This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T07:11:59+00:00 www.secnews.physaphae.fr HackRead - Chercher Cyber A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software\'s creator and other security researchers.]]> 2025-01-02T18:39:30+00:00 https://hackread.com/fake-7-zip-exploit-code-ai-generated-misinterpretation/ www.secnews.physaphae.fr/article.php?IdArticle=8632825 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS]]> 2025-01-02T16:23:00+00:00 https://thehackernews.com/2025/01/cross-domain-attacks-growing-threat-to.html www.secnews.physaphae.fr/article.php?IdArticle=8632692 False Threat,Cloud None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence A Primer for Senior Stakeholders What is DORA (Digital Operational Resilience Act)? The Digital Operational Resilience Act (DORA) is...]]> 2025-01-02T16:06:02+00:00 https://www.team-cymru.com/post/dora-regulation-digital-operational-resilience-act-a-threat-intelligence-perspective www.secnews.physaphae.fr/article.php?IdArticle=8632771 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite As the digital threat landscape grows increasingly complex, organizations are under mounting pressure to secure their environments against a variety of risks, from ransomware and phishing to sophisticated zero-day exploits. Businesses need security solutions that not only prevent breaches but are also straightforward to deploy, manage, and adapt as their needs evolve. Trofi Security serves a diverse range of customers, from small startups to large enterprises, addressing their unique challenges with tailored solutions. While small and mid-sized businesses (SMBs) often face hurdles like limited IT capabilities and budgets, Trofi ensures they are not left behind, delivering robust, scalable cyber security […]

---

>As the digital threat landscape grows increasingly complex, organizations are under mounting pressure to secure their environments against a variety of risks, from ransomware and phishing to sophisticated zero-day exploits. Businesses need security solutions that not only prevent breaches but are also straightforward to deploy, manage, and adapt as their needs evolve. Trofi Security serves a diverse range of customers, from small startups to large enterprises, addressing their unique challenges with tailored solutions. While small and mid-sized businesses (SMBs) often face hurdles like limited IT capabilities and budgets, Trofi ensures they are not left behind, delivering robust, scalable cyber security […] ]]> 2025-01-02T13:00:53+00:00 https://blog.checkpoint.com/customer-stories/building-cyber-resilience-with-trofi-security-and-check-point/ www.secnews.physaphae.fr/article.php?IdArticle=8632724 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.]]> 2025-01-01T18:54:00+00:00 https://thehackernews.com/2025/01/new-doubleclickjacking-exploit-bypasses.html www.secnews.physaphae.fr/article.php?IdArticle=8632412 False Vulnerability,Threat None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Phishing-as-a-Service (PhaaS) platforms have lowered entry barriers for cybercriminals, leading to sophisticated AiTM phishing attacks. Darktrace\'s AI-driven solutions, including Darktrace / EMAIL, effectively counter these threats by identifying and neutralizing phishing attempts. Recently, Darktrace investigated a notable example involving MFA. Read about the Threat Research team\'s findings here.]]> 2025-01-01T16:10:00+00:00 https://darktrace.com/blog/a-snake-in-the-net-defending-against-aitm-phishing-threats-and-mamba-2fa www.secnews.physaphae.fr/article.php?IdArticle=8632787 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite US officials have announced that threat actors linked to China have leveraged vulnerabilities in BeyondTrust\'s remote support software to steal documents in what Treasury Department officials called a “major incident” in a letter to lawmakers. The investigation is still ongoing, but we can outline several key details, insights, and remediation pathways based on available facts. According to reports, the attack leveraged two specific vulnerabilities in BeyondTrust\'s remote support software: CVE-2024-12356 (CVSS 9.8): A critical vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software that allowed unauthorized attackers to gain access through improperly validated API endpoints. CVE-2024-12686 (CVSS […]

