This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-07T01:53:04+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch The threat actor went more than half a decade before being discovered - thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.]]> 2024-01-26T21:00:00+00:00 https://www.darkreading.com/application-security/chinese-apt-hides-backdoor-in-software-updates www.secnews.physaphae.fr/article.php?IdArticle=8443534 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors created and abused OAuth apps to access Microsoft\'s corporate email environment and remain there for weeks.]]> 2024-01-26T20:37:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/microsoft-shares-new-guidance-in-wake-of-midnight-blizzard-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8443535 False Threat None 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Selon les données collectées par Netskope Threat Labs, au cours de 2023, OneDrive était l'application cloud la plus exploitée en termes de téléchargements de logiciels malveillants.Et si une bonne journée commence le matin, 2024 ne promet rien de bon.En fait, début janvier et après une pause de neuf mois, des chercheurs de [& # 8230;]

---

>According to the data collected by Netskope Threat Labs, over the course of 2023, OneDrive was the most exploited cloud app in terms of malware downloads. And if a good day starts in the morning, 2024 does not promise anything good. In fact, at the beginning of January, and after a nine-month break, researchers from […] ]]> 2024-01-26T17:16:24+00:00 https://www.netskope.com/blog/threat-actors-distributing-screenshotter-malware-from-onedrive www.secnews.physaphae.fr/article.php?IdArticle=8443481 False Malware,Threat,Cloud None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Les entreprises sont de plus en plus confrontées à de nouveaux incidents de cybersécurité perturbateurs, coûteux et peuvent endommager considérablement leur ...

---

>Businesses increasingly face new cybersecurity incidents that are disruptive, costly, and can significantly damage their... ]]> 2024-01-26T16:00:00+00:00 https://socradar.io/securing-the-chain-how-threat-intelligence-strengthens-third-party-risk-management/ www.secnews.physaphae.fr/article.php?IdArticle=8443446 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes\' Jérôme Segura said in a]]> 2024-01-26T15:14:00+00:00 https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html www.secnews.physaphae.fr/article.php?IdArticle=8443351 False Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC Dans le paysage cyber-menace en constante évolution, les stratégies de Star Blizzard se déroulent avec un ...

---

>Within the continuously changing cyber threat landscape, the strategies of Star Blizzard unfold with a... ]]> 2024-01-26T14:00:00+00:00 https://socradar.io/russian-apt-operation-star-blizzard/ www.secnews.physaphae.fr/article.php?IdArticle=8443408 False Threat None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK]]> 2024-01-26T13:39:32+00:00 https://www.welivesecurity.com/en/videos/blackwood-software-updates-nspx30-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8443672 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed La porte dérobée du NSPX30, initialement découverte en 2005 en tant que simple forme de logiciels malveillants, a évolué au fil du temps en une menace avancée. Ceci est un article de HackRead.com Lire le post original: Blackwood APT lié à la Chine déploie la porte dérobée avancée NSPX30 dans Cyberespionage

---

>By Deeba Ahmed The NSPX30 backdoor, initially uncovered in 2005 as a simple form of malware, has evolved over time into an advanced threat. This is a post from HackRead.com Read the original post: China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage]]> 2024-01-26T12:21:56+00:00 https://www.hackread.com/china-blackwood-apt-nspx30-backdoor-cyberespionage/ www.secnews.physaphae.fr/article.php?IdArticle=8443387 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it\'s currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew]]> 2024-01-26T11:33:00+00:00 https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html www.secnews.physaphae.fr/article.php?IdArticle=8443285 False Threat APT 29 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay.  ICS cyberattacks on the rise  ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency.  When it comes to ]]> 2024-01-26T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-for-industrial-control-systems-best-practices www.secnews.physaphae.fr/article.php?IdArticle=8443348 False Ransomware,Malware,Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a]]> 2024-01-26T10:43:00+00:00 https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8443268 False Threat None 3.0000000000000000 Soc Radar - Blog spécialisé SOC As we reflect on the cybersecurity journey of 2023, we uncover valuable lessons that shape... ]]> 2024-01-26T10:00:00+00:00 https://socradar.io/a-review-of-2023-26447-cves-44-days-to-exploit-and-ransomware-onslaught/ www.secnews.physaphae.fr/article.php?IdArticle=8443333 False Ransomware,Threat None 3.0000000000000000 Securonix - Siem Securonix Threat Research Security Advisory: Technical Analysis and Detection of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN]]> 2024-01-26T09:00:54+00:00 https://www.securonix.com/blog/securonix-threat-research-security-advisory-technical-analysis-and-detection-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ www.secnews.physaphae.fr/article.php?IdArticle=8443435 False Vulnerability,Threat,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The Parrot TDS (Traffic Redirect System) has escalated its campaign since October 2021, employing sophisticated techniques to avoid detection and potentially impacting millions through malicious scripts on compromised websites. Identified by Unit 42 researchers, Parrot TDS injects malicious scripts into existing JavaScript code on servers, strategically profiling victims before delivering payloads that redirect browsers to malicious content. Notably, the TDS campaign exhibits a broad scope, targeting victims globally without limitations based on nationality or industry. To bolster evasion tactics, attackers utilize multiple lines of injected JavaScript code, making it harder for security researchers to detect. The attackers, likely employing automated tools, exploit known vulnerabilities, with a focus on compromising servers using WordPress, Joomla, or other content management systems. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_jt3yi5rhpmao #### Publication Date January 19, 2024 #### Author(s) Zhanglin He Ben Zhang Billy Melicher Qi Deng Bo Qu Brad Duncan ]]> 2024-01-25T19:48:09+00:00 https://community.riskiq.com/article/7b5d88cb www.secnews.physaphae.fr/article.php?IdArticle=8443112 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber La loi sur la cybersécurité de la ferme et des aliments vise à identifier les vulnérabilités du secteur grâce à un exercice annuel et à des évaluations de menaces régulières.

