose-as-who-officials-to-attack-covid-19-vaccines/ www.secnews.physaphae.fr/article.php?IdArticle=2040126 False Medical APT 38,APT 28 None IT Security Guru - Blog Sécurité 2020-11-17T11:19:05+00:00 https://www.itsecurityguru.org/2020/11/17/covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=2039786 False Medical APT 38,APT 28,APT 43 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-11-16T18:23:36+00:00 https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/ www.secnews.physaphae.fr/article.php?IdArticle=2038512 False Medical APT 38 None Security Affairs - Blog Secu 2020-11-16T15:18:44+00:00 https://securityaffairs.co/wordpress/110996/apt/lazarus-supply-chain-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=2038300 False Malware,Medical APT 38 None The State of Security - Magazine Américain Read More ]]> 2020-11-16T12:34:50+00:00 https://www.tripwire.com/state-of-security/security-data-protection/lazarus-group-used-supply-chain-attack-to-target-south-korean-users-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=2038112 False Malware,Medical APT 38 None ZD Net - Magazine Info 2020-11-16T10:30:03+00:00 https://www.zdnet.com/article/lazarus-malware-strikes-south-korean-supply-chains/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2037744 False Malware APT 38 None We Live Security - Editeur Logiciel Antivirus ESET 2020-11-16T10:30:03+00:00 http://feedproxy.google.com/~r/eset/blog/~3/JaUq5vnjmew/ www.secnews.physaphae.fr/article.php?IdArticle=2039550 False None APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-11-16T02:29:40+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0DGOd787cuc/trojanized-security-software-hits-south.html www.secnews.physaphae.fr/article.php?IdArticle=2037856 False Threat,Medical APT 38 None Security Affairs - Blog Secu 2020-11-13T17:18:12+00:00 https://securityaffairs.co/wordpress/110871/apt/apt-groups-covid-19-vaccine.html?utm_source=rss&utm_medium=rss&utm_campaign=apt-groups-covid-19-vaccine www.secnews.physaphae.fr/article.php?IdArticle=2032995 False Medical APT 38,APT 28,APT 43 None ZD Net - Magazine Info 2020-11-13T14:00:00+00:00 https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2032686 False Medical APT 38,APT 28,APT 43 None CISCO Talos - Cisco Research blog ]]> 2020-11-12T05:52:48+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/2Jp1g3gU68o/crat-and-plugins.html www.secnews.physaphae.fr/article.php?IdArticle=2034668 False Ransomware,Malware APT 38 None Security Through Education - Security Through Education 2020-11-03T14:20:02+00:00 https://www.social-engineer.org/newsletter/the-danny-ocean-of-social-engineers/?utm_source=rss&utm_medium=rss&utm_campaign=the-danny-ocean-of-social-engineers www.secnews.physaphae.fr/article.php?IdArticle=2015549 False None APT 32 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-11-03T03:49:37+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/6uTYoCnRAAw/new-kimsuky-module-makes-north-korean.html www.secnews.physaphae.fr/article.php?IdArticle=2013136 False Threat,Cloud APT 37 None Security Affairs - Blog Secu 2020-11-02T16:40:03+00:00 https://securityaffairs.co/wordpress/110306/apt/kimsuky-apt-new-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=kimsuky-apt-new-malware www.secnews.physaphae.fr/article.php?IdArticle=2011016 False Malware,Cloud APT 37 None InformationSecurityBuzzNews - Site de News Securite Expert Reacted On Microsoft Says Iranian Hackers “Phosphorus” Targeted Conference Attendees]]> 2020-10-29T15:21:08+00:00 https://www.informationsecuritybuzz.com/expert-comments/expert-reacted-on-microsoft-says-iranian-hackers-phosphorus-targeted-conference-attendees/ www.secnews.physaphae.fr/article.php?IdArticle=2002467 False Threat,Conference APT 35 None Wired Threat Level - Security News 2020-10-29T15:00:00+00:00 https://www.wired.com/story/how-octopuses-use-their-suction-cups-to-taste-through-touch www.secnews.physaphae.fr/article.php?IdArticle=2002341 False None APT 32 None InformationSecurityBuzzNews - Site de News Securite Iran-linked Threat Actor Targets T20 Summit Attendees]]> 2020-10-29T11:16:42+00:00 https://www.informationsecuritybuzz.com/expert-comments/iran-linked-threat-actor-targets-t20-summit-attendees/ www.secnews.physaphae.fr/article.php?IdArticle=2001940 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-10-29T08:28:32+00:00 https://securityaffairs.co/wordpress/110110/apt/iran-phosphorus-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=iran-phosphorus-attacks www.secnews.physaphae.fr/article.php?IdArticle=2001792 False Conference APT 35 None Wired Threat Level - Security News 2020-10-27T12:00:00+00:00 https://www.wired.com/story/these-oceanographers-want-to-turn-marine-slime-into-drugs www.secnews.physaphae.fr/article.php?IdArticle=1998944 False None APT 32 4.0000000000000000 Anomali - Firm Blog Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed. We then discuss ways an organization can keep themselves safe from these types of attacks. Pandemic Background COVID-19 is a pandemic viral respiratory disease, originally identified in Wuhan, China in December 2019. At the time of the webinar, it had infected around 1.5 million people worldwide. Within the first month, cyber actors capitalized on the opportunity.  COVID Attack Timeline December 2019 - January 2020 At the end of December 2019, China alerted the World Health Organization (WHO) that there was an outbreak in Wuhan, China. Within a month, the first cyber events were being recorded. Around January 31, 2020, malicious emails (T1566.001) using the Emotet malware (S0367) and a phishing campaign (T1566.001) using LokiBot (S0447) were tied to TA542 alias Mummy Spider. Emotet, in particular, was prolific. It originally started as a banking Trojan, then evolved into a delivery mechanism for an initial payload that infected systems to download additional malware families such as TrickBot (S0266). Around this same time, there was a marked increase in the registration of domain names with COVID-19 naming conventions, a key indicator of an uptick in phishing campaigns. February 2020 In early February, the progression of adversaries using uncertainty about and thirst for information regarding the COVID-19 pandemic became apparent. New malware variants and malware families were reported employing coronavirus related content, including NanoCore RAT (S0336) and Parallax RAT, a newer remote-access Trojan, to infect unsuspecting users. Throughout February, cybercrime actors launched several phishing campaigns (T1566.001) to deliver information stealer AZORult (S0344). With worldwide government health agencies giving advice on cyber and physical health, threat actors aligned with nation-states such as Russia (Hades APT), China (Mustang Panda), and North Korea (Kimsuky - G0094) used this messaging to lure individuals to download and/or execute malicious files disguised as legitimate documents. These state-sponsored groups used convincing lures to impersonate organizations such as the United Nations (UN), the World Health Organization (WHO), and various public health government agencies to achieve short- and long-term national objectives. March 2020 In March, we observed a flurry of nation-state and cybercrime attributed malicious activity seeking to exploit the COVID-19 pandemic. Cybercrime actors distributed a range of malware families, including NanoCore (S0336), ]]> 2020-10-15T14:00:00+00:00 https://www.anomali.com/blog/covid-19-attacks-defending-your-organization www.secnews.physaphae.fr/article.php?IdArticle=2103277 False Ransomware,Spam,Malware,Threat APT 36 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs We discovered a new attack that injected its payload-dubbed "Kraken-into the Windows Error Reporting (WER) service as a defense evasion mechanism. Categories: Malware Malwarebytes news Threat analysis Tags: "your right to compensation"APTAPT attacksAPT32APTsCactusTorchcompensation manual.docDotNettoJscriptkrakenkraken.krakenWERWerFault.exeWindow Error ReportingWindows Error Reporting service (Read more...) ]]> 2020-10-06T15:00:00+00:00 https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ www.secnews.physaphae.fr/article.php?IdArticle=1959760 False None APT 32 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Grindr Fixed a Bug Allowing Full Takeover of Any User Account (published: October 3, 2020) Grindr, an LGBT networking platform, has fixed a vulnerability that could allow any account to be hijacked. The vulnerability was identified by security researcher Wassime Bouimadaghene, finding that the reset token was leaked in the page’s response content. This would enable anyone who knows a users’ email address to generate the reset link that is sent via email. Gaining account access would enable an attacker to obtain sensitive information such as pictures stored on the app (including NSFW), HIV status, location, and messages. Grindr has announced a bug bounty program. Recommendation: If your account has been breached, you can reset the password using the reset link sent to the associated email address. Tags: Browser, Exposed tokens, Grindr, Sensitive Info XDSpy: Stealing Government Secrets Since 2011 (published: October 2, 2020) Security researchers from ESET have identified a new Advanced Persistent Threat (APT) group that has been targeting Eastern European governments and businesses for up to nine years. Dubbed “XDSpy,” ESET was unable to identify any code similarity or shared infrastructure with other known groups and believe the group operates in a UTC+2 or UTC+3 time zone, Monday to Friday. XDSpy mainly uses spearphishing emails with some variance, some will contain attachments or links to malicious files, usually a ZIP or RAR archive. When the malicious file has infected a victim, it will install “XDDown,” a downloader that will begin to install additional plugins that will begin to exfiltrate files, passwords, and nearby SSIDs. XDSpy has also been observed using “CVE-2020-0968” (Internet Explorer legacy JavaScript vulnerability) bearing some resemblance to DarkHotel campaigns and Operation Domino, ESET do not believe these campaigns are related but may be using the same exploit broker. Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] File and Directory Discovery ]]> 2020-10-06T14:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-ransomware-ipstorm-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103278 False Ransomware,Malware,Vulnerability,Threat,Medical APT 38 5.0000000000000000 ZD Net - Magazine Info 2020-09-17T23:41:21+00:00 https://www.zdnet.com/article/us-sanctions-iranian-government-front-company-hiding-major-hacking-operations/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1923902 False Prediction APT 39 None Dark Reading - Informationweek Branch 2020-09-17T17:10:00+00:00 https://www.darkreading.com/vulnerabilities---threats/iranian-hackers-indicted-for-stealing-aerospace-and-satellite-tracking-data/d/d-id/1338950?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1923785 False Malware,Prediction APT 39 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal (published: September 14, 2020) A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system. Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online. Tags: China, spying US Criminal Court Hit by Conti Ransomware; Critical Data at Risk (published: September 11, 2020) The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns. Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks. Tags: conti, ryuk, ransomware ]]> 2020-09-15T15:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-apt-group-malware-ransomware-and-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=2103282 False Ransomware,Malware,Tool,Vulnerability,Threat,Conference APT 35,APT 28,APT 31 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs This week on Lock and Code, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. Categories: Podcast Tags: advanced persistent threatsAPTCenter for Public Health ResearchCharming Kittencovid-19data breachddosDDos attackdistributed denial of service attackelection interferenceelectionsLugar CentremalvertisingNetflix scampandemic (Read more...) ]]> 2020-09-14T14:49:08+00:00 https://blog.malwarebytes.com/podcast/2020/09/lock-and-code-s1ep15-safely-using-google-chrome-extensions-with-pieter-arntz/ www.secnews.physaphae.fr/article.php?IdArticle=1916438 False Malware,Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence ‘Baka’ Javascript Skimmer Identified (published: September 6, 2020) Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data. Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory. Tags: Baka, Javascript, Skimmer Netwalker Ransomware Hits Argentinian Government, Demands $4 Million (published: September 6, 2020) The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million. Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Argentina, Government, Netwalker, Ransomware No Rest for the Wicked: Evilnum Unleashes PyVil RAT (published: September 3, 2020) Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY]]> 2020-09-09T16:24:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-skimmer-ransomware-apt-group-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103283 False Ransomware,Malware,Tool,Vulnerability,Threat,Medical APT 38,APT 28 4.0000000000000000 Wired Threat Level - Security News 2020-09-02T12:00:00+00:00 https://www.wired.com/story/your-blue-jeans-are-polluting-the-ocean www.secnews.physaphae.fr/article.php?IdArticle=1894384 False None APT 32 None Wired Threat Level - Security News 2020-09-01T11:00:00+00:00 https://www.wired.com/story/can-a-bubble-net-stop-a-hurricane-some-norwegians-think-so www.secnews.physaphae.fr/article.php?IdArticle=1892241 False None APT 32 None Security Affairs - Blog Secu 2020-08-28T15:33:29+00:00 https://securityaffairs.co/wordpress/107644/apt/charming-kitten-apt-whatsapp-linkedin.html?utm_source=rss&utm_medium=rss&utm_campaign=charming-kitten-apt-whatsapp-linkedin www.secnews.physaphae.fr/article.php?IdArticle=1887053 False Conference APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-08-28T03:36:28+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/SlFF9FYAUqI/hackers-journalist-malware.html www.secnews.physaphae.fr/article.php?IdArticle=1886578 False Malware,Conference APT 35 None Dark Reading - Informationweek Branch 2020-08-26T18:30:00+00:00 https://www.darkreading.com/attacks-breaches/transparent-tribe-apt-group-deploys-new-android-spyware-for-cyber-espionage-/d/d-id/1338769?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1884019 False None APT 36 None Kaspersky - Kaspersky Research blog 2020-08-26T10:00:44+00:00 https://securelist.com/transparent-tribe-part-2/98233/ www.secnews.physaphae.fr/article.php?IdArticle=1882871 False None APT 36 None Security Affairs - Blog Secu 2020-08-26T06:43:13+00:00 https://securityaffairs.co/wordpress/107519/apt/lazarus-targets-cryptocurrency.html?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-targets-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=1882664 False Medical APT 38 None ZD Net - Magazine Info 2020-08-25T09:00:00+00:00 https://www.zdnet.com/article/lazarus-group-strikes-cryptocurrency-firm-through-linkedin-job-adverts/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1880944 False None APT 38 None Security Affairs - Blog Secu 2020-08-24T06:51:36+00:00 https://securityaffairs.co/wordpress/107446/apt/transparent-tribe-apt-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=transparent-tribe-apt-2020 www.secnews.physaphae.fr/article.php?IdArticle=1878694 False None APT 36 None ZD Net - Magazine Info 2020-08-20T12:03:21+00:00 https://www.zdnet.com/article/transparent-tribe-hacking-group-spreads-malware-by-infecting-usb-devices/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1871935 False None APT 36 None Kaspersky - Kaspersky Research blog 2020-08-20T10:00:13+00:00 https://securelist.com/transparent-tribe-part-1/98127/ www.secnews.physaphae.fr/article.php?IdArticle=1871683 False None APT 36 None Wired Threat Level - Security News 2020-08-18T17:46:29+00:00 https://www.wired.com/story/how-much-microplastic-is-swirling-in-the-atlantic www.secnews.physaphae.fr/article.php?IdArticle=1869137 False None APT 32 None ZD Net - Magazine Info 2020-08-18T04:35:04+00:00 https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1868050 False Cloud APT 37 None Security Affairs - Blog Secu 2020-08-14T17:39:50+00:00 https://securityaffairs.co/wordpress/107155/apt/north-korea-lazarus-israel.html?utm_source=rss&utm_medium=rss&utm_campaign=north-korea-lazarus-israel www.secnews.physaphae.fr/article.php?IdArticle=1860362 True Threat APT 