www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:19:40+00:00 www.secnews.physaphae.fr Global Security Mag - Site de news francais OpenText lance OpenText™ Core Threat Detection and Response (TDR) Produits]]> 2025-02-21T14:02:38+00:00 https://www.globalsecuritymag.fr/opentext-lance-opentext-tm-core-threat-detection-and-response-tdr.html www.secnews.physaphae.fr/article.php?IdArticle=8649587 False Tool,Threat,Cloud None 2.0000000000000000 Cyble - CyberSecurity Firm Les allégations de fuite omnigpt montrent le risque d'utiliser des données sensibles sur les chatbots d'IA<br>OmniGPT Leak Claims Show Risk of Using Sensitive Data on AI Chatbots Les allégations récentes des acteurs de la menace selon lesquelles ils ont obtenu une base de données Omnigpt Backend montrent les risques d'utilisation de données sensibles sur les plates-formes de chatbot AI, où les entrées de données pourraient potentiellement être révélées à d'autres utilisateurs ou exposées dans une violation. Omnigpt n'a pas encore répondu aux affirmations, qui ont été faites par des acteurs de menace sur le site de fuite de BreachForums, mais les chercheurs sur le Web de Cyble Dark ont analysé les données exposées. Les chercheurs de Cyble ont détecté des données potentiellement sensibles et critiques dans les fichiers, allant des informations personnellement identifiables (PII) aux informations financières, aux informations d'accès, aux jetons et aux clés d'API. Les chercheurs n'ont pas tenté de valider les informations d'identification mais ont basé leur analyse sur la gravité potentielle de la fuite si les revendications tas \\ 'sont confirmées comme étant valides. omnigpt hacker affirme Omnigpt intègre plusieurs modèles de grande langue (LLM) bien connus dans une seule plate-forme, notamment Google Gemini, Chatgpt, Claude Sonnet, Perplexity, Deepseek et Dall-E, ce qui en fait une plate-forme pratique pour accéder à une gamme d'outils LLM.

le Acteurs de menace (TAS), qui a posté sous les alias qui comprenait des effets de synthéticotions plus sombres et, a affirmé que les données "contient tous les messages entre les utilisateurs et le chatbot de ce site ainsi que tous les liens vers les fichiers téléchargés par les utilisateurs et également les e-mails utilisateur de 30 000. Vous pouvez trouver de nombreuses informations utiles dans les messages tels que les clés API et les informations d'identification et bon nombre des fich]]> 2025-02-21T13:59:15+00:00 https://cyble.com/blog/omnigpt-leak-risk-ai-data/ www.secnews.physaphae.fr/article.php?IdArticle=8649585 False Spam,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple]]> 2025-02-21T13:08:00+00:00 https://thehackernews.com/2025/02/cisco-confirms-salt-typhoon-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8649510 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Cybercriminels utilisant des astuces d'URL pour tromper les utilisateurs<br>Cyber Criminals Using URL Tricks to Deceive Users Présentation: Dans une arnaque nouvellement observée, les chercheurs de point de contrôle ont trouvé 200 000 e-mails de phishing qui ont abusé des informations d'URL pour obscurcir les liens de phishing. L'arnaque a été observée pour la première fois le 21 janvier et reste en cours, bien que le volume quotidien des menaces diminue. Géographiquement, 75% de ces courriels ont été distribués aux États-Unis, tandis que 17% ont été distribués dans la région EMEA, et 5% ont été distribués au Canada. Pourquoi cela compte: les cybercriminels derrière cette campagne visent à compromettre autant d'organisations et d'individus que possible. Les pirates ne semblent pas cibler des industries spécifiques, rendant un large éventail d'entreprises vulnérables à […]

>Overview: In a newly observed scam, Check Point researchers found 200,000 phishing emails that abused URL information to obfuscate phishing links. The scam was first observed on January 21st, and remains ongoing, although the daily threat volume is decreasing. Geographically, 75% of these emails have been distributed in the US, while 17% were distributed in the EMEA region, and 5% were distributed in Canada. Why it matters: The cyber criminals behind this campaign aim to compromise as many organizations and individuals as possible. The hackers do not appear to target specific industries, rendering a wide spectrum of enterprises vulnerable to […] ]]> 2025-02-21T13:00:43+00:00 https://blog.checkpoint.com/cyber-criminals-using-url-tricks-to-deceive-users/ www.secnews.physaphae.fr/article.php?IdArticle=8649625 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine BlackBasta Ransomware Chatlogs Leaked Online 2025-02-21T11:15:00+00:00 https://www.infosecurity-magazine.com/news/blackbasta-ransomware-chatlogs/ www.secnews.physaphae.fr/article.php?IdArticle=8649556 False Ransomware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft\\'s Quantum Chip Breakthrough Accelerates Threat to Encryption Protocols Microsoft has developed the first ever quantum chip, shortening the timeframe for when quantum computers will break exiting encryption]]> 2025-02-21T09:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-quantum-chip-encryption/ www.secnews.physaphae.fr/article.php?IdArticle=8649527 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Ghost in the Shell: Null-AMSI Evading Traditional Security to Deploy AsyncRAT Key Takeaways Cyble Research and Intelligence Labs (CRIL) identified a campaign that utilizes malicious LNK files disguised as wallpapers to trick users into executing them. The malware uses a multi-stage execution process, using obfuscated PowerShell scripts to fetch additional payloads from the remote server. The Threat Actor (TA) behind this campaign leverages the open-source tool Null-AMSI to bypass the malware Scan Interface (AMSI) and Event Tracing for Windows (ETW). The PowerShell script used to bypass AMSI and ETW contains comments and error messages in Portuguese, suggesting that the TA may be a Portuguese-speaking individual or group. The malware employs AES encryption and GZIP compression to conceal its payloads, making it harder for security tools to analyze and detect malicious components. The final payload is executed into memory using reflection loading, bypassing traditional security measures while ensuring persistence and executing AsyncRAT for remote control. Overview Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file. Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users\' interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of mali]]> 2025-02-21T05:30:52+00:00 https://cyble.com/blog/null-amsi-evading-security-to-deploy-asyncrat/ www.secnews.physaphae.fr/article.php?IdArticle=8649470 False Spam,Malware,Tool,Vulnerability,Threat,Patching None 3.0000000000000000 ProofPoint - Cyber Firms Proofpoint Research: 2024 Account Takeover Statistics 2025-02-21T01:39:02+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/account-takeover-statistics www.secnews.physaphae.fr/article.php?IdArticle=8651012 False Ransomware,Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms Recherche de preuves: 2024 Statistiques du rachat de compte<br>Proofpoint Research: 2024 Account Takeover Statistics 2025-02-21T01:39:02+00:00 https://www.proofpoint.com/us/blog/threat-insight/account-takeover-statistics www.secnews.physaphae.fr/article.php?IdArticle=8649786 False Ransomware,Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Salt Typhoon gained initial access to telecoms through Cisco devices The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.

