www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T07:12:02+00:00 www.secnews.physaphae.fr Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique DeepSeek Just Shook Up AI. Here\\'s How to Rethink Your Strategy. The rapid rise of generative AI (genAI) applications is reshaping enterprise technology strategies, pushing security leaders to reevaluate risk, compliance, and data governance policies. The latest surge in DeepSeek usage is a wake-up call for CISOs, illustrating how quickly new genAI tools can infiltrate the enterprise. In only 48 hours, Netskope Threat Labs observed a […] ]]> 2025-02-04T19:32:25+00:00 https://www.netskope.com/blog/deepseek-just-shook-up-ai-heres-how-to-rethink-your-strategy www.secnews.physaphae.fr/article.php?IdArticle=8646882 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or]]> 2025-02-04T17:41:00+00:00 https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html www.secnews.physaphae.fr/article.php?IdArticle=8646816 False Malware,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite CPR Finds Threat Actors Already Leveraging DeepSeek and Qwen to Develop Malicious Content Soon after the launch of AI models DeepSeek and Qwen, Check Point Research witnessed cyber criminals quickly shifting from ChatGPT to these new platforms to develop malicious content. Threat actors are sharing how to manipulate the models and show uncensored content, ultimately allowing hackers and criminals to use AI to create malicious content. Called jailbreaking, there are many methods to remove censors from AI models. However, we now see in-depth guides to jailbreaking methods, bypassing anti-fraud protections, and developing malware itself. This blog delves into how threat actors leverage these advanced models to develop harmful content, manipulate AI functionalities through […]

>Soon after the launch of AI models DeepSeek and Qwen, Check Point Research witnessed cyber criminals quickly shifting from ChatGPT to these new platforms to develop malicious content. Threat actors are sharing how to manipulate the models and show uncensored content, ultimately allowing hackers and criminals to use AI to create malicious content. Called jailbreaking, there are many methods to remove censors from AI models. However, we now see in-depth guides to jailbreaking methods, bypassing anti-fraud protections, and developing malware itself. This blog delves into how threat actors leverage these advanced models to develop harmful content, manipulate AI functionalities through […] ]]> 2025-02-04T17:38:54+00:00 https://blog.checkpoint.com/artificial-intelligence/cpr-finds-threat-actors-already-leveraging-deepseek-and-qwen-to-develop-malicious-content/ www.secnews.physaphae.fr/article.php?IdArticle=8646864 False Malware,Threat ChatGPT 3.0000000000000000 ProofPoint - Cyber Firms VidSpam: A New Threat Emerges as Bitcoin Scams Evolve from Images to Video 2025-02-04T14:19:22+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/vidspam-new-threat-emerges-bitcoin-scams-evolve-images-video www.secnews.physaphae.fr/article.php?IdArticle=8646760 False Spam,Tool,Threat,Mobile,Prediction None 3.0000000000000000 HackRead - Chercher Cyber SpyCloud Pioneers the Shift to Holistic Identity Threat Protection Austin, TX, USA, 4th February 2025, CyberNewsWire]]> 2025-02-04T13:00:26+00:00 https://hackread.com/spycloud-pioneers-the-shift-to-holistic-identity-threat-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8646802 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm NETGEAR Urges Immediate Firmware Updates for Critical Security Flaws Overview NETGEAR has recently addressed two critical security vulnerabilities affecting its products, which, if exploited, could allow unauthenticated attackers to execute arbitrary code or remotely exploit devices. These vulnerabilities impact multiple models, including the XR series routers and WAX series access points. Given the high severity of these vulnerabilities, with Common Vulnerability Scoring System (CVSS) scores of 9.8 and 9.6, users are strongly advised to update their devices immediately to the latest firmware versions to prevent potential cyber threats. Details of the Security Vulnerabilities The vulnerabilities impact several NETGEAR devices and could allow remote attackers to take control of the affected routers and access points without requiring authentication. Such security flaws are particularly concerning as they can be leveraged for malicious activities, including data theft, network disruption, and unauthorized surveillance. Affected Devices and Firmware Updates NETGEAR has released fixes for the unauthenticated remote code execution (RCE) security vulnerability affecting the following models: XR1000: Fixed in firmware version 1.0.0.74 XR1000v2: Fixed in firmware version 1.1.0.22 XR500: Fixed in firmware version 2.3.2.134 ]]> 2025-02-04T10:58:37+00:00 https://cyble.com/blog/netgear-issues-security-severe-rce-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8646783 False Malware,Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft SharePoint Connector Flaw Could\\'ve Enabled Credential Theft Across Power Platform Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user\'s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf]]> 2025-02-04T09:59:00+00:00 https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8646724 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point Ranks #1 in Threat Prevention Testing Miercom 2025 Enterprise & Hybrid Mesh Firewall Report For the third consecutive year, Check Point ranked #1 for security effectiveness in all categories of the Miercom Enterprise and Hybrid Mesh Firewall Report. This report includes two new metrics: SSE/SASE Threat Prevention and Known Exploited Vulnerabilities (KEVs). Miercom\'s independent, head-to-head stress testing establishes how well a platform can detect and block the latest generations of cyber security threats in real-world scenarios. Blocking at least 99% of cyber attacks is a key objective, because even a 90% block rate can translate to hundreds of costly attacks. Organizations subject to these attacks can face data loss, credential theft, ransomware demands, and […]

For the third consecutive year, Check Point ranked #1 for security effectiveness in all categories of the Miercom Enterprise and Hybrid Mesh Firewall Report. This report includes two new metrics: SSE/SASE Threat Prevention and Known Exploited Vulnerabilities (KEVs). Miercom\'s independent, head-to-head stress testing establishes how well a platform can detect and block the latest generations of cyber security threats in real-world scenarios. Blocking at least 99% of cyber attacks is a key objective, because even a 90% block rate can translate to hundreds of costly attacks. Organizations subject to these attacks can face data loss, credential theft, ransomware demands, and […] ]]> 2025-02-04T07:01:19+00:00 https://blog.checkpoint.com/security/check-point-ranks-1-in-threat-prevention-testing-miercom-2025-enterprise-hybrid-mesh-firewall-report/ www.secnews.physaphae.fr/article.php?IdArticle=8646740 False Ransomware,Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC What Is Zero Trust? 2025-02-04T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/what-is-zero-trust www.secnews.physaphae.fr/article.php?IdArticle=8646734 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud None 3.0000000000000000 TrendLabs Security - Editeur Antivirus CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.]]> 2025-02-04T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8646748 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before]]> 2025-02-03T19:27:00+00:00 https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html www.secnews.physaphae.fr/article.php?IdArticle=8646538 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch 1-Click Phishing Campaign Targets High-Profile X Accounts In an attack vector that\'s been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims.]]> 2025-02-03T15:45:46+00:00 https://www.darkreading.com/endpoint-security/one-click-phishing-campaign-high-profile-x-accounts www.secnews.physaphae.fr/article.php?IdArticle=8646573 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Google fixes Android kernel zero-day exploited in attacks The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. [...]]]> 2025-02-03T15:10:22+00:00 https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8646654 False Vulnerability,Threat,Mobile None 2.0000000000000000 SecurityWeek - Security News Cyber Insights 2025: Quantum and the Threat to Encryption 2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers.

>2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers. ]]> 2025-02-03T14:52:05+00:00 https://www.securityweek.com/cyber-insights-2025-quantum-and-the-threat-to-encryption/ www.secnews.physaphae.fr/article.php?IdArticle=8646555 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 3rd February – Threat Intelligence Report For the latest discoveries in cyber research for the week of 3rd February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Mizuno USA, giant sports equipment manufacturer, has confirmed a cyber-attack that resulted in the theft of personal information from its network between August and October 2024. The data breach included names, Social […]