---

>US officials have announced that threat actors linked to China have leveraged vulnerabilities in BeyondTrust\'s remote support software to steal documents in what Treasury Department officials called a “major incident” in a letter to lawmakers. The investigation is still ongoing, but we can outline several key details, insights, and remediation pathways based on available facts. According to reports, the attack leveraged two specific vulnerabilities in BeyondTrust\'s remote support software: CVE-2024-12356 (CVSS 9.8): A critical vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software that allowed unauthorized attackers to gain access through improperly validated API endpoints. CVE-2024-12686 (CVSS […] ]]> 2024-12-31T20:53:15+00:00 https://blog.checkpoint.com/security/what-you-need-to-know-about-the-us-treasury-breach-and-how-to-protect-your-organization-from-a-major-incident/ www.secnews.physaphae.fr/article.php?IdArticle=8632147 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot FireScam is a sophisticated Android malware distributed via phishing websites hosted on GitHub.io. ## Description Posing as a “Telegram Premium” app, it mimics the RuStore app store to trick users into downloading a malicious APK dropper. Once installed, FireScam initiates a multi-stage infection process, deploying spyware that surveils the device extensively. It exfiltrates sensitive data, including messages, notifications, and e-commerce transactions, to Firebase Realtime Database endpoints. Key capabilities of FireScam include monitoring notifications across multiple apps, capturing clipboard content, and logging device activity, such as screen state changes and user engagement. The malware also employs obfuscation techniques and sandbox detection mechanisms to evade security tools, ensuring persistence on compromised devices. Additionally, it utilizes Firebase for command-and-control communication and data exfiltration, further obscuring its malicious activities. FireScam exploits dynamic broadcast receivers and permissions to gain backdoor access to sensitive device events. Its phishing website delivers a realistic Tel]]> 2024-12-31T20:28:31+00:00 https://community.riskiq.com/article/01d83d9e www.secnews.physaphae.fr/article.php?IdArticle=8632163 False Malware,Tool,Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) any any ( \     msg:"VULNCHECK Four-Faith CVE-2024-12856 Exploit Attempt"; \     flow:to\_server; \     http.method; content:"POST"; \     http.uri; content:"/apply.cgi"; startswith; \     http.header\_names; content:"Authorization"; \     http.request\_body; content:"change\_action="; \     content:"adjust\_sys\_time"; \     pcre:"/adj\_time\_[^=]+=[a-zA-Z0-9]\*[^a-zA-Z0-9=]/"; \     classtype:web-application-attack; \     reference:cve,CVE-2024-12856; \     sid:12700438; rev:1;) Microsoft recommends detect critical data security risks before they evolve into real incidents through reconnaissance and vulnerability scanning to identify security weaknesses that could be used in a cyberattack.   - Regularly update and patch software to protect against known vulnerabilities, using [Microsoft Defender vulnerability management dashboard](https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-dashboard-insights). Read more about how [vulnerability management](https://www.microsoft.com/en-us/security/business/security-101/what-is-vulnerability-management) works. Additionally, [integrate your Security Inform]]> 2024-12-31T20:19:48+00:00 https://community.riskiq.com/article/063596f6 www.secnews.physaphae.fr/article.php?IdArticle=8632164 False Tool,Vulnerability,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens\' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our]]> 2024-12-31T16:56:00+00:00 https://thehackernews.com/2024/12/new-us-doj-rule-halts-bulk-data.html www.secnews.physaphae.fr/article.php?IdArticle=8632006 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based]]> 2024-12-31T11:12:00+00:00 https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html www.secnews.physaphae.fr/article.php?IdArticle=8631932 False Threat None 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber According to a letter sent to Senate leaders and obtained by CyberScoop, the compromises occurred through third-party software provider BeyondTrust, which provides identity and access management security solutions.

---

>According to a letter sent to Senate leaders and obtained by CyberScoop, the compromises occurred through third-party software provider BeyondTrust, which provides identity and access management security solutions. ]]> 2024-12-30T21:54:28+00:00 https://cyberscoop.com/treasury-workstations-hacked-china-beyondtrust-identity-access-management/ www.secnews.physaphae.fr/article.php?IdArticle=8631792 False Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The threat actor known as "EC2 Grouper" has been identified as a prolific entity in cloud-based attacks, particularly within AWS environments. EC2 Grouper is recognized for their consistent use of AWS tools for PowerShell, as indicated by their user agent strings, and a distinct security group naming convention that appends a sequential combination of numbers to "ec2group." ## Description Their attacks often involve the CreateSecurityGroup API to facilitate remote access and lateral movement. The group\'s activities appear to be automated, with API calls to inventory EC2 types and retrieving information about available regions. Additionally, the group gathers details on VPCs, security groups, account attributes, service quotas, and existing EC2 instances. They also attempt to launch new EC2 instances using the security groups they create. The primary method of initial infiltration for EC2 Grouper is believed to be through compromised cloud access keys that are mistakenly committed to public code repositories.  Once these credentials are obtained, EC2 Grouper launches their attacks, which are often accompanied by attacks from other threat actors. Despite the automation and the use of specific APIs, there has been no observed manual activity or actions based on objectives in compromised cloud environments, suggesting that the accounts may have been detected and quarantined before further escalation. The general objective of EC2 Grouper is suspected to be resource hijacking, although the specific end goals remain unconfirmed. Detection strategies include looking for legitimate secret scanning services and correlating various signals to reduce false positives. ## References [Catching "EC2 Grouper"- no indicators required](https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required). Fortinet (accessed 2024-12-30) ## Copyright **© Micr]]> 2024-12-30T21:53:26+00:00 https://community.riskiq.com/article/3a7cd61a www.secnews.physaphae.fr/article.php?IdArticle=8631809 False Tool,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-30T19:16:07+00:00 https://community.riskiq.com/article/14ca8afc www.secnews.physaphae.fr/article.php?IdArticle=8631775 False Malware,Tool,Vulnerability,Threat APT 45 2.0000000000000000 Recorded Future - FLux Recorded Future An account with the name @NSA_Employee39 claimed to have dropped a zero-day vulnerability for the popular file archive software 7-Zip. Nobody could get it to work.]]> 2024-12-30T16:35:58+00:00 https://therecord.media/fake-zero-day-7Zip www.secnews.physaphae.fr/article.php?IdArticle=8631709 False Vulnerability,Threat None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Get detailed tactics associated with EC2 Grouper and how Lacework FortiCNAPP can be leveraged to detect this threat.]]> 2024-12-30T16:00:00+00:00 https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required www.secnews.physaphae.fr/article.php?IdArticle=8631693 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-12-30T13:22:42+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/why-mfa-good-not-good-enough-need-defense-depth-combat-mfa-bypass www.secnews.physaphae.fr/article.php?IdArticle=8631659 False Tool,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Last week\'s OSINT reporting highlights the persistence and evolution of cyber threats targeting a wide range of sectors, from cryptocurrency exchanges to aerospace and defense industries. The predominant attack vectors include phishing, exploitation of long-standing vulnerabilities, and the use of advanced malware like StealBit, OtterCookie, and VBCloud. Threat actors such as North Korea\'s Lazarus Group and TraderTraitor, as well as botnets like FICORA and CAPSAICIN, continue to refine their tactics, leveraging]]> 2024-12-30T12:02:43+00:00 https://community.riskiq.com/article/2ec56fef www.secnews.physaphae.fr/article.php?IdArticle=8631656 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 30th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Clop ransomware gang exploited a zero-day vulnerability (CVE-2024-50623) in Cleo’s Secure File Transfer products and is extorting 66 companies following alleged data theft. The attackers have given the victims 48 hours […]