---

>The Farm and Food Cybersecurity Act aims to identify vulnerabilities in the sector through an annual exercise and regular threat assessments. ]]> 2024-01-25T17:00:00+00:00 https://cyberscoop.com/farm-and-food-cybersecurity-act/ www.secnews.physaphae.fr/article.php?IdArticle=8443042 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform\'s surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview]]> 2024-01-25T16:47:00+00:00 https://thehackernews.com/2024/01/cyber-threat-landscape-7-key-findings.html www.secnews.physaphae.fr/article.php?IdArticle=8442943 False Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It\'s said to be active since at least 2018. The NSPX30]]> 2024-01-25T15:38:00+00:00 https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html www.secnews.physaphae.fr/article.php?IdArticle=8442919 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain A previously unknown advanced threat actor tracked  as \'Blackwood\' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. [...]]]> 2024-01-25T15:30:26+00:00 https://www.bleepingcomputer.com/news/security/blackwood-hackers-hijack-wps-office-update-to-install-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8443124 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A global drop in DeFi hacking gains prompted North Korean threat actors to diversify and extend their victim portfolio, Chainalysis found]]> 2024-01-25T14:00:00+00:00 https://www.infosecurity-magazine.com/news/north-korea-hacks-crypto-more/ www.secnews.physaphae.fr/article.php?IdArticle=8442988 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader\'s icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims]]> 2024-01-25T12:51:00+00:00 https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html www.secnews.physaphae.fr/article.php?IdArticle=8442858 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise\'s (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"]]> 2024-01-25T11:18:00+00:00 https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html www.secnews.physaphae.fr/article.php?IdArticle=8442828 False Threat,Cloud None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom]]> 2024-01-25T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/the-dark-side-of-2023-cybersecurity-malware-evolution-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8442915 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Zero Day Initiative\'s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days]]> 2024-01-25T10:15:00+00:00 https://www.infosecurity-magazine.com/news/pwn2own-unearths-dozens-zeroday/ www.secnews.physaphae.fr/article.php?IdArticle=8442921 False Vulnerability,Threat None 5.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. The Mimo threat actor has installed various malware, including Mimus ransomware, proxyware, and reverse shell malware, besides the Mimo miner. The majority of the Mimo threat actor\'s attacks have been cases that use XMRig CoinMiner, but ransomware attack cases were also observed in 2023. The Mimus ransomware was installed with the Batch malware and was made based on the source code revealed on GitHub by the developer “mauri870” who developed the codes for research purposes. The ransomware was developed in Go, and the threat actor used this to develop ransomware and named it Mimus ransomware. Mimus ransomware does not have any particular differences when compared to MauriCrypt\'s source code. Only the threat actor\'s C&C address, wallet address, email address, and other configuration data were changed. #### Reference URL(s) 1. https://asec.ahnlab.com/en/60440/ #### Publication Date January 17, 2024 #### Author(s) Sanseo ]]> 2024-01-24T20:59:31+00:00 https://community.riskiq.com/article/5a1a420b www.secnews.physaphae.fr/article.php?IdArticle=8442691 False Ransomware,Malware,Vulnerability,Threat None 2.0000000000000000 TechRepublic - Security News US See NCSC\'s predictions for generative AI for cyber attack and defense through 2025.]]> 2024-01-24T20:38:38+00:00 https://www.techrepublic.com/article/generative-ai-ransomware-threats-uk/ www.secnews.physaphae.fr/article.php?IdArticle=8442680 False Ransomware,Threat,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In]]> 2024-01-24T19:55:00+00:00 https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html www.secnews.physaphae.fr/article.php?IdArticle=8442574 False Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology.]]> 2024-01-24T19:55:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/fortra-discloses-critical-auth-bypass-vuln-in-goanywhere-mft www.secnews.physaphae.fr/article.php?IdArticle=8442665 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-01-24T15:48:22+00:00 https://www.globalsecuritymag.fr/etude-zerto-les-entreprises-n-ont-toujours-pas-de-strategies-completes-de-lutte.html www.secnews.physaphae.fr/article.php?IdArticle=8442597 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions.]]> 2024-01-24T14:00:00+00:00 https://www.darkreading.com/cyber-risk/researchers-map-ai-threat-landscape-risks www.secnews.physaphae.fr/article.php?IdArticle=8442552 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Le côté obscur de l'intelligence artificielle (AI) - L'évaluation de la cyber-menace du NCSC du Royaume-Uni avertit la montée en puissance dans la surtension des ransomwares dirigés par l'IA. Ceci est un article de HackRead.com Lire le post original: L'intelligence artificielle augmente la menace des ransomwares, UK Cyber Security Center avertit

---

>By Waqas The dark side of the Artificial Intelligence (AI) - UK\'s NCSC Cyber Threat Assessment warns surge in AI-driven ransomware Surge. This is a post from HackRead.com Read the original post: Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns]]> 2024-01-24T13:40:19+00:00 https://www.hackread.com/artificial-intelligence-ransomware-threat-uk-ncsc/ www.secnews.physaphae.fr/article.php?IdArticle=8442556 False Ransomware,Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite 90% des enfants de plus de 8 ans utilisent déjà Internet.Seulement 40% des parents sont conscients que leurs enfants ont fait face à des cybermenaces.L'éducation est la pierre angulaire de notre culture, car elle nous permet de progresser en tant que société et nous pouvons partager avec les valeurs et les connaissances des nouvelles générations que nous considérons comme essentielles.Dans une société de plus en plus numérisée, et surtout considérant que les enfants utilisent de plus en plus la technologie à un âge plus précoce, il est crucial que l'éducation se concentre sur la façon d'utiliser cet outil mondial en toute sécurité.La technologie offre de grands avantages dans l'éducation, la culture et le divertissement, mais [& # 8230;]