>For the latest discoveries in cyber research for the week of 3rd February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Mizuno USA, giant sports equipment manufacturer, has confirmed a cyber-attack that resulted in the theft of personal information from its network between August and October 2024. The data breach included names, Social […] ]]> 2025-02-03T14:06:14+00:00 https://research.checkpoint.com/2025/3rd-february-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8646528 False Data Breach,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm Cyble Sensors Detect Attacks on Apache OFBiz, Palo Alto Networks Overview Cyble honeypot sensors have detected new attack attempts on vulnerabilities in Palo Alto Networks\' web management interface and the Apache OFBiz ERP system, among dozens of other exploits picked up by Cyble sensors. Cyble\'s recent sensor intelligence report to clients examined more than 30 vulnerabilities under active exploitation by hackers and also looked at persistent attacks against Linux systems and network and IoT devices. Threat actors continue to scan for vulnerable devices for ransomware attacks and add to botnets for DDoS attacks and crypto mining. The full reports also looked at banking malware, brute-force attacks, vulnerable ports, and phishing campaigns. Palo Alto Networks Vulnerabilities Targeted Cyble sensors detected attacks attempting to exploit an OS Command Injection vulnerability in the Palo Alto Networks PAN-OS management web interface. The vulnerability, CVE-2024-9474, could be used by hackers to escalate privileges in PAN-OS. It could allow attackers who can access the PAN-OS management web interface to perform actions on the firewall with root privileges. P]]> 2025-02-03T13:49:16+00:00 https://cyble.com/blog/cyble-sensors-detect-attacks-on-palo-alto-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8646525 False Ransomware,Vulnerability,Threat,Patching None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant CVE-2023-6080: A Case Study on Third-Party Installer Abuse Executive Summary Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Software\'s SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access to a system running the vulnerable version of SysTrack could escalate privileges locally. Mandiant responsibly disclosed this vulnerability to Lakeside Software, and the issue has been addressed in version 11.0. Introduction Building upon the insights shared in a previous Mandiant blog post, Escalating Privileges via Third-Party Windows Installers, this case study explores the ongoing challenge of securing third-party Windows installers. These vulnerabilities are rooted in insecure coding practices when creating Microsoft Software Installer (MSI) Custom Actions and can be caused by references to missing files, broken shortcuts, or insecure folder permissions. These oversights create gaps that inadvertently allow attackers the ability to escalate privileges. As covered in our previous blog post, after software is installed with an MSI file, Windows caches the MSI file in the C:\Windows\Installer folder for later use. This allows users on the system to access and use the "repair" feature, which is intended to address various issues that may be impacting the installed software. During execution of an MSI repair, several operations (such as file creation or execution) may be triggered from an NT AUTHORITY\SYSTEM context, even if initiated by a low-privilege user, thereby creating privilege escalation opportunities. This blog post specifically focuses on the discovery and exploitation of CVE-2023-6080, a local privilege escalation vulnerability that Mandiant identified in Lakeside Software\'s SysTrack Agent version 10.7.8. Exploiting the SysTrack Installer Mandiant began by using Microsoft\'s Process Monitor (ProcMon) to analyze and review file operations executed during the repair process of SysTrack\'s MSI. While running the repair process as a low-privileged user, Mandiant observed file creation and execution within the user\'s %TEMP% folder from MSIExec.exe. ]]> 2025-02-03T13:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse/ www.secnews.physaphae.fr/article.php?IdArticle=8646593 False Tool,Vulnerability,Threat,Studies,Cloud,Technical None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts The Vietnam-based group has grown more sophisticated since 2013, new research shows. ]]> 2025-02-03T13:00:00+00:00 https://cyberscoop.com/xegroup-zero-day-exploit-intezer-labs-solis-security-vietnam/ www.secnews.physaphae.fr/article.php?IdArticle=8646504 False Vulnerability,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm Apple Issues Security Updates for iOS, macOS, watchOS, and More-Patch Now! Overview Apple has released security updates to address a newly discovered vulnerability, CVE-2025-24085, in its Core Media framework. This vulnerability is classified as a privilege escalation flaw and is reportedly being actively exploited. If successfully leveraged by a malicious application, this vulnerability could enable an attacker to elevate privileges on an affected device. To mitigate the risk, Apple has released patches across multiple product lines, urging users and administrators to update their devices immediately. The affected operating systems include iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Details of CVE-2025-24085 The vulnerability stems from a use-after-free (UAF) issue, a memory management flaw where a program continues to access memory after it has been freed. This can lead to arbitrary code execution, privilege escalation, or application crashes. Apple has addressed this issue by improving memory management. Apple has acknowledged that CVE-2025-24085 may have been actively exploited against iOS versions before iOS 17.2. This underlines the urgency of updating affected devices to the latest security patches. Impacted Devices and Operating Systems Apple has rolled out security patches for the following devices and operating system versions: iOS 18.3 and iPadOS 18.3: iPhone XS and later iPad Pro 1]]> 2025-02-03T12:21:32+00:00 https://cyble.com/blog/apple-fixes-cve-2025-24085-security-update/ www.secnews.physaphae.fr/article.php?IdArticle=8646502 False Vulnerability,Threat,Prediction None 3.0000000000000000 Sygnia - CyberSecurity Firm Report Reveals Four Critical Shifts in Threat Actor Attack Behaviour Incident Response Team Shares Frontline Insights in Sygnia\'s 2025 Field Report ]]> 2025-02-03T12:09:17+00:00 https://www.sygnia.co/press-release/evolving-cyber-threats-2025-field-report/ www.secnews.physaphae.fr/article.php?IdArticle=8646498 False Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain DeepSeek AI tools impersonated by infostealer malware on PyPI Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. [...]]]> 2025-02-03T11:33:23+00:00 https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/ www.secnews.physaphae.fr/article.php?IdArticle=8646596 False Malware,Tool,Threat None 3.0000000000000000 SecurityWeek - Security News Insurance Company Globe Life Notifying 850,000 People of Data Breach Insurance firm Globe Life says a threat actor may have compromised the personal information of roughly 850,000 individuals.

>Insurance firm Globe Life says a threat actor may have compromised the personal information of roughly 850,000 individuals. ]]> 2025-02-03T11:10:48+00:00 https://www.securityweek.com/insurance-company-globe-life-notifying-850000-people-of-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8646475 False Data Breach,Threat None 3.0000000000000000 Data Security Breach - Site de news Francais Une faille critique dans 7-Zip expose les utilisateurs à des logiciels malveillants Continue reading Une faille critique dans 7-Zip expose les utilisateurs à des logiciels malveillants