---

>For the latest discoveries in cyber research for the week of 30th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Clop ransomware gang exploited a zero-day vulnerability (CVE-2024-50623) in Cleo’s Secure File Transfer products and is extorting 66 companies following alleged data theft. The attackers have given the victims 48 hours […] ]]> 2024-12-30T09:54:31+00:00 https://research.checkpoint.com/2024/30th-december-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8631590 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The State of Security - Magazine Américain Imagine a seemingly minor misconfiguration in your cloud storage or an employee accidentally emailing a sensitive file to the wrong person. These incidents might seem trivial, but they can quickly snowball into a massive data breach, causing financial consequences. This scenario is a stark reminder of the importance of understanding and preventing data leaks. Data leaks are a threat to organizations, and developers can play a crucial role in preventing them. Understanding the causes and consequences of data leaks and implementing robust security measures can significantly reduce your...]]> 2024-12-30T02:31:15+00:00 https://www.tripwire.com/state-of-security/understanding-data-leaks-causes-consequences-and-prevention-strategies www.secnews.physaphae.fr/article.php?IdArticle=8631588 False Data Breach,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.]]> 2024-12-30T01:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/deepfakes-quantum-attacks-apac-2025 www.secnews.physaphae.fr/article.php?IdArticle=8630615 False Tool,Threat None 2.0000000000000000 The Register - Site journalistique Anglais \'The greatest concern is with spear phishing and social engineering\' Interview  Now that criminals have realized there\'s no need to train their own LLMs for any nefarious purposes - it\'s much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real.…]]> 2024-12-29T18:20:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/12/29/llm_supply_chain_attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8631370 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Two botnets tracked as \'Ficora\' and \'Capsaicin\' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. [...]]]> 2024-12-29T10:09:28+00:00 https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8631557 False Malware,Threat None 2.0000000000000000 HackRead - Chercher Cyber Mirai and Keksec botnet variants are exploiting critical vulnerabilities in D-Link routers. Learn about the impact, affected devices, and how to protect yourself from these attacks.]]> 2024-12-28T15:52:01+00:00 https://hackread.com/ficora-capsaicin-botnet-d-link-router-flaws-ddos-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8630986 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works]]> 2024-12-28T11:55:00+00:00 https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html www.secnews.physaphae.fr/article.php?IdArticle=8630854 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into]]> 2024-12-27T23:12:00+00:00 https://thehackernews.com/2024/12/north-korean-hackers-deploy-ottercookie.html www.secnews.physaphae.fr/article.php?IdArticle=8630680 False Malware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-27T20:35:48+00:00 https://community.riskiq.com/article/68a374b4 www.secnews.physaphae.fr/article.php?IdArticle=8630725 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg]]> 2024-12-27T16:40:00+00:00 https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8630564 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-27T16:14:14+00:00 https://community.riskiq.com/article/b5a152a8 www.secnews.physaphae.fr/article.php?IdArticle=8630663 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings]]> 2024-12-27T12:41:00+00:00 https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html www.secnews.physaphae.fr/article.php?IdArticle=8630508 False Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...]]]> 2024-12-27T11:33:21+00:00 https://www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/ www.secnews.physaphae.fr/article.php?IdArticle=8630648 False Vulnerability,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. [...]]]> 2024-12-27T10:39:23+00:00 https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/ www.secnews.physaphae.fr/article.php?IdArticle=8630631 False Threat None 2.0000000000000000 Kaspersky - Kaspersky Research blog The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024.]]> 2024-12-27T10:00:46+00:00 https://securelist.com/ics-cert-q3-2024-report/115182/ www.secnews.physaphae.fr/article.php?IdArticle=8630549 False Threat,Industrial None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news]]> 2024-12-27T10:00:00+00:00 https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-december-2024-edition/ www.secnews.physaphae.fr/article.php?IdArticle=8648717 False Vulnerability,Threat,Legislation None 2.0000000000000000 Dark Reading - Informationweek Branch From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.]]> 2024-12-26T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 www.secnews.physaphae.fr/article.php?IdArticle=8630223 False Vulnerability,Threat,Prediction None 3.0000000000000000 Bleeping Computer - Magazine Américain North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. [...]]]> 2024-12-26T11:53:10+00:00 https://www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/ www.secnews.physaphae.fr/article.php?IdArticle=8630269 False Malware,Threat None 3.0000000000000000 HackRead - Chercher Cyber iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems]]> 2024-12-26T10:58:01+00:00 https://hackread.com/dark-web-operation-entirely-focused-on-kyc-bypass/ www.secnews.physaphae.fr/article.php?IdArticle=8630176 False Threat None 2.0000000000000000 Korben - Bloger francais avec Surfshark – Face à la multiplication des menaces en ligne, Surfshark bouleverse les codes avec son offre One. Loin des solutions fragmentées habituelles, ce pack réunit les outils indispensables pour une sécurité numérique complète, propulsé par un antivirus qui avait déjà redéfini les standards du marché. Il faut dire que l’antivirus Surfshark ne fait pas dans la demi-mesure. Testé (notamment) par le laboratoire indépendant AV-TEST, il décroche l’excellence avec un 6/6 en Protection et Usage, complété par un solide 5,5/6 en Performance. Des résultats qui parlent d’eux-mêmes et qui montrent encore une fois le sérieux de la société. Ils n’ont pas grillé les étapes en voulant toucher à tout directement. D’abord ils se sont imposés avec le VPN que vous connaissez bien, puis ils ont élargi leur catalogue avec leur suite d’outils de sécurité. Dont un antivirus qui repose sur le moteur d’un des antivirus les plus reconnus du marché, Avira.

