This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T09:18:39+00:00 www.secnews.physaphae.fr Bleeping Computer - Magazine Américain A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]]]> 2025-01-27T11:36:38+00:00 https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8643400 False Threat None 3.0000000000000000 Data Security Breach - Site de news Francais Le 10ᵉ baromètre du CESIN révèle une décennie d\'évolutions en cybersécurité, illustrant les défis des entreprises françaises face à des menaces sophistiquées, et soulignant leur résilience grâce à des stratégies défensives robustes.]]> 2025-01-27T11:13:21+00:00 https://www.datasecuritybreach.fr/cesin-10-barometre/ www.secnews.physaphae.fr/article.php?IdArticle=8643286 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Critical security flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately…]]> 2025-01-27T11:11:34+00:00 https://hackread.com/sonicwall-sma-appliances-exploited-zero-day-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8643289 False Vulnerability,Threat None 2.0000000000000000 Zataz - Magazine Francais de secu Le 10ᵉ baromètre annuel du CESIN met en lumière une décennie d\'évolutions en cybersécurité, illustrant comment les entreprises françaises s\'adaptent (ou pas) pour contrer des menaces toujours plus complexes et sophistiquées....]]> 2025-01-27T11:08:00+00:00 https://www.zataz.com/cybersecurite-en-entreprise-bilan-et-enseignements-dune-decennie-danalyses-avec-le-cesin/ www.secnews.physaphae.fr/article.php?IdArticle=8643261 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars]]> 2025-01-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/subaru-bug-remote-vehicle-tracking/ www.secnews.physaphae.fr/article.php?IdArticle=8643259 False Vulnerability,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection This blog explores recent findings from Darktrace\'s Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.]]> 2025-01-27T10:58:32+00:00 https://darktrace.com/blog/post-exploitation-activities-on-fortinet-devices-a-network-based-analysis www.secnews.physaphae.fr/article.php?IdArticle=8643258 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2025-01-27T02:08:30+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/chemical-company-had-microsoft-data-security-problem-heres-how www.secnews.physaphae.fr/article.php?IdArticle=8643446 False Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 ProofPoint - Cyber Firms 2025-01-27T01:19:44+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/esignature-phishing-attack-near-crisis-at-electric-company www.secnews.physaphae.fr/article.php?IdArticle=8643378 False Data Breach,Malware,Tool,Threat,Prediction,Medical,Cloud None 4.0000000000000000 Techworm - News wrote in a blog post published on Thursday. In Windows, a Relative Identifier (RID) is part of a Security Identifier (SID), which exclusively distinguishes each user and group within a domain. For instance, an administrator account will have a RID value of “500”, “501” for guest accounts, “512” for the domain admins group, and for regular users, the RID will start from the value “of 1000”. In a RID hijacking attack, hackers change the RID of a low-privilege account to the same value as an administrator account. As a result, Windows grants administrative privileges to the account. However, to pull this off, attackers need access to the SAM (Security Account Manager) registry, which requires them to already have SYSTEM-level access to the targeted machine for modification. Attackers typically use tools such as PsExec and JuicyPotato to escalate their privileges and launch a SYSTEM-level command prompt. While SYSTEM access is the highest privilege in Windows, it has certain limitations: it doesn\'t allow remote access, cannot interact with GUI apps, generates noisy activity that can be easily detected and doesn\'t persist after a system reboot. To work around these issues, Andariel first created a hidden, low-privilege local user account by appending a “$” character to its username. This made the account invisible in regular listings but still accessible in the SAM registry. The attackers then carried out RID hijacking to escalate the account’s privileges to the administrator level. According to the researchers, Andariel added the modified account to the Remote Desktop Users and Administrators groups, giving them more control over the system. The group tweaked the SAM registry using custom malware and an open-source tool to execute the RID hijacking. Although SYSTEM access could allow the direct creation of administrator accounts, this method is less conspicuous, making it difficult to detect and prevent. To avoid detection, Andariel also exported and backed up the modified registry settings, deleted the rogue account, and restored it later from the backup when needed, bypassing system logs and making detection even harder. To reduce the risk of RID hijacking, system administrators should implement proactive measures such as: Use the Local Security Authority (LSA) Subsystem Service to monitor unusual login attempts and password changes. Prevent unauthorized access to the SAM registry. Restricting the use of tools like PsExec and JuicyPotato. Disabling guest accounts. Enforcing multi-factor authentication (MFA) for all user accounts, including low-privileged ones.

