www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T06:57:34+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine Illicit Crypto-Inflows Set to Top $51bn in a Year Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024]]> 2025-01-15T13:00:00+00:00 https://www.infosecurity-magazine.com/news/illicit-cryptoinflows-top-51bn-year/ www.secnews.physaphae.fr/article.php?IdArticle=8637706 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls The security provider published mitigation measures to prevent exploitation]]> 2025-01-15T12:00:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-confirms-critical-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8637679 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People\'s Republic of China (PRC]]> 2025-01-15T11:44:00+00:00 https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html www.secnews.physaphae.fr/article.php?IdArticle=8637567 False Malware,Threat,Legislation None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Secureworks Exposes North Korean Links to Fraudulent Crowdfunding Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests]]> 2025-01-15T11:20:00+00:00 https://www.infosecurity-magazine.com/news/north-korean-links-fraudulent/ www.secnews.physaphae.fr/article.php?IdArticle=8637680 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 3 Actively Exploited Zero-Day Flaws Patched in Microsoft\\'s Latest Security Update Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned]]> 2025-01-15T10:45:00+00:00 https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8637520 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -]]> 2025-01-15T10:40:00+00:00 https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html www.secnews.physaphae.fr/article.php?IdArticle=8637521 False Threat,Technical None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite AWS S3 Buckets Under Siege: New Ransomware Exploits SSE-C Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS\'s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom. New Technique a Systemic Threat Halcyon says this tactic [...]]]> 2025-01-15T05:16:50+00:00 https://informationsecuritybuzz.com/aws-s3-buckets-ransomware-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8637519 False Ransomware,Threat None 4.0000000000000000 Techworm - News Zero-Day Vulnerability Targets Fortinet FortiGate Firewalls wrote in a blog post published last week. While the initial access vector used in this campaign currently remains unknown, Arctic Wolf Labs is highly confident that a zero-day vulnerability’s “mass exploitation campaign” is likely, considering the constricted timelines across affected organizations and the range of affected firmware versions. The firmware versions ranging from 7.0.14 and 7.0.16 were predominantly affected, which were released in February 2024 and October 2024 respectively. Arctic Wolf Labs has currently identified four separate attack phases of the campaign that targeted vulnerable FortiGate devices between November 2024 and December 2024: Phase 1: Vulnerability scanning (November 16, 2024 to November 23, 2024) Phase 2: Reconnaissance (November 22, 2024 to November 27, 2024) Phase 3: SSL VPN configuration (December 4, 2024 to December 7, 2024) Phase 4: Lateral Movement (December 16, 2024 to December 27, 2024) In the first phase, the threat actors conducted vulnerability scans and made use of jsconsole sessions with connections to and from unusual IP addresses, such as loopback addresses (e.g., 127.0.0.1) and popular DNS resolvers including Google Public DNS and Cloudflare, making them an ideal target for threat hunting. In the reconnaissance phase, the attackers made the first unauthorized configuration changes across several victim organizations to verify whether they had successfully obtained access to commit changes on exploited firewalls. During the third phase of the campaign, threat actors made substantial changes to compromised devices to establish SSL VPN access. In some intrusions, they created new super admin accounts, while in others, they hijacked existing accounts to gain SSL VPN access. Threat actors also created new SSL VPN portals where the user accounts were added directly. In the last phase, after successfully gaining SSL VPN access within the victim organization’s environment, the threat actors used the DCSync technique to extract credentials for lateral movement. According to the cybersecurity company, the threat actors have been removed from affected systems before they can proceed. Artic Wolf Labs notified Fortinet about the activity observed in this campaign on December 12, 2024. FortiGuard Labs PSIRT confirmed on December 17, 2024, that it is aware of the known activity and is actively investigating the issue. To safeguard against such known security issues, Artic Wolf Labs recommends that organizations immediately disable their firewall management access on public interfaces and limit access to trusted users. It also advises regularly upgrading the firmware on firewall devices to the latest version to protect against known vulnerabilities.