>The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos. ]]> 2025-02-20T22:31:36+00:00 https://cyberscoop.com/cisco-talos-salt-typhoon-initial-access/ www.secnews.physaphae.fr/article.php?IdArticle=8649393 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Ghost Ransomware Targets Orgs in 70+ Countries The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.]]> 2025-02-20T19:26:50+00:00 https://www.darkreading.com/cyberattacks-data-breaches/ghost-ransomware-targets-orgs-70-countries www.secnews.physaphae.fr/article.php?IdArticle=8649353 False Ransomware,Threat None 3.0000000000000000 knowbe4 - cybersecurity services Spear Phishing is the Top Cyber Threat to the Manufacturing Sector Spear Phishing is the Top Threat to the Manufacturing Sector

Spear Phishing is the Top Threat to the Manufacturing Sector

Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. These attacks accounted for 41% of true-positive alerts in the sector.]]> 2025-02-20T17:54:32+00:00 https://blog.knowbe4.com/spear-phishing-is-the-top-threat-to-the-manufacturing-sector www.secnews.physaphae.fr/article.php?IdArticle=8649319 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais OpenText announced OpenText™ Core Threat Detection and Response Product Reviews

OpenText Launches Next Generation OpenText Cybersecurity Cloud With AI Powered Threat Detection and Response Capabilities AI-powered threat defense to process billions of machine events and seamlessly integrate with existing security solutions to boost detection response and reduce risks for users of Microsoft Security tools - Product Reviews]]> 2025-02-20T17:45:03+00:00 https://www.globalsecuritymag.fr/opentext-announced-opentext-tm-core-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8649323 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw]]> 2025-02-20T16:51:00+00:00 https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html www.secnews.physaphae.fr/article.php?IdArticle=8649214 False Ransomware,Threat,Medical None 3.0000000000000000 Cyble - CyberSecurity Firm Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine Overview Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists. The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques. Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app. Tactics Used to Compromise Signal Accounts Exploiting Signal\'s "Linked Devices" Feature Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise. The phishing methods used to deliver these malicious QR codes include: Fake Signal group invites containing altered JavaScript redirects. Phishing pages masquerading as Ukrainian military applications. ]]> 2025-02-20T13:21:16+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity-2/ www.secnews.physaphae.fr/article.php?IdArticle=8649243 True Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Conference APT 44 2.0000000000000000 Cisco - Security Firm Blog Your Endpoint Is Secure Against AI Supply Chain Attacks Beginning immediately, all existing users of Cisco Secure Endpoint and Email Threat Protection are protected against malicious AI Supply Chain artifacts.]]> 2025-02-20T13:00:11+00:00 https://blogs.cisco.com/security/your-endpoint-is-secure-against-ai-supply-chain-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8649232 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Hackers Chain Exploits of Three Palo Alto Networks Firewall Flaws Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances]]> 2025-02-20T12:45:00+00:00 https://www.infosecurity-magazine.com/news/hackers-chain-exploits-three-palo/ www.secnews.physaphae.fr/article.php?IdArticle=8649229 False Vulnerability,Threat None 2.0000000000000000 HackRead - Chercher Cyber FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.]]> 2025-02-20T12:04:56+00:00 https://hackread.com/fbi-cisa-ghost-ransomware-threat-to-firms-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=8649212 False Ransomware,Vulnerability,Threat,Medical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Darktrace 2024 Annual Threat report highlights ongoing rise in MaaS threats, enhanced evasion techniques Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of...

>Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of... ]]> 2025-02-20T10:49:58+00:00 https://industrialcyber.co/reports/darktrace-2024-annual-threat-report-highlights-ongoing-rise-in-maas-threats-enhanced-evasion-techniques/ www.secnews.physaphae.fr/article.php?IdArticle=8649192 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Health-ISAC\\'s 2025 Health Sector Cyber Threat Landscape report warns of rising ransomware, espionage, IoMT vulnerabilities The Health-ISAC published its 2025 Health Sector Cyber Threat Landscape that underscores the formidable cybersecurity challenges that plagued... ]]> 2025-02-20T10:39:00+00:00 https://industrialcyber.co/reports/health-isacs-2025-health-sector-cyber-threat-landscape-report-warns-of-rising-ransomware-espionage-iomt-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8649194 False Ransomware,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA and FBI Warn of Global Threat from Ghost Ransomware CISA and the FBI have released a joint advisory detailing the activity of China\'s Ghost ransomware]]> 2025-02-20T09:45:00+00:00 https://www.infosecurity-magazine.com/news/cisa-fbi-warn-global-threat-ghost/ www.secnews.physaphae.fr/article.php?IdArticle=8649177 False Ransomware,Threat None 2.0000000000000000 Sekoia - Cyber Firms Cyber threats impacting the financial sector in 2024 – focus on the main actors This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.