---

Cybersecurity researchers at AhnLab have discovered that a North Korean threat group uses malicious files to hijack RIDs and grant admin access to low-privilege Windows accounts. According to ASEC researchers, AhnLab’s security intelligence center, the hacking group behind the attack is the “Andariel” threat group, linked to North Korea’s Lazarus hacker group. “RID Hijacking is ]]> 2025-01-25T20:07:25+00:00 https://www.techworm.net/2025/01/hacker-rid-hijacking-create-admin-accounts-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8642525 False Malware,Tool,Threat APT 38,APT 45 2.0000000000000000 Bleeping Computer - Magazine Américain UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. [...]]]> 2025-01-25T16:23:24+00:00 https://www.bleepingcomputer.com/news/security/talktalk-investigates-breach-after-data-for-sale-on-hacking-forum/ www.secnews.physaphae.fr/article.php?IdArticle=8642650 False Data Breach,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future The Cybersecurity and Infrastructure Security Agency warned that a bug affecting SonicWall\'s Secure Mobile Access products is being actively exploited.]]> 2025-01-24T21:36:27+00:00 https://therecord.media/sonicwall-devices-exposed-zero-day www.secnews.physaphae.fr/article.php?IdArticle=8642242 False Vulnerability,Threat,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.]]> 2025-01-24T19:38:35+00:00 https://www.darkreading.com/vulnerabilities-threats/cisco-critical-meeting-management-bug-urgent-patch www.secnews.physaphae.fr/article.php?IdArticle=8642203 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Crooks pwning crooks – Hackers exploit script kiddies with XWorm RAT, compromising 18,000+ devices globally and stealing sensitive…]]> 2025-01-24T16:19:52+00:00 https://hackread.com/hackers-script-kiddes-xworm-rat-compromise-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8642145 False Threat None 2.0000000000000000 Cyble - CyberSecurity Firm Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more than just basic CVE information-it offers the insights needed to make informed, timely decisions regarding vulnerability management.   As part of a mid-year update, CISA\'s Tod Beardsley, Vulnerability Response Section Chief, provides an overview of how this resource can be leveraged to improve vulnerability management.  For IT defenders and vulnerability management teams, Vulnrichment represents a significant advancement in how CVE data is presented and utilized. By enriching basic CVE records with essential metadata like Stakeholder-Specific Vulnerability Categorization (SSVC) decision points, Common Weakness Enumeration (CWE) IDs, and Common Vulnerability Scoring System (CVSS) scores, Vulnrichment transforms raw CVE data into a more actionable and comprehensive resource.  The best part? No additional setup is required. This enhanced data is integrated directly into the CVE feeds already being consumed by security teams. Whether you\'re pulling CVE data from the official CISA platform at https://cve.org or GitHub at https://github.com/CVEProject/cvelistV5, you\'re already collecting the enriched CVE records that Vulnrichment provides.  How Vulnrichment Enhances CVE Data  CISA\'s Vulnrichment is designed to provide a deeper layer of insight into each CVE, helping security professionals prioritize vulnerabilities with greater clarity. Here\'s an example of how Vulnrichment works with a specific CVE, CVE-2023-45727, which has been marked as a Known Exploited Vulnerability (KEV) by CISA. If you want to understand the exploitation status of this CVE, you can query the SSVC decision points included in the Vulnrichment ADP (Authorized Data Publisher) container. For instance, using the command line tool jq, you can execute a query to extract the "Exploitation" field to understand whether the vulnerability is actively being exploited, requires proof of concept, or is not yet exploited in the wild.  By parsing the ADP container, you can extract this enriched data, which helps you make informed decisions about whether to prioritize this vulnerability over others. This ability to access context-rich CVE data provides valuable intelligence for vulnerability management efforts, enabling teams to prioriti]]> 2025-01-24T14:40:40+00:00 https://cyble.com/blog/cisa-reveals-vulnrichment-management-for-cve-data/ www.secnews.physaphae.fr/article.php?IdArticle=8642102 False Tool,Vulnerability,Threat,Patching,Technical None 3.0000000000000000 Cyble - CyberSecurity Firm Threat actors chained together four vulnerabilities in Ivanti Cloud Service Appliances (CSA) in confirmed attacks on multiple organizations in September, according to an advisory released this week by the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).  The agencies urged users to upgrade to the latest supported version of Ivanti CSA, and to conduct threat hunting on networks using recommended detection techniques and Indicators of Compromise (IoCs).  The January 22 advisory builds on October 2024 advisories from CISA and Ivanti and offers new information on the ways threat actors can chain together vulnerabilities in an attack. The four vulnerabilities were exploited as zero days, leading some to suspect sophisticated nation-state threat actors, possibly linked to the People\'s Republic of China (PRC).  The Ivanti CSA Exploit Chains  CVE-2024-8963, a critical administrative bypass vulnerability, was used in both exploit chains, first in conjunction with the CVE-2024-8190 and CVE-2024-9380 remote code execution (RCE) vulnerabilities, and in the second chain with CVE-2024-9379, a SQL injection vulnerability.  The vulnerabilities were chained to gain initial access, conduct RCE attacks, obtain credentials, and implant web shells on victim networks. In one case, the threat actors (TAs) moved laterally to two servers.  The vulnerabilities affect Ivanti CSA 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below. However, Ivanti says the CVEs have not been exploited in version 5.0.  The First Exploit Chain  In the RCE attacks, the threat actors sent a GET request to datetime.php to obtain session and cross-site request forgery (CSRF) tokens, followed by a POST request to the same endpoint using the TIMEZONE input field to manipulate the setSystemTimeZone]]> 2025-01-24T13:53:11+00:00 https://cyble.com/blog/ivanti-csa-attacks-cisa-fbi-expose-exploit-chain/ www.secnews.physaphae.fr/article.php?IdArticle=8642103 False Tool,Vulnerability,Threat,Patching,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite 2024 saw an escalation in cyber attacks on the critical Education Sector. Looking at overall numbers, cyber attacks are surging at an alarming rate, with organizations experiencing an average of 1,673 weekly attacks in 2024-a staggering 44% increase from the previous year, according to Check Point\'s The State of Cyber Security 2025 report. Out of all sectors, the education sector has been hit hardest, suffering an alarming 75% year-over-year rise to 3,574 weekly attacks, as cyber criminals exploit the vast troves of personal data held by schools. As we mark the International Day of Education on January 24th, it\'s crucial […]

---

>2024 saw an escalation in cyber attacks on the critical Education Sector. Looking at overall numbers, cyber attacks are surging at an alarming rate, with organizations experiencing an average of 1,673 weekly attacks in 2024-a staggering 44% increase from the previous year, according to Check Point\'s The State of Cyber Security 2025 report. Out of all sectors, the education sector has been hit hardest, suffering an alarming 75% year-over-year rise to 3,574 weekly attacks, as cyber criminals exploit the vast troves of personal data held by schools. As we mark the International Day of Education on January 24th, it\'s crucial […] ]]> 2025-01-24T13:00:12+00:00 https://blog.checkpoint.com/company-and-culture/the-8-things-you-should-know-about-cyber-attacks-on-the-education-sector-and-how-to-prevent-them/ www.secnews.physaphae.fr/article.php?IdArticle=8642037 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals]]> 2025-01-24T12:15:00+00:00 https://www.infosecurity-magazine.com/news/crazy-evil-crypto-scam-influencers/ www.secnews.physaphae.fr/article.php?IdArticle=8642040 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...]]]> 2025-01-24T11:34:40+00:00 https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/ www.secnews.physaphae.fr/article.php?IdArticle=8642144 False Malware,Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Au cours de ce mois de janvier, le Threat Labs de Netskope a signalé une nouvelle campagne de logiciels malveillants, utilisant de faux CAPTCHA afin de diffuser le malware Lumma Stealer, qui existe depuis 2022 et fonctionne comme un malware-as-a-service. Tribune – La campagne a un impact à l\'échelle mondiale : les experts de Netskope […] The post Faux CAPTCHAs et nouvelles techniques pour échapper à la détection first appeared on UnderNews.

---

>Au cours de ce mois de janvier, le Threat Labs de Netskope a signalé une nouvelle campagne de logiciels malveillants, utilisant de faux CAPTCHA afin de diffuser le malware Lumma Stealer, qui existe depuis 2022 et fonctionne comme un malware-as-a-service. Tribune – La campagne a un impact à l\'échelle mondiale : les experts de Netskope […] The post Faux CAPTCHAs et nouvelles techniques pour échapper à la détection first appeared on UnderNews.]]> 2025-01-24T10:56:27+00:00 https://www.undernews.fr/malwares-virus-antivirus/faux-captchas-et-nouvelles-techniques-pour-echapper-a-la-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8641997 False Malware,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2025-01-24T05:28:30+00:00 https://www.proofpoint.com/us/blog/information-protection/value-of-safe-ai-adoption-insights-for-cybersecurity-professionals www.secnews.physaphae.fr/article.php?IdArticle=8642164 False Malware,Tool,Vulnerability,Threat,Legislation ChatGPT 2.0000000000000000 Techworm - News said in an advisory on Wednesday. Cisco also thanked Ben Leonard-Lagarde of Modux for reporting this vulnerability. The following versions of Cisco Meeting Management are affected by the vulnerability irrespective of device configuration, for which Cisco has released software updates. Cisco Meeting Management 3.8 and earlier: Users are recommended to migrate to a fixed release, such as 3.9.1. Cisco Meeting Management 3.9: Patched in 3.9.1 Cisco Meeting Management 3.10: This version is not impacted and does not require any updates. As of the advisory\'s release, the Cisco Product Security Incident Response Team (PSIRT) said it is not aware of any public announcements or malicious use of the vulnerability, as they are yet to find any evidence that the flaw is being actively exploited. Unfortunately, there are no workarounds to mitigate this vulnerability. The only way to address this issue is to apply the necessary software updates. Cisco has urged users to apply the available patches immediately to mitigate the risk. Customers with service contracts that permit them to regular software updates should obtain security fixes through their usual update channels. For those who do not have service contracts, they can contact the Technical Assistance Center (TAC) for help in obtaining the necessary upgrades. Further, the company has confirmed that only the products listed in the Vulnerable Products section of the advisory are affected. Cisco also advises users to check hardware and software compatibility before upgrading to maintain safety and stability of their systems.