---

>90% of children over 8 years old are already using Internet. Only 40% of parents are aware that their children have faced cyber threats.  Education is the cornerstone of our culture, as it allows us to progress as a society and we can share with the new generations values and knowledge that we consider essential. In an increasingly digitized society, and especially considering that children are using technology more and more at an earlier age, it is crucial for education to focus on how to use this global tool safely. Technology offers great advantages in education, culture and entertainment, but […] ]]> 2024-01-24T13:00:35+00:00 https://blog.checkpoint.com/security/cybersecurity-education-from-childhood-is-a-vital-tool-72-of-children-worldwide-have-experienced-at-least-one-type-of-cyber-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8442533 False Tool,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain The United Kingdom\'s National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...]]]> 2024-01-24T11:56:13+00:00 https://www.bleepingcomputer.com/news/security/uk-says-ai-will-empower-ransomware-over-the-next-two-years/ www.secnews.physaphae.fr/article.php?IdArticle=8442614 False Ransomware,Tool,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere]]> 2024-01-24T10:15:00+00:00 https://www.infosecurity-magazine.com/news/exploit-code-critical-fortra/ www.secnews.physaphae.fr/article.php?IdArticle=8442493 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The National Cyber Security Centre claims in a new report that AI will increase volume and impact of ransomware attacks]]> 2024-01-24T09:30:00+00:00 https://www.infosecurity-magazine.com/news/ai-set-to-supercharge-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8442470 False Ransomware,Threat None 2.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels A financially-motivated threat actor has been targeting Mexican banks and cryptocurrency trading entities with a modified version of AllaKore RAT. ]]> 2024-01-24T09:01:00+00:00 https://blogs.blackberry.com/en/2024/01/mexican-banks-and-cryptocurrency-platforms-targeted-with-allakore-rat www.secnews.physaphae.fr/article.php?IdArticle=8442761 False Threat None 3.0000000000000000 Securonix - Siem Understanding the Shifting Perceptions of Insider Threats Over External Cyber Attacks. The new 2024 Insider Threat Report, published by Cybersecurity Insiders and commissioned by Securonix, found that 53% of cybersecurity professionals believe insider attacks are more difficult to detect and prevent than external cyber-attacks.]]> 2024-01-24T09:00:12+00:00 https://www.securonix.com/blog/shifting-perceptions-of-insider-threats-vs-external-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8442564 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Le monde numérique est constamment sous la menace des cyberattaques et l'émergence de ...

---

>The digital world is constantly under the threat of cyber attacks, and the emergence of... ]]> 2024-01-24T08:00:00+00:00 https://socradar.io/dark-web-profile-inc-ransom/ www.secnews.physaphae.fr/article.php?IdArticle=8442439 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-24T06:00:39+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/privilege-escalation-attack www.secnews.physaphae.fr/article.php?IdArticle=8443584 False Tool,Vulnerability,Threat,Commercial None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-24T06:00:39+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense//privilege-escalation-attack www.secnews.physaphae.fr/article.php?IdArticle=8442590 True Tool,Vulnerability,Threat,Commercial None 3.0000000000000000 Dark Reading - Informationweek Branch The new bug is Apple\'s 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.]]> 2024-01-23T23:30:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/days-after-google-apple-discloses-actively-exploited-0-day-in-its-browser-engine www.secnews.physaphae.fr/article.php?IdArticle=8442318 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said,]]> 2024-01-23T20:03:00+00:00 https://thehackernews.com/2024/01/vextrio-uber-of-cybercrime-brokering.html www.secnews.physaphae.fr/article.php?IdArticle=8442148 False Malware,Threat Uber 4.0000000000000000 ProofPoint - Cyber Firms 2024-01-23T15:29:37+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/more-one-quarter-global-2000-are-not-ready-upcoming-stringent-email www.secnews.physaphae.fr/article.php?IdArticle=8442630 False Spam,Tool,Threat,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible]]> 2024-01-23T15:04:00+00:00 https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8442028 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Cato Networks introduit le monde \\Le premier XDR basé sur Sase est apparu pour la première fois sur gourou de la sécurité informatique .

---

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world\'s first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and […] The post Cato Networks Introduces World\'s First SASE-based XDR first appeared on IT Security Guru. ]]> 2024-01-23T14:57:26+00:00 https://www.itsecurityguru.org/2024/01/23/cato-networks-introduces-worlds-first-sase-based-xdr/?utm_source=rss&utm_medium=rss&utm_campaign=cato-networks-introduces-worlds-first-sase-based-xdr www.secnews.physaphae.fr/article.php?IdArticle=8442143 False Threat,Cloud None 2.0000000000000000 HackRead - Chercher Cyber Par uzair amir Dans le cyberespace en constante évolution d'aujourd'hui, les organisations sont confrontées à un nombre toujours croissant de cyber-menaces.Les acteurs malveillants cherchent constamment à & # 8230; Ceci est un article de HackRead.com Lire le post original: Sécurité des données: tirant parti de l'IA pour une détection et une prévention des menaces améliorées

---

>By Uzair Amir In today\'s ever-evolving cyberspace, organizations face an ever-increasing number of cyber threats. Malicious actors are constantly seeking to… This is a post from HackRead.com Read the original post: Data Security: Leveraging AI for Enhanced Threat Detection and Prevention]]> 2024-01-23T13:13:19+00:00 https://www.hackread.com/data-security-ai-threat-detection-prevention/ www.secnews.physaphae.fr/article.php?IdArticle=8442126 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Au cours de l'été, nous avons vu une augmentation quelque peu inattendue des attaques de phishing basées sur le code QR.Ces attaques étaient toutes assez similaires.L'objectif principal était d'inciter l'utilisateur final à scanner le code QR, où il serait redirigé vers une page de récolte d'identification.Assez simple, mais il a réussi, car de nombreuses solutions de sécurité par e-mail n'ont pas eu de protection de code QR et de nombreux utilisateurs finaux sont utilisés pour scanner les codes QR.C'est pourquoi nous avons vu une augmentation de 587% entre août et septembre de ces attaques.Les fournisseurs de sécurité ont travaillé furieusement pour développer de nouvelles protections pour ces attaques.Et, comme cela arrive toujours, les acteurs de la menace ont répondu [& # 8230;]