Cybersecurity firm Arctic Wolf disclosed on Friday that threat actors recently targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public In]]> 2025-01-14T21:51:07+00:00 https://www.techworm.net/2025/01/zero-day-vulnerability-fortinet-fortigate-firewalls.html www.secnews.physaphae.fr/article.php?IdArticle=8637225 False Vulnerability,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection RansomHub Ransomware: Darktrace\\'s Investigation of the Newest Tool in ShadowSyndicate\\'s Arsenal Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks.]]> 2025-01-14T19:25:12+00:00 https://darktrace.com/blog/ransomhub-ransomware-darktraces-investigation-of-the-newest-tool-in-shadowsyndicates-arsenal www.secnews.physaphae.fr/article.php?IdArticle=8637307 False Ransomware,Tool,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 3 Tips for Eliminating Attack Surface Blind Spots 2025-01-14T18:59:00+00:00 https://levelblue.com/blogs/security-essentials/3-tips-for-eliminating-attack-surface-blind-spots www.secnews.physaphae.fr/article.php?IdArticle=8638362 False Tool,Vulnerability,Threat,Mobile,Industrial,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.]]> 2025-01-14T17:50:24+00:00 https://www.darkreading.com/threat-intelligence/zero-day-security-bug-fortinet-firewall-attacks www.secnews.physaphae.fr/article.php?IdArticle=8637257 True Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain VERT Threat Alert: January 2025 Patch Tuesday Analysis Today\'s VERT Alert addresses Microsoft\'s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21333 The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21334 The second of three Hyper-V vulnerabilities this month is a use-after-free vulnerability that leads to privilege escalation to SYSTEM...]]> 2025-01-14T15:08:32+00:00 https://www.tripwire.com/state-of-security/vert-threat-alert-january-2025-patch-tuesday-analysis www.secnews.physaphae.fr/article.php?IdArticle=8637380 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm]]> 2025-01-14T14:43:00+00:00 https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8637055 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin\'s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia\'s General Staff Main]]> 2025-01-14T14:40:00+00:00 https://thehackernews.com/2025/01/russian-linked-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8637076 False Malware,Threat APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Backscatter: Automated Configuration Extraction Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in many modern families. This complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution. Google SecOps reverse engineers ensure precise indicators of compromise (IOC) extraction, empowering security teams with actionable threat intelligence to proactively neutralize attacks. Overview The ability to quickly detect and respond to threats has a significant impact on potential outcomes. Indicators of compromise (IOCs) serve as crucial breadcrumbs, allowing cybersecurity teams to identify and mitigate potential attacks while expanding their search for related activity. VirusTotal\'s existing suite of tools to analyze and understand malware IOCs, and thus the Google Threat Intelligence platform by extension, is further enhanced with Backscatter. VirusTotal has traditionally utilized dynamic analysis methods, like sandboxes, to observe malware behavior and capture IOCs. However, these methods can be time-consuming and may not yield actionable data if the malware employs anti-analysis techniques. Backscatter, a service developed by the Mandiant FLARE team, complements these methods by offering a static analysis capability that directly examines malware without executing it, leading to faster and more efficient IOC collection and high-confidence malware family identification. Additionally, Backscatter is capable of analyzing sandbox artifacts, including memory dumps, to improve support for packed and obfuscated malware that does successfully execute in dynamic environments. Within the Google Threat Intelligence platform, Backscatter shines by identifying configuration data, embedded IOCs, and other malicious artifacts hidden within malware uploaded by users. It can pinpoint command-and-control (C2 or C&C) servers, dropped files, and other signs of malware presence, rapidly generating actionable threat intelligence. All of the extracted IOCs and configuration attributes become immediately pivotable in the Google Threat Intelligence platform, allowing users to identify additional malware related to that threat actor or activity. Complementing Dynamic Analysis Backscatter enables security teams to quickly understand and defend against attacks. By leveraging Backscatter\'s extracted IOCs in conjunction with static, dynamic, and reputational data, analysts gain a more comprehensive view of potential threats, enabling them to block malicious communication, detect and remove dropped files, and ultimately neutralize attacks. Backscatter\'s static analysis approach, available in Google Threat Intelligence, provides a valuable addition to the platform\'s existing dynamic analysis capabilities. This combination offers a more comprehensive threat intelligence strategy, allowing users to leverage the strengths of both approaches for a more robust security posture. Backscatter in GTI and VirusTotal Backscatter is available to Google SecOps customers, including]]> 2025-01-14T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/backscatter-automated-configuration-extraction/ www.secnews.physaphae.fr/article.php?IdArticle=8637196 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 HackRead - Chercher Cyber Hackers Using Fake YouTube Links to Steal Login Credentials Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and…]]> 2025-01-14T13:03:02+00:00 https://hackread.com/hackers-fake-youtube-links-steal-login-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8637136 False Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite 5 Key Cyber Security Trends for 2025 As the digital world continues to evolve, threats to organizations are becoming more sophisticated, pervasive, and disruptive. Our annual 2025 State of Cyber Security Report is intended to provide cyber security leaders with critical insights into the evolving threat landscape and help them prepare for the advanced threats their organizations may face in the coming year. This year\'s report highlights several key trends that will shape the future of security, from the growing role of AI in cyber warfare to the rising threat of infostealers. Let\'s take a closer look at the five most significant cyber security trends for 2025: […]