>This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.]]> 2025-02-20T08:42:38+00:00 https://blog.sekoia.io/cyber-threats-impacting-the-financial-sector-in-2024-focus-on-the-main-actors/ www.secnews.physaphae.fr/article.php?IdArticle=8649161 False Threat None 3.0000000000000000 ANSSI - Flux Étatique Francais L\'ANSSI publie son état de la menace sur le cloud computing anssiadm jeu 20/02/2025 - 08:36 La démocratisation des solutions cloud s\'accompagne de nouvelles problématiques en matière de sécurité. Avec cet état de la menace, l\'ANSSI offre une cartographie des enjeux auxquels les fournisseurs de services cloud et les organisations qui y ont recours devront faire face, ainsi que ses recommandations. Le cloud computing est devenu partie intégrante de nos usages numériques notamment parce que cette technologie offre de nombreux avantages, mais il est nécessaire de connaître les menaces et de mesurer les risques qui accompagnent son utilisation. Pour ce faire, l\'ANSSI met à disposition son état de la menace sur les cloud et partage ses recommandations de sécurité pour y faire face. L\' environnement cloud, une cible grandissante des cyberattaques Les environnements cloud sont de plus en plus la cible d\'attaquants cherchant à compromettre l\'intégrité de ces systèmes. Cela s\'explique notamment par l\'intérêt pour les données traitées par les fournisseurs de service cloud, mais également parce qu\'ils offrent une entrée potentielle vers les organisations qui utilisent ces services. Le ciblage d\'environnement cloud fait désormais partie intégrante du mode opératoire des attaquants qui ont d]]> 2025-02-20T08:36:48+00:00 https://cyber.gouv.fr/actualites/lanssi-publie-son-etat-de-la-menace-sur-le-cloud-computing www.secnews.physaphae.fr/article.php?IdArticle=8649200 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploit Signal\\'s Linked Devices Feature to Hijack Accounts via Malicious QR Codes Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple]]> 2025-02-19T22:29:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html www.secnews.physaphae.fr/article.php?IdArticle=8649034 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Russia-aligned threat groups dupe Ukrainian targets via Signal Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts.

>Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts. ]]> 2025-02-19T21:20:40+00:00 https://cyberscoop.com/russia-threat-groups-target-ukraine-signal/ www.secnews.physaphae.fr/article.php?IdArticle=8649054 False Threat None 3.0000000000000000 Techworm - News CISA Flags Palo Alto & SonicWall Flaws As Exploited added two security vulnerabilities affecting Palo Alto Networks and SonicWall products to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation by malicious actors. The two below-mentioned vulnerabilities, which are based on evidence of active exploitation, are frequent attack vectors for malicious cyber actors, posing significant risks to organizations. These are: CVE-2025-0108 (CVSS score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This flaw affects Palo Alto Networks\' PAN-OS, the software running on its next-generation firewalls. The vulnerability allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to network resources. Exploiting this vulnerability could enable threat actors to infiltrate sensitive systems, exfiltrate data, or deploy further exploits within a compromised network. CVE-2024-53704 (CVSS score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: This flaw exists in SonicWall\'s SonicOS SSLVPN feature, which is used for secure remote access. Attackers can exploit this vulnerability to bypass authentication procedures, granting unauthorized access to VPN-protected networks. This enables the attackers to intercept messages, steal access to internal resources, and conduct privilege escalation attacks, which are a massive threat to enterprise security. Palo Alto Networks has confirmed the active exploitation of the CVE-2025-0108 vulnerability. The company notes that it has observed exploit attempts with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111. “Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” the company said in an updated advisory. According to cybersecurity firm GreyNoise, 26 active exploitation attempts have been made to-date targeting the CVE-2025-0108 authentication bypass vulnerability. This flaw has affected the major countries: the United States, France, Germany, the Netherlands, and Brazil. On the other hand, Bishop Fox recently released technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704, a high-severity authentication bypass in SonicOS SSLVPN. Shortly after the PoC was made public, Arctic Wolf detected exploitation attempts in the wild. In response to the active exploitation of these vulnerabilities, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies, as per the November 2021 Binding Operational Directive (BOD) 22-01, to apply the patches by March 11, 2025, to mitigate the identified vulnerabilities and protect their networks against potential threats. Palo Alto Networks ]]> 2025-02-19T20:09:10+00:00 https://www.techworm.net/2025/02/cisa-flags-palo-alto-sonicwall-flaws-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8649008 False Vulnerability,Threat,Technical None 2.0000000000000000 Global Security Mag - Site de news francais Des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants (Google Threat Intelligence Group) Malwares

Le groupe Google Threat Intelligence (Google Cloud Security) a découvert que des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants. L\'étude montre que les acteurs russes exploitent de plus en plus la fonction " linked device " intégrée à Signal en incitant le personnel militaire et gouvernemental ukrainien à scanner des QR codes malveillants pour permettre aux attaquants d\'accéder en temps réel aux messages de la victime. Ces attaques sont souvent (...) - Malwares]]> 2025-02-19T16:19:31+00:00 https://www.globalsecuritymag.fr/des-pirates-russes-ciblent-les-utilisateurs-ukrainiens-de-signal-avec-des-qr.html www.secnews.physaphae.fr/article.php?IdArticle=8649025 False Threat,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Fortinet® announced significant enhancements to FortiAnalyzer Product Reviews