---

>Over the summer, we saw a somewhat unexpected rise in QR-code based phishing attacks. These attacks were all fairly similar. The main goal was to induce the end-user to scan the QR Code, where they would be redirected to a credential harvesting page. Fairly simple, but it was successful as many email security solutions didn\'t have QR code protection and many end-users are used to scanning QR codes. It\'s why we saw a 587% increase between August and September of these attacks. Security vendors furiously worked to develop new protections for these attacks. And, as always happens, threat actors responded […] ]]> 2024-01-23T13:00:04+00:00 https://blog.checkpoint.com/harmony-email/conditional-qr-code-routing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8442099 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Le gouvernement britannique a dit aux chefs d'entreprise de «durcir» leurs protections contre les cyberattaques et de hiérarchiser la menace en tant que risque commercial clé similaire aux défis financiers et juridiques.Il fait suite à une enquête gouvernementale qui a identifié une «implication insuffisante du réalisateur» dans leur cybersécurité de leur organisation, avec seulement 30% des entreprises ayant «des membres du conseil d'administration ou des fiduciaires explicitement

---

The British government has told business leaders to “toughen up” their protections against cyberattacks and prioritize the threat as a key business risk similar to financial and legal challenges. It follows a government survey that identified “insufficient director involvement” in their organization\'s cybersecurity, with just 30% of businesses having “board members or trustees explicitly]]> 2024-01-23T12:54:00+00:00 https://therecord.media/uk-businesses-cyber-resilience-code-of-practice www.secnews.physaphae.fr/article.php?IdArticle=8442093 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-01-23T12:51:12+00:00 https://www.proofpoint.com/us/blog/threat-insight/threat-landscape-always-changing-what-expect-2024 www.secnews.physaphae.fr/article.php?IdArticle=8442151 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain prêtez-moi votre oreille: canaux latéraux physiques à distance passifs sur PC . & # 8221; Résumé: Nous montrons que les capteurs intégrés dans les PC de produits de base, tels que les microphones, capturent par inadvertance la fuite électromagnétique du canal latéral à partir du calcul continu.De plus, ces informations sont souvent véhiculées par des canaux supposés-benons tels que les enregistrements audio et les applications de voix sur IP courantes, même après compression avec perte. Ainsi, nous montrons, il est possible de mener des attaques de canaux latéraux physiques sur le calcul par analyse à distance et purement passive des canaux couramment partagés.Ces attaques ne nécessitent ni proximité physique (qui pourrait être atténuée par la distance et le blindage), ni la possibilité d'exécuter du code sur la cible ou de configurer son matériel.Par conséquent, nous soutenons que les canaux latéraux physiques sur les PC ne peuvent plus être exclus des modèles de menaces à distance à distance ...

---

Really interesting research: “Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression. Thus, we show, it is possible to conduct physical side-channel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require neither physical proximity (which could be mitigated by distance and shielding), nor the ability to run code on the target or configure its hardware. Consequently, we argue, physical side channels on PCs can no longer be excluded from remote-attack threat models...]]> 2024-01-23T12:09:42+00:00 https://www.schneier.com/blog/archives/2024/01/side-channels-are-common.html www.secnews.physaphae.fr/article.php?IdArticle=8442077 False Threat,Conference None 4.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization\'s operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention. Ransomware is a type of malicious software designed to deny access to a computer system or data until a sum of money is paid. It often gains unauthorized access through exploiting vulnerabilities or employing social engineering tactics like phishing emails and malicious attachments. Over the years, ransomware attacks have evolved from indiscriminate campaigns to highly targeted and sophisticated operations. Notorious strains such as WannaCry, Ryuk, and Maze have demonstrated the devastating impact of these attacks on organizations worldwide. Common vulnerabilities exploited Outdated software and patch management: Ransomware often exploits vulnerabilities in outdated software. Robust patch management is crucial for closing these security gaps. Social engineering and phishing: Human error remains a significant factor in ransomware attacks. Employees need comprehensive training to recognize and avoid phishing attempts. Weak authentication practices: Inadequate password policies and the absence of multi-factor authentication create entry points for threat actors. Poorly configured remote desktop protocol (RDP): RDP misconfigurations can provide a direct path for ransomware to infiltrate a network. Comprehensive prevention strategies Regular software updates and patch management: Implement a proactive approach to software updates and patch vulnerabilities promptly. Employee training and awareness: Conduct regular cybersecurity training sessions to educate employees about the dangers of phishing and best practices for online security. Multi-factor authentication (MFA): Enforce MFA to add an additional layer of security, mitigating the risk of unauthorized access. Network segmentation: Divide networks into segments to contain the spread of ransomware in case of a breach. Data backup and recovery: Establish regular backups of critical data and ensure that recovery processes are tested and reliable. Post-infection recovery plans: The aftermath of a ransomware attack can be chaotic and detrimental to an organization\'s operations. Developing a robust post-infection recovery plan is essential to minimize damage, restore functionality, and ensure a swift return to normalcy. This detailed guide outlines the key components of an effective recovery plan tailored for organizations recovering from a ransomware incident. Key components of post-infection recovery plans: Incident response team activation: Swift action: Activate the incident response team immediately upo]]> 2024-01-23T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/the-rise-of-ransomware-strategies-for-prevention www.secnews.physaphae.fr/article.php?IdArticle=8442051 False Ransomware,Data Breach,Vulnerability,Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Apple a publié des mises à jour de sécurité pour aborder la première vulnérabilité des 2024 jours affectant ses produits ....

---

>Apple has issued security updates to address the first 2024 zero-day vulnerability affecting its products.... ]]> 2024-01-23T10:22:49+00:00 https://socradar.io/new-apple-zero-day-in-webkit-received-a-fix-cve-2024-23222/ www.secnews.physaphae.fr/article.php?IdArticle=8442049 False Vulnerability,Threat None 2.0000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-01-23T10:21:41+00:00 https://www.globalsecuritymag.fr/cybersecurite-5-risques-a-suivre-en-2024-selon-hiscox.html www.secnews.physaphae.fr/article.php?IdArticle=8442059 False Threat,Prediction ChatGPT 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem]]> 2024-01-23T07:00:00+00:00 https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8441910 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity]]> 2024-01-22T22:17:00+00:00 https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8441736 False Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Even the most careful VMware customers may need to go back and double check that they weren\'t compromised by a zero-day exploit for CVE-2023-34048.]]> 2024-01-22T22:08:00+00:00 https://www.darkreading.com/endpoint-security/chinese-spies-exploited-critical-vmware-bug-2-years www.secnews.physaphae.fr/article.php?IdArticle=8441859 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.]]> 2024-01-22T21:58:00+00:00 https://www.darkreading.com/threat-intelligence/microsoft-falls-victim-russian-midnight-blizzard-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8441839 False Threat None 3.0000000000000000 Zimperium - cyber risk firms for mobile Alors que nous accueillons la nouvelle année, les entreprises du monde entier se préparent à la croissance et à l'expansion.Plongez \\ dans certains des menaces que les appareils mobiles peuvent faire face et explorer comment la défense des menaces mobiles de Zimperium (MTD) peut aider les entreprises à protéger votre entreprise.