---

– Article en partenariat avec Surfshark – Face à la multiplication des menaces en ligne, Surfshark bouleverse les codes avec son offre One. Loin des solutions fragmentées habituelles, ce pack réunit les outils indispensables pour une sécurité numérique complète, propulsé par un antivirus qui avait déjà redéfini les standards du marché. Il faut dire que l’antivirus Surfshark ne fait pas dans la demi-mesure. Testé (notamment) par le laboratoire indépendant AV-TEST, il décroche l’excellence avec un 6/6 en Protection et Usage, complété par un solide 5,5/6 en Performance. Des résultats qui parlent d’eux-mêmes et qui montrent encore une fois le sérieux de la société. Ils n’ont pas grillé les étapes en voulant toucher à tout directement. D’abord ils se sont imposés avec le VPN que vous connaissez bien, puis ils ont élargi leur catalogue avec leur suite d’outils de sécurité. Dont un antivirus qui repose sur le moteur d’un des antivirus les plus reconnus du marché, Avira.]]> 2024-12-26T10:00:00+00:00 https://korben.info/surfshark-one-protection-numerique-repensee.html www.secnews.physaphae.fr/article.php?IdArticle=8630158 False Tool,Threat None 2.0000000000000000 HackRead - Chercher Cyber Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…]]> 2024-12-25T22:24:39+00:00 https://hackread.com/seo-poisoning-how-scammers-search-engines-traps/ www.secnews.physaphae.fr/article.php?IdArticle=8630000 False Malware,Threat None 2.0000000000000000 Techworm - News NIST advisory reads. For those unaware, ColdFusion is an application server and web programming language that facilitates dynamic web page creation by enabling communication with back-end systems based on user input, database queries, or other criteria. “Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,” Adobe said in an advisory released on Monday. Adobe has assigned the flaw a “Priority 1” severity rating, the highest possible level, due to the “higher risk of being targeted by exploit(s) in the wild for a given product version and platform.” The company has released emergency security patches (ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12). It has recommended users install these patches “within 72 hours” to mitigate any potential security risks associated with this critical flaw. Further, Adobe has suggested that users apply the security configuration settings detailed in the ColdFusion 2023 and ColdFusion 2021 lockdown guides. While Adobe has yet to confirm any active exploitation of the vulnerability, it has urged users to review the updated serial filter documentation to safeguard against insecure WDDX deserialization attacks.

---

Adobe has issued an out-of-band security update to address a critical ColdFusion vulnerability, which has a proof-of-concept (PoC) exploit code that is publicly available. The vulnerability identified as CVE-2024-53961 (CVSS score: 7.4) arises from a path traversal flaw, which impacts Adobe ColdFusion versions 2023 (Update 11 and earlier) and 2021 (Update 17 and earlier). If exploited, this flaw can enable attackers to gain unauthorized access to arbitrary files on compromised servers, potentially exposing data. “An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data,” a NIST advisory reads. For those unaware, ColdFusion is an application server and web programming language that facilitates dynamic web]]> 2024-12-25T17:39:39+00:00 https://www.techworm.net/2024/12/adobe-warns-critical-coldfusion-flaw-poc-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8630523 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social]]> 2024-12-24T15:10:00+00:00 https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html www.secnews.physaphae.fr/article.php?IdArticle=8629468 False Threat None 3.0000000000000000 HackRead - Chercher Cyber KEY SUMMARY POINTS Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of…]]> 2024-12-23T20:06:03+00:00 https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8629231 False Malware,Threat APT 38 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-23T13:46:44+00:00 https://community.riskiq.com/article/59f80c3d www.secnews.physaphae.fr/article.php?IdArticle=8629143 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical None 3.0000000000000000 Global Security Mag - Site de news francais Points de Vue

---

Rétrospective cybersécurité : 2024, l\'année des cyberattaques à motivation politique Par Richard Hummel, Senior Threat Intelligence Manager chez NETSCOUT - Points de Vue]]> 2024-12-23T13:14:36+00:00 https://www.globalsecuritymag.fr/retrospective-cybersecurite-2024-l-annee-des-cyberattaques-a-motivation.html www.secnews.physaphae.fr/article.php?IdArticle=8629127 False Threat None 3.0000000000000000 TechRepublic - Security News US A look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025.]]> 2024-12-23T13:00:46+00:00 https://www.techrepublic.com/article/cyber-threat-landscape-lessons-learned-whats-ahead/ www.secnews.physaphae.fr/article.php?IdArticle=8629122 False Threat None 2.0000000000000000 Dragos - CTI Society In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and... The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service  first appeared on Dragos.