Une vulnérabilité critique a été découverte dans le célèbre archiveur 7-Zip, permettant à des attaquants d\'installer des logiciels malveillants tout en contournant le mécanisme de sécurité Mark of the Web (MoTW) de Windows. Des chercheurs du Zero Day Initiative ont identifié une faille (CVE-2025-0411) dans 7-Zip, un outil largement utilisé pour compresser et extraire des … Continue reading Une faille critique dans 7-Zip expose les utilisateurs à des logiciels malveillants]]> 2025-02-03T08:52:50+00:00 https://www.datasecuritybreach.fr/7zip-0day/ www.secnews.physaphae.fr/article.php?IdArticle=8646421 False Threat None 3.0000000000000000 Cisco - Security Firm Blog AI Cyber Threat Intelligence Roundup: January 2025 AI threat research is a fundamental part of Cisco\'s approach to AI security. Our roundups highlight new findings from both original and third-party sources.]]> 2025-02-01T13:00:13+00:00 https://blogs.cisco.com/security/ai-cyber-threat-intelligence-roundup-january-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8645691 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company\'s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged]]> 2025-02-01T12:10:00+00:00 https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html www.secnews.physaphae.fr/article.php?IdArticle=8645584 False Vulnerability,Threat,Cloud None 3.0000000000000000 Techworm - News Hackers From China, North Korea, Iran & Russia Are Using Google’s AI For Cyber Ops said in its report. Google tracked this activity to more than ten Iran-backed groups, more than twenty China-backed groups, and nine North Korean-backed groups. For instance, Iranian threat actors were the biggest users of Gemini, using it for a wide range of purposes, including research on defense organizations, vulnerability research, and creating content for campaigns. In particular, the group APT42 (which accounted for over 30% of Iranian APT actors) focused on crafting phishing campaigns to target government agencies and corporations, conducting reconnaissance on defense experts and organizations, and generating content with cybersecurity themes. Chinese APT groups primarily used Gemini to conduct reconnaissance, script and develop, troubleshoot code, and research how to obtain deeper access to target networks through lateral movement, privilege escalation, data exfiltration, and detection evasion. North Korean APT hackers were observed using Gemini to support multiple phases of the attack lifecycle, including researching potential infrastructure and free hosting providers, reconnaissance on target organizations, payload development, and help with malicious scripting and evasion methods. “Of note, North Korean actors also used Gemini to draft cover letters and research jobs-activities that would likely support North Korea’s efforts to place clandestine IT workers at Western companies,” the company noted. “One North Korea-backed group utilized Gemini to draft cover letters and proposals for job descriptions, researched average salaries for specific jobs, and asked about jobs on LinkedIn. The group also used Gemini for information about overseas employee exchanges. Many of the topics would be common for anyone researching and applying for jobs.” Meanwhile, Russian APT actors demonstrated limited use of Gemini, primarily for coding tasks such as converting publicly available malware into different programming languages and incorporating encryption functions into existing code. They may have avoided using Gemini for operational security reasons, opting to stay off Western-controlled platforms to avoid monitoring their activities or using Russian-made AI tools. Google said the Russian hacking group’s use of Gemini has been relatively limited, possibly because it attempted to prevent Western platforms from monitoring its activities ]]> 2025-01-31T19:21:04+00:00 https://www.techworm.net/2025/01/hackers-google-gemini-ai-for-cyber-ops.html www.secnews.physaphae.fr/article.php?IdArticle=8645260 False Malware,Tool,Vulnerability,Threat,Legislation,Cloud APT 42 3.0000000000000000 IT Security Guru - Blog Sécurité Change Your Password Day: Keeper Security Highlights Urgent Need for Strong Credential Management In recognition of Change Your Password Day, Keeper Security is urging organisations to prioritise securing credentials to combat the escalating threat of cyber attacks. Without proper safeguards, compromised credentials can lead to devastating breaches, financial loss and reputational damage. Privileged accounts, often used by administrators or automated systems to access critical infrastructure, are prime targets for […] ]]> 2025-01-31T16:40:01+00:00 https://www.itsecurityguru.org/2025/01/31/change-your-password-day-keeper-security-highlights-urgent-need-for-strong-credential-management/?utm_source=rss&utm_medium=rss&utm_campaign=change-your-password-day-keeper-security-highlights-urgent-need-for-strong-credential-management www.secnews.physaphae.fr/article.php?IdArticle=8645709 False Threat None 2.0000000000000000 HackRead - Chercher Cyber FUNNULL Unmasked: AWS, Azure Abused for Global Cybercrime Operations Discover how cybercriminals use \'Infrastructure Laundering\' to exploit AWS and Azure for scams, phishing, and money laundering. Learn about FUNNULL CDN\'s tactics and their global impact on businesses and cybersecurity.]]> 2025-01-31T16:06:38+00:00 https://hackread.com/funnull-aws-azure-abused-global-cybercrime-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8645303 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms Insider Breach of the Month: A Departing Employee Takes a Trove of Data from a Large Law Firm 2025-01-31T14:59:40+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/data-exfiltration-caused-by-departing-employee-at-law-firm www.secnews.physaphae.fr/article.php?IdArticle=8645478 False Data Breach,Tool,Threat None 2.0000000000000000 SentinelOne (Research) - Cyber Firms Phishing on X | High Profile Account Targeting Campaign Returns, Promoting Cryptocurrency Scams SentinelLABS has observed an active phishing campaign targeting high-profile X accounts to hijack and exploit them for fraudulent activity.]]> 2025-01-31T14:55:46+00:00 https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns/ www.secnews.physaphae.fr/article.php?IdArticle=8645281 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat Actors Target Public-Facing Apps for Initial Access Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques]]> 2025-01-31T14:30:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-public-apps-initial/ www.secnews.physaphae.fr/article.php?IdArticle=8645285 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin]]> 2025-01-31T11:19:00+00:00 https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8645120 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Cyble\\'s Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered Overview Cyble\'s weekly vulnerability insights to clients cover key vulnerabilities discovered between January 22 and January 28, 2025. The findings highlight a range of vulnerabilities across various platforms, including critical issues that are already being actively exploited. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to their Known Exploited Vulnerability (KEV) catalog this week. Among these, the zero-day vulnerability CVE-2025-23006 stands out as a critical threat affecting SonicWall\'s SMA1000 appliances. In this week\'s analysis, Cyble delves into multiple vulnerabilities across widely used software tools and plugins, with particular attention to SimpleHelp remote support software, Ivanti\'s Cloud Services Appliance, and issues within RealHome\'s WordPress theme. As always, Cyble has also tracked underground activity, providing insights into Proof of Concepts (POCs) circulating among cyber criminals. Weekly Vulnerability Insights CVE-2025-23006 - SonicWall SMA1000 Appliances (Critical Zero-Day Vulnerability) A severe deserialization vulnerability in SonicWall\'s SMA1000 series appliances has been identified as a zero-day, impacting systems that are not yet patched. With a CVSSv3 score of 9.8, this vulnerability is critical and allows remote attackers to exploit deserialization flaws, leading to the potential execution of arbitrary code. This vulnerability was added to the KEV catalog by CISA on January 23, 2025, marking it as actively exploited in the wild. Organizations using SMA1000 appliances should prioritize patching as soon as an official update becomes available. 2. SimpleHelp Remote Support Software Vulnerabilities (Critical and High Severity) Three vulnerabilities were discovered in SimpleHelp\'s remote support software, used by IT professionals for remote customer assistance. These flaws include: CVE-2024-57726: A privilege escalation vulnerability that allows unauthorized users to gain administrative access due to insufficient backend authorization checks. ]]> 2025-01-31T10:18:43+00:00 https://cyble.com/blog/cybles-weekly-vulnerability-update-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8645197 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 Kaspersky - Kaspersky Research blog One policy to rule them all How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.]]> 2025-01-31T10:00:02+00:00 https://securelist.com/group-policies-in-cyberattacks/115331/ www.secnews.physaphae.fr/article.php?IdArticle=8645217 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Dark Web Activity January 2025: A New Hacktivist Group Emerges

Overview Cyble dark web researchers investigated more than 250 dark web claims by threat actors in January 2025, with more than a quarter of those targeting U.S.-based organizations. Of threat actors (TAs) on the dark web targeting U.S. organizations during the month, 15 were ransomware groups claiming successful attacks or selling data from those attacks. Ransomware group claims accounted for about 40% of the Cyble investigations. Most of the investigations examined threat actors claiming to be selling data stolen from organizations, or selling access to those organizations\' networks. Several investigations focused on cyberattacks orchestrated by hacktivist groups – including a new Russian threat group identified here for the first time. \'Sector 16\' Teams Up With Russian Hacktivists Z-Pentest New on the scene is a group calling itself “Sector 16,” which teamed with Z-Pentest – a threat group profiled by Cyble last month – in an attack on a Supervisory Control and Data Acquisition (SCADA) system managing oil pumps and storage tanks in Texas. The groups shared a video showcasing the system interface, revealing real-time data on tank levels, pump pressures, casing pressures, and alarm management features. Both groups put their logos on the video, suggesting a close alliance between the two (image below).

Sector 16 also claimed responsibility for unauthorized access to the control systems of a U.S. oil and gas production facility, releasing a video purportedly demonstrating their access to the facility\'s operational data and systems. The video reveals control interfaces associated with the monitoring and management of critical infrastructure. Displayed systems include shutdown management, production monitoring, tank level readings, gas lift operations, and Lease Automatic Custody Transfer (LACT) data, all critical components in the facility\'s operations. Additionally, they were also able to access valve control interfaces, pressure monitoring, and flow measurement data, highlighting the potential extent of access. Russian hacktivist groups have posted several videos of their members tampering with critical infrastructure control panels in recent months, perhaps more to establish credibility or threaten than to inflict actual damage, although in one case, Z-Pentest claimed to disrupt a U.S. o]]> 2025-01-31T07:50:23+00:00 https://cyble.com/blog/dark-web-activity-new-hacktivist-group-emerges/ www.secnews.physaphae.fr/article.php?IdArticle=8645138 False Ransomware,Tool,Threat,Legislation,Medical None 3.0000000000000000 Silicon - Site de News Francais { Tribune Expert } - Cadres dirigeants et cybersécurité : perception et priorités doivent changer De nombreux dirigeants ne parviennent toujours pas à saisir l\'impact stratégique que les risques liés à la cybersécurité peuvent avoir sur leur entreprise. Ils doivent comprendre l\'éventail des menaces potentielles auxquelles ils sont confrontés dans le monde numérique d\'aujourd\'hui, les stratégies et les plans spécifiques nécessaires pour lutter contre celles-ci et garantir la cyber-résilience de leur organisation]]> 2025-01-31T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/tribune-expert-cadres-dirigeants-cybersecurite-perception-467186.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8645175 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat]]> 2025-01-30T21:55:00+00:00 https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8644860 False Threat None 4.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Reimagining the Role of the CIO in Business-led IT This blog is a follow-up to the post Opportunities & Risks for Digital-first Leaders in Business-led IT The days of shadow IT as an unregulated threat are over. Business-led IT represents a fundamental shift in how organizations innovate and operate. To succeed in this new reality, CIOs must embrace what I call the “New CIO” […]