Fortinet Evolves FortiAnalyzer into a Turnkey AI-Driven SecOps Platform for Resource-Constrained Security Teams FortiAnalyzer leverages a unified data lake, FortiGuard Labs threat intelligence, and AI-driven capabilities to empower midsize enterprises with accelerated threat hunting and incident response - Product Reviews]]> 2025-02-19T16:12:22+00:00 https://www.globalsecuritymag.fr/fortinet-r-announced-significant-enhancements-to-fortianalyzer.html www.secnews.physaphae.fr/article.php?IdArticle=8649028 False Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Elevate Your Security Operations with FortiAI FortiAI, embedded within FortiAnalyzer, is built on over a decade of Fortinet AI innovation and patents. It enhances security operations by automating threat detection, reducing manual workloads, and empowering teams with actionable intelligence-without the inefficiencies or limitations of standalone AI tools. Learn more.]]> 2025-02-19T16:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/elevate-your-security-operations-with-fortiai www.secnews.physaphae.fr/article.php?IdArticle=8649009 False Tool,Threat None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. ]]> 2025-02-19T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/ www.secnews.physaphae.fr/article.php?IdArticle=8648980 False Malware,Threat,Mobile,Cloud,Commercial APT 44 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Spies Eye AUKUS Nuclear Submarine Secrets, Australia\\'s Intelligence Chief Warns The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead]]> 2025-02-19T13:30:00+00:00 https://www.infosecurity-magazine.com/news/spies-eye-aukus-nuclear-submarine/ www.secnews.physaphae.fr/article.php?IdArticle=8649002 False Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Cybersecurity Talent Crisis: Future Defenders Rise to the Challenge in CTF Showdown The UK is facing a cybersecurity talent crisis, with nearly half (44%) of businesses struggling to find professionals equipped to combat the evolving cyber threat landscape, according to the UK Government’s Cyber Security Skills in the UK Labour Market 2024 report. In response, Check Point Software, a global leader in cybersecurity solutions, joined forces with […] ]]> 2025-02-19T13:03:27+00:00 https://www.itsecurityguru.org/2025/02/19/cybersecurity-talent-crisis-future-defenders-rise-to-the-challenge-in-ctf-showdown/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-talent-crisis-future-defenders-rise-to-the-challenge-in-ctf-showdown www.secnews.physaphae.fr/article.php?IdArticle=8649044 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Celebrating Excellence: Check Point\\'s Americas 2024 Partner Award of the Year Winners At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […]

>At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […] ]]> 2025-02-19T13:00:39+00:00 https://blog.checkpoint.com/partners/celebrating-excellence-check-points-americas-2024-partner-award-of-the-year-winners/ www.secnews.physaphae.fr/article.php?IdArticle=8648998 False Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Multiple foreign intelligence agencies plotting to murder dissidents in Australia, warns security chief The domestic-focused agency ASIO has "identified at least three different countries plotting to physically harm people living in Australia," according its most recent threat assessment.]]> 2025-02-19T12:47:01+00:00 https://therecord.media/australia-asio-report-foreign-intelligence-murder-plots www.secnews.physaphae.fr/article.php?IdArticle=8648990 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm CISA Updates Industrial Control Systems Advisories and Adds New Vulnerabilities to Catalog Overview The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks. ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A) Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16. The vulnerabilities are as follows: Stack-based Buffer Overflow (CVE-2024-39880) Out-of-bounds Write (CVE-2024-39881) Out-of-bounds Read (CVE-2024-39882) Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858) ]]> 2025-02-19T12:18:54+00:00 https://cyble.com/blog/cisa-upgrades-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8648991 False Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace Releases Annual 2024 Threat Insights Explore Darktrace\'s Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.]]> 2025-02-19T12:00:02+00:00 https://darktrace.com/blog/darktrace-releases-annual-2024-threat-insights www.secnews.physaphae.fr/article.php?IdArticle=8648982 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm How Modern Defensible Architecture Can Strengthen Australian Cybersecurity Practices Overview Cyberattacks in 2025 are not just frequent-they are becoming more technically advanced, making it critical for organizations to be proactive in their approach to security. In the modern cybersecurity landscape, focusing on when, not if, an incident will occur is essential. By developing a strong security framework through sound design and strategic planning, Australian businesses can reduce risks and mitigate the damage caused by cyberattacks. A cornerstone of this proactive approach is the concept of Modern Defensible Architecture (MDA), which provides organizations with a strategic framework for applying security principles consistently in the design, development, and maintenance of systems. The Australian government introduces MDA, with guidance from the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Together, these entities help define Foundations for Modern Defensible Architecture that help organizations build secure and resilient systems, preparing them to defend against cyber threats. Understanding Modern Defensible Architecture The key to creating a Modern Defensible Architecture is the ability to defend against cyber threats while maintaining adaptability for future challenges. The ASD, through the ACSC, has developed a set of guidelines known as the ]]> 2025-02-19T10:39:07+00:00 https://cyble.com/blog/australia-introduces-modern-defensible-architecture/ www.secnews.physaphae.fr/article.php?IdArticle=8648974 False Vulnerability,Threat,Patching,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Rapport cybersécurité WatchGuard : les malwares ciblant les endpoints, principalement via des services web légitimes et des documents, sont en hausse de 300% Investigations