---

>As we welcome the new year, businesses around the world are gearing up for growth and expansion. Let\'s dive into some of the threats mobile devices can face and explore how Zimperium Mobile Threat Defense (MTD) can help enterprises protect your enterprise.  ]]> 2024-01-22T21:03:51+00:00 https://www.zimperium.com/blog/new-year-new-hires-new-devices-kick-start-the-year-with-endpoint-security/ www.secnews.physaphae.fr/article.php?IdArticle=8441838 False Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Starting in July 2023, Red Canary began investigating a series of attacks by adversaries leveraging MSIX files to deliver malware. MSIX is a Windows application package installation format that IT teams and developers increasingly use to deliver Windows applications within enterprises. The adversaries in each intrusion appeared to be using malicious advertising or SEO poisoning to draw in victims, who believed that they were downloading legitimate software such as Grammarly, Microsoft Teams, Notion, and Zoom. Victims span multiple industries, suggesting that the adversary\'s attacks are opportunistic rather than targeted. #### Reference URL(s) 1. https://redcanary.com/blog/msix-installers/ #### Publication Date January 16, 2024 #### Author(s) Tony Lambert ]]> 2024-01-22T20:39:42+00:00 https://community.riskiq.com/article/e54cc50a www.secnews.physaphae.fr/article.php?IdArticle=8441828 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Based on fresh infection routines the APT is testing, it\'s looking to harvest threat intelligence in order to improve operational security and stealth.]]> 2024-01-22T20:30:00+00:00 https://www.darkreading.com/threat-intelligence/north-koreasc-arcruft-attackers-target-cybersecurity-pros www.secnews.physaphae.fr/article.php?IdArticle=8441819 False Threat APT 37 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary A high number of Sliver framework payloads were found in the month of December. Sliver is […]

---

>Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary A high number of Sliver framework payloads were found in the month of December. Sliver is […] ]]> 2024-01-22T19:36:23+00:00 https://www.netskope.com/blog/netskope-threat-labs-stats-for-december-2023 www.secnews.physaphae.fr/article.php?IdArticle=8441797 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The agreement to enable future sharing of information and experience is part of a spate of inter-country threat intelligence agreements that Israel is signing, as war-related attacks ramp up.]]> 2024-01-22T17:31:00+00:00 https://www.darkreading.com/cybersecurity-operations/israel-czech-republic-reinforce-cyber-partnership-hamas-war www.secnews.physaphae.fr/article.php?IdArticle=8441756 False Threat None 3.0000000000000000 UnderNews - Site de news "pirate" francais Avec la généralisation de l’accès des enfants aux smartphones et aux tablettes, ces derniers interagissent de plus en plus tôt avec le monde numérique et la technologie. Il devient donc impératif que les parents restent au fait des dernières menaces de cybersécurité visant les enfants, afin de mieux les protéger contre d’éventuels dangers. Les experts […] The post Kaspersky anticipe les principales menaces cyber ciblant les enfants en 2024 first appeared on UnderNews.]]> 2024-01-22T14:27:31+00:00 https://www.undernews.fr/malwares-virus-antivirus/kaspersky-anticipe-les-principales-menaces-cyber-ciblant-les-enfants-en-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8441675 False Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violation de Microsoft ont révélé qu'ils ont détecté une attaque contre leurs systèmes par l'acteur parrainé par l'État russe connu sous le nom de Midnight Blizzard (alias Nobelium).L'acteur de menace a utilisé une attaque en pulvérisation de mot de passe pour compromettre un test de non-production hérité [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 22nd January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Microsoft disclosed that they detected an attack against their systems by Russian state-sponsored actor known as Midnight Blizzard (aka Nobelium). The threat actor used a password spray attack to compromise a legacy non-production test […] ]]> 2024-01-22T14:09:19+00:00 https://research.checkpoint.com/2024/22nd-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8441678 False Threat None 2.0000000000000000 Soc Radar - Blog spécialisé SOC In SOCRadar Dark Web Team’s latest findings, from their week-long monitoring of the dark web,... ]]> 2024-01-22T11:56:00+00:00 https://socradar.io/sales-of-trello-database-ivanti-zero-day-exploits-phantom-loader-us-and-australia-credit-cards/ www.secnews.physaphae.fr/article.php?IdArticle=8441628 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine US security agency CISA orders all civilian federal agencies to take immediate steps to mitigate two Ivanti zero-day flaws]]> 2024-01-22T10:15:00+00:00 https://www.infosecurity-magazine.com/news/cisa-emergency-directive-action/ www.secnews.physaphae.fr/article.php?IdArticle=8441611 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said. "Notably, despite the binary\'s unknown file]]> 2024-01-22T09:10:00+00:00 https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html www.secnews.physaphae.fr/article.php?IdArticle=8441496 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-01-22T06:00:26+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/types-identity-threats-attacks www.secnews.physaphae.fr/article.php?IdArticle=8441709 False Malware,Vulnerability,Threat,Patching,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further]]> 2024-01-20T15:53:00+00:00 https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html www.secnews.physaphae.fr/article.php?IdArticle=8440964 False Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – an authentication bypass]]> 2024-01-20T10:01:00+00:00 https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html www.secnews.physaphae.fr/article.php?IdArticle=8440879 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company\'s cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly]]> 2024-01-20T08:41:00+00:00 https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html www.secnews.physaphae.fr/article.php?IdArticle=8440863 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs]]> 2024-01-20T07:46:00+00:00 https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html www.secnews.physaphae.fr/article.php?IdArticle=8440850 False Malware,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Russian threat group COLDRIVER, also known as UNC4057, Star Blizzard, and Callisto, has expanded its targeting of Western officials to include the use of malware. The group has been focused on credential phishing activities against high-profile individuals in NGOs, former intelligence and military officers, and NATO governments. COLDRIVER has been using impersonation accounts to establish a rapport with the target, increasing the likelihood of the phishing campaign\'s success, and eventually sends a phishing link or document containing a link. COLDRIVER has been observed sending targets benign PDF documents from impersonation accounts, presenting these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted. If the target responds that they cannot read the encrypted document, the COLDRIVER impersonation account responds with a link, usually hosted on a cloud storage site, to a “decryption” utility for the target to use. This decryption utility, while also displaying a decoy document, is in fact a backdoor, tracked as SPICA, giving COLDRIVER access to the victim\'s machine. #### Reference URL(s) 1. https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/ #### Publication Date January 18, 2024 #### Author(s) Wesley Shields ]]> 2024-01-19T21:05:18+00:00 https://community.riskiq.com/article/e41b6786 www.secnews.physaphae.fr/article.php?IdArticle=8440784 False Malware,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Though reports say this latest Ivanti bug is being exploited, it\'s unclear exactly how threat actors are using it.]]> 2024-01-19T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/third-ivanti-vulnerability-exploited-in-the-wild-cisa-reports www.secnews.physaphae.fr/article.php?IdArticle=8440748 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. "Once detonated, the malware will download and execute multiple payloads]]> 2024-01-19T18:18:00+00:00 https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8440653 False Malware,Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant unc3886 , un groupe d'espionnage China-Nexus très avancé, a exploité CVE-2023-34048 jusqu'à la fin 2021. Ces résultats proviennent de la recherche continue de Maniant \\ de Les nouveaux chemins d'attaque utilisés par unc3886 , qui se concentre historiquement sur les technologies qui ne sont pas en mesure de les déployer par EDR.UNC3886 a une expérience en utilisant des vulnérabilités zéro-jours pour terminer leur mission sans être détectée, et ce dernier exemple démontre en outre leurs capacités. Lorsque vous couvrez