---

>In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and... The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service  first appeared on Dragos.]]> 2024-12-23T13:00:00+00:00 https://www.dragos.com/blog/on-demand-actionable-cyber-threat-insights-with-dragos-worldview-rfi-service/ www.secnews.physaphae.fr/article.php?IdArticle=8629123 False Threat,Industrial None 2.0000000000000000 Team Cymru - Equipe de Threat Intelligence What is JA4+ and Why Does It Matter? Introduction Threat analysts and researchers are continually seeking tools and methodologies to gain...]]> 2024-12-23T12:44:29+00:00 https://www.team-cymru.com/post/a-primer-on-ja4-empowering-threat-analysts-with-better-traffic-analysis www.secnews.physaphae.fr/article.php?IdArticle=8629104 False Tool,Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 23rd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The State of Rhode Island has issued a notification that RIBridges, the state’s portal for social services, has suffered a cyber attack and data leak. According to the reports, the breach was […]

---

>For the latest discoveries in cyber research for the week of 23rd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The State of Rhode Island has issued a notification that RIBridges, the state’s portal for social services, has suffered a cyber attack and data leak. According to the reports, the breach was […] ]]> 2024-12-23T12:05:55+00:00 https://research.checkpoint.com/2024/23rd-december-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8629087 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais ANTIVIRUS - ANTISPAM - ANTISPYWARE - EDR - FILTRAGE, LUTTE CONTRE LES CYBER-MENACES, SOLUTIONS D\'IA, SCADA...

---

www.cybi.fr Contact : Lauret NOË Année de création : 2022 Activités : Cybi est un éditeur de solutions en cybersécurité qui met l\'intelligence artificielle au cœur de ses technologies pour détecter, analyser et neutraliser les menaces de manière proactive et évolutive. Description du produit phare pour 2025 : SCUBA est une solution de cybersécurité avancée qui utilise l\'intelligence artificielle pour détecter, corréler et neutraliser les menaces en temps réel. Flexible et évolutive, elle offre une (...) - ANTIVIRUS - ANTISPAM - ANTISPYWARE - EDR - FILTRAGE, LUTTE CONTRE LES CYBER-MENACES, SOLUTIONS D\'IA, SCADA...]]> 2024-12-23T11:27:40+00:00 https://www.globalsecuritymag.fr/cybi.html www.secnews.physaphae.fr/article.php?IdArticle=8629086 False Threat None 2.0000000000000000 Sygnia - CyberSecurity Firm Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework.

---

>Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework. ]]> 2024-12-23T08:06:27+00:00 https://www.sygnia.co/guides-and-tools/ics-ot-threat-detection-guide/ www.secnews.physaphae.fr/article.php?IdArticle=8629005 False Threat,Industrial None 2.0000000000000000 ProofPoint - Cyber Firms 2024-12-23T06:52:23+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-leader-2024-gartner-magic-quadrant-email-security www.secnews.physaphae.fr/article.php?IdArticle=8629180 False Ransomware,Spam,Malware,Tool,Threat,Cloud,Technical,Commercial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-20T18:52:43+00:00 https://community.riskiq.com/article/81b47d0d www.secnews.physaphae.fr/article.php?IdArticle=8628075 True Spam,Malware,Tool,Threat,Mobile,Medical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-20T18:11:45+00:00 https://community.riskiq.com/article/9d76113f www.secnews.physaphae.fr/article.php?IdArticle=8628076 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company\'s popular routers is more about geopolitics than actual cybersecurity - and that may not be a bad thing.]]> 2024-12-20T17:23:44+00:00 https://www.darkreading.com/endpoint-security/us-ban-tp-link-routers-politics-exploitation-risk www.secnews.physaphae.fr/article.php?IdArticle=8628040 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are]]> 2024-12-20T16:14:00+00:00 https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html www.secnews.physaphae.fr/article.php?IdArticle=8627927 False Malware,Threat APT 38 4.0000000000000000 Dark Reading - Informationweek Branch Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment - it calls for a collaborative effort.]]> 2024-12-20T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/how-nation-state-cybercriminals-target-enterprise www.secnews.physaphae.fr/article.php?IdArticle=8627987 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. [...]]]> 2024-12-20T12:47:54+00:00 https://www.bleepingcomputer.com/news/security/malicious-rspack-vant-packages-published-using-stolen-npm-tokens/ www.secnews.physaphae.fr/article.php?IdArticle=8628042 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-12-20T10:44:33+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/revolutionizing-cybersecurity-operations-with-generative-ai www.secnews.physaphae.fr/article.php?IdArticle=8627965 False Tool,Vulnerability,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) disclosed... ]]> 2024-12-20T08:59:48+00:00 https://industrialcyber.co/medical/hc3-reveals-credential-harvesting-threat-targeting-healthcare-sector-provides-mitigation-strategies-to-reduce-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8627865 False Threat,Medical None 3.0000000000000000 ProofPoint - Cyber Firms 2024-12-20T08:29:10+00:00 https://www.proofpoint.com/us/blog/identity-threat-defense/active-directory-compromise-risks-prevention www.secnews.physaphae.fr/article.php?IdArticle=8627964 False Ransomware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-20T01:01:31+00:00 https://community.riskiq.com/article/ff7a63bc www.secnews.physaphae.fr/article.php?IdArticle=8627768 False Spam,Malware,Tool,Threat,Mobile,Cloud,Technical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot In November 2024, researchers from Wiz identified a threat actor, dubbed JINX-2401, attempting to hijack large language models (LLMs) across multiple Amazon Web Services (AWS) environments. ## Description This attack exploited compromised IAM user access keys (AKIA) to gain entry into cloud accounts, aiming to invoke Bedrock LLM models for unauthorized purposes. According to Wiz, while LLM abuse in cloud environments has been reported before, this campaign is notable due to the attacker\'s unique privilege escalation and persistence techniques. The investigation began when Wiz observed a Proton VPN IP ad]]> 2024-12-19T22:46:37+00:00 https://community.riskiq.com/article/729893a5 www.secnews.physaphae.fr/article.php?IdArticle=8627719 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are]]> 2024-12-19T19:26:00+00:00 https://thehackernews.com/2024/12/thousands-download-malicious-npm.html www.secnews.physaphae.fr/article.php?IdArticle=8627545 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the]]> 2024-12-19T14:10:00+00:00 https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html www.secnews.physaphae.fr/article.php?IdArticle=8627441 False Malware,Threat,Mobile None 2.0000000000000000 ProjectZero - Blog de recherche Google "A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as tightly as possible, while in memory, easy and efficient random access is typically prioritized. The regf format aims to bypass the reparsing step – likely to optimize the memory/disk synchronization process – and reconcile the two types of data encodings into a single one that is both relatively compact and easy to operate on at the same time. This explains, for instance, why hives don\'t natively support compression (but the clients are of course free to store compressed data in the registry). This unique approach comes with its own set of challenges, and has been a contributing factor in a number of historical vulnerabilities. Throughout the 30 years of the format\'s existence, Microsoft has never released its official specification. However, the data layout of all of the building blocks making up a hive (file header, bin headers, cell structures) are effectively public through the PDB symbols for the Windows kernel image (ntoskrnl.exe) available on the Microsoft Symbol Server. Furthermore, the Windows Internals book series also includes a section that delves into the specifics of the regf format (named Hive structure). Lastly, forensics experts have long expressed interest in the format for analysis purposes, resulting in the creation of several unofficial specifications based on reverse engineering, experimentation and deduction. These sources have been listed in my earlier Learning resources blog post; the two most extensive specifications of this kind can be found here and here. The intent of this post is not to repeat the information compiled in the existing resources, but rather to highlight specific parts of the format that have major relevance to security, or provide some extra context where I found it missing. A deep understanding of the low-level regf format will prove invaluable in grasping many of the higher-level concepts in the registry, as well as the technical details of software bugs discussed in f]]> 2024-12-19T11:03:53+00:00 https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html www.secnews.physaphae.fr/article.php?IdArticle=8627647 False Hack,Tool,Vulnerability,Threat,General Information,Studies,Legislation,Technical None 4.0000000000000000 Security Intelligence - Site de news Américain On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The […]