>This blog is a follow-up to the post Opportunities & Risks for Digital-first Leaders in Business-led IT The days of shadow IT as an unregulated threat are over. Business-led IT represents a fundamental shift in how organizations innovate and operate. To succeed in this new reality, CIOs must embrace what I call the “New CIO” […] ]]> 2025-01-30T21:12:23+00:00 https://www.netskope.com/blog/reimagining-the-role-of-the-cio-in-business-led-it www.secnews.physaphae.fr/article.php?IdArticle=8644969 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC New LevelBlue Threat Trends Report gives critical insights into threats LevelBlue is pleased to announce the launch of the LevelBlue Threat Trends Report! This biannual report, which is a collaboration between various LevelBlue Security Operations teams, is a must-have for security practitioners at organizations of all sizes. It provides relevant, actionable information about ongoing threats as well as guidance on how organizations can work to secure themselves against these threats. In this edition, our analysts review attacks and threat actor techniques observed by LevelBlue in the second half of 2024 (from June through November). Additionally, our Incident Response team, which provides support and guidance to customers during and after incidents, reviews 12 compromises, 10 of which involved known ransomware groups. In each case, the team recommends hardening and mitigation techniques that can be used to safeguard against these attacks. Other report highlights include: Phishing-as-a-Service (PhaaS) is on the rise. The report contains an in-depth analysis of RaccoonO365, a recently identified PhaaS kit, including details on the infection process and a list of the top 10 active domains associated with RaccoonO365 based on our telemetry. The most common attacks observed by our teams during the second half of 2024 were business email compromise (BEC). And these attacks were most successful when they combined credential harvesting techniques with phishing. Of the BEC attacks observed, 96% involved phished users. The top five malware families observed during the second half of 2024 accounted for more than 60% of the malware hits on our customers. At LevelBlue, our goal is not only to provide a portfolio of industry-leading managed security services to help protect organizations against threats but also to share intelligence and contribute in a meaningful way to strengthening cyber defenses across the globe. Download the new LevelBlue Threat Trends Report for more critical insights on current and emerging threats and guidance on how to secure your organizations against them! Get the Report

LevelBlue is pleased to announce the launch of the LevelBlue Threat Trends Report! This biannual report, which is a collaboration between various LevelBlue Security Operations teams, is a must-have for security practitioners at organizations of all sizes. It provides relevant, actionable information about ongoing threats as well as guidance on how organizations can work to secure themselves against these threats. In this edition, our analysts review attacks and threat actor techniques observed by LevelBlue in the second half of 2024 (from June through November). Additionally, our Incident Response team, which provides support and guidance to customers during and after incidents, reviews 12 compromises, 10 of which involved known ransomware groups. In each case, the team recommends hardening and mitigation techniques that can be used to safeguard against these attacks. Other report highlights include: Phishing-as-a-Service (PhaaS) is on the rise. The report contains an in-depth analysis of RaccoonO365, a recently identified PhaaS kit, including details on the infection process and a list of the top 10 active domains associated with RaccoonO365 based on our telemetry. The most common attacks observed by our teams during the second half of 2024 were business email compromise (BEC). And these attacks were most successful when they combined credential harvest]]> 2025-01-30T16:08:00+00:00 https://levelblue.com/blogs/security-essentials/levelblue-threat-trends-report-edition-one-2025 www.secnews.physaphae.fr/article.php?IdArticle=8646941 False Ransomware,Malware,Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Coyote Banking Trojan: A Stealthy Attack via LNK Files FortiGuard Labs observes a threat actor using a LNK file to deploy Coyote attacks, unleashing malicious payloads and escalating the risk to financial cybersecurity.]]> 2025-01-30T14:00:00+00:00 https://www.fortinet.com/blog/threat-research/coyote-banking-trojan-a-stealthy-attack-via-lnk-files www.secnews.physaphae.fr/article.php?IdArticle=8644834 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm DeepSeek\'s Growing Influence Sparks a Surge in Frauds and Phishing Attacks Overview DeepSeek is a Chinese artificial intelligence company that has developed open-source large language models (LLMs). In January 2025, DeepSeek launched its first free chatbot app, “DeepSeek - AI Assistant”, which rapidly became the most downloaded free app on the iOS App Store in the United States, surpassing even OpenAI\'s ChatGPT. However, with rapid growth comes new risks-cybercriminals are exploiting DeepSeek\'s reputation through phishing campaigns, fake investment scams, and malware disguised as DeepSeek. This analysis seeks to explore recent incidents where Threat Actors (TAs) have impersonated DeepSeek to target users, highlighting their tactics and how readers can secure themselves accordingly. Recently, Cyble Research and Intelligence Labs (CRIL) identified multiple suspicious websites impersonating DeepSeek. Many of these sites were linked to crypto phishing schemes and fraudulent investment scams. We have compiled a list of the identified suspicious sites: abs-register[.]com deep-whitelist[.]com deepseek-ai[.]cloud deepseek[.]boats deepseek-shares[.]com deepseek-aiassistant[.]com usadeepseek[.]com Campaign Details Crypto phishing leveraging the popularity of DeepSeek CRIL uncovered a crypto phishin]]> 2025-01-30T13:00:34+00:00 https://cyble.com/blog/deepseeks-growing-influence-surge-frauds-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8646797 False Spam,Malware,Threat,Mobile ChatGPT 3.0000000000000000 Cisco - Security Firm Blog Top Threat Tactics and How to Address Them See the key takeaways for the most recent Cisco Talos Incident Response report and learn how you can use Cisco Security products to help defend against these.]]> 2025-01-30T13:00:31+00:00 https://blogs.cisco.com/security/top-threat-tactics-and-how-to-address-them/ www.secnews.physaphae.fr/article.php?IdArticle=8644762 False Threat None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Fake Reddit and WeTransfer Sites are Pushing Malware fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma Stealer payload hosted on “weighcobbweo[.]top.” Boingboing post.

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma Stealer payload hosted on “weighcobbweo[.]top.” Boingboing post.]]> 2025-01-30T12:44:46+00:00 https://www.schneier.com/blog/archives/2025/01/fake-reddit-and-wetransfer-sites-are-pushing-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8644765 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor]]> 2025-01-30T12:11:00+00:00 https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8644650 False Vulnerability,Threat None 3.0000000000000000 ProjectZero - Blog de recherche Google Windows Bug Class: Accessing Trapped COM Objects with IDispatch CVE-2019-0555. This bug was introduced because when developing the Windows Runtime libraries an XML document object was needed. The developers decided to add some code to the existing XML DOM Document v6 COM object which exposed the runtime specific interfaces. As these runtime interfaces didn\'t support the XSLT scripting feature, the assumption was this was safe to expose across privilege boundaries. Unfortunately a malicious client could query for the old IXMLDOMDocument interface which was still accessible and use it to run an XSLT script and escape a sandbox. Another scenario is where there exists an asynchronous marshaling primitive. This is where an object can be marshaled both by value and by reference and the platform chooses by reference as the default mechanism, For example the FileInfo and DirectoryInfo .NET classes are both serializable, so can be sent to a .NET remoting service marshaled by value. But they also derive from the MarshalByRefObject class, which means they can be marshaled by reference. An attacker can leverage this by sending to the server a serialized form of the object which when deserialized will create a new instance of the object in the server\'s process. If the attacker can read back the created object, the runtime will marshal it back to the attacker by reference, leaving the object trapped in the server process. Finally the attacker can call]]> 2025-01-30T09:57:50+00:00 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html www.secnews.physaphae.fr/article.php?IdArticle=8644882 False Malware,Tool,Threat None 2.0000000000000000 ProjectZero - Blog de recherche Google Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel. The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn\'t going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities which are of the so-called "False File Immutability" bug class.All Change Please The change was first made public, at least as far as I know, in this blog post. Microsoft\'s blog post described this change in Windows Insider previews, however it has subsequently shipped in Windows 11 24H2 which is generally available. The TL;DR; is the SMB client on Windows now supports specifying the destination TCP port from the command line\'s net command. For example, you can force the SMB client to use port 12345 through the command net use \\localhost\c$ /TCPPORT:12345. Now accessing the UNC path \\localhost\c$\blah will connect through port 12345 instead of the old, fixed port of 445. This feature works from any user, administrator access is not required as it only affects the current user\'s logon session. The problem encountered in the previous blog post was you couldn\'t bind your fake SMB server to port 445 without shutting down the local SMB server. Shutting down the server can only be done as an administrator, defeating most of the point of the exploitation trick. By changing the client port to one which isn\'t currently in use, we can open files via our fake SMB server and perform the delay locally without needing to use the Cloud Filter API. This still won\'t allow the technique to work in a sandbox fortunately. Note, that an administrator can disable this feature through Group Policy, but it is enabled by default and non-enterprise users are never likely to change that. I personally think making it enabled by default is a mistake that will come back to cause problems for Windows going forward. I\'ve]]> 2025-01-30T09:57:37+00:00 https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html www.secnews.physaphae.fr/article.php?IdArticle=8644883 False Vulnerability,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms HTTP Client Tools Exploitation for Account Takeover Attacks 2025-01-30T08:54:57+00:00 https://www.proofpoint.com/us/blog/threat-insight/http-client-tools-exploitation-account-takeover-attacks www.secnews.physaphae.fr/article.php?IdArticle=8644697 False Spam,Malware,Tool,Threat,Prediction,Medical,Cloud,Technical None 3.0000000000000000 ProofPoint - Cyber Firms DICE: An Evolution of the ACE Framework for Security Training 2025-01-30T01:44:13+00:00 https://www.proofpoint.com/us/blog/evolution-ace-to-dice-frameworks-security-training www.secnews.physaphae.fr/article.php?IdArticle=8644790 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s]]> 2025-01-29T22:26:00+00:00 https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html www.secnews.physaphae.fr/article.php?IdArticle=8644398 False Threat APT 38 3.0000000000000000 HackRead - Chercher Cyber Russian UAC-0063 Targets Europe and Central Asia with Advanced Malware UAC-0063: A Russian-linked threat actor targeting Central Asia and Europe with sophisticated cyberespionage campaigns, including weaponized documents, data…]]> 2025-01-29T22:14:04+00:00 https://hackread.com/russian-uac-0063-europe-central-asia-advanced-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8644502 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch PrintNightmare Aftermath: Windows Print Spooler is Better. What\\'s Next? While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.]]> 2025-01-29T22:10:29+00:00 https://www.darkreading.com/endpoint-security/windows-print-spooler-security-improves-in-wake-of-printnightmare-scare www.secnews.physaphae.fr/article.php?IdArticle=8644595 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Researchers Uncover Lazarus Group Admin Layer for C2 Servers The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.]]> 2025-01-29T21:39:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/researchers-uncover-lazarus-admin-layer-c2-servers www.secnews.physaphae.fr/article.php?IdArticle=8644483 False Threat APT 38 3.0000000000000000 Dark Reading - Informationweek Branch Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.]]> 2025-01-29T19:54:26+00:00 https://www.darkreading.com/endpoint-security/unpatched-zyxel-cpe-zero-day-cyberattackers www.secnews.physaphae.fr/article.php?IdArticle=8644444 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Mirai Variant \\'Aquabot\\' Exploits Mitel Device Flaws Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.]]> 2025-01-29T18:03:01+00:00 https://www.darkreading.com/endpoint-security/mirai-variant-aquabot-exploits-mitel-phone-flaws www.secnews.physaphae.fr/article.php?IdArticle=8644401 False Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News New Zyxel Zero-Day Under Attack, No Patch Available GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.

>GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. ]]> 2025-01-29T16:13:27+00:00 https://www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/ www.secnews.physaphae.fr/article.php?IdArticle=8644376 False Vulnerability,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Adversarial Misuse of Generative AI science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes. Much of the current discourse around cyber threat actors\' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don\'t necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google\'s AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google\'s Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks. We believe the private sector, governments, educational institutions, and other stakeholders must work together to maximize AI\'s benefits while also reducing the risks of abuse. At Google, we are committed to developing responsible AI guided by our principles, and we share ]]> 2025-01-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8644222 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Legislation,Mobile,Industrial,Cloud,Technical,Commercial APT 41,APT 43,APT 42 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat Actors Exploit Government Websites for Phishing Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections]]> 2025-01-29T14:00:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-exploit-gov-websites/ www.secnews.physaphae.fr/article.php?IdArticle=8644315 False Threat None 3.0000000000000000 GoogleSec - Firm Security Blog How we kept the Google Play & Android app ecosystems safe in 2024

Google\'s advanced AI: helping make Google Play a safer placeTo keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google\'s advanced AI to improve our systems\' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That\'s enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage. Working with developers to enhance security and privacy on Google Play To protect user privacy, we\'re working with developers to reduce unnecessary access to sensitive data. In 2024, we prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data. We also required apps to be more transparent about how they handle user information by launching new developer requirements and a new “Data deletion” option for apps that support user accounts and data collection. This helps users manage their app data and understand the app\'s deletion practices, making it easier for Play users to delete data collected from third-party apps. We also worked to ensure that apps use the strongest and most up-to-date privacy and security capabilities Android has to offer. Every new version of Android introduces new security and privacy features, and we encourage developers to embrace these advancements as soon as possible. As a result of partnering closely with developers, over 91% of app install]]> 2025-01-29T13:39:07+00:00 http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8644442 False Malware,Tool,Threat,Mobile,Cloud None 3.0000000000000000 SlashNext - Cyber Firm Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns Employees in most organizations receive countless communications daily-emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your account.” […] The post Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns first appeared on SlashNext.