>As the digital world continues to evolve, threats to organizations are becoming more sophisticated, pervasive, and disruptive. Our annual 2025 State of Cyber Security Report is intended to provide cyber security leaders with critical insights into the evolving threat landscape and help them prepare for the advanced threats their organizations may face in the coming year. This year\'s report highlights several key trends that will shape the future of security, from the growing role of AI in cyber warfare to the rising threat of infostealers. Let\'s take a closer look at the five most significant cyber security trends for 2025: […] ]]> 2025-01-14T13:00:14+00:00 https://blog.checkpoint.com/research/5-key-cyber-security-trends-for-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8637156 False Threat None 3.0000000000000000 Cisco - Security Firm Blog From Chaos to Clarity: Navigating Threats With Cisco XDR Cisco XDR transforms cybersecurity with enhanced threat detection and automated responses. Download the Solution Brief for detailed insights and use cases.]]> 2025-01-14T13:00:00+00:00 https://blogs.cisco.com/security/from-chaos-to-clarity-navigating-threats-with-cisco-xdr/ www.secnews.physaphae.fr/article.php?IdArticle=8637117 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms Proofpoint Named a Leader in the 2025 Gartner® Magic Quadrant™ for Digital Communications Governance and Archiving Solutions 2025-01-14T11:54:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-named-leader-2025-gartnerr-magic-quadranttm-digital www.secnews.physaphae.fr/article.php?IdArticle=8637329 False Threat,Mobile,Technical,Commercial None 3.0000000000000000 Bleeping Computer - Magazine Américain Hackers use FastHTTP in new high-speed Microsoft 365 password attacks Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]]]> 2025-01-14T10:57:07+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8637199 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Fortinet warns of auth bypass zero-day exploited to hijack firewalls Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]]]> 2025-01-14T10:24:27+00:00 https://www.bleepingcomputer.com/news/security/fortinet-warns-of-auth-bypass-zero-day-exploited-to-hijack-firewalls/ www.secnews.physaphae.fr/article.php?IdArticle=8637200 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine UK Registry Nominet Breached Via Ivanti Zero-Day The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products]]> 2025-01-14T09:45:00+00:00 https://www.infosecurity-magazine.com/news/uk-registry-nominet-breached/ www.secnews.physaphae.fr/article.php?IdArticle=8637072 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft Cracks Down on Malicious Copilot AI Use According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.]]> 2025-01-13T21:34:29+00:00 https://www.darkreading.com/application-security/microsoft-cracks-down-malicious-copilot-ai-use www.secnews.physaphae.fr/article.php?IdArticle=8636880 False Tool,Threat None 3.0000000000000000 McAfee Labs - Editeur Logiciel Scammers Exploit California Wildfires: How to Stay Safe

The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes...

The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes... ]]> 2025-01-13T21:13:43+00:00 https://www.mcafee.com/blogs/internet-security/scammers-exploit-california-wildfires-how-to-stay-safe/ www.secnews.physaphae.fr/article.php?IdArticle=8636874 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.]]> 2025-01-13T20:44:00+00:00 https://www.darkreading.com/cloud-security/cloud-attackers-exploit-max-critical-aviatrix-rce-flaw www.secnews.physaphae.fr/article.php?IdArticle=8636859 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it\'s currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in]]> 2025-01-13T19:03:00+00:00 https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8636752 False Vulnerability,Threat,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.]]> 2025-01-13T17:26:08+00:00 https://www.darkreading.com/threat-intelligence/cyberattackers-infostealers-youtube-comments-google-search www.secnews.physaphae.fr/article.php?IdArticle=8636804 False Malware,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC How Hackers Steal Your Password 2025-01-13T16:25:00+00:00 https://levelblue.com/blogs/security-essentials/how-hackers-steal-your-password www.secnews.physaphae.fr/article.php?IdArticle=8636800 False Data Breach,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain Stolen Path of Exile 2 admin account used to hack player accounts Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...]]]> 2025-01-13T15:33:46+00:00 https://www.bleepingcomputer.com/news/security/stolen-path-of-exile-2-admin-account-used-to-hack-player-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8636854 False Hack,Threat None 3.0000000000000000 ProofPoint - Cyber Firms Securing the Public Sector: How One County Strengthened Microsoft Email Security with Proofpoint 2025-01-13T13:21:11+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/county-boosts-microsoft-email-security www.secnews.physaphae.fr/article.php?IdArticle=8636731 False Tool,Threat,Legislation None 3.0000000000000000 Bleeping Computer - Magazine Américain UK domain registry Nominet confirms breach via Ivanti zero-day Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]]]> 2025-01-13T11:50:12+00:00 https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8636780 False Vulnerability,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the]]> 2025-01-13T11:31:00+00:00 https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html www.secnews.physaphae.fr/article.php?IdArticle=8636595 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Hackers Breach Telefonica Network, Leak 2.3 GB of Data Online Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat.]]> 2025-01-13T11:22:47+00:00 https://hackread.com/hackers-breach-telefonica-network-leak-data-online/ www.secnews.physaphae.fr/article.php?IdArticle=8636692 False Data Breach,Threat None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 13th January– Threat Intelligence Report For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization (ICAO), that is part of the UN, confirmed a compromise of its recruitment database that exposed 42,000 recruitment applications. The data contains records from April 2016 to […]