Rapport cybersécurité WatchGuard : les malwares ciblant les endpoints, principalement via des services web légitimes et des documents, sont en hausse de 300% Le Threat Lab WatchGuard a également observé une résurgence des malwares de cryptomining, une augmentation des attaques basées sur des signatures et par ingénierie sociale, ainsi qu\'une augmentation des attaques de malwares dans la région EMEA. - Investigations]]> 2025-02-19T08:55:34+00:00 https://www.globalsecuritymag.fr/rapport-cybersecurite-watchguard-les-malwares-ciblant-les-endpoints.html www.secnews.physaphae.fr/article.php?IdArticle=8648958 False Threat None 3.0000000000000000 The State of Security - Magazine Américain CIS Control 01: Inventory and Control of Enterprise Assets Since 2008, the CIS Controls have been through many iterations of refinement and improvement leading up to what we are presented with today in CIS Controls version 8.1. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles, such as threat analysts, incident responders, solution providers, policy-makers, and more. This work is the collected wisdom from across many sectors that have banded together to create, adopt, and support the CIS Controls. Today...]]> 2025-02-19T03:18:18+00:00 https://www.tripwire.com/state-of-security/cis-control-1 www.secnews.physaphae.fr/article.php?IdArticle=8648964 False Threat None 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels Le nouveau rapport de WatchGuard Threat Lab révèle une augmentation de 300 % des logiciels malveillants prenant pour cible les endpoints, les cybercriminels ciblant en priorité des services web légitimes et des documents 2025-02-19T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/le-nouveau-rapport-de-watchguard-threat-lab-revele-une-augmentation-de-300 www.secnews.physaphae.fr/article.php?IdArticle=8649021 False Spam,Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber $10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.]]> 2025-02-18T22:42:24+00:00 https://hackread.com/infostealers-breach-us-security-military-fbi-hit/ www.secnews.physaphae.fr/article.php?IdArticle=8648925 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch China-Linked Threat Group Targets Japanese Orgs\\' Servers Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.]]> 2025-02-18T22:17:55+00:00 https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers www.secnews.physaphae.fr/article.php?IdArticle=8648918 False Malware,Vulnerability,Threat None 3.0000000000000000 CybeReason - Vendor blog Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot

Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot

KEY TAKEAWAYS Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns Requires no additional client involvement to run Available for M365 and Google Workspace Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.]]> 2025-02-18T21:50:13+00:00 https://www.cybereason.com/blog/bec-security-configuration-snapshot www.secnews.physaphae.fr/article.php?IdArticle=8648917 False Threat,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks - Patch Now Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 - The OpenSSH client]]> 2025-02-18T21:04:00+00:00 https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html www.secnews.physaphae.fr/article.php?IdArticle=8648895 False Vulnerability,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Hackers use \\'sophisticated\\' macOS malware to steal cryptocurrency, Microsoft says In a report released on Monday, threat intelligence specialists at Microsoft said that they have discovered the new XCSSET strain in limited attacks. XCSSET, first spotted in the wild in August 2020, spreads by infecting Xcode projects, which developers use to create apps for Apple devices.]]> 2025-02-18T20:40:06+00:00 https://therecord.media/hackers-use-macos-malware-to-steal-crypto www.secnews.physaphae.fr/article.php?IdArticle=8648914 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor\'s malicious payload into an external process, waitfor.exe,]]> 2025-02-18T20:39:00+00:00 https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html www.secnews.physaphae.fr/article.php?IdArticle=8648883 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.]]> 2025-02-18T19:02:31+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-variant-macos-threat-xcsset www.secnews.physaphae.fr/article.php?IdArticle=8648905 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New FrigidStealer Malware Targets macOS Users via Fake Browser Updates Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake]]> 2025-02-18T18:30:00+00:00 https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8648864 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Debunking the AI Hype: Inside Real Hacker Tactics Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a]]> 2025-02-18T16:30:00+00:00 https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8648843 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41]]> 2025-02-18T15:22:00+00:00 https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648844 False Threat,Prediction APT 41 3.0000000000000000 Cyble - CyberSecurity Firm CERT-In Issues Critical Warning on Adobe Software Security Flaws Overview The Indian Computer Emergency Response Team (CERT-In) has issued a critical security advisory (CIVN-2025-0025) detailing multiple vulnerabilities across various Adobe products. These security flaws pose significant risks, including unauthorized code execution, privilege escalation, security bypass, and denial-of-service (DoS) attacks. Users and administrators of affected Adobe software are urged to apply security updates immediately to mitigate these risks. Affected Software The vulnerabilities impact multiple Adobe products across different versions. The affected software includes: Adobe InDesign InDesign 1D20.0 and earlier versions InDesign 1D19.5.1 and earlier versions Adobe Commerce Adobe Commerce 2.4.4-p11 and earlier versions Adobe Commerce B2B 1.3.3-p11 and earlier versions Magento Open Source 2.4.4-p11 and earlier versions Adobe Substance 3D Stager Substance 3D Stager 3.1.0 and earlier versions Adobe InCopy InCopy 20.0 and earlier versions ]]> 2025-02-18T14:09:54+00:00 https://cyble.com/blog/cert-in-issues-critical-software-security-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8648875 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Strengthening Authentication in the AI Era: How Harmony SASE Aligns with CISA\\'s Secure by Design Pledge For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]