---

Cisco, the largest provider of networking equipment in the world, released a security update on Wednesday to address a critical privilege escalation vulnerability in the REST API of Cisco Meeting Management. The critical vulnerability tracked as CVE-2025-20156 has been rated 9.9 out of 10 on the Common Vulnerability Scoring System (CVSS). This privilege escalation flaw, if exploited, could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device, posing a severe risk to organizations. “This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint,” the company said in an advisory on Wednesday. Cisco also thanked Ben Leonard-Lagarde of Modux for reporting this vulnerability. The following versions of Cisco Meeting Management are affected by the vulnerability irrespective of device configuration, for which Cisco has released software updates. Cisco Meeting Management 3.8 and earlier: Users are recommended to migrate]]> 2025-01-23T22:00:56+00:00 https://www.techworm.net/2025/01/cisco-privilege-escalation-vulnerability-software.html www.secnews.physaphae.fr/article.php?IdArticle=8641651 False Vulnerability,Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Attackers can use a zero- or one-click flaw to send a malicious image to targets - an image that can deanonymize a user within seconds, posing a threat to journalists, activists, hackers, and others whose locations are sensitive.]]> 2025-01-23T20:37:53+00:00 https://www.darkreading.com/threat-intelligence/cloudflare-cdn-bug-outs-user-locations-signal-discord www.secnews.physaphae.fr/article.php?IdArticle=8641752 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at]]> 2025-01-23T20:30:00+00:00 https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html www.secnews.physaphae.fr/article.php?IdArticle=8641632 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed]]> 2025-01-23T20:25:00+00:00 https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html www.secnews.physaphae.fr/article.php?IdArticle=8641678 False Malware,Vulnerability,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace\'s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-0012 and 2024-9474). Learn about the spike in post-exploitation activities and understand the need for anomaly-based detection to stay ahead of evolving threats.]]> 2025-01-23T18:10:09+00:00 https://darktrace.com/blog/darktraces-view-on-operation-lunar-peek-exploitation-of-palo-alto-firewall-devices-cve-2024-2012-and-2024-9474 www.secnews.physaphae.fr/article.php?IdArticle=8641699 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat actors are abusing the vulnerabilities to gain initial access, obtain credentials, and install malicious scripts on user devices.]]> 2025-01-23T17:57:23+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-ivanti-vulns-chained-attacks www.secnews.physaphae.fr/article.php?IdArticle=8641677 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of]]> 2025-01-23T16:50:00+00:00 https://thehackernews.com/2025/01/eliminate-identity-based-threats.html www.secnews.physaphae.fr/article.php?IdArticle=8641528 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment]]> 2025-01-23T16:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-fbi-warn-chained-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8641656 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the]]> 2025-01-23T15:54:00+00:00 https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8641529 False Vulnerability,Threat,Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future A little-known hacking group has been mimicking the tactics of a prominent Kremlin-linked threat actor to target Russian-speaking victims, according to new research.]]> 2025-01-23T15:24:10+00:00 https://therecord.media/hacker-imitates-gamaredon-to-target-russia www.secnews.physaphae.fr/article.php?IdArticle=8641630 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart\'s Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were \'DarkVNC\' alongside the IcedID]]> 2025-01-23T15:13:00+00:00 https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html www.secnews.physaphae.fr/article.php?IdArticle=8641507 False Malware,Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Summary In January, Netskope Threat Labs observed a new malware campaign using fake CAPTCHAs to deliver Lumma Stealer. Lumma is a malware that works in the malware-as-a-service (MaaS) model and has existed since at least 2022. The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, […] ]]> 2025-01-23T15:00:00+00:00 https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=8641597 False Malware,Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview  A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.  The midair collision system flaws have been judged at low risk of being exploited, but one of the vulnerabilities does not presently have a fix. They could potentially be exploited from adjacent networks.  Other ICS vulnerabilities covered in the January 15-21 Cyble report to subscribers include flaws in critical manufacturing, energy and other critical infrastructure systems. The full report is available for subscribers, but Cyble is publishing information on the TCAS vulnerabilities in the public interest.  TCAS II Vulnerabilities  The TCAS II vulnerabilities were reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by European researchers and defense agencies. CISA in turn disclosed the vulnerabilities in a January 21 advisory.  The vulnerabilities are still undergoing analysis by NIST, but Cyble vulnerability researchers said the weaknesses “underscore the urgent need for enhanced input validation and secure configuration controls in transportation systems.”  TCAS airborne devices function independently of ground-based air traffic control (ATC) systems, according to the FAA, and provide collision avoidance protection for a range of aircraft types. TCAS II is a more advanced system for commercial aircraft with more than 30 seats or a maximum takeoff weight of more than 33,000 pounds. TCAS II offers advanced features such as recommended escape maneuvers for avoiding midair collisions.  The first vulnerability, CVE-2024-9310, is an “Untrusted Inputs” vulnerability in TCAS II that presently carries a CVSS 3.1 base score of 6.1.  CISA notes that “By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).”  The second flaw, CVE-2024-11166, is an 8.2-severity External Control of System or Configuration Setting vulnerability. TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F could be attacked by threat actors impersonating a ground station to issue a Comm-]]> 2025-01-23T12:43:04+00:00 https://cyble.com/blog/aircraft-collision-ics-flaw-risks-mid-air-crashes/ www.secnews.physaphae.fr/article.php?IdArticle=8642105 False Tool,Vulnerability,Threat,Patching,Industrial,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant\'s cloud division said in its 11th]]> 2025-01-23T11:05:00+00:00 https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html www.secnews.physaphae.fr/article.php?IdArticle=8641413 False Ransomware,Threat,Cloud None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams]]> 2025-01-23T10:00:00+00:00 https://www.welivesecurity.com/en/business-security/evolving-landscape-data-privacy-key-trends-shape-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8648706 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Homebrew, the popular open-source macOS and Linux package manager has become the latest victim of a malvertising campaign to distribute information-stealing malware. Security researcher Ryan Chenkie uncovered the scheme, which leverages fake Google ads to deliver malware that compromises user credentials, browser data, and cryptocurrency wallets. The Malware Behind the Campaign AmosStealer (Atomic), a notorious [...]]]> 2025-01-23T04:43:55+00:00 https://informationsecuritybuzz.com/mac-fake-google-ads-exploit-homebrew/ www.secnews.physaphae.fr/article.php?IdArticle=8641394 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.]]> 2025-01-22T20:49:41+00:00 https://www.darkreading.com/threat-intelligence/chinese-cyberspies-target-south-korean-vpn-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=8641287 False Threat None 2.0000000000000000 HackRead - Chercher Cyber CloudSEK uncovers a Zendesk vulnerability allowing cybercriminals to exploit subdomains for phishing and investment scams. Learn about the…]]> 2025-01-22T20:35:23+00:00 https://hackread.com/zendesk-subdomain-registration-abused-phishing-scams/ www.secnews.physaphae.fr/article.php?IdArticle=8641264 False Vulnerability,Threat None 2.0000000000000000 Techworm - News  on X about this campaign and its potential risks. Specifically tailored for macOS systems, this information stealer is sold to cyber criminals on a subscription basis for $1,000 per month. For those unaware, Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple’s operating systems, macOS and Linux. However, it has recently become a focal point for malvertising campaigns promoting fake Google Meet pages. Hackers used a deceptive Google advertisement that displayed the legitimate Homebrew URL, “brew.sh,” tricking unsuspecting users into clicking it. It then redirected users to a fake site hosted at “brewe.sh” which mimicked the real one. It instructed visitors to install Homebrew by running a command in their Terminal or a Linux shell prompt from the fake website, which, upon execution, installed malware instead of the legitimate software on the device. Security researcher JAMESWT identified the malware dropped in this case as Amos, a potent information stealer capable of targeting over 50 cryptocurrency extensions, desktop wallets, and web browser data. Homebrew’s project leader, Mike McQuaid, acknowledged the issue and expressed frustration over Google’s inability to prevent these scams. “This seems taken down now. But it keeps happening again and again, and Google appears to prioritize revenue from scammers. Please share this widely so Google can address it permanently,” McQuaid tweeted. Although the malicious ad has been removed, the threat remains, as hackers can use other redirection domains to continue their campaigns. Homebrew users are advised to exercise caution when clicking on Google-sponsored ads and verify that they are visiting the official websites of a project or company before downloading software or entering sensitive information. To protect themselves from potential risks, users should bookmark the official websites of trusted projects like Homebrew and access them directly. They should also avoid clicking on sponsored ads for software downloads and double-check URLs to ensure they match the legitimate site before proceeding.