>For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization (ICAO), that is part of the UN, confirmed a compromise of its recruitment database that exposed 42,000 recruitment applications. The data contains records from April 2016 to […] ]]> 2025-01-13T09:41:18+00:00 https://research.checkpoint.com/2025/13th-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8636649 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Singapore\\'s CSA issues urgent advisory on Mirai botnet threat to industrial routers, smart home devices The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws... ]]> 2025-01-13T08:36:52+00:00 https://industrialcyber.co/control-device-security/singapores-csa-issues-urgent-advisory-on-mirai-botnet-threat-to-industrial-routers-smart-home-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8636630 False Threat,Industrial None 3.0000000000000000 The State of Security - Magazine Américain What Is Vulnerability Management? Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough. Companies need a vulnerability management program to ensure comprehensive risk assessment, threat minimization, and compliance...]]> 2025-01-13T04:15:00+00:00 https://www.tripwire.com/state-of-security/what-is-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8636668 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain The $55 Billion Wake-Up Call: Cybersecurity Challenges Facing UK Businesses Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial cost alone is staggering, highlighting the pressing need for improved cybersecurity across the board. A recent publication from international insurance intermediary group Howden analyzes the results...]]> 2025-01-13T04:14:57+00:00 https://www.tripwire.com/state-of-security/55-billion-wake-call-cybersecurity-challenges-facing-uk-businesses www.secnews.physaphae.fr/article.php?IdArticle=8636669 False Threat None 3.0000000000000000 Techworm - News [Zero-day] CVE-2024-49415 (CVSS score: 8.1) is an out-of-bounds write issue in the saped_rec function of the libsaped.so library, a library of C2 media service responsible for audio playback. It affected the Monkey\'s Audio (APE) decoder used in Samsung\'s flagship Galaxy S23 and S24 devices running Android versions 12, 13, and 14. “Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. The patch adds proper input validation,” read the advisory for the flaw released in December 2024 as part of Samsung\'s monthly security updates. How the attack could be performed? Natalie Silvanovich, a Google Project Zero researcher who identified and reported the vulnerability to Samsung on September 21, 2024, said that the attack could be carried out by sending a malicious audio file that does not require any user involvement (zero-click), making it potentially dangerous. The flaw occurred due to Samsung\'s handling of RCS (rich communication services) messages, specifically in how incoming audio messages are parsed and processed through the Google Messages app in Android. This setting is enabled by default on the Galaxy S23 and S24 models. “The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer,” Silvanovich wrote in her bug report. “Note that this is a fully remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes.” In a hypothetical attack scenario, an attacker can exploit the vulnerability by sending a specially crafted audio message on RCS-enabled devices, causing the device\'s media codec process (“samsung.software.media.c2”) to crash and open a way for further exploitation. In addition to the above flaw, Samsung’s December 2024 update also fixed another vulnerability: CVE-2024-49413 (CVSS score: 7.1), involving the SmartSwitch app. This flaw allowed local attackers allowed local attackers to install malicious applications by exploiting insufficient cryptographic signature verification. While Samsung has fixed the flaws, it is recommended that users update their RCS-enabled devices with the latest security updates. Additionally, it is advisable to disable RCS in Google Messages to reduce the risk of zero-click exploits further.

It’s being actively exploited.]]> 2025-01-09T17:16:38+00:00 https://www.schneier.com/blog/archives/2025/01/zero-day-vulnerability-in-ivanti-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8635350 False Vulnerability,Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber New zero-day exploit targets Ivanti VPN product Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

>Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group. ]]> 2025-01-09T17:09:03+00:00 https://cyberscoop.com/ivanti-vpn-vulnerabilities-zero-day-exploit-china-cisa/ www.secnews.physaphae.fr/article.php?IdArticle=8635351 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan Japan\'s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan\'s national]]> 2025-01-09T16:14:00+00:00 https://thehackernews.com/2025/01/mirrorface-leverages-anel-and-noopdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8635258 False Threat,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then]]> 2025-01-09T15:05:00+00:00 https://thehackernews.com/2025/01/critical-rce-flaw-in-gfi-keriocontrol.html www.secnews.physaphae.fr/article.php?IdArticle=8635240 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Cracking the Code: How Banshee Stealer Targets macOS Users Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware Threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Chrome and Telegram. A key update in the new version removed a Russian language check, expanding the malware’s potential targets. The Banshee Stealer highlights the growing risks to macOS […]

>Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware Threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Chrome and Telegram. A key update in the new version removed a Russian language check, expanding the malware’s potential targets. The Banshee Stealer highlights the growing risks to macOS […] ]]> 2025-01-09T13:00:22+00:00 https://blog.checkpoint.com/research/cracking-the-code-how-banshee-stealer-targets-macos-users/ www.secnews.physaphae.fr/article.php?IdArticle=8635272 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Google: Chinese hackers likely behind Ivanti VPN zero-day attacks Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...]]]> 2025-01-09T11:11:20+00:00 https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8635336 False Malware,Vulnerability,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial CISA\\'s Greene details focus on strengthening cybersecurity resilience with KEV Catalog, CPGs, PRNI initiatives As the U.S. critical infrastructure sector operates under continuous threat from nation-state cyber adversaries and cybercriminal organizations around...