---

>On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The […] ]]> 2024-12-19T11:00:00+00:00 https://securityintelligence.com/posts/black-friday-chaos-return-of-gozi-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8628835 False Malware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI]]> 2024-12-19T10:30:00+00:00 https://www.infosecurity-magazine.com/news/epss-exposed-to-adversarial-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8627462 False Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 Sekoia - Cyber Firms In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed by Victor Alvarez of VirusTotal, YARA has become a vital tool for security professionals seeking to streamline their threat-hunting processes. The Sekoia.io Threat Detection and Research […] La publication suivante Happy YARA Christmas! est un article de Sekoia.io Blog.

---

>In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed by Victor Alvarez of VirusTotal, YARA has become a vital tool for security professionals seeking to streamline their threat-hunting processes. The Sekoia.io Threat Detection and Research […] La publication suivante Happy YARA Christmas! est un article de Sekoia.io Blog.]]> 2024-12-19T08:43:29+00:00 https://blog.sekoia.io/happy-yara-christmas/ www.secnews.physaphae.fr/article.php?IdArticle=8627445 False Malware,Tool,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-12-19T07:19:54+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-gift-holiday-lures-threat-landscape www.secnews.physaphae.fr/article.php?IdArticle=8627443 False Malware,Threat None 2.0000000000000000 The State of Security - Magazine Américain When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it\'s also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts. This is concerning because the recent IBM 2024 Cost of Data Breach survey found that the cost of a...]]> 2024-12-19T04:32:58+00:00 https://www.tripwire.com/state-of-security/insider-threats-root-causes-mitigation-practices www.secnews.physaphae.fr/article.php?IdArticle=8627461 False Data Breach,Tool,Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-18T22:08:21+00:00 https://community.riskiq.com/article/4eaadc3a www.secnews.physaphae.fr/article.php?IdArticle=8627273 False Malware,Tool,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin\'s regime.]]> 2024-12-18T20:23:22+00:00 https://www.darkreading.com/threat-intelligence/recorded-future-russias-undesirable-designation-compliment www.secnews.physaphae.fr/article.php?IdArticle=8627242 False Threat None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at WPScan have disclosed a critical vulnerability, CVE-2024-11972, in the Hunk Companion plugin that allows unauthenticated attackers to install and activate plugins directly from the WordPress.org repository via POST requests. ## Description This flaw poses significant risks, enabling the installation of vulnerable or removed plugins, which attackers can exploit for Remote Code Execution (RCE), SQL Injection, Cross-Site Scripting (XSS), and other attacks. These exploits can lead to compromised administrative access, database manipulation, and persistent backdoor creation. The investigation revealed that attackers exploit this vulnerability through a two-step process: first, they install and activate the WP Query Console plugin, which has its own RCE vulnerability ([CVE-2024-50498](https://security.microsoft.com/intel-explorer/cves/CVE-2024-50498/)). Then, they leverage this RCE to execute malicious PHP code, such as deploying a PHP dropper for ongoing unauthorized uploads and access. The vulnerability in Hunk Companion persisted until version 1.9.0, despite earlier claims that it was patched in versions 1.8]]> 2024-12-18T19:51:27+00:00 https://community.riskiq.com/article/95a327d2 www.secnews.physaphae.fr/article.php?IdArticle=8627219 False Vulnerability,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-18T19:29:52+00:00 https://community.riskiq.com/article/262002cf www.secnews.physaphae.fr/article.php?IdArticle=8627220 True Ransomware,Malware,Tool,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-18T18:56:30+00:00 https://community.riskiq.com/article/4098d913 www.secnews.physaphae.fr/article.php?IdArticle=8627194 True Ransomware,Malware,Tool,Threat,Mobile,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously]]> 2024-12-18T16:45:00+00:00 https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html www.secnews.physaphae.fr/article.php?IdArticle=8627043 False Threat APT 29 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains]]> 2024-12-18T14:00:00+00:00 https://www.infosecurity-magazine.com/news/threat-actors-exploit-vscode/ www.secnews.physaphae.fr/article.php?IdArticle=8627070 False Threat None 2.0000000000000000 Security Intelligence - Site de news Américain For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last […]