>Employees in most organizations receive countless communications daily-emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your account.” […] The post Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns first appeared on SlashNext.]]> 2025-01-29T13:30:01+00:00 https://slashnext.com/blog/devil-traff-a-new-bulk-sms-platform-driving-phishing-campaigns/ www.secnews.physaphae.fr/article.php?IdArticle=8644310 False Threat None 2.0000000000000000 Cyble - CyberSecurity Firm New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities, as well as B&R Automation\'s Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors. Schneider Electric\'s Vulnerability in RemoteConnect and SCADAPack x70 Utilities The ICS vulnerability in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities arises from the deserialization of untrusted data, identified as CWE-502. This flaw could allow attackers to execute remote code on affected workstations, leading to several security risks, including the loss of confidentiality and integrity. The issue is triggered when a non-admin authenticated user opens a malicious project file, which could potentially be introduced through email, file sharing, or other methods. Schneider Electric has assigned the CVE identifier CVE-2024-12703 to this vulnerability, with a base CVSS v3 score of 7.8 and a CVSS v4 score of 8.5. Both versions highlight the severity of the issue, with potential consequences including unauthorized remote code execution. This vulnerability affects all versions of both RemoteConnect and SCADAPack x70 Utilities, products widely deployed in sectors such as energy and critical manufacturing across the globe. Although Schneider Electric is working on a remediation plan for future product versions, there are interim steps that organizations can take to mitigate the risk. These include: Only opening project files from trusted sources Verifying file integrity by computing and checking hashes regularly Encrypting project files and restricting access to trusted users Using secure communication protocols when exchanging files over the network Following established SCADAPack Security Guidelines for added protection CISA recommends minimizing the network exposure of control system devices, ensuring they are not directly accessible from the internet, and placing control system networks behind firewalls to isolate them from business networks. When remote access is necessary, using secure methods like Virtual Private Networks (VPNs) is strongly advised. However, organizations should ens]]> 2025-01-29T13:01:36+00:00 https://cyble.com/blog/cisa-release-advisories-for-new-ics-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8644292 False Vulnerability,Threat,Patching,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063\'s operations, particularly documenting their expansion beyond their initial focus on Central Asia,]]> 2025-01-29T11:22:00+00:00 https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html www.secnews.physaphae.fr/article.php?IdArticle=8644142 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert]]> 2025-01-29T10:41:00+00:00 https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html www.secnews.physaphae.fr/article.php?IdArticle=8644144 False Vulnerability,Threat None 2.0000000000000000 Cyble - CyberSecurity Firm Australia\\'s Health Sector Receives $6.4 Million Cybersecurity Boost with New Threat Information-Sharing Network $Cyble Australia\'s Health Sector Receives $6.4 Million Cybersecurity Boost with New Threat Information-Sharing Network$ The Australian Government has awarded a $6.4 million grant to CI-ISAC Australia, enabling the establishment of a new Health Cyber Sharing Network (HCSN). This initiative is designed to facilitate the rapid exchange of critical cyber threat information within Australia\'s healthcare industry, which has become a target for cyberattacks. The recent surge in cyberattacks on Australian healthcare organizations, including hospitals and health insurance providers, has highlighted the pressing need for enhanced cybersecurity measures. In response, the Australian Government has made healthcare the priority sector for its formal funding efforts. This grant is part of a broader strategy to address the vulnerabilities in the nation\'s health sector and ensure it is better equipped to handle the cyber threats faced by the industry. A Growing Threat: The Cost of Cybersecurity Breaches The healthcare industry globally has been facing increasing cybersecurity challenges, and Australia is no exception. According to reports from 2023, the global healthcare sector continues to experience the most expensive data breaches across industries for the 13th consecutive year. The average cost of a healthcare data breach was a staggering AUD$10.93 million, nearly double that of the financial industry, which recorded an average cost of $5.9 million. Australia\'s health sector, which encompasses a diverse range of organizations, from public and private hospitals to medical clinics and insurance providers, is increasingly vulnerable to cyber threats. This sector includes approximately 750 government hospitals, 650 private hospitals, and over 6,500 general practitioner clinics, along with numerous third-party suppliers and vendors. The creation of the HCSN aims to address these risks by providing a secure, collaborative platform for information sharing. The network will enable health sector organizations to work together more effectively, breaking down silos and improving the speed and quality of cybersecurity threat information exchange. The Role of CI-ISAC and the Health Cyber-Sharing Network CI-ISAC Australia, the recipient of the $6.4 million Australian Government grant, will spearhead the creation and management of the Health Cyber Sharing Network. The HCSN will focus on fostering collaboration between Australian healthcare organizations, ensuring they can share relevant ]]> 2025-01-29T10:38:59+00:00 https://cyble.com/blog/australia-health-cyber-sharing-network/ www.secnews.physaphae.fr/article.php?IdArticle=8644244 False Data Breach,Vulnerability,Threat,Medical,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Breakout Time Accelerates 22% as Cyber-Attacks Speed Up ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024]]> 2025-01-29T10:30:00+00:00 https://www.infosecurity-magazine.com/news/breakout-time-accelerates-22/ www.secnews.physaphae.fr/article.php?IdArticle=8644268 False Threat None 3.0000000000000000 Kaspersky - Kaspersky Research blog Threat predictions for industrial enterprises 2025 Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025.]]> 2025-01-29T10:00:37+00:00 https://securelist.com/industrial-threat-predictions-2025/115327/ www.secnews.physaphae.fr/article.php?IdArticle=8644217 False Threat,Industrial None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Securing Your Digital Footprint While Traveling in 2025 nearly half of mobile users may still neglect basic security solutions, leaving their personal information at risk. Understanding these vulnerabilities is the first step toward protecting your data on the go. Increased Use of Public Wi-Fi Travelers continue to face challenges when using public Wi-Fi. While it offers convenience at airports, hotels, and cafes, these unsecured networks are a hotbed for cyber threats. Hackers can easily perform man-in-the-middle attacks, intercepting data transmitted over open networks. This means sensitive information, such as passwords and credit card details, can be stolen in real-time. Additionally, travelers may unknowingly connect to fake Wi-Fi networks, known as "honeypots," set up specifically to capture their data. Reliance on Digital Platforms Traveling in 2025 involves heavy dependence on digital tools for bookings, navigation, and payments. Mobile apps, cloud storage, and online platforms streamline trip planning but also expand the attack surface for cybercriminals. Every app or platform travelers use becomes a potential entry point for hackers. A single compromised account can give attackers access to travel itineraries, payment methods, and even personal identification details. Phishing and Fake Booking Scams As the travel industry digitizes further, phishing attacks are becoming increasingly sophisticated. Travelers are often targeted with fraudulent emails, texts, or ads that mimic legitimate booking platforms. Clicking these links can lead to fake hotel booking sites that steal credit card information or infect devices with malware. In many cases, travelers don’t realize they\'ve been scammed until it’s too late—either their trip is ruined or their financial data is compromised. Essential Cybersecurity Practices for Travelers While staying connected during travel has become a common practice, it also exposes you to potential cyber risks. By following a few key cybersecurity practices, you can protect your personal information and browse securely no matter where your journey takes you. Here are the most effective ways to safeguard your digital footprint: 1. Use a VPN A Virtual Private Network (VPN) is one of the most effective tools for securing your internet connection while traveling. VPNs encrypt your online activity, preventing hackers from intercepting sensitive information like passwords or payment details, even on public Wi-Fi networks. Popular options like NordVPN, ExpressVPN, and CyberGhost offer global servers, ensuring reliable and secure connectivity wherever you are. 2. Enable Two-Factor Authentication (2FA) Securing your accounts with two-factor authenti]]> 2025-01-29T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/securing-your-digital-footprint-while-traveling-in-2025 www.secnews.physaphae.fr/article.php?IdArticle=8644812 False Spam,Malware,Tool,Vulnerability,Threat,Mobile,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms A Guide for Insider Risk Teams: 10 Tips for Monitoring User Activity While Protecting Privacy 2025-01-29T06:42:08+00:00 https://www.proofpoint.com/us/blog/information-protection/balancing-user-privacy-and-user-activity-monitoring www.secnews.physaphae.fr/article.php?IdArticle=8644242 False Tool,Threat,Studies,Medical,Technical None 3.0000000000000000 GoogleSec - Firm Security Blog How we estimate the risk from prompt injection attacks on AI systems Our threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above. The evaluation framework tests this by creating a hypothetical scenario, in which an AI agent can send and retrieve emails on behalf of the user. The agent is presented with a fictitious conversation history in which the user references private information suc]]> 2025-01-29T05:00:10+00:00 http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html www.secnews.physaphae.fr/article.php?IdArticle=8644219 False Tool,Vulnerability,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite API Supply Chain Attacks Surge, Exposing Critical Security Gaps API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors\' growing focus on APIs as attack vectors. This was one of the findings of Salt Security\'s State of API Security Report. According to the report, despite the [...]]]> 2025-01-29T04:45:59+00:00 https://informationsecuritybuzz.com/api-supply-chain-attacks-surge-securit/ www.secnews.physaphae.fr/article.php?IdArticle=8644124 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms Proofpoint Partners with Intel to Deliver Leading-Edge AI-Powered Information Protection 2025-01-29T03:03:50+00:00 https://www.proofpoint.com/us/blog/intel-partnership-delivering-ai-powered-information-protection www.secnews.physaphae.fr/article.php?IdArticle=8644314 False Tool,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Bytesize Security: Insider Threats in Google Workspace Insider threats pose significant risks due to access to internal systems. Darktrace detected a former employee attempting to steal data from the customer\'s Google Workspace platform. Learn about this threat here.]]> 2025-01-28T23:15:27+00:00 https://darktrace.com/blog/bytesize-security-insider-threats-in-google-workspace www.secnews.physaphae.fr/article.php?IdArticle=8644049 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CrowdStrike Highlights Magnitude of Insider Risk The impetus for CrowdStrike\'s new professional services came from last year\'s Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.]]> 2025-01-28T22:57:51+00:00 https://www.darkreading.com/insider-threats/crowdstrike-highlights-magnitude-of-insider-risk www.secnews.physaphae.fr/article.php?IdArticle=8644313 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that\'s delivered by means of PureCrypter. TorNet is so]]> 2025-01-28T22:04:00+00:00 https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html www.secnews.physaphae.fr/article.php?IdArticle=8643919 False Threat None 3.0000000000000000 Techworm - News Security Flaws Found In DeepSeek Leads To Jailbreak Kela to jailbreak it. Kela tested these jailbreaks around known vulnerabilities and bypassed the restriction mechanism on the chatbot. This allowed them to jailbreak it across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices. For instance, the “Evil Jailbreak” method (Prompts the AI model to adopt an “evil” persona), which was able to trick the earlier models of ChatGPT and fixed long back, still works on DeepSeek. The news comes in while DeepSeek investigates a cyberattack, not allowing new registrations. “Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual.” DeepSeek’s status page reads. While it does not confirm what kind of cyberattack disrupts its service, it seems to be a DDoS attack. DeepSeek is yet to comment on these vulnerabilities.

DeepSeek R1, the AI model making all the buzz right now, has been found to have several vulnerabilities that allowed security researchers at the Cyber Threat Intelligence firm Kela to jailbreak it. Kela tested these jailbreaks around known vulnerabilities and bypassed the restriction mechanism on the chatbot. This allowed them to jailbreak it across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices. For instance, the “Evil Jailbreak” method (Prompts the AI model to adopt an “evil” persona), which was able to trick the earlier models of ChatGPT and fixed long back, still works on DeepSeek. The news comes in while DeepSeek investigates a cyberattack, not allowing new registrations. “Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual.” DeepSeek’s status page reads. While it does not confirm what kind of cyberattack disrupts its service, it seems to be a DDoS attack. DeepSeek is yet to comment on these vulnerabilities. ]]> 2025-01-28T19:37:26+00:00 https://www.techworm.net/2025/01/security-flaws-found-in-deepseek-leads-to-jailbreak.html www.secnews.physaphae.fr/article.php?IdArticle=8643848 False Ransomware,Vulnerability,Threat ChatGPT 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ENGlobal Cyber-Attack Exposes Sensitive Data Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks]]> 2025-01-28T17:00:00+00:00 https://www.infosecurity-magazine.com/news/englobal-attack-sensitive-data/ www.secnews.physaphae.fr/article.php?IdArticle=8643897 False Threat None 3.0000000000000000 Kovrr - cyber risk management platform Read MoreJanuary 28, 2025Impact of Technogenic Risk on CRQExplore dollar-denominated technogenic risks, supply chain attacks, and Kovrr\\\'s advanced methodologies for forecasting and mitigating cyber vulnerabilities. 2025-01-28T16:53:39+00:00 https://www.kovrr.com/reports/impact-of-technogenic-risk-on-crq www.secnews.physaphae.fr/article.php?IdArticle=8643894 False Ransomware,Malware,Vulnerability,Threat,Patching,Prediction,Cloud,Technical Wannacry 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Apple\\'s latest patch closes zero-day affecting wide swath of products The zero-day impacts Apple\'s framework that manages audio and video playback. ]]> 2025-01-28T15:42:51+00:00 https://cyberscoop.com/apple-security-update-zero-day-january-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8643877 False Vulnerability,Threat None 3.0000000000000000 CybeReason - Vendor blog Phorpiex - Downloader Delivering Ransomware