>As the U.S. critical infrastructure sector operates under continuous threat from nation-state cyber adversaries and cybercriminal organizations around... ]]> 2025-01-09T10:04:39+00:00 https://industrialcyber.co/cisa/cisas-greene-details-focus-on-strengthening-cybersecurity-resilience-with-kev-catalog-cpgs-prni-initiatives/ www.secnews.physaphae.fr/article.php?IdArticle=8635227 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Critical Ivanti Zero-Day Exploited in the Wild Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited]]> 2025-01-09T09:45:00+00:00 https://www.infosecurity-magazine.com/news/critical-ivanti-zeroday-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8635225 False Vulnerability,Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Seven Trends to Watch for in 2025 non-functional requirements (NFR) – performance and security. I am an eternal optimist and truly believe that as silos start to erode, performance and security will rise to the same level of functional requirements in systems engineering. The secure-by-design movement is a big step in the right direction to bringing both security and performance to]]> 2025-01-09T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/seven-trends-to-watch-2025 www.secnews.physaphae.fr/article.php?IdArticle=8635181 False Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 TrendLabs Security - Editeur Antivirus Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.]]> 2025-01-09T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8635180 False Malware,Threat None 3.0000000000000000 Reversemode - Blog de reverser Aborder l'exploitation de la peur du rayonnement: un guide d'auto-évaluation pour contrer la désinformation<br>Addressing the Exploitation of Radiation Fear: A Self-Assessment Guide to Counter Disinformation Anatomy of a Nuclear Scare", an article that covers this issue.This trend does not come as a surprise, as radioactivity is one of those few things that can collectively trigger significant levels of societal anxiety and emotional, rather than rational, response, which is often disproportionate to the actual physical risks it poses. This radiation fear has been shaped during years by a mix of cultural, historical, and media-driven narratives. In recent years, increasing geopolitical instability, the ever-growing influence of social media, the return of magical thinking and the precariousness and discrediting of traditional sources of information have resulted in a constant flow of misinformation.. It\'s no coincidence that successful campaigns can be executed with limited resources, compared to traditional manipulation activities, and still have the potential to go viral, maximizing ROI.Despite the fact that these campaigns explicitly exploited-or leveraged-publicly available online resources providing real-time radiation levels, in most cases, the actions were simplistic and carried out without the need for specialized \'cyber\' skills or expertise. So far, the only exception to this trend can be found in Chernobyl\'s post-invasion radiation spikes from 2022.I see no reason to believe that we won\'t likely see similar campaigns in the near future. I also acknowledge that this topic is not everyone\'s cup of tea. You may not have the time or interest to go through detailed technical explanations of radioactivity from both physics and cybersecurity perspectives. However, for those who are really interested in that kind of in-depth reading, I\'ve published comprehensive research papers on this topic.So, I thought it might be useful to put together this publication, which is merely intended to serve as an \'emergency guide\' to quickly grasp a set of simple yet sound principles that hopefully can help everyone, regardless of their background, to approach radioactivity-related reports with a critical eye. Armed with these fundamentals of radiation monitoring, we\'ll learn how to quickly discern between stories that make sense and those that don\'t hold water.An Emergency Guide to Understanding Radioactivity and Radiation MonitoringLet\'s say that you want to build a simple cabin in a small plot of land you have in the woods. The foundations should be stable enough to ensure the structure does not collapse just right after finishing it. However, you have an unusual constraint: the only material you can use is balloons. Common sense suggests that, although balloons are not the ideal material, the best way to use them would be to keep them completely deflated. Anything built using inflated balloons will not last long; it depends on the quality of the material the balloon is made of, but everybody acknowl]]> 2025-01-08T18:35:29+00:00 https://www.reversemode.com/2025/01/addressing-exploitation-of-radiation.html www.secnews.physaphae.fr/article.php?IdArticle=8654592 False Tool,Threat,Industrial,Prediction,Technical None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection What are Botnets and How Darktrace Uncovers Them Learn how Darktrace detected and implemented defense protocols against Socks5Systemz botnet before any threat to intelligence had been published.]]> 2025-01-08T17:17:18+00:00 https://darktrace.com/blog/socks5systemz-how-darktraces-anomaly-detection-unraveled-a-stealthy-botnet www.secnews.physaphae.fr/article.php?IdArticle=8634988 False Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace Threat Research Investigates Raspberry Robin Worm The Darktrace Threat Research team investigates Raspberry Robin, an evasive worm in USB drives. Learn how to protect yourself from this malicious variant.]]> 2025-01-08T17:11:43+00:00 https://darktrace.com/blog/the-early-bird-catches-the-worm-darktraces-hunt-for-raspberry-robin www.secnews.physaphae.fr/article.php?IdArticle=8634986 False Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Cleo File Transfer Vulnerability: Patch Pitfalls and Darktrace\\'s Detection of Post-Exploitation Activities File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo\'s MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team\'s investigation into these vulnerabilities.]]> 2025-01-08T16:14:31+00:00 https://darktrace.com/blog/cleo-file-transfer-vulnerability-patch-pitfalls-and-darktraces-detection-of-post-exploitation-activities www.secnews.physaphae.fr/article.php?IdArticle=8634963 False Ransomware,Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Ivanti warns of new Connect Secure flaw used in zero-day attacks Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]]]> 2025-01-08T15:43:34+00:00 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8635045 False Malware,Vulnerability,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite New AI-Focused Modules in Our Security Awareness and Training Service Leaders know that employees can be a solid first line of defense against cyber incidents if they have the proper knowledge and understand how to spot a potential attack. However, as threat actors increasingly embrace AI to enhance the volume and velocity of their efforts, executives everywhere are growing concerned that attacks will become more difficult for personnel to identify.]]> 2025-01-08T15:00:00+00:00 https://www.fortinet.com/blog/industry-trends/ai-focused-modules-in-our-security-awareness-and-training-service www.secnews.physaphae.fr/article.php?IdArticle=8634964 False Threat None 3.0000000000000000 RedCanary - Red Canary Shrinking the haystack: The six phases of cloud threat detection Red Canary parses through 6 billion telemetry records per day to detect threats in our customers\' cloud environments. Here\'s how we do it.]]