---

Cybercriminals are using Google ads to spread malware by directing Mac and Linux users to a fake Homebrew website with an infostealer. This malware campaign is designed to steal sensitive information, including credentials, browser data, and cryptocurrency wallets. The information stealer in question, AmosStealer (or Atomic), was discovered by security expert Ryan Chenkie, who raised the alarm on X about this campaign and its potential risks. Specifically tailored for macOS systems, this information stealer is sold to cyber criminals on a subscription basis for $1,000 per month. For those unaware, Homebrew is]]> 2025-01-22T20:23:49+00:00 https://www.techworm.net/2025/01/hacker-google-ads-malware-fake-homebrew-site.html www.secnews.physaphae.fr/article.php?IdArticle=8641118 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

Appdome Unveils Threat Dynamics™ to Become Industry\'s First AI-Native Extended Threat Management Platform Threat Dynamics Shows How Threats Move and Provides a Benchmark Mobile Risk Index™ to Help Businesses Manage and Stay Ahead of Fraud and Cyber Threats - Product Reviews]]> 2025-01-22T20:05:50+00:00 https://www.globalsecuritymag.fr/appdome-unveils-threat-dynamics-tm.html www.secnews.physaphae.fr/article.php?IdArticle=8641236 False Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some]]> 2025-01-22T19:23:00+00:00 https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html www.secnews.physaphae.fr/article.php?IdArticle=8641098 False Vulnerability,Threat None 3.0000000000000000 HackRead - Chercher Cyber Cloudflare mitigates a record-breaking 5.6 Tbps DDoS attack, highlighting the growing threat of hyper-volumetric assaults. Learn about the…]]> 2025-01-22T18:07:54+00:00 https://hackread.com/cloudflare-mitigates-5-6-tbps-mirai-ddos-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8641193 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA]]> 2025-01-22T15:45:00+00:00 https://www.infosecurity-magazine.com/news/tycoon-2fa-phishing-kit-upgraded/ www.secnews.physaphae.fr/article.php?IdArticle=8641171 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. [...]]]> 2025-01-22T15:35:44+00:00 https://www.bleepingcomputer.com/news/security/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/ www.secnews.physaphae.fr/article.php?IdArticle=8641263 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group\'s signature implant that we have named SlowStepper – a]]> 2025-01-22T14:19:00+00:00 https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html www.secnews.physaphae.fr/article.php?IdArticle=8641004 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Department of Homeland Security (DHS) published Tuesday an official notice that the Transportation Security Oversight Board...

---

>The U.S. Department of Homeland Security (DHS) published Tuesday an official notice that the Transportation Security Oversight Board... ]]> 2025-01-22T12:44:45+00:00 https://industrialcyber.co/transport/dhs-ratifies-tsa-security-directives-to-boost-rail-safety-and-cyber-threat-response/ www.secnews.physaphae.fr/article.php?IdArticle=8641073 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The Australian Cyber Security Centre (ACSC) has issued a detailed warning regarding Bulletproof Hosting Providers (BPH). These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian government\'s growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain secure, resilient, and hidden infrastructures. BPH services are an integral part of the Cybercrime-as-a-Service (CaaS) ecosystem, which provides a range of tools and services enabling cybercriminals to carry out their attacks. From ransomware campaigns to data theft, cybercriminals rely on BPH providers to host illicit websites, deploy malware, and execute phishing scams. These hosting services help criminals stay out of the reach of law enforcement and avoid detection, making it harder to track down those behind cyberattacks. The term "bulletproof" is somewhat misleading, as it is more of a marketing ploy than a reflection of the actual capabilities of these providers. Despite the branding, BPH providers remain vulnerable to disruption just like other infrastructure providers. What sets them apart is their blatant disregard for legal requests to shut down services, as they refuse to comply with takedown orders or abuse complaints from victims or law enforcement. This allows cybercriminals to continue their activities with little fear of being interrupted or exposed. How Bulletproof Hosting Providers Operate BPH providers typically lease virtual or physical infrastructure to cybercriminals, offering them a platform to run their operations. These services often include leasing IP addresses and servers that obscure the true identities of their customers. Many BPH providers achieve this by utilizing complex network switching methods, making it difficult to trace activity back to its source. In some cases, these providers even lease IP addresses from legitimate data centers or Internet Service Providers (ISPs), many of whom may remain unaware that their infrastructure is being used for criminal purposes. A key strategy employed by BPH providers is frequently changing the internet-facing identifiers associated with their customers. This could include altering IP addresses or domain names, further complicating efforts to track criminal activity. These techniques frustrate cybersecurity efforts and investigative agencies, hindering their ability to identify, apprehend, and disrupt criminal activity. Anot]]> 2025-01-22T10:44:07+00:00 https://cyble.com/blog/acsc-highlights-bulletproof-hosting-providers/ www.secnews.physaphae.fr/article.php?IdArticle=8642106 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation None 2.0000000000000000 Global Security Mag - Site de news francais Business