---

While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021.These findings stem from Mandiant\'s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have EDR deployed to them. UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further demonstrates their capabilities. When covering]]> 2024-01-19T17:30:00+00:00 https://www.mandiant.com/resources/blog/chinese-vmware-exploitation-since-2021 www.secnews.physaphae.fr/article.php?IdArticle=8441523 False Vulnerability,Threat None 4.0000000000000000 Soc Radar - Blog spécialisé SOC Les entreprises sont de plus en plus confrontées à la menace de la cybercriminalité, en particulier des ransomwares.Ce logiciel malveillant verrouille les utilisateurs ...

---

>Businesses are increasingly facing the threat of cybercrime, particularly ransomware. This malicious software locks users... ]]> 2024-01-19T12:22:43+00:00 https://socradar.io/cyber-insurance-in-the-age-of-ransomware-protection-or-provocation/ www.secnews.physaphae.fr/article.php?IdArticle=8440637 False Ransomware,Threat None 2.0000000000000000 Microsoft - Microsoft Security Response Center The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.]]> 2024-01-19T00:00:00+00:00 https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ www.secnews.physaphae.fr/article.php?IdArticle=8440783 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A panel of CISOs acknowledged that artificial intelligence has boosted the capabilities of threat actors, but enterprise defenders are actually benefiting more from the technology.]]> 2024-01-18T23:00:00+00:00 https://www.darkreading.com/cyber-risk/ai-gives-defenders-the-advantage-in-enterprise-defense www.secnews.physaphae.fr/article.php?IdArticle=8440749 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Just like you and me, cyberattackers returned from winter break and immediately started sending thousands of emails.]]> 2024-01-18T22:46:00+00:00 https://www.darkreading.com/threat-intelligence/threat-actors-post-holiday-phishing-email-surge www.secnews.physaphae.fr/article.php?IdArticle=8440443 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are]]> 2024-01-18T22:01:00+00:00 https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html www.secnews.physaphae.fr/article.php?IdArticle=8440348 False Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google\'s Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are]]> 2024-01-18T20:19:00+00:00 https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html www.secnews.physaphae.fr/article.php?IdArticle=8440327 False Malware,Threat None 3.0000000000000000 Volexity - Cyber Firms Le 15 janvier 2024, la volexité a détaillé l'exploitation généralisée des vulnérabilités VPN sécurisées Ivanti Connect CVE-2024-21887 et CVE-2023-46805.Dans ce billet de blog, la volexité a détaillé un numérisation et une exploitation plus larges par des acteurs de menace utilisant des exploits toujours non publiques pour compromettre de nombreux appareils.Le lendemain, le 16 janvier 2023, le code de preuve de concept pour l'exploit a été rendu public par Rapid7.Par la suite, la volexité a observé une augmentation des attaques de divers acteurs de menace contre les appareils VPN sécurisés Ivanti Connect à partir du même jour.De plus, la volexité a poursuivi son enquête sur l'activité menée par UTA0178 et fait quelques découvertes notables.Le premier se rapporte à la volet de Web GiftedVisitor pour laquelle la volexité a scanné, ce qui a conduit à la découverte initiale de plus de 1 700 dispositifs VPN Secure Ivanti compromis.Le 16 janvier 2024, Volexity a effectué un nouveau scan pour cette porte dérobée et a trouvé 368 appropriés supplémentaires sur les appareils VPN Secure Ivanti compromis, apportant le nombre total de systèmes infectés par [& # 8230;]