For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […] ]]> 2025-02-18T13:00:13+00:00 https://blog.checkpoint.com/harmony-sase/strengthening-authentication-in-the-ai-era-how-harmony-sase-aligns-with-cisas-secure-by-design-pledge/ www.secnews.physaphae.fr/article.php?IdArticle=8648858 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727]]> 2025-02-18T12:00:00+00:00 https://www.infosecurity-magazine.com/news/proofpoint-frigidstealer-new-mac/ www.secnews.physaphae.fr/article.php?IdArticle=8648845 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms Phishing Beyond Email: How Proofpoint Collab Protection Secures Messaging and Collaboration Apps 2025-02-18T11:14:41+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-collab-secures-messaging-collaboration-apps www.secnews.physaphae.fr/article.php?IdArticle=8648936 False Data Breach,Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to]]> 2025-02-18T10:56:00+00:00 https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648815 False Malware,Threat None 2.0000000000000000 TechRepublic - Security News US New Mac Malware Poses as Browser Updates Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks.]]> 2025-02-18T10:00:38+00:00 https://www.techrepublic.com/article/mac-malware-web-inject-proofpoint/ www.secnews.physaphae.fr/article.php?IdArticle=8648870 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Zacks Investment Research Breach Hits 12 Million A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts]]> 2025-02-18T10:00:00+00:00 https://www.infosecurity-magazine.com/news/zacks-investment-research-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648828 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms An Update on Fake Updates: Two New Actors, and New Mac Malware 2025-02-18T08:18:48+00:00 https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malware www.secnews.physaphae.fr/article.php?IdArticle=8648935 False Ransomware,Malware,Tool,Threat,Mobile None 3.0000000000000000 ProofPoint - Cyber Firms New Email Security Insights: Proofpoint Ranked No. 1 in 4 out of 5 Gartner Use Cases 2025-02-18T07:57:54+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-scores-high-gartner-capabilities-use-cases www.secnews.physaphae.fr/article.php?IdArticle=8648937 False Tool,Threat,Cloud,Technical,Commercial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Enhancing Accessibility and Managing Access Control for a Hybrid Workforce 2025-02-18T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/enhancing-accessibility-and-managing-access-control-for-a-hybrid-workforce www.secnews.physaphae.fr/article.php?IdArticle=8648817 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Microsoft Uncovers Enhanced macOS Malware Targeting Xcode Projects Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects. While the latest variant has only been observed in limited attacks, security researchers warn that its enhanced capabilities make it a significant threat to macOS users and developers. A Persistent Threat Since 2020 [...]]]> 2025-02-18T05:48:15+00:00 https://informationsecuritybuzz.com/microsoft-macos-malware-xcode-projects/ www.secnews.physaphae.fr/article.php?IdArticle=8648816 False Malware,Threat None 3.0000000000000000 The State of Security - Magazine Américain Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. What makes the campaign particularly notable is the way that it attempts to lure unsuspecting victims through the use of device codes from WhatsApp and Microsoft Teams. As explained on the...]]> 2025-02-18T04:21:09+00:00 https://www.tripwire.com/state-of-security/microsoft-teams-storm-2372-exploit-device-codes www.secnews.physaphae.fr/article.php?IdArticle=8648840 False Threat None 3.0000000000000000 TrendMicro - Security Firm Blog Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection Our Threat Hunting team discusses Earth Preta\'s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems.]]> 2025-02-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8648802 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to]]> 2025-02-17T22:00:00+00:00 https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8648781 False Malware,Threat None 2.0000000000000000 MitnickSecurity - Former Hacker Services The Main Types of Ransomware & How to Detect an Attack Educating your team on the main types of ransomware and how to spot the difference between them is more important than ever.

Educating your team on the main types of ransomware and how to spot the difference between them is more important than ever.

Ransomware Attacks: A Growing Threat to Businesses

Ransomware Attacks: A Growing Threat to Businesses ]]> 2025-02-17T19:18:30+00:00 https://www.mitnicksecurity.com/blog/types-of-ransomware-differences www.secnews.physaphae.fr/article.php?IdArticle=8648791 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) CISO\\'s Expert Guide To CTEM And Why It Matters Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also]]> 2025-02-17T16:30:00+00:00 https://thehackernews.com/2025/02/cisos-expert-guide-to-ctem-and-why-it.html www.secnews.physaphae.fr/article.php?IdArticle=8648747 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack]]> 2025-02-17T14:49:00+00:00 https://thehackernews.com/2025/02/thn-weekly-recap-google-secrets-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8648690 False Hack,Threat,Cloud,Technical None 2.0000000000000000 HackRead - Chercher Cyber Hackers Exploit Telegram API to Spread New Golang Backdoor The new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…]]> 2025-02-17T14:36:37+00:00 https://hackread.com/hackers-exploit-telegram-api-spread-golang-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8648769 False Malware,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm CVE-2025-21415 & CVE-2025-21396: Microsoft Addresses Critical Security Risks Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396). These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals. Overview of the Vulnerabilities Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation: 1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability) Severity Score: 7.5 (CVSS) Cause: Missing authorization checks in Microsoft Accounts. Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network. Discovery: Reported by security researcher Sugobet. 2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability) Severity Score: 9.9 (CVSS) ]]> 2025-02-17T14:35:56+00:00 https://cyble.com/blog/cve-2025-21415-microsoft-critical-security-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8648770 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis]]> 2025-02-17T14:34:00+00:00 https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html www.secnews.physaphae.fr/article.php?IdArticle=8648691 False Malware,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds...

>Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds... ]]> 2025-02-17T13:01:03+00:00 https://industrialcyber.co/threats-attacks/insikt-group-details-redmike-cyber-espionage-campaign-on-telecom-providers-using-cisco-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648758 False Vulnerability,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point\\'s SASE Tops Scores for Threat Prevention Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […]

>Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […] ]]> 2025-02-17T13:00:25+00:00 https://blog.checkpoint.com/harmony-sase/check-points-sase-tops-scores-for-threat-prevention/ www.secnews.physaphae.fr/article.php?IdArticle=8648756 False Malware,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 17th February – Threat Intelligence Report For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […]

>For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […] ]]> 2025-02-17T12:02:40+00:00 https://research.checkpoint.com/2025/17th-february-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8648749 False Ransomware,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm IT Vulnerability Report: Ivanti, Apple Fixes Urged by Cyble Overview Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products. The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures. Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog. Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack. The Top IT Vulnerabilities Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure ]]> 2025-02-17T11:56:58+00:00 https://cyble.com/blog/it-vulnerability-ivanti-apple-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8648746 False Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 Korben - Bloger francais J\'ai testé le nouveau Civilization VII de Sid Meier Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate. Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre.