---

SentinelOne met la puissance de Purple AI au service de Zscaler, Okta, Palo Alto Networks, Proofpoint, Fortinet et Microsoft Purple AI, l\'analyste de sécurité piloté par l\'IA générative, peut désormais accélérer les investigations de cybersécurité et simplifier la recherche de menaces grâce à une liste croissante de sources natives et tierces. - Business]]> 2025-01-22T09:44:09+00:00 https://www.globalsecuritymag.fr/sentinelone-met-purple-ai-au-service-de-zscaler-okta-palo-alto-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8641000 False Threat None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Account credentials from some of the largest cybersecurity vendors can be found on the dark web, a result of the growing problem of infostealers, according to an analysis of Cyble threat intelligence data. The credentials – available for as little as $10 in cybercrime marketplaces – span internal accounts and customer access across web and cloud environments, including internal security company enterprise and development environments that could pose substantial risks. The accounts ideally would have been protected by multifactor authentication (MFA), which would have made any attack more difficult. However, the leaked credentials underscore the importance of dark web monitoring as an early warning system for keeping such leaks from becoming much bigger cyberattacks. Leaked Security Company Credentials Leaked credentials have an inherent time value – the older the credentials, the more likely the password has been changed – so Cyble researchers looked only at credentials leaked since the start of the year. Cyble looked at 13 of the largest enterprise security vendors-along with some of the bigger consumer security companies-and found credentials from all of them on the dark web. The credentials were likely pulled from info stealer logs and then sold in bulk on cybercrime marketplaces. Most of the credentials appear to be customer credentials that protect access to sensitive management and account interfaces, but all the security vendors Cyble examined had access to internal systems leaked on the dark web, too. Security vendors had credentials leaked to potentially critical internal systems such as Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom, plus several other password managers, authentication systems, and device management platforms. Cyble did not attempt to determine whether any of the credentials were valid, but many were for easily accessible web console interfaces, SSO logins, and other web-facing account access points. The vendors Cyble looked at included a range of network and cloud security providers, including some of the biggest makers of SIEM systems, EDR tools, and firewalls. All have had data exposures just since the start of the year that ideally were addressed quickly, or at least required additional authentication steps for access. One of the largest security vendors Cyble looked at may have more sensitive accounts exposed, as company email addresses are listed among the credentials for]]> 2025-01-22T08:12:57+00:00 https://cyble.com/blog/thousands-of-security-vendor-credentials-found-on-dark-web/ www.secnews.physaphae.fr/article.php?IdArticle=8642107 False Ransomware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In a new and ongoing large-scale cyber campaign, Qualys researchers have uncovered a variant of the infamous Mirai botnet called the Murdoc Botnet. This variant exploits vulnerabilities in widely used AVTECH Cameras and Huawei HG532 routers, allowing malicious actors to compromise devices and build vast botnet networks for additional malicious activities. “The Mirai botnet was [...]]]> 2025-01-22T05:57:38+00:00 https://informationsecuritybuzz.com/murdoc-botnet-mirai-to-exploit-iot-vul/ www.secnews.physaphae.fr/article.php?IdArticle=8640913 False Vulnerability,Threat None 3.0000000000000000 TrendLabs Security - Editeur Antivirus This article explains the invisible prompt injection, including how it works, an attack scenario, and how users can protect themselves.]]> 2025-01-22T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/a/invisible-prompt-injection-secure-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8641261 False Threat ChatGPT 3.0000000000000000 Dark Reading - Informationweek Branch The advanced persistent threat (APT) group is likely India-based and targeting individuals with connections to the country\'s intelligence community.]]> 2025-01-21T21:15:18+00:00 https://www.darkreading.com/cyberattacks-data-breaches/donot-group-malicious-android-apps-india www.secnews.physaphae.fr/article.php?IdArticle=8640785 False Threat,Mobile None 3.0000000000000000 CyberArk - Software Vendor There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise-a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact...]]> 2025-01-21T17:33:45+00:00 https://www.cyberark.com/blog/the-us-treasury-attack-key-events-and-security-implications/ www.secnews.physaphae.fr/article.php?IdArticle=8640709 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally]]> 2025-01-21T17:00:00+00:00 https://www.infosecurity-magazine.com/news/mirai-variant-targets-cameras/ www.secnews.physaphae.fr/article.php?IdArticle=8640694 False Malware,Vulnerability,Threat None 3.0000000000000000 Techworm - News post. “We have been connecting to some of their services for about 2 days now.” HPE said it is investigating the breach claims but has found no evidence of a security breach. It added that there is no operational impact on the company and no evidence that customer information was involved in the cyber incident. “HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims,” an HPE spokesperson said in a statement. This is not the first time IntelBroker has made such breach claims against HPE. In February 2024, the threat actor claimed to have breached HPE and offered the company\'s stolen data for sale, which reportedly included Continuous Integration/Continuous Deployment (CI/CD) access, system logs, configuration files, access tokens, HPE StoreOnce files (such as serial numbers and warranty information), and access passwords, including email services.