38 None We Live Security - Editeur Logiciel Antivirus ESET 2020-08-10T14:30:04+00:00 http://feedproxy.google.com/~r/eset/blog/~3/9SndoHhhp5w/ www.secnews.physaphae.fr/article.php?IdArticle=1853533 False None APT 32 None ZD Net - Magazine Info 2020-08-04T16:20:12+00:00 https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1841913 False None APT 34 None Security Affairs - Blog Secu 2020-07-29T06:42:42+00:00 https://securityaffairs.co/wordpress/106511/cyber-warfare-2/vhd-ransomware-lazarus.html?utm_source=rss&utm_medium=rss&utm_campaign=vhd-ransomware-lazarus www.secnews.physaphae.fr/article.php?IdArticle=1830609 False Ransomware APT 38 None Bleeping Computer - Magazine Américain 2020-07-28T12:15:00+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1829725 False Ransomware,Medical APT 38 None Kaspersky - Kaspersky Research blog 2020-07-28T10:00:27+00:00 https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ www.secnews.physaphae.fr/article.php?IdArticle=1828920 False Ransomware APT 38 None Checkpoint - Fabricant Materiel Securite 2020-07-24T13:00:18+00:00 https://blog.checkpoint.com/2020/07/24/check-point-cloudguard-connect-protects-microsoft-azure-branch-office-internet-connections-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1823010 False Prediction APT 39 None Security Affairs - Blog Secu 2020-07-23T14:46:05+00:00 https://securityaffairs.co/wordpress/106267/apt/mata-multi-platform-malware-framework.html?utm_source=rss&utm_medium=rss&utm_campaign=mata-multi-platform-malware-framework www.secnews.physaphae.fr/article.php?IdArticle=1820999 False Ransomware,Malware,Threat,Medical APT 38 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-23T02:18:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/DVxmjqiYd-s/lazarus-north-korean-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1820424 False Malware,Medical APT 38 None Dark Reading - Informationweek Branch 2020-07-22T15:55:00+00:00 https://www.darkreading.com/threat-intelligence/north-koreas-lazarus-group-developing-cross-platform-malware-framework/d/d-id/1338422?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1819168 False Malware APT 38 None Bleeping Computer - Magazine Américain 2020-07-22T14:49:59+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-deploy-ransomware-steal-data-using-mata-malware/ www.secnews.physaphae.fr/article.php?IdArticle=1819112 False Ransomware,Malware APT 38 None Security Affairs - Blog Secu 2020-07-17T13:49:25+00:00 https://securityaffairs.co/wordpress/106032/apt/apt35-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=apt35-data-leak www.secnews.physaphae.fr/article.php?IdArticle=1809947 False Conference APT 35 None Checkpoint - Fabricant Materiel Securite 2020-07-17T10:00:58+00:00 https://blog.checkpoint.com/2020/07/17/check-point-iot-protect-uses-automation-and-threat-intelligence-to-prevent-the-most-advanced-iot-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1809424 False Threat,Prediction APT 39 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-17T03:23:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/AGojF6xrBSA/iranian-hacking-training-videos.html www.secnews.physaphae.fr/article.php?IdArticle=1809580 False Threat,Conference APT 35 5.0000000000000000 Wired Threat Level - Security News 2020-07-16T10:00:00+00:00 https://www.wired.com/story/iran-apt35-hacking-video www.secnews.physaphae.fr/article.php?IdArticle=1807436 False Conference APT 35 None Security Intelligence - Site de news Américain 2020-07-16T09:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/FW3Ff-e-Gik/ www.secnews.physaphae.fr/article.php?IdArticle=1807511 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-07-16T05:43:03+00:00 https://securityaffairs.co/wordpress/105959/intelligence/cia-covert-operations-fsb-apt34.html?utm_source=rss&utm_medium=rss&utm_campaign=cia-covert-operations-fsb-apt34 www.secnews.physaphae.fr/article.php?IdArticle=1807132 False Threat Yahoo,APT 34 None ZD Net - Magazine Info 2020-07-15T13:07:00+00:00 https://www.zdnet.com/article/report-cia-behind-apt34-and-fsb-hacks-and-data-dumps/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1805829 False None APT 34 None