> 2025-01-08T14:29:34+00:00 https://redcanary.com/blog/threat-detection/cloud-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8634921 False Threat,Cloud None 3.0000000000000000 RedCanary - Red Canary Shrinking the haystack: Building a cloud threat detection engine A step-by-step guide to building a framework for ingesting billions of cloud telemetry records to detect and respond to cyber threats]]> 2025-01-08T14:29:01+00:00 https://redcanary.com/blog/threat-detection/cloud-threat-detection-engine/ www.secnews.physaphae.fr/article.php?IdArticle=8634922 False Threat,Cloud None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network. Ivanti and its affected customers identified the compromise based on indications from the company-supplied Integrity Checker Tool (“ICT”) along with other commercial security monitoring tools. Ivanti has been working closely with Mandiant, affected customers, government partners, and security vendors to address these issues. As a result of their investigation, Ivanti has released patches for the vulnerabilities exploited in this campaign and Ivanti customers are urged to follow the actions in the Security Advisory to secure their systems as soon as possible. Mandiant is currently performing analysis of multiple compromised Ivanti Connect Secure appliances from multiple organizations. The activity described in this blog utilizes insights collectively derived from analysis of these infected devices and have not yet conclusively tied all of the activity described below to a single actor. In at least one of the appliances undergoing analysis, Mandiant observed the deployment of the previously observed SPAWN ecosystem of malware (which includes the SPAWNANT installer, SPAWNMOLE tunneler and the SPAWNSNAIL SSH backdoor). The deployment of the SPAWN ecosystem of malware following the targeting of Ivanti Secure Connect appliances has been attributed to ]]> 2025-01-08T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8635099 False Malware,Tool,Vulnerability,Threat,Industrial,Cloud,Commercial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Scammers Exploit Microsoft 365 to Target PayPal Users A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients]]> 2025-01-08T14:00:00+00:00 https://www.infosecurity-magazine.com/news/scammers-exploit-microsoft365/ www.secnews.physaphae.fr/article.php?IdArticle=8634906 False Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace Recognized in the Gartner® Magic Quadrant™ for Email Security Platforms Darktrace is proud to announce we\'ve been recognized as a Challenger in our first appearance in the Gartner® Magic Quadrant™ for Email Security. In the report you\'ll get key insights into the evolving email threat landscape, the requirements of a modern email security platform and the role of AI in advanced threat detection.]]> 2025-01-08T11:26:50+00:00 https://darktrace.com/blog/darktrace-recognized-in-the-gartner-magic-quadrant-for-email-security www.secnews.physaphae.fr/article.php?IdArticle=8634863 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain UN aviation agency confirms recruitment database security breach The United Nations\' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...]]]> 2025-01-08T08:30:46+00:00 https://www.bleepingcomputer.com/news/security/un-aviation-agency-confirms-recruitment-database-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8634902 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Google\\'s Willow Quantum Chip and Its Potential Threat to Current Encryption Standards Google). Current Encryption Standards: Current encryption methods such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) rely on mathematical problems that are extremely difficult for classical computers to solve. These algorithms protect everything from financial transactions to government communications and personal data. However, quantum computers equipped with a significant amount of qubits and stability could potentially break these encryption methods in hours or days, rather than the millions of years it would take classical computers. The threat to current encryption standards isn\'t immediate, but it\'s becoming more concrete. In the last two years, quantum computing capabilities have advanced significantly, with Google\'s Willow chip demonstrating unprecedented levels of qubit coherence and error correction. However, quantum computers would need 13 million qubits]]> 2025-01-08T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/googles-willow-quantum-chip-and-its-potential-threat-to-current-encryption-standards www.secnews.physaphae.fr/article.php?IdArticle=8634780 False Threat,Technical None 3.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels WatchGuard acquiert ActZero pour proposer une sécurité boostée par l\'IA, évolutive et ouverte, afin d\'offrir des services MDR simplifiés 24 h/24 et 7 j/7 2025-01-08T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/watchguard-acquiert-actzero-pour-proposer-une-securite-boostee-par-lia www.secnews.physaphae.fr/article.php?IdArticle=8634958 False Tool,Threat None 3.0000000000000000 Techworm - News CISA: Recent Government Hack Only Affected US Treasury said in a statement issued on Monday. This update follows the US Treasury Department’s disclosure last Monday about a Chinese state-sponsored hacker breach of its agency\'s workstations in early December, which it described as a “major cybersecurity incident.” The cybercriminals had compromised BeyondTrust, a third-party vendor that provides identity and remote support for Treasury workstations. In a letter shared with senior U.S. House lawmakers last week, the agency said that BeyondTrust notified them of the breach on December 8th. According to the letter, the Chinese state-sponsored hackers used a Remote Support SaaS API key stolen from BeyondTrust to override the service\'s security, remotely access certain Treasury Departmental Offices (DO) user workstations, and access certain unclassified documents maintained by the employees. However, it is unclear how the BeyondTrust key was stolen. “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter added. In a statement this Monday, CISA said it “is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident.” The federal cyber watchdog added, “The security of federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.” In accordance with legal requirements, the Treasury Department has committed to providing lawmakers with an update within 30 days.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said that last week\'s cybersecurity incident was only limited to the U.S. Department of the Treasury, and had no wider government impact. “At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response,” the CISA said in a statement issued on Monday. This update follows the US Treasury Department’s disclosure last Monday about a Chinese state-sponsored hacker breach of its agency\'s workstations in early December, which it described as a “major cybersecurity incident.” The cybercriminals had compromised BeyondTrust, a third-party vendor that provides identity and remote support for Treasury workstations. In a letter shared with senior U.S. House lawmakers last week, the agency said that BeyondTrust notified them of the breach on December 8th. According to the letter, the Chinese state-sponsored hackers used a Remote Support SaaS API key stolen from BeyondTrust to override the service\'s security, remotely access certain Treasury Departmental Offices (DO) user workstations, and access certain unclassified documents maintained by the employees. However, it is unclear how the BeyondTrust key was stolen. “Based on ava]]> 2025-01-07T23:28:48+00:00 https://www.techworm.net/2025/01/cisa-recent-government-hack-only-affected-us-treasury.html www.secnews.physaphae.fr/article.php?IdArticle=8634597 False Hack,Threat,Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain PowerSchool hack exposes student, teacher data from K-12 districts Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...]]]> 2025-01-07T23:26:09+00:00 https://www.bleepingcomputer.com/news/security/powerschool-hack-exposes-student-teacher-data-from-k-12-districts/ www.secnews.physaphae.fr/article.php?IdArticle=8634751 False Hack,Threat None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.

>Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.

The cybersecurity landscape is evolving as attackers harness … (more…) The post News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes first appeared on The Last Watchdog.]]> 2025-01-07T18:34:51+00:00 https://www.lastwatchdog.com/news-alert-cytwist-launches-threat-detection-engine-tuned-to-identify-ai-driven-malware-in-minutes/ www.secnews.physaphae.fr/article.php?IdArticle=8634617 False Malware,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Brand Impersonation Scam Hijacks Travel Agency Accounts Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%). The hackers are impersonating brands and presenting fake email-based offers. Hackers\' objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain. The Full Story: The campaign hinges on the use of hacked accounts – belonging to the travel agency known as Riya – to send email messages. Messages from the accounts weaponize […]

>Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%). The hackers are impersonating brands and presenting fake email-based offers. Hackers\' objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain. The Full Story: The campaign hinges on the use of hacked accounts – belonging to the travel agency known as Riya – to send email messages. Messages from the accounts weaponize […] ]]> 2025-01-07T13:00:27+00:00 https://blog.checkpoint.com/security/brand-impersonation-scam-hijacks-travel-agency-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=8634487 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future UN aviation agency \\'actively investigating\\' cybercriminal\\'s claimed data breach The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.”]]> 2025-01-07T12:51:55+00:00 https://therecord.media/united-nations-icao-investigating-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8634489 False Data Breach,Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Greece\\'s 2024 Cyber Threat Landscape: A Year of Increased and Varied Attacks The year 2024 proved challenging for cybersecurity in Greece, with a significant surge in the volume and sophistication of cyberattacks. Ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and Advanced Persistent Threats (APTs) all significantly disrupted businesses, government services, and critical infrastructure. Efstratios Lontzetidis, a Cyber Threat Intelligence Researcher based in Greece, provided a compelling round up [...]]]> 2025-01-07T05:19:40+00:00 https://informationsecuritybuzz.com/greeces-2024-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8634366 False Ransomware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais La sécurisation des données : une expertise indispensable dans un contexte de menaces cyber croissantes Points de Vue / primetime, PINEAPPLI

La sécurisation des données : une expertise indispensable dans un contexte de menaces cyber croissantes par Jean-Marc Rietsch groupe Pineappli FISAM - Points de Vue / primetime, PINEAPPLI]]> 2025-01-06T23:30:00+00:00 https://www.globalsecuritymag.fr/la-securisation-des-donnees-une-expertise-indispensable-dans-un-contexte-de.html www.secnews.physaphae.fr/article.php?IdArticle=8634056 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Usman Choudhary, Chief Product & Technology Officer, VIPRE Security Group, offers his thoughts on security trends that will dominate in 2025 Opinion

SMEs a Target and AI Malware to Fuel Supply Chain Attacks, With Regulatory Burden Amplifying Security Training Urgency 2024 saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training. - Opinion]]> 2025-01-06T23:24:54+00:00 https://www.globalsecuritymag.fr/usman-choudhary-chief-product-technology-officer-vipre-security-group-offers.html www.secnews.physaphae.fr/article.php?IdArticle=8634430 False Ransomware,Data Breach,Malware,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch FireScam Android Spyware Campaign Poses \\'Significant Threat Worldwide\\' A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.]]> 2025-01-06T21:12:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/firescam-android-spyware-campaign-significant-threat-worldwide www.secnews.physaphae.fr/article.php?IdArticle=8634261 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) From $22M in Ransom to +100M Stolen Records: 2025\\'s All-Star SaaS Threat Actors to Watch In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)-a 75% increase from last year-and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout]]> 2025-01-06T17:00:00+00:00 https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8634094 False Threat,Cloud None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 6th January– Threat Intelligence Report For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […]