---

>On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. The following day, January 16, 2023, proof-of-concept code for the exploit was made public by Rapid7. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day. Additionally, Volexity has continued its investigation into activity conducted by UTA0178 and made a few notable discoveries. The first relates to the GIFTEDVISITOR webshell that Volexity scanned for, which led to the initial discovery of over 1,700 compromised Ivanti Connect Secure VPN devices. On January 16, 2024, Volexity conducted a new scan for this backdoor and found an additional 368 compromised Ivanti Connect Secure VPN appliances, bringing the total count of systems infected by […] ]]> 2024-01-18T18:55:27+00:00 https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ www.secnews.physaphae.fr/article.php?IdArticle=8440382 False Vulnerability,Threat None 3.0000000000000000 TechRepublic - Security News US The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA\'s tips for protecting against this malware threat.]]> 2024-01-18T18:44:20+00:00 https://www.techrepublic.com/article/androxgh0st-malware-botnet/ www.secnews.physaphae.fr/article.php?IdArticle=8440379 False Malware,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Analysis of the infostealer malware version 4.1 includes hidden ASCII art and a shout-out thanking cybersecurity researchers.]]> 2024-01-18T15:15:00+00:00 https://www.darkreading.com/threat-intelligence/chaes-infostealer-code-threat-hunter-love-notes www.secnews.physaphae.fr/article.php?IdArticle=8440332 False Malware,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates d'État russes tentent de plus en plus de déployer des délais sur les appareils des cibles dans les pays de l'OTAN et l'Ukraine, selon Nouvelles recherches du groupe d'analyse des menaces de Google \\.Les chercheurs ont constaté que les tactiques des pirates du Centre 18, une unité au sein du Federal Security Service (FSB) de Russie, ont évolué ces derniers mois à des derniers mois

---

Russian state hackers are increasingly attempting to deploy backdoors on the devices of targets in NATO countries and Ukraine, according to new research from Google\'s Threat Analysis Group. The researchers found that the tactics of hackers from Center 18, a unit within Russia\'s Federal Security Service (FSB), have evolved in recent months to more sophisticated]]> 2024-01-18T15:00:00+00:00 https://therecord.media/russia-state-hackers-deploying-malware-nato www.secnews.physaphae.fr/article.php?IdArticle=8440329 False Malware,Threat None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

81% of Security Professionals Identify Phishing as the Top Threat in 2024 The 2024 Fortra State of Cybersecurity Survey uncovers the key security challenges and opportunities for organizations this year - Special Reports]]> 2024-01-18T14:21:27+00:00 https://www.globalsecuritymag.fr/fortra-81-of-security-professionals-identify-phishing-as-the-top-threat-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8440311 False Threat None 3.0000000000000000 SecurityWeek - Security News Le groupe de menaces russes Colriver a développé SPICA, un malware qui lui permet de compromettre les systèmes et de voler des informations.

---

>Russian threat group ColdRiver has developed Spica, a malware that enables it to compromise systems and steal information.  ]]> 2024-01-18T14:06:53+00:00 https://www.securityweek.com/russian-apt-known-for-phishing-attacks-is-also-developing-malware-google-warns/ www.secnews.physaphae.fr/article.php?IdArticle=8440306 False Malware,Threat None 3.0000000000000000 The Register - Site journalistique Anglais The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Russian cyberspies linked to the Kremlin\'s Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google\'s Threat Analysis Group.…]]> 2024-01-18T14:00:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/18/google_tag_coldriver_malware/ www.secnews.physaphae.fr/article.php?IdArticle=8440290 False Malware,Threat None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Unusual, thought-provoking predictions for cybersecurity in 2024 Part two: Cybersecurity operations in 2024: The SOC of the future While there are many big things to prepare for in 2024 (see first two posts), some important smaller things don’t get the same attention. Yet, these things are good to know and probably won’t come as a huge surprise. Because they, too, are evolving, it’s important not to take your eye off the ball. Compliance creates a new code of conduct and a new need for compliance logic. Compliance and governance are often overlooked when developing software because a different part of the business typically owns those responsibilities. That is all about to change. Cybersecurity policies (internal and external, including new regulations) need to move upstream in the software development lifecycle and need compliance logic built in to simplify the process. Software is designed to work globally; however, the world is becoming more segmented and parsed. Regulations are being created at country, regional, and municipal levels. To be realistic, the only way to handle compliance is via automation. To avoid the constant forking of software, compliance logic will need to be a part of modern applications. Compliance logic will allow software to function globally but adjust based on code sets that address geographic locations and corresponding regulations. In 2024, expect compliance logic to become a part of the larger conversation regarding compliance, governance, regulation, and policy. This will require cross-functional collaboration across IT, security, legal, line of business, finance, and other organizational stakeholders. MFA gets physical. Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy-to-implement step for good cyber hygiene. Our current way of thinking about MFA is generally based on three things: something you know, a passcode; something you have, a device; and something you are, a fingerprint, your face, etc. Now, let’s take this a step further and look at how the something you are part of MFA can improve safety. Today, MFA routinely accepts fingerprints, facial recognition, or retina scans. That’s just the beginning. MFA can go a step further in helping with business outcomes; here’s how. Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon can access the hospital, restricted areas, and the operating room through MFA verifications. But, once in the operating room, how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to ensure the surgeon is fit by adding another layer of something you are. Behavioral MFA will determine fitness for a task by identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis. The goal is to compare current behavior with past behavior to ensur]]> 2024-01-18T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/four-cybersecurity-trends-you-should-know-for-2024 www.secnews.physaphae.fr/article.php?IdArticle=8440225 False Tool,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mind Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the]]> 2024-01-18T09:46:00+00:00 https://thehackernews.com/2024/01/iranian-hackers-masquerades-as.html www.secnews.physaphae.fr/article.php?IdArticle=8440137 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s National Cyber Security Centre has launched a Cyber League to monitor emerging cyber-threats]]> 2024-01-18T09:30:00+00:00 https://www.infosecurity-magazine.com/news/ncsc-cyber-league-threat-tracking/ www.secnews.physaphae.fr/article.php?IdArticle=8440210 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le Federal Bureau of Investigation (FBI) et la Cybersecurity and Infrastructure Security Agency (CISA) ont publié mardi un ...

---

>The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published Tuesday a... ]]> 2024-01-18T08:00:31+00:00 https://industrialcyber.co/cisa/fbi-and-cisa-issue-advisory-on-androxgh0st-malware-and-botnet-threat-to-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8440176 False Malware,Threat None 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités àinstaller des logiciels malveillants.MIMO, également surnommé HEZB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022. Jusqu'à présent, tous les cas d'attaque impliquaient l'installation de XMRIG Coinmin, appelé MIMO Miner Bot dans l'étape finale.Cependant, il y avait d'autres cas pertinents où le même acteur de menace a installé Mimus Ransomware, Proxyware et Reverse Shell ...