---

>For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last […] ]]> 2024-12-18T14:00:00+00:00 https://securityintelligence.com/articles/cloud-threat-landscape-report-ai-generated-attacks-low-for-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8628836 False Data Breach,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS]]> 2024-12-18T10:23:00+00:00 https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8626915 False Vulnerability,Threat None 2.0000000000000000 Sygnia - CyberSecurity Firm Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize.

---

>Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize. ]]> 2024-12-18T09:49:24+00:00 https://www.sygnia.co/blog/ics-ot-threat-detection-strategy/ www.secnews.physaphae.fr/article.php?IdArticle=8629006 False Threat,Industrial None 3.0000000000000000 ProofPoint - Cyber Firms 2024-12-18T07:52:00+00:00 https://www.proofpoint.com/us/blog/insider-threat-management/growing-threat-sensitive-data-unauthorized-emails www.secnews.physaphae.fr/article.php?IdArticle=8627139 False Tool,Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2024-12-18T07:38:20+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/dice-framework-turning-human-risk-into-security-strength www.secnews.physaphae.fr/article.php?IdArticle=8627064 True Tool,Vulnerability,Threat,Studies None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Top 250 MSSP company list. These achievements highlight our continued commitment to simplified cybersecurity. Here’s an overview of our most notable recognitions: SC Media Women in IT Security Each year, SC Media celebrates the women who have risen above challenges and made their mark in an industry where still only one out of four cybersecurity jobs are held by women. On its 11th anniversary, SC Media recognized a variety of professionals from influential figures to budding talents, across four categories: cybersecurity veterans, power players, advocates and women to watch. Bindu Sundaresan, director of cybersecurity solutions at LevelBlue, was named a winner in the advocate category of these awards, which highlight women who have advanced cybersecurity awareness and served as beacons for expansion and diversity in the field. With a passion for teaching and mentorship, Bindu has made significant strides to drive inclusivity within the cybersecurity industry. Read more about Bindu’s recognition here. Global Infosec Awards The Global Infosec Awards recognize organizations and security innovators across the globe who demonstrate a forward-thinking approach to cyber-risk management and protection. Presented annually by Cyber Defense Magazine, the industry\'s leading electronic information security publication, these awards highlight achievements across ​​various aspects of cybersecurity, including network security, endpoint protection, cloud security, identity and access management, threat intelligence, and more. LevelBlue was named a winner in five categories of the Global Infosec Awards including Publisher’s Choice Cybersecurity, Editor’s Choice Cybersecurity, Most Innovative Managed Security Service Provider and Next-Gen Security Consulting. Most notably, LevelBlue’s USM Anywhere open XDR platform was recognized under the Best Solution Threat Detection Incident Response, Hunting and Triage Platform category for its ability to swiftly respond to cyber threats, minimize damage, and enhance operational resilience. Read more about the winners here. Computing Security Awards The Computing Security Awards showcase solutions advancing the technology industry – from AI to quantum computing. Hosted by the London-based trade outlet, Computing Security, these awards have become fiercely competitive since their inception 15 years ago. LevelBlue was recognized as Incident Response & Investigation Security Service Provider of the Year for our ability to deliver rapid, expert-led incident response services and proactive threat management strategies that minimize business disruption and bolster organizational resilience. Additionally, our team took home the Threat Intelligence Award for LevelBlue Labs&rs]]> 2024-12-17T23:17:00+00:00 https://levelblue.com/blogs/security-essentials/celebrating-our-success-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8627111 False Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-17T22:39:16+00:00 https://community.riskiq.com/article/d0bce00c www.secnews.physaphae.fr/article.php?IdArticle=8626791 False Malware,Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a]]> 2024-12-17T22:05:00+00:00 https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html www.secnews.physaphae.fr/article.php?IdArticle=8626672 False Malware,Threat,Prediction None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […]