>For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […] ]]> 2025-01-06T13:26:22+00:00 https://research.checkpoint.com/2025/6th-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8634129 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New Infostealer Campaign Uses Discord Videogame Lure Threat actors are tricking victims into downloading malware with the promise of testing a new videogame]]> 2025-01-06T11:10:00+00:00 https://www.infosecurity-magazine.com/news/infostealer-campaign-discord/ www.secnews.physaphae.fr/article.php?IdArticle=8634096 False Malware,Threat None 3.0000000000000000 Veracode - Application Security Research, News, and Education Blog Innovating to Secure Software Supply Chains: Veracode Acquires Phylum, Inc. Technology for Enhanced Software Composition Analysis The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem. To address the critical threat, I\'m excited to announce Veracode\'s acquisition of Phylum Inc.\'s technology to advance our capabilities in securing software supply chains. The addition of Phylum will help the market\'s ability to combat threats through the advanced detection and mitigation of malicious packages in open-source libraries. The dependencies of software teams on open-source libraries and the threats targeting these libraries make detecting and blocking malicious packages more critical than ever. Malicious packages often contain code designed to extract sensitive information such as credentials, API…]]> 2025-01-06T10:38:18+00:00 https://www.veracode.com/blog/secure-development/innovating-secure-software-supply-chains-veracode-acquires-phylum www.secnews.physaphae.fr/article.php?IdArticle=8634160 False Tool,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Scammers Drain $500m from Crypto Wallets in a Year Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024]]> 2025-01-06T10:00:00+00:00 https://www.infosecurity-magazine.com/news/scammers-drain-500m-crypto-wallets/ www.secnews.physaphae.fr/article.php?IdArticle=8634054 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite FireScam Malware Campaign Highlights Rising Threat to Mobile Users The ubiquity of mobile applications has created a perfect storm for bad actors, offering ample opportunities to exploit unsuspecting users. One of the latest instances is FireScam, a sophisticated malware that targets Android devices. Disguised as a fake “Telegram Premium” app, FireScam uses phishing websites to lure victims into downloading malware that infects their devices [...]]]> 2025-01-06T03:38:52+00:00 https://informationsecuritybuzz.com/firescam-malware-threat-to-mobile-user/ www.secnews.physaphae.fr/article.php?IdArticle=8633966 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns The U.S. Treasury Department\'s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or]]> 2025-01-04T13:00:00+00:00 https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html www.secnews.physaphae.fr/article.php?IdArticle=8633373 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais La gestion continue de l\'exposition aux menaces, l\'atout de la résilience numérique Points de Vue

Benoit GRUNEMWALD, Directeur des Affaires Publiques ESET France et Afrique francophone La transformation numérique des entreprises s\'accompagne d\'une complexification sans précédent, touchant à la fois les risques, les menaces, les acteurs de la menace et les vulnérabilités d\'un système d\'information en mouvement. Une approche traditionnelle et ponctuelle d\'analyse de vulnérabilité montre ces limites. Entre en scène la Gestion Continue de l\'Exposition aux Menaces (CTEM), une méthodologie proactive qui redéfinit notre rapport à la cyberdéfense. - Points de Vue]]> 2025-01-03T22:19:53+00:00 https://www.globalsecuritymag.fr/la-gestion-continue-de-l-exposition-aux-menaces-l-atout-de-la-resilience.html www.secnews.physaphae.fr/article.php?IdArticle=8633258 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (]]> 2025-01-03T13:46:00+00:00 https://thehackernews.com/2025/01/ldapnightmare-poc-exploit-crashes-lsass.html www.secnews.physaphae.fr/article.php?IdArticle=8633030 False Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk of cyberwarfare is going on "up there" somewhere. In reality, most breaches still originate from unforced errors, and threat actors are just like anybody else – they don\'t like working harder than they need to. That\'s why the golden rule of cybercrime seems to be "try the easy stuff first." And some of the easiest things are doors that...]]> 2025-01-03T02:31:13+00:00 https://www.tripwire.com/state-of-security/configurations-mega-blog-why-configurations-are-wrong-thing-get-wrong www.secnews.physaphae.fr/article.php?IdArticle=8633028 False Malware,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive 2025-01-02T20:53:57+00:00 https://www.darkreading.com/application-security/vicone-and-zero-day-initiative-zdi-to-lead-pwn2own-automotive www.secnews.physaphae.fr/article.php?IdArticle=8632859 False Threat None 3.0000000000000000 TechRepublic - Security News US China-Linked Cyber Threat Group Hacks US Treasury Department Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year.]]> 2025-01-02T19:45:06+00:00 https://www.techrepublic.com/article/us-treasury-data-breach-china/ www.secnews.physaphae.fr/article.php?IdArticle=8632857 False Threat None 2.0000000000000000 Palo Alto Network - Site Constructeur Breaking Encryption: How To Prepare For Tomorrow\\'s Quantum Risk Today There\'s a growing threat looming over our collective privacy and security - and that\'s quantum computing. ]]> 2025-01-02T19:32:05+00:00 https://www.paloaltonetworks.com/blog/2025/01/breaking-encryption-how-to-prepare-for-tomorrows-quantum-risk-today/ www.secnews.physaphae.fr/article.php?IdArticle=8632841 False Threat None 2.0000000000000000