---

Hewlett Packard Enterprise (HPE) has launched an investigation into a new data breach after a threat actor claimed to have stolen sensitive information from the tech giant\'s systems. The investigation follows an announcement by the prominent and notorious threat actor “IntelBroker,” who took to BreachForums on January 16th to announce that they are selling files reportedly obtained from HPE’s networks. For those unaware, IntelBroker is infamous for breaching major organizations like Cisco, Nokia, Europol, and AMD, often stealing and selling sensitive data on cybercrime forums. Regarding HPE, the compromised data allegedly includes source code for products like Zerto and iLO, private Github repositories, Docker builds, SAP Hybris, Certificates (private and public keys), and even some old user personal identifiable information (PII) used for deliveries. IntelBroker is also offering selling access to some HPE services, including APIs, WePay, GitHub, GitLab and more. “Today, I am selling the HPE data breach,” IntelBroker wrote in a BreachForums post. “We have been connecting to some of their services for about 2 days now.” HPE said it is investigating the breach claims but has found no evidence of a security breach. It added that there is no operational impact on the company and no evidence that customer information was involved in the cyber incident. “HPE became aware on January 16 of claims being made by a group called IntelBroker t]]> 2025-01-21T15:36:23+00:00 https://www.techworm.net/2025/01/hpe-investigate-hackers-claim-selling-stolen-source-code.html www.secnews.physaphae.fr/article.php?IdArticle=8640550 False Data Breach,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant The Rise of Crypto Heists and the Challenges in Preventing Them Cryptocurrency crime encompasses a wide range of illegal activities, from theft and hacking to fraud, money laundering, and even terrorist financing, all exploiting the unique characteristics of digital currencies. Cryptocurrency heists, specifically, refer to the large-scale theft of cryptocurrencies or digital assets through unauthorized access, exploitation, or deception. Cryptocurrency heists are on the rise due to the lucrative nature of their rewards, the challenges associated with attribution to malicious actors, and the opportunities presented by nascent familiarity with cryptocurrency and Web3 technologies among many organizations. Cofense highlighted that phishing activity targeting Web3 platforms increased by 482% in 2022, Chainalysis reported that $24.2 billion USD was received by illicit addresses in 2023, and Immunefi reported that in Q2 2024, compromises of Web3 organizations resulted in losses of approximately $572 million USD. When threat actors gain access to cryptocurrency organizations, the potential for rapid, high-value financial losses due to unauthorized access is significantly elevated. A single malicious command executed on a vulnerable system can lead to the theft of millions of dollars worth of assets. This starkly contrasts with traditional organizations, where achieving financial gain or extracting value from stolen data often requires prolonged social engineering campaigns, all while facing the risk of detection and apprehension by law enforcement or financial institutions. The prospect of swift and substantial financial gains presents a compelling motivation for threat actors to target cryptocurrency organizations. Cryptocurrency organizations are those whose core operations revolve around the use, management, or exchange of digital currencies, including: Cryptocurrency exchanges that facilitate the buying and selling of cryptocurrencies Financial institutions or payment gateway platforms that provide on or off ramp buying and selling of cryptocurrencies Financial institutions that hold cryptocurrency assets as investment products for their customers DeFi protocol providers that provide financial solutions for interacting with cryptocurrency assets Web3 game creators that use blockchains for their in-game economics Providers of hardware or software cryptocurrency wallets, wallet custodians, and wallet smart contract providers, which facilitate storage solutions for cryptocurrency assets  Cryptocurrency mining organizations, which validate transactions to generate ]]> 2025-01-21T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/securing-cryptocurrency-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8640656 False Malware,Tool,Vulnerability,Threat,Studies,Legislation,Cloud,Technical,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to]]> 2025-01-21T10:57:00+00:00 https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8640465 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health & Human Services (HHS) identified... ]]> 2025-01-21T08:49:19+00:00 https://industrialcyber.co/medical/us-hc3-warns-bec-emerges-as-one-of-most-financially-damaging-cybersecurity-threat-to-healthcare-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8640525 False Threat,Medical None 3.0000000000000000 The State of Security - Magazine Américain NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US\' resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out. Understanding the Cyber Space Threat While NASA has cybersecurity requirements for its spacecraft in operation, these requirements do not extend to the spacecraft acquisition and development lifecycle. Essentially, NASA contractors are not currently...]]> 2025-01-21T04:25:53+00:00 https://www.tripwire.com/state-of-security/nasas-cybersecurity-initiative-what-spacecraft-manufacturers-need-know www.secnews.physaphae.fr/article.php?IdArticle=8640576 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the]]> 2025-01-20T20:23:00+00:00 https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html www.secnews.physaphae.fr/article.php?IdArticle=8640190 False Malware,Threat,Mobile None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 20th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Hotel management platform Otelier has suffered a data breach that resulted in extraction of almost eight terabytes of data. The threat actors compromised company\'s Amazon S3 cloud storage, stealing guests’ personal information […]

---

>For the latest discoveries in cyber research for the week of 20th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Hotel management platform Otelier has suffered a data breach that resulted in extraction of almost eight terabytes of data. The threat actors compromised company\'s Amazon S3 cloud storage, stealing guests’ personal information […] ]]> 2025-01-20T15:03:57+00:00 https://research.checkpoint.com/2025/20th-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8640165 False Data Breach,Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company\'s developer environments. [...]]]> 2025-01-20T14:06:38+00:00 https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/ www.secnews.physaphae.fr/article.php?IdArticle=8640251 False Threat None 3.0000000000000000 The State of Security - Magazine Américain Fortra\'s Tripwire has always been widely known as a File Integrity Monitoring (FIM) solution, and a very good one at that. The good news is that it still is - only when you look closely, it\'s a lot more. And it always has been. Besides its traditionally known role as an integrity and security configuration management tool, Tripwire\'s powerful capabilities make it a comprehensive cybersecurity solution. Did you know that with Tripwire, you could: Detect advanced persistent threats (APTs) Identify ransomware Discover zero-day attacks Implement zero trust policies Far more than facilitating...]]> 2025-01-20T03:39:35+00:00 https://www.tripwire.com/state-of-security/think-you-know-tripwire-think-again www.secnews.physaphae.fr/article.php?IdArticle=8640046 False Ransomware,Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The cyber actor played a role in the Treasury breach as well as attacks on critical infrastructure, linked to China-backed advanced persistent threat (APT) group Salt Typhoon.]]> 2025-01-17T19:43:18+00:00 https://www.darkreading.com/threat-intelligence/us-sanctions-chinese-hacker-treasury-critical-infrastructure-breaches www.secnews.physaphae.fr/article.php?IdArticle=8638915 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks]]> 2025-01-17T18:36:00+00:00 https://thehackernews.com/2025/01/python-based-bots-exploiting-php.html www.secnews.physaphae.fr/article.php?IdArticle=8638790 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2. Information was passed off to LevelBlue Threat Hunters to conduct further internal and external research for the identified artifact. 3. A dedicated threat hunter conducted a review of events including the subject user agent. Event logs were compared against each other and the successful logins provided additional key data points. Shared Access Signature (SAS) authentication  "SAS authentication" refers to a method of user access control using a "Shared Access Signature" (SAS) token, which essentially grants temporary, limited access to specific resources within a cloud platform like Azure. This allows users to access data without directly sharing the full account access ]]> 2025-01-17T18:21:00+00:00 https://levelblue.com/blogs/security-essentials/explore-compelling-narratives-from-the-soc www.secnews.physaphae.fr/article.php?IdArticle=8641234 False Tool,Threat,Mobile,Cloud None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber In a joint report with DARPA and others, the cyber agency said that knowledge gap “exacerbates” risks posed by threat actors in U.S. critical infrastructure.

---

>In a joint report with DARPA and others, the cyber agency said that knowledge gap “exacerbates” risks posed by threat actors in U.S. critical infrastructure. ]]> 2025-01-17T17:11:16+00:00 https://cyberscoop.com/cisa-darpa-software-understanding-gap-report/ www.secnews.physaphae.fr/article.php?IdArticle=8638848 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests\' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...]]]> 2025-01-17T15:17:22+00:00 https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/ www.secnews.physaphae.fr/article.php?IdArticle=8638916 False Data Breach,Threat,Cloud None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Check Point\'s Rupal Hollenbeck, President, and Dorit Dor, CTO, will be attending the World Economic Forum Annual Meeting 2025 next week from January 20-23. Rupal will speak at WEF Agenda sessions including “Democratizing Cybersecurity,” where she will discuss securing the benefits of technological progress for all as the global threat environment grows ever more dangerous. Rupal will articulate the challenges that arise from cyber inequity, and why we should all care about a secure-by-design standard up and down the supply chain. She will also speak on a panel titled “Navigating Disinformation, Division and Equality Moonshot” courtesy of the World Woman […]