---

>In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […] ]]> 2024-12-17T19:33:25+00:00 https://cyberscoop.com/clop-cleo-file-transfer-software-breach-fin11/ www.secnews.physaphae.fr/article.php?IdArticle=8626730 False Ransomware,Vulnerability,Threat None 3.0000000000000000 CybeReason - Vendor blog Key Takeaways Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956 Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft We recommend upgrading to version 5.8.0.24 immediately ]]> 2024-12-17T18:18:17+00:00 https://www.cybereason.com/blog/cve-2024-55956-cleo-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8626734 False Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A cyberespionage threat group known as \'Bitter\' was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. [...]]]> 2024-12-17T17:29:44+00:00 https://www.bleepingcomputer.com/news/security/bitter-cyberspies-target-defense-orgs-with-new-miyarat-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8626774 False Malware,Threat None 3.0000000000000000 ComputerWeekly - Computer Magazine 2024-12-17T16:53:00+00:00 https://www.computerweekly.com/opinion/2025-30-Geopolitical-influence-on-cyber-and-the-convergence-of-threat www.secnews.physaphae.fr/article.php?IdArticle=8626771 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint]]> 2024-12-17T16:37:00+00:00 https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8626531 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are]]> 2024-12-17T16:22:00+00:00 https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html www.secnews.physaphae.fr/article.php?IdArticle=8626532 False Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security]]> 2024-12-17T15:45:00+00:00 https://www.infosecurity-magazine.com/news/cybercriminals-exploit-google/ www.secnews.physaphae.fr/article.php?IdArticle=8626624 False Threat None 2.0000000000000000 Techworm - News FBI said. “The Hiatus campaign originally targeted outdated network edge devices. Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals.” The scanning campaign, first identified in March 2024, targeted vulnerable Internet of Things (IoT) devices, specifically web cameras and DVRs, in countries including the United States, Australia, Canada, New Zealand, and the United Kingdom. According to the FBI, the threat actors behind the HiatusRAT malware scanned web cameras and DVRs for vulnerabilities including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260, alongside weak vendor-supplied passwords. Many of these vulnerabilities remain unaddressed by the vendors. Further, the threat actors particularly targeted Chinese-branded products such as Hikvision and Xiongmai with telnet access that were outdated or unpatched. Tools like Ingram, an open-source scanner for web camera vulnerabilities was used to conduct scanning activity, while Medusa, an open-source brute-force authentication cracking tool, was used to target Hikvision cameras with telnet access. The malware’s scanning efforts targeted web cameras and DVRs with the 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 TCP ports that were exposed to Internet access. Once infiltrated, compromised systems are converted into SOCKS5 proxies, facilitating covert communication with command-and-control servers and enabling further malware deployment. Following successful HiatusRAT malware attacks, the FBI strongly advises network administrators to limit the use of the devices mentioned in the PIN by isolating and/or replacing vulnerable devices to prevent network breaches and lateral movement. The agency has also urged system administrators and cybersecurity professionals to monitor for indications of compromise (IOC) and report any suspicious activity to the FBI\'s Internet Crime Complaint Center or local field offices.

---

The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification (PIN) on Monday, alerting organizations of a new wave of HiatusRAT malware attacks against Chinese-branded web cameras and DVRs. “HiatusRAT is a Remote Access Trojan (RAT) whose latest iteration has likely been employed since July 2022. Malicious cyber actors commonly use RATs to take over and control a targeted device from a distance,” the FBI said. “The Hiatus campaign originally targeted outdated network edge devices. Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals.” The scanning campaign, first identified in March 2024, targeted vulnerable Internet of Things (IoT) devices, specifically web cameras and DVRs, in countries including the United States, Australia, Canada, New Zealand, and the United Kingdom. According to the FBI, the threat actors behind the HiatusRAT malware scanned web cameras and DVRs for vulnerabilities including CVE-2017-7921, CV]]> 2024-12-17T15:16:10+00:00 https://www.techworm.net/2024/12/fbi-warns-hiatusrat-target-iot-devices.html www.secnews.physaphae.fr/article.php?IdArticle=8630524 False Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Getting inside the mind of a threat actor can help security pros understand how they operate and what they\'re looking for - in essence, what makes a soft target.]]> 2024-12-17T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/defeat-cybercriminals-understand-how-they-think www.secnews.physaphae.fr/article.php?IdArticle=8626602 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ]]> 2024-12-17T14:33:00+00:00 https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8626508 False Malware,Tool,Threat,Technical None 2.0000000000000000 HackRead - Chercher Cyber SUMMARY Datadog Security Labs\' cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…]]> 2024-12-17T14:12:35+00:00 https://hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/ www.secnews.physaphae.fr/article.php?IdArticle=8626604 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite 2024 was a defining year for web security, marked by some of the most sophisticated cyber threats we\'ve seen. As businesses continued shifting to web-based work environments – relying on SaaS platforms, cloud-based application, remote work and BYOD policies – attackers increased their focus on browsers, exploiting vulnerabilities faster than ever before. The rise of AI-powered attacks, Ransomware-as-a-Service (RaaS) and Zero-day vulnerabilities that focused on the web has made it clear that a new approach to browser security is needed. Traditional endpoint, SaaS or email security solution alone – are no longer enough. In response, advanced browser security solutions and […]

---

>2024 was a defining year for web security, marked by some of the most sophisticated cyber threats we\'ve seen. As businesses continued shifting to web-based work environments – relying on SaaS platforms, cloud-based application, remote work and BYOD policies – attackers increased their focus on browsers, exploiting vulnerabilities faster than ever before. The rise of AI-powered attacks, Ransomware-as-a-Service (RaaS) and Zero-day vulnerabilities that focused on the web has made it clear that a new approach to browser security is needed. Traditional endpoint, SaaS or email security solution alone – are no longer enough. In response, advanced browser security solutions and […] ]]> 2024-12-17T13:00:15+00:00 https://blog.checkpoint.com/security/what-we-saw-in-web-security-in-2024-and-what-we-can-do-about-it/ www.secnews.physaphae.fr/article.php?IdArticle=8626552 False Vulnerability,Threat,Cloud None 3.0000000000000000 Dragos - CTI Society Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024  first appeared on Dragos.

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024  first appeared on Dragos.]]> 2024-12-17T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q3-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8626575 False Ransomware,Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets]]> 2024-12-17T12:25:00+00:00 https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html www.secnews.physaphae.fr/article.php?IdArticle=8626454 False Malware,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2024-12-17T08:31:31+00:00 https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats www.secnews.physaphae.fr/article.php?IdArticle=8626533 False Malware,Tool,Threat None 2.0000000000000000