---

AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the installation of XMRig CoinMiner called Mimo Miner Bot in the final stage. However, there were other pertinent cases where the same threat actor installed Mimus ransomware, proxyware, and reverse shell... ]]> 2024-01-18T07:10:53+00:00 https://asec.ahnlab.com/en/60440/ www.secnews.physaphae.fr/article.php?IdArticle=8440173 False Ransomware,Malware,Vulnerability,Threat None 3.0000000000000000 ProofPoint - Cyber Firms PDF > OneDrive URL > JavaScript > MSI / VBS (WasabiSeed) > MSI (Screenshotter). The attack chain was similar to the last documented email campaign using this custom toolset observed by Proofpoint on March 20, 2023. The similarities helped with attribution. Specifically, TA571 spam service was similarly used, the WasabiSeed downloader remained almost the same, and the Screenshotter scripts and components remained almost the same. (Analyst Note: While Proofpoint did not initially associate the delivery TTPs with TA571 in our first publication on TA866, subsequent analysis attributed the malspam delivery of the 2023 campaigns to TA571, and subsequent post-exploitation activity to TA866.)  One of the biggest changes in this campaign from the last observed activity was the use of a PDF attachment containing a OneDrive link, which was completely new. Previous campaigns used macro-enabled Publisher attachments or 404 TDS URLs directly in the email body.  Screenshot of “TermServ.vbs” WasabiSeed script whose purpose is to execute an infinite loop, reaching out to C2 server and attempting to download and run an MSI file (empty lines were removed from this script for readability).  Screenshot of “app.js”, one of the components of Screenshotter. This file runs “snap.exe”, a copy of legitimate IrfanView executable, (also included inside the MSI) to save a desktop screenshot as “gs.jpg”.  Screenshot of “index.js”, another Screenshotter component. This code is responsible for uploading the desktop screenshot ”gs.jpg” to the C2 server.  Attribution  There are two threat actors involved in the observed campaign. Proofpoint tracks the distribution service used to deliver the malicious PDF as belonging to a threat actor known as TA571. TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety malware for their cybercriminal customers.  Proofpoint tracks the post-exploitation tools, specifically the JavaScript, MSI with WasabiSeed components, and MSI with Screenshotter components as belonging to TA866. TA866 is a threat actor previously documented by Proofpoint and colleagues in [1][2] and [3]. TA866 is known to engage in both crimeware and cyberespionage activity. This specific campaign appears financially motivated.  Proofpoint assesses that TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools, and ability and connections to purchase tools and services from other actors.  Why it matters  The following are notable characteristics of TA866\'s return to email threat data:  TA866 email campaigns have been missing from the landscape for over nine months (although there are indications that the actor was meanwhile ]]> 2024-01-18T05:00:52+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign www.secnews.physaphae.fr/article.php?IdArticle=8440209 False Spam,Malware,Tool,Threat None 2.0000000000000000 TrendLabs Security - Editeur Antivirus The overlooked vulnerability with real impacts]]> 2024-01-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/ivanti-zero-day-threat-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8440763 False Vulnerability,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities in the wild beginning as early as December 2023 by a suspected espionage threat actor, currently being tracked as UNC5221. Mandiant is sharing details of five malware families associated with the exploitation of CS and PS devices. These families allow the threat actors to circumvent authentication and provide backdoor access to these devices. #### Reference URL(s) 1. https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day #### Publication Date January 17, 2024 #### Author(s) Tyler Mclellan John Wolfram Gabby Roncone Matt Lin Robert Wallace Dimiter Andonov ]]> 2024-01-17T21:58:17+00:00 https://community.riskiq.com/article/c77cceaf www.secnews.physaphae.fr/article.php?IdArticle=8440049 False Malware,Vulnerability,Threat None 4.0000000000000000 Dark Reading - Informationweek Branch The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.]]> 2024-01-17T21:15:00+00:00 https://www.darkreading.com/cloud-security/google-chrome-zero-day-bug-attack-code-injection www.secnews.physaphae.fr/article.php?IdArticle=8440044 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware added encryption and obfuscation of its code. he malware was distributed via malvertising campaigns and compromised sites. In January 2024, a malvertising campaign was identified using Google search ads to lure victims via a decoy website impersonating Slack. The threat actors are leveraging tracking templates to filter traffic and route it through a few redirects before loading the landing page. The malicious DMG file contains instructions for users to open the file as well as a dialog window asking them to enter their system password. This will allow Atomic Stealer to collect passwords and other sensitive files that are typically access-restricted. Stealers continue to be a top threat for Mac users, and it is important to download software from trusted locations. #### Reference URL(s) 1. https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version #### Publication Date January 10, 2024 #### Author(s) Malwarebytes Threat Intelligence Team Jérôme Segura ]]> 2024-01-17T21:00:08+00:00 https://community.riskiq.com/article/38f0f5fa www.secnews.physaphae.fr/article.php?IdArticle=8440050 False Malware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future Les experts «de haut niveau» travaillant sur les affaires du Moyen-Orient dans les universités et les organisations de recherche en Belgique, en France, Gaza, Israël, le Royaume-Uni et les États-Unis ont été ciblées par des pirates prétendument liés au gouvernement iranien, selon un nouveau rapport de Microsoft.Dans un article de blog, l'équipe de renseignement des menaces de Microsoft a déclaré que depuis novembre, un sous-ensemble de

---

“High-profile” experts working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K. and the U.S. have been targeted by hackers allegedly connected to the Iranian government, according to a new report from Microsoft. In a blog post, Microsoft\'s Threat Intelligence team said that since November a subset of]]> 2024-01-17T20:30:00+00:00 https://therecord.media/microsoft-iranian-hackers-high-profile-experts www.secnews.physaphae.fr/article.php?IdArticle=8440027 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for]]> 2024-01-17T19:21:00+00:00 https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8439909 False Vulnerability,Threat None 3.0000000000000000