---

>Check Point\'s Rupal Hollenbeck, President, and Dorit Dor, CTO, will be attending the World Economic Forum Annual Meeting 2025 next week from January 20-23. Rupal will speak at WEF Agenda sessions including “Democratizing Cybersecurity,” where she will discuss securing the benefits of technological progress for all as the global threat environment grows ever more dangerous. Rupal will articulate the challenges that arise from cyber inequity, and why we should all care about a secure-by-design standard up and down the supply chain. She will also speak on a panel titled “Navigating Disinformation, Division and Equality Moonshot” courtesy of the World Woman […] ]]> 2025-01-17T14:12:31+00:00 https://blog.checkpoint.com/executive-insights/check-point-heads-to-davos-2025-to-discuss-advancing-cyber-security-and-digital-trust-in-an-era-of-genai-and-disinformation/ www.secnews.physaphae.fr/article.php?IdArticle=8638801 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future The Moscow-linked group has been sending phishing messages impersonating U.S. government officials with an invitation to join a fake WhatsApp group for nonprofits supporting Ukraine during the war.]]> 2025-01-17T13:40:08+00:00 https://therecord.media/russia-star-blizzard-whatsapp-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8638788 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Malwares

---

Ransomware : 2024, une année marquée par l\'évolution et l\'intensification des menaces - Malwares]]> 2025-01-17T13:16:57+00:00 https://www.globalsecuritymag.fr/ransomware-2024-une-annee-marquee-par-l-evolution-et-l-intensification-des.html www.secnews.physaphae.fr/article.php?IdArticle=8638793 False Ransomware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The U.S. Department of the Treasury\'s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]]]> 2025-01-17T11:57:01+00:00 https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-firm-hacker-behind-telecom-and-treasury-hacks/ www.secnews.physaphae.fr/article.php?IdArticle=8638825 False Threat None 3.0000000000000000 ComputerWeekly - Computer Magazine 2025-01-17T07:33:00+00:00 https://www.computerweekly.com/opinion/Cyber-innovation-to-address-rising-regulatory-threat-burden www.secnews.physaphae.fr/article.php?IdArticle=8638787 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future The federal government and multiple cybersecurity firms warned of a zero-day vulnerability in FortiGate firewalls that hackers are actively exploiting.]]> 2025-01-17T01:12:06+00:00 https://therecord.media/cisa-warns-fortinet-bugs-microsoft-patch-tuesday www.secnews.physaphae.fr/article.php?IdArticle=8638530 False Vulnerability,Threat None 3.0000000000000000 Intigrity - Blog Today, January 17, 2025, marks a pivotal moment for the EU financial sector as the Digital Operational Resilience Act (DORA) officially comes into effect. Designed to combat the growing threat of cyberattacks, DORA sets a new standard for cybersecurity resilience across financial institutions and their critical ICT service providers.  With cyberattacks costing the financial sec…]]> 2025-01-17T00:00:00+00:00 https://www.intigriti.com/blog/business-insights/dora-is-here-are-you-ready www.secnews.physaphae.fr/article.php?IdArticle=8638713 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims\' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard\'s targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations]]> 2025-01-16T23:42:00+00:00 https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html www.secnews.physaphae.fr/article.php?IdArticle=8638414 False Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection This blog post advises on how security teams can move to autonomous detection and investigation of novel threats, reducing alert fatigue, and enabling tailored, real-time threat response.]]> 2025-01-16T21:35:17+00:00 https://darktrace.com/blog/securing-the-network-through-soc-transformation www.secnews.physaphae.fr/article.php?IdArticle=8638477 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks]]> 2025-01-16T17:45:00+00:00 https://www.infosecurity-magazine.com/news/middle-east-real-estate-fraud-grows/ www.secnews.physaphae.fr/article.php?IdArticle=8638393 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as]]> 2025-01-16T17:00:00+00:00 https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html www.secnews.physaphae.fr/article.php?IdArticle=8638258 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that\'s designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a]]> 2025-01-16T16:50:00+00:00 https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html www.secnews.physaphae.fr/article.php?IdArticle=8638260 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais SOC -GESTION DES LOGS - OUTILS DE SIEM - CONFORMITE - COMPLIANCE - RGPD - FUITE DE DONNEES - DATA ROOM

---

Contact : Matthieu Potin matthieu.potin@exabeam.com +33 (0)6 08 01 57 37 Année de création : 2013 Activités : Exabeam est un leader mondial en cybersécurité, spécialisé dans les opérations de sécurité basées sur l\'IA. Nous aidons les entreprises à détecter, investiguer et répondre aux menaces en exploitant les logs informatiques et en utilisant le machine learning pour décupler les capacités d\'analyses. Description du produit ou solution phare pour 2024/2025 : Exabeam propose une solution complète et (...) - SOC -GESTION DES LOGS - OUTILS DE SIEM - CONFORMITE - COMPLIANCE - RGPD - FUITE DE DONNEES - DATA ROOM]]> 2025-01-16T16:49:43+00:00 https://www.globalsecuritymag.fr/exabeam.html www.secnews.physaphae.fr/article.php?IdArticle=8638415 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report]]> 2025-01-16T16:45:00+00:00 https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html www.secnews.physaphae.fr/article.php?IdArticle=8638261 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

SentinelOne brings the power of Purple AI to Zscaler, Okta, Palo Alto Networks, Proofpoint, Fortinet and Microsoft Data Popular generative AI security analyst can now be used to speed cybersecurity investigations and simplify threat hunting across a growing list of native and third-party sources - Product Reviews]]> 2025-01-16T16:08:45+00:00 https://www.globalsecuritymag.fr/sentinelone-brings-the-power-of-purple-ai-to-zscaler-okta-palo-alto-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8638370 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch By staying vigilant, agile, and prepared, organizations can turn TDIR from a defensive strategy into a proactive enabler of security and operational excellence.]]> 2025-01-16T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/strategic-approaches-threat-detection-investigation-response www.secnews.physaphae.fr/article.php?IdArticle=8638317 False Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite This blog analysis regarding a recent threat actor posting, which claims to offer compromised configuration and VPN credentials from FortiGate devices, provides factual information to help our customers better understand the situation and make informed decisions.]]> 2025-01-16T14:10:24+00:00 https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-data-posting www.secnews.physaphae.fr/article.php?IdArticle=8638550 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite As 2024 ended, a new name surged to the top of the cyber threat charts: FunkSec. Emerging as a leading ransomware-as-a-service (RaaS) actor, FunkSec made waves in December by publishing over 85 victim profiles on its Data Leak Site (DLS). However, beneath its apparent dominance lies a more complex and controversial story, as uncovered in Check Point Research\'s (CPR) Global Threat Index for December 2024. FunkSec\'s rapid ascent highlights the evolving tactics of RaaS operators. Utilizing artificial intelligence to scale operations, the group appears to rely heavily on AI-powered tools to generate ransomware and manage its double-extortion campaigns. While this […]