Je suis content, on m’a demandé de tester le nouveau Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate. Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre.]]> 2025-02-17T11:47:33+00:00 https://korben.info/meilleur-test-civilization-vii-sid-meier.html www.secnews.physaphae.fr/article.php?IdArticle=8648752 False Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite eSentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms eSentire\'s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group\'s persistent focus on corporate espionage. A Sophisticated Attack Chain The TRU team said the initial foothold was gained through [...]]]> 2025-02-17T11:18:40+00:00 https://informationsecuritybuzz.com/esentire-unc-earthkapre-redcurl-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8648754 False Threat None 2.0000000000000000 The State of Security - Magazine Américain Advanced Ransomware Evasion Techniques in 2025 Ransomware has become more than a threat-it\'s a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn\'t an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead. The State of Ransomware in 2024 2024 marked a turning point in the...]]> 2025-02-17T03:10:22+00:00 https://www.tripwire.com/state-of-security/advanced-ransomware-evasion-techniques www.secnews.physaphae.fr/article.php?IdArticle=8648684 False Ransomware,Threat None 3.0000000000000000 Cyber Skills - Podcast Cyber The Growing Threat of Phishing Attacks and How to Protect Yourself Phishing remains the most common type of cybercrime, evolving into a sophisticated threat that preys on human psychology and advanced technology. Traditional phishing involves attackers sending fake, malicious links disguised as legitimate messages to trick victims into revealing sensitive information or installing malware. However, phishing attacks have become increasingly advanced, introducing what experts call "phishing 2.0" and psychological phishing. Phishing 2.0 leverages AI to analyse publicly available data, such as social media profiles and public records, to craft highly personalized and convincing messages. These tailored attacks significantly increase the likelihood of success. Psychological manipulation also plays a role in phishing schemes. Attackers exploit emotions like fear and trust, often creating a sense of urgency to pressure victims into acting impulsively. By impersonating trusted entities, such as banks or employers, they pressure victims into following instructions without hesitation. AI has further amplified the efficiency and scale of phishing attacks. Cybercriminals use AI tools to generate convincing scam messages rapidly, launch automated campaigns and target thousands of individuals within minutes. Tools like ChatGPT, when misused in “DAN mode”, can bypass ethical restrictions to craft grammatically correct and compelling messages, aiding attackers who lack English fluency. ]]> 2025-02-17T00:00:00+00:00 https://www.cyberskills.ie/explore/news/the-growing-threat-of-phishing-attacks-and-how-to-protect-yourself--.html www.secnews.physaphae.fr/article.php?IdArticle=8648755 False Malware,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Roping in cyber risk quantification across industrial networks to safeguard OT asset owners amid rising threats With the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational... ]]> 2025-02-16T03:03:45+00:00 https://industrialcyber.co/risk-management/roping-in-cyber-risk-quantification-across-industrial-networks-to-safeguard-ot-asset-owners-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8648617 False Threat,Industrial None 3.0000000000000000 Data Security Breach - Site de news Francais Patch Tuesday de février 2025 : Les mises à jour critiques à ne pas manquer Microsoft et Adobe renforcent la sécurité avec des correctifs majeurs en février 2025 dont plusieurs zero day.]]> 2025-02-15T09:44:59+00:00 https://www.datasecuritybreach.fr/patch-tuesday-de-fevrier-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8648579 False Threat None 2.0000000000000000 Zataz - Magazine Francais de secu Zero Day : Une cyberattaque dévastatrice est-elle réaliste ? La série Zero Day, avec Robert De Niro, de Netflix imagine une cyberattaque catastrophique contre les États-Unis. Un tel scénario est-il crédible ? Si les infrastructures critiques sont ciblées par des cybercriminels, un effondrement total est-il possible ?...]]> 2025-02-15T09:18:14+00:00 https://www.zataz.com/zero-day-une-cyberattaque-devastatrice-est-elle-realiste/ www.secnews.physaphae.fr/article.php?IdArticle=8648576 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "]]> 2025-02-14T23:58:00+00:00 https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html www.secnews.physaphae.fr/article.php?IdArticle=8648530 False Malware,Threat APT 38 2.0000000000000000 The Register - Site journalistique Anglais SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…]]> 2025-02-14T22:53:26+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/14/sonicwall_firewalls_under_attack_patch/ www.secnews.physaphae.fr/article.php?IdArticle=8648549 False Ransomware,Threat None 2.0000000000000000 Techworm - News Palo Alto Networks Patches Critical Vulnerability In PAN-OS CVE-2025-0108 (CVSS score: 7.8), stems from the problem of path processing by Nginx/Apache in PAN-OS. If successfully exploited, it could allow an attacker to bypass PAN-OS management web interface authentication and invoke specific PHP scripts, potentially gaining access to sensitive system data or exploiting underlying vulnerabilities. “An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” Palo Alto Networks wrote in the advisory published on Wednesday. “While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.” The flaw affects multiple versions of PAN-OS, which are as follows: PAN-OS 11.2 < 11.2.4-h4 (fixed in 11.2.4-h4 or later) PAN-OS 11.1 < 11.1.6-h1 (fixed in 11.1.6-h1 or later) PAN-OS 10.2 < 10.2.13-h3 (fixed in 10.2.13-h3 or later) PAN-OS 10.1 < 10.1.14-h9 (fixed in 10.1.14-h9 or later) Further, the PAN-OS versions: PAN-OS 10.1 >= 10.1.14-h9, PAN-OS 10.2 >= 10.2.13-h3, PAN-OS 11.1 >= 11.1.6-h1, and PAN-OS 11.2 >= 11.2.4-h4, remain unaffected by the vulnerability. It also does not affect Cloud NGFW and Prisma Access software. The company has urged all its affected customers to apply the latest patch for PAN-OS immediately. It has also advised users to review firewall logs for any suspicious activity related to the vulnerability, follow Palo Alto Networks\' best practices for securing network environments, and engage in threat intelligence monitoring to stay updated on emerging risks. The CVE-2025-0108 vulnerability was discovered by Adam Kues, a security researcher at Assetnote, which is part of Searchlight Cyber, who reported it to Palo Alto. The Assetnote researchers encountered this flaw while analyzing the patches for previous PAN-OS flaws -CVE-2024-0012 and CVE-2024-9474 - that were exploited in the wild. “Our research reveals that while Palo Alto Networks’s recent patches addressed the known vulnerabilities, the underlying architecture of PAN-OS contains additional security flaws within the same vulnerability class,” said Shubham (Shubs) Shah, CTO and Co-Founder at Assetnote. “This highlights a critica]]> 2025-02-14T21:34:33+00:00 https://www.techworm.net/2025/02/palo-alto-networks-patch-vulnerability-pan-os.html www.secnews.physaphae.fr/article.php?IdArticle=8648512 False Vulnerability,Threat,Cloud None 3.0000000000000000 HackRead - Chercher Cyber RansomHub: The New King of Ransomware? Targeted 600 Firms in 2024 RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB…]]> 2025-02-14T21:34:07+00:00 https://hackread.com/ransomhub-king-of-ransomware-600-firms-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8648545 False Ransomware,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Threat researchers spot \\'device code\\' phishing attacks targeting Microsoft accounts Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens.

>Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens. ]]> 2025-02-14T21:32:33+00:00 https://cyberscoop.com/russia-threat-groups-device-code-phishing-microsoft-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8648544 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial House Committee report highlights growing threat of Chinese cyber espionage, intellectual property theft The U.S. House Committee on Homeland Security has released an updated \'China Threat Snapshot\' report, which examines Chinese... ]]> 2025-02-14T17:48:16+00:00 https://industrialcyber.co/critical-infrastructure/house-committee-report-highlights-growing-threat-of-chinese-cyber-espionage-intellectual-property-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8648521 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dragos reports evolving ransomware threat landscape with increased operational disruptions as attacks target ICS Industrial cybersecurity company Dragos revealed that during the fourth quarter of 2024, the ransomware threat landscape presented an... ]]> 2025-02-14T17:39:09+00:00 https://industrialcyber.co/industrial-cyber-attacks/dragos-reports-evolving-ransomware-threat-landscape-with-increased-operational-disruptions-as-attacks-target-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8648523 False Ransomware,Threat,Industrial None 3.0000000000000000 HackRead - Chercher Cyber Scammers Exploit JFK Files Release with Malware and Phishing Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…]]> 2025-02-14T16:59:45+00:00 https://hackread.com/scammers-exploit-jfk-files-release-malware-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8648514 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft: Russian-Linked Hackers Using \\'Device Code Phishing\\' to Hijack Accounts Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas]]> 2025-02-14T15:57:00+00:00 https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html www.secnews.physaphae.fr/article.php?IdArticle=8648469 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) RansomHub Becomes 2024\\'s Top Ransomware Group, Hitting 600+ Organizations Globally The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors]]> 2025-02-14T15:47:00+00:00 https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8648470 False Ransomware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch How Banks Can Adapt to the Rising Threat of Financial Crime Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.]]> 2025-02-14T15:00:00+00:00 https://www.darkreading.com/cyber-risk/how-banks-adapt-rising-threat-financial-crime www.secnews.physaphae.fr/article.php?IdArticle=8648501 False Threat None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Telegram Abused as C2 Channel for New Golang Backdoor Summary As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram […]

>Summary As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram […] ]]> 2025-02-14T15:00:00+00:00 https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8648498 False Malware,Threat None 2.0000000000000000 Dragos - CTI Society How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly... The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos.

>Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly... The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos.]]> 2025-02-14T15:00:00+00:00 https://www.dragos.com/blog/how-to-navigate-network-security-in-a-rapidly-evolving-ot-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8648507 False Threat,Industrial None 2.0000000000000000 The Register - Site journalistique Anglais Critical PostgreSQL bug tied to zero-day attack on US Treasury High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…]]> 2025-02-14T14:19:59+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/14/postgresql_bug_treasury/ www.secnews.physaphae.fr/article.php?IdArticle=8648497 False Tool,Vulnerability,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Protecting Hospitals from IoT Threats with Check Point In today’s healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA), which warns that Contec CMS8000 devices, widely used for patient monitoring, contain a backdoor that sends patient data to a remote IP address and could download and execute files on the device. Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get […]

>In today’s healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA), which warns that Contec CMS8000 devices, widely used for patient monitoring, contain a backdoor that sends patient data to a remote IP address and could download and execute files on the device. Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get […] ]]> 2025-02-14T13:00:01+00:00 https://blog.checkpoint.com/securing-the-network/protecting-hospitals-from-iot-threats-with-check-point/ www.secnews.physaphae.fr/article.php?IdArticle=8648477 False Vulnerability,Threat,Medical,Technical None 2.0000000000000000 Cyble - CyberSecurity Firm Germany is Strengthening Cybersecurity with Federal-State Collaboration and Digital Violence Prevention

BSI Expands Cybersecurity Cooperation with Hamburg Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees. BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels: “In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.” This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents. With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively. Addressing Digital Violence Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world. While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes: Unauthorized access to smart home device]]> 2025-02-14T12:07:49+00:00 https://cyble.com/blog/germany-strengthening-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8648472 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 SecurityWeek - Security News New Windows Zero-Day Exploited by Chinese APT: Security Firm ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.

>ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. ]]> 2025-02-14T11:40:00+00:00 https://www.securityweek.com/new-windows-zero-day-exploited-by-chinese-apt-security-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8648467 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An]]> 2025-02-14T10:33:00+00:00 https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8648448 False Tool,Vulnerability,Threat None 3.0000000000000000