Phorpiex - Downloader Delivering Ransomware

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. ]]> 2025-01-28T15:16:45+00:00 https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader www.secnews.physaphae.fr/article.php?IdArticle=8643918 False Ransomware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms Security Brief: Threat Actors Take Taxes Into Account 2025-01-28T14:12:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-take-taxes-account www.secnews.physaphae.fr/article.php?IdArticle=8643735 False Malware,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant ScatterBrain: Unmasking the Shadow of PoisonPlug\\'s Obfuscator Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW countries targeted by poisonplug.shadow

POISONPLUG.SHADOW-often referred to as "Shadowpad," a malware family name first introduced by Kaspersky-stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers\' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associated threats it poses. In addressing these challenges, GTIG collaborates closely with the FLARE team to dissect and analyze POISONPLUG.SHADOW. This partnership utilizes state-of-the-art reverse engineering techniques and comprehensive threat intelligence capabilities required to mitigate the sophisticated threats posed by this threat actor. We remain dedicated to advancing methodologies and fostering innovation to adapt to and counteract the ever-evolving tactics of threat actors, ensuring the security of Google and our customers against sophisticated cyber espionage operations. Overview In this blog post, we present our in-depth analysis of the ScatterBrain obfuscator, which has led to the development of a complete stand-alone static deobfuscator library independent of any binary analysis frameworks. Our analysis is based solel]]> 2025-01-28T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator/ www.secnews.physaphae.fr/article.php?IdArticle=8643871 False Malware,Tool,Threat,Studies,Patching,Cloud APT 41 2.0000000000000000 Techworm - News Apple Patches Zero-Day Exploit Affecting iPhones, Macs, iPads, Watches & TVs advisory ([1], [2], [3], [4], [5]) published on Monday. The zero-day vulnerability affected a broad range of Apple devices, including: iPhone XS and later iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later) Macs running macOS Sequoia 15.3 Apple Watch Series 6 and later Apple TV HD and Apple TV 4K (all models) Apple Vision Pro running visionOS 2.3 Apple has resolved the CVE-2025-24085 vulnerability by releasing software updates - iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3 - with improved memory management. Meanwhile, the company has not provided any information on how the above vulnerability was exploited, by whom, or who may have been targeted. It has also not attributed the discovery of the vulnerability to a researcher. Users are urged to update their iPhone, iPad, Mac, Apple Watch, and Apple TV immediately with the latest security updates to stay protected against potential threats. Enable automatic updates to ensure you receive future patches on your devices without delay. Further, avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.

On Monday, Apple rolled out critical security updates to address several vulnerabilities affecting iPhones, Macs, and other devices, including a zero-day vulnerability actively exploited in the wild to target iPhone users. The zero-day vulnerability, identified as CVE-2025-24085 (no CVSS score assigned yet), is a use-after-free flaw in Apple\'s Core Media component that could allow a pre-installed malicious application to gain elevated privileges on vulnerable devices. According to Apple, the Core Media is a foundational framework within the Apple operating system that offers the underlying structure for processing and managing media data like video and audio. It is the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company wrote in the ]]> 2025-01-28T13:47:13+00:00 https://www.techworm.net/2025/01/apple-patch-zero-day-exploit-affecting-iphone-macs.html www.secnews.physaphae.fr/article.php?IdArticle=8643714 False Vulnerability,Threat,Mobile None 3.0000000000000000 Cyble - CyberSecurity Firm Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks

Cyble Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks

Overview A series of critical security vulnerabilities have been discovered in multiple versions of Node.js, a popular open-source JavaScript runtime used to build scalable network applications. These vulnerabilities, outlined in CERT-In Vulnerability Note CIVN-2025-0011, have been classified as high severity, with the potential to compromise sensitive information, disrupt services, and even execute arbitrary code. Users of Node.js, including developers and organizations relying on this platform, are urged to take immediate action to secure their systems. The vulnerabilities affect several versions of Node.js, including both long-term support (LTS) and current releases. Affected versions include Node.js v18.x, v20.x, v22.x, and the latest v23.x. The flaws stem from various issues, including memory leaks, path traversal vulnerabilities, and worker permission bypasses, which could result in denial of service (DoS) conditions, data theft, and potential system compromises. The vulnerabilities present a high risk of unauthorized access to sensitive data, denial of service, or even complete system compromise. These flaws can be exploited remotely, allowing attackers to gain control over affected systems. The potential impacts are significant, especially in production environments where Node.js applications are running in high-traffic scenarios. Key Vulnerabilities in Node.js CVE-2025-23087 (Node.js v17.x and prior): This critical vulnerability affects older versions of Node.js (v17.x or earlier), with an attacker potentially gaining unauthorized access due to insufficient security controls. The severity of the flaw demands immediate attention from users of these older versions. CVE-2025-23088 (Node.js v19.x): A critical flaw affecting Node.js v19.x, which could allow an attacker to bypass security measures and execute arbitrary code. It\'s essential for users of v19.x to update to the latest release to mitigate the risk. CVE-2025-23089 (Node.js v21.x): Similar to CVE-2025-23088, this vulnerability impacts Node.js v21.x, allowing for potential exploitation due to a lack of proper access control and security features. Users should upgrade to patched versions of Node.js immediately. CVE-2025-23083 (Worker Permission Bypass): A high-severity vulnerability discovered in Node.js v20.x, v22.x, and v23.x, where an attacker could exploit the internal worker leak mechanism via the diagnostics_channel utility. This flaw could enable unauthorized access to worker threads, which are typically restricted, potentially leading to privilege escalation. ]]> 2025-01-28T12:00:59+00:00 https://cyble.com/blog/critical-vulnerabilities-in-node-js-expose-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8643779 False Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.]]> 2025-01-28T11:46:57+00:00 https://www.darkreading.com/cloud-security/actively-exploited-fortinet-zero-day-attackers-super-admin-privileges www.secnews.physaphae.fr/article.php?IdArticle=8643940 False Vulnerability,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Forescout 2024 Threat Report warns of intensifying cyber threats in 2025, as OT protocols increasingly targeted Data released by Forescout Technologies disclosed that cybersecurity will be a primary concern for both enterprise and government... ]]> 2025-01-28T11:31:57+00:00 https://industrialcyber.co/reports/forescout-2024-threat-report-warns-of-intensifying-cyber-threats-in-2025-as-ot-protocols-increasingly-targeted/ www.secnews.physaphae.fr/article.php?IdArticle=8643781 False Threat,Industrial None 4.0000000000000000 Cyble - CyberSecurity Firm phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities

Cyble phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities

Overview phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has recently released version 5.2.2, addressing multiple vulnerabilities that posed a medium severity risk. This widely-used tool is a basis for database administrators, offering strong features and ease of use. However, the vulnerabilities discovered could potentially expose users to risks such as unauthorized actions, session hijacking, and data theft. The update resolves two cross-site scripting (XSS) vulnerabilities (CVE-2025-24530 and CVE-2025-24529) and a potential issue in the glibc/iconv library (CVE-2024-2961). These vulnerabilities underline the importance of staying up to date with security patches to safeguard sensitive data and ensure secure database management. According to the advisory: Reported By: The vulnerability was reported by a security researcher identified as "bluebird." Severity: Moderate. Solution: Users are encouraged to upgrade to version 5.2.2 or apply the patch. Vulnerability Details Three significant vulnerabilities were identified in phpMyAdmin versions prior to 5.2.2: 1. CVE-2025-24530: XSS in “Check Tables” Description: This XSS vulnerability allows an attacker to exploit the "Check Tables" feature by crafting a malicious table name. This could result in injecting malicious scripts into the application. Impact: Successful exploitation could lead to session hijacking, data theft, and unauthorized actions. CWE ID: CWE-661 (Improper Neutralization of Input During Web Page Generation). Fix: This issue was resolved through commit a45efd0eb9415240480adeefc587158c766bc4a0. 2. CVE-2025-24529: XSS in “Insert” Description: This vulnerability involves the "Insert" functionality, which could be manipulated to execute malicious scripts. Impact: Exploitation could compromise user accounts and sensitive data by injecting malicious code into user ]]> 2025-01-28T09:37:55+00:00 https://cyble.com/blog/phpmyadmin-5-2-2-addresses-critical-xss-and-library/ www.secnews.physaphae.fr/article.php?IdArticle=8643734 False Tool,Vulnerability,Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is]]> 2025-01-28T08:53:00+00:00 https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8643656 False Vulnerability,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Attackers Exploit PDFs in Sophisticated Mishing Attack In a newly discovered phishing campaign, malicious actors are using malicious PDF files to target mobile device users in potentially more than 50 countries. Dubbed the “PDF Mishing Attack,” the campaign exploits the widespread trust in PDFs as a secure file format, revealing new vulnerabilities in mobile platforms. The phishing operation masquerades as the United [...]]]> 2025-01-28T06:33:22+00:00 https://informationsecuritybuzz.com/attackers-exploit-pdfs-mishing-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8643676 False Vulnerability,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Apple Patches Actively Exploited Zero-Day Vulnerability The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.]]> 2025-01-27T22:30:27+00:00 https://www.darkreading.com/endpoint-security/apple-patches-actively-exploited-zero-day-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8643530 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave Attackers aim to steal people\'s personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.]]> 2025-01-27T21:53:32+00:00 https://www.darkreading.com/endpoint-security/usps-impersonators-pdfs-smishing-campaign www.secnews.physaphae.fr/article.php?IdArticle=8643534 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Zimperium Reveals New Advanced PDF-Based Cyber Threat Exploiting Mobile Devices Malware Update

Zimperium Reveals New Advanced PDF-Based Cyber Threat Exploiting Mobile Devices Sophisticated Mishing Campaign Leveraging Malicious PDFs Poses a Significant Threat to Organizations Across 50+ Countries - Malware Update]]> 2025-01-27T21:13:34+00:00 https://www.globalsecuritymag.fr/zimperium-reveals-new-advanced-pdf-based-cyber-threat-exploiting-mobile-devices.html www.secnews.physaphae.fr/article.php?IdArticle=8643510 False Threat,Mobile None 3.0000000000000000 SecurityWeek - Security News TalkTalk Confirms Data Breach, Downplays Impact UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.

>UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it. ]]> 2025-01-27T16:50:26+00:00 https://www.securityweek.com/talktalk-confirms-data-breach-downplays-impact/ www.secnews.physaphae.fr/article.php?IdArticle=8643402 False Data Breach,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

Cyble IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

Overview Cyble\'s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS. In all, the report from Cyble Research and Intelligence Labs (CRIL) looked at 14 vulnerabilities and dark web exploits, including one vulnerability with a maximum CVSS severity score of 10.0 and another with more than 276,000 web exposures. Here are some of the vulnerabilities highlighted by Cyble\'s vulnerability intelligence unit as meriting high-priority attention by security teams. The Top IT Vulnerabilities CVE-2024-50603 is a 10.0-severity OS Command Injection vulnerability in the Aviatrix Controller that could allow an unauthenticated user to execute arbitrary commands against the cloud networking platform controller, due to improper neutralization of special elements used in an OS command. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. CVE-2025-0411 is a critical vulnerability in the 7-Zip file archiving software that allows attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, which is intended to warn users about potentially dangerous files downloaded from the internet. An attacker could use the vulnerability to craft an archive file so that the files do not inherit the MOTW mark when they are extracted by 7-Zip. The vulnerability was just announced, but a patch has been available since November 30. As 7-Zip lacks an auto-update function, users must download the update directly. CVE-2024-12084 is a 9.8-severity Heap-Based Buffer Overflow vulnerability in the Rsync file synchronization tool. The vulnerability arises from improper handling of checksum lengths that exceed the fixed limit of 16 bytes (SUM_LENGTH) during the processing of user-controlled data. An attacker could manipulate checksum lengths, leading to out-of-bounds memory writes in the sum2 buffer. This could enable remote code execution (RCE) on systems running the Rsync server. Cyble detected more than 276,000 vulnerable web-facing Rsync exposures (image below).

Dark Web Exploits and Zero Days The ]]> 2025-01-27T15:02:33+00:00 https://cyble.com/blog/it-vulnerability-report-7-zip-windows-and-fortinet-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8643359 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations\' security measures not set up to deal with these attacks]]> 2025-01-27T14:00:00+00:00 https://www.infosecurity-magazine.com/news/saas-breaches-defenses-short/ www.secnews.physaphae.fr/article.php?IdArticle=8643336 False Threat,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.]]> 2025-01-27T13:29:00+00:00 https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html www.secnews.physaphae.fr/article.php?IdArticle=8643220 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 27th January – Threat Intelligence Report For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers […]

>For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers […] ]]> 2025-01-27T13:27:37+00:00 https://research.checkpoint.com/2025/27th-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8643337 False Ransomware,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Hackers steal $85 million worth of cryptocurrency from Phemex The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]]]> 2025-01-27T13:03:02+00:00 https://www.bleepingcomputer.com/news/security/hackers-steal-85-million-worth-of-cryptocurrency-from-phemex/ www.secnews.physaphae.fr/article.php?IdArticle=8643424 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"]]> 2025-01-27T12:46:00+00:00 https://thehackernews.com/2025/01/mintsloader-delivers-stealc-malware-and.html www.secnews.physaphae.fr/article.php?IdArticle=8643202 False Spam,Malware,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm United Against Cybercrime: ASEAN Ministers Forge New Security Pathways

Cyble United Against Cybercrime: ASEAN Ministers Forge New Security Pathways

Overview The digital world in Southeast Asia is evolving rapidly, with nations striving to balance innovation, inclusivity, and security. The recently held 5th ASEAN Digital Ministers\' Meeting (ADGMIN) in Bangkok, Thailand, marked a significant milestone in this journey. The meeting highlighted the importance of cybersecurity in shaping a resilient digital future for the region. The ASEAN Digital Masterplan 2025 (ADM 2025) continues to serve as a guiding framework for fostering collaboration, enabling trust in digital services, and promoting the safe and inclusive use of technology. From addressing online scams to operationalizing the ASEAN Regional Computer Emergency Response Team (CERT) and advancing AI governance, the event showcased ASEAN\'s commitment to fortifying its digital ecosystem against cyber threats. With an emphasis on collaboration and proactive measures, the meeting highlighted the pressing need to enhance cybersecurity frameworks, strengthen cross-border data governance, and address emerging challenges posed by technologies like generative AI. Key Cybersecurity Highlights ASEAN Regional CERT Operationalization: One of the significant milestones discussed was the operationalization of the ASEAN Regional Computer Emergency Response Team (CERT). This initiative aims to enhance collaboration among member states, facilitate real-time information sharing, and strengthen the region\'s preparedness against cyberattacks. CERT\'s operationalization highlights ASEAN\'s focus on collective resilience in cyberspace. Tackling Online Scams: Online scams remain a pressing issue across ASEAN. The ASEAN Working Group on Anti-Online Scams (WG-AS) released its Report on Online Scams Activities in ASEAN (2023–2024), offering insights into the threat landscape. The report outlines key recommendations for regional collaboration to combat scams effectively. The ASEAN Recommendations on Anti-Online Scams provide a framework for governments to develop policies aimed at mitigating online fraud, with a focus on cross-border scams and fraudulent activities exploiting digital platforms. Promoting Responsible State Behavior in Cyberspace: ASEAN adopted the Checklist for Responsible State Behavior in Cyberspace, aligning with global norms to promote peace and security online. This initiative focuses on fostering cooperation and ensuring responsible use of digital tools while mitigating risks. Strengthening Cross-Border Data Governance: Data governance was another key topi]]> 2025-01-27T12:16:17+00:00 https://cyble.com/blog/united-against-cybercrime-asean-ministers-forge-new-security-pathways/ www.secnews.physaphae.fr/article.php?IdArticle=8643314 False Ransomware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain New VPN Backdoor VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network’s Junos OS has been doing just that...

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network’s Junos OS has been doing just that...]]> 2025-01-27T12:02:44+00:00 https://www.schneier.com/blog/archives/2025/01/new-vpn-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8643285 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Clone2Leak attacks exploit Git flaws to steal credentials A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]]]> 2025-01-27T11:36:38+00:00 https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8643400 False Threat None 3.0000000000000000