---

>As 2024 ended, a new name surged to the top of the cyber threat charts: FunkSec. Emerging as a leading ransomware-as-a-service (RaaS) actor, FunkSec made waves in December by publishing over 85 victim profiles on its Data Leak Site (DLS). However, beneath its apparent dominance lies a more complex and controversial story, as uncovered in Check Point Research\'s (CPR) Global Threat Index for December 2024. FunkSec\'s rapid ascent highlights the evolving tactics of RaaS operators. Utilizing artificial intelligence to scale operations, the group appears to rely heavily on AI-powered tools to generate ransomware and manage its double-extortion campaigns. While this […] ]]> 2025-01-16T13:05:06+00:00 https://blog.checkpoint.com/research/funksec-the-rising-yet-controversial-ransomware-threat-actor-dominating-december-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8638289 False Ransomware,Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The leak likely comes from a zero-day exploit affecting Fortinet\'s products]]> 2025-01-16T12:50:00+00:00 https://www.infosecurity-magazine.com/news/hacking-group-leaks-config-15k/ www.secnews.physaphae.fr/article.php?IdArticle=8638262 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named]]> 2025-01-16T12:15:00+00:00 https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html www.secnews.physaphae.fr/article.php?IdArticle=8638133 False Ransomware,Malware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais Investigations

---

Menaces liées à l\'IA et fragmentation technologique : selon cette nouvelle étude, tels sont les plus grands défis de cybersécurité pour les organisations en 2025 74% des cadres dirigeants et professionnels de sécurité interrogés en France se disent préoccupés par les cybermenaces liées à l\'IA, qu\'ils considèrent comme le risque cyber majeur pesant sur leur organisation en 2025, davantage que dans les autres pays d\'Europe interrogés - Investigations]]> 2025-01-16T09:20:05+00:00 https://www.globalsecuritymag.fr/menaces-liees-a-l-ia-et-fragmentation-technologique-selon-cette-nouvelle-etude.html www.secnews.physaphae.fr/article.php?IdArticle=8638201 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Cybercriminals are exploiting the California wildfires by launching phishing scams. Learn how hackers are targeting victims with fake domains and deceptive tactics, and how to protect yourself from these cyber threats.]]> 2025-01-16T09:18:02+00:00 https://hackread.com/scammers-exploit-california-wildfires-fire-relief-services/ www.secnews.physaphae.fr/article.php?IdArticle=8638181 False Threat None 3.0000000000000000 Sekoia - Cyber Firms Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential compromises through the Sekoia.io telemetry. Our analysis showed that this kit is being sold as […] La publication suivante Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service est un article de Sekoia.io Blog.

---

>Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since at least October 2024, and during that period, we identified potential compromises through the Sekoia.io telemetry. Our analysis showed that this kit is being sold as […] La publication suivante Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service est un article de Sekoia.io Blog.]]> 2025-01-16T09:17:00+00:00 https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/ www.secnews.physaphae.fr/article.php?IdArticle=8638204 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence]]> 2025-01-16T08:30:00+00:00 https://www.infosecurity-magazine.com/news/eu-centre-defend-hospitals/ www.secnews.physaphae.fr/article.php?IdArticle=8638156 False Threat,Medical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In an international effort, the US Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have successfully eliminated a sophisticated malware threat known as “PlugX” from over 4,200 computers across the United States. The malware, used by bad actors sponsored by the People\'s Republic of China (PRC), has targeted global victims since 2014. [...]]]> 2025-01-16T04:38:40+00:00 https://informationsecuritybuzz.com/doj-fbi-dismantle-malware-china-hacke/ www.secnews.physaphae.fr/article.php?IdArticle=8638065 False Malware,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A sophisticated Python-based backdoor, potentially developed using AI, has been identified as a critical tool for RansomHub affiliates to infiltrate and maintain access to compromised networks. The discovery, made by Andrew Nelson, Principal Digital Forensics and Incident Response (DFIR) Consultant at GuidePoint Security, reveals new tactics being used by ransomware gangs.  A Lucrative Model RansomHub, [...]]]> 2025-01-16T04:26:38+00:00 https://informationsecuritybuzz.com/ransomhub-exploit-ai-generated-python/ www.secnews.physaphae.fr/article.php?IdArticle=8638066 False Ransomware,Tool,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The incident helped the federal government to seize a virtual private server used by the group and more quickly “connect the dots,” Jen Easterly said.

---

>The incident helped the federal government to seize a virtual private server used by the group and more quickly “connect the dots,” Jen Easterly said. ]]> 2025-01-16T01:29:55+00:00 https://cyberscoop.com/salt-typhoon-us-government-jen-easterly-cisa/ www.secnews.physaphae.fr/article.php?IdArticle=8637999 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat]]> 2025-01-15T21:07:00+00:00 https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html www.secnews.physaphae.fr/article.php?IdArticle=8637830 False Malware,Threat APT 38 2.0000000000000000 Techworm - News in an analysis. The three zero-day vulnerabilities under active exploitation in the wild are tracked as CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. These are elevation of privilege (EoP) vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP), with a CVSS score of 7.8 (important). According to Microsoft, successfully exploiting the vulnerability could allow an authenticated user to execute code with SYSTEM privileges. As usual, the Redmond giant has provided no information about how these flaws are being exploited, the attackers involved, or the scale of the attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these flaws to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement fixes by February 4, 2025. Further, let\'s have a look at the five publicly disclosed zero-days that were not exploited by the attackers and have been patched in the January 2025 Patch Tuesday cumulative update: CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395: These three vulnerabilities, each rated 7.8 on the CVSS scale (important), are Remote Code Execution (RCE) flaws in Microsoft Access that are triggered when opening maliciously crafted Access documents. The company has addressed these vulnerabilities by blocking access to the following extensions: accdb accde accdw accdt accda accdr accdu Microsoft credited Unpatched.ai, an AI-assisted vulnerability hunting platform, for finding all three Microsoft Access issues. The other two publicly disclosed and unexploited zero-da]]> 2025-01-15T21:03:35+00:00 https://www.techworm.net/2025/01/microsoft-fix-8-zero-day-patch-tuesday.html www.secnews.physaphae.fr/article.php?IdArticle=8637765 False Vulnerability,Threat,Prediction,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker]]> 2025-01-15T19:02:00+00:00 https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8637735 False Threat None 2.0000000000000000 knowbe4 - cybersecurity services Japan\'s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.

---

Japan\'s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.]]> 2025-01-15T15:34:45+00:00 https://blog.knowbe4.com/japan-attributes-more-than-200-cyberattacks-to-china www.secnews.physaphae.fr/article.php?IdArticle=8637767 False Threat,Legislation None 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection In a recent incident, Darktrace uncovered a M365 account takeover attempt targeting a company in the manufacturing industry. The attacker executed a sophisticated phishing attack, gaining access through the organization\'s SaaS platform. This allowed the threat actor to create a new inbox rule, potentially setting the stage for future compromises.]]> 2025-01-15T13:47:31+00:00 https://darktrace.com/blog/phishing-and-persistence-darktraces-role-in-defending-against-a-sophisticated-account-takeover www.secnews.physaphae.fr/article.php?IdArticle=8637728 False Threat,Cloud None 3